Cross-site scripting vulnerability found with DevTest on ports 1505 and 1506 - QID 11827

Document ID : KB000116576
Last Modified Date : 05/10/2018
Show Technical Document Details
Issue:
Cross-site scripting (XSS) vulnerability found with DevTest 10.1 on ports 1505 and 1506 - QID 11827

X-Frame-Options or Content-Security-Policy: frame-ancestors HTTP Headers missing on port 1505. 
GET / HTTP/1.1 
Host: xxxx:1505
Connection: Keep-Alive 
X-XSS-Protection HTTP Header missing on port 1505. 
X-Content-Type-Options HTTP Header missing on port 1505. 
Content-Security-Policy HTTP Header missing on port 1505." 
"X-Frame-Options or Content-Security-Policy: frame-ancestors HTTP Headers missing on port 1506. 

GET / HTTP/1.1
Host: xxxx:1506
Connection: Keep-Alive
X-XSS-Protection HTTP Header missing on port 1506.
X-Content-Type-Options HTTP Header missing on port 1506.
Content-Security-Policy HTTP Header missing on port 1506.
Environment:
DevTest on release 10.1.
Resolution:
If this vulnerability was detected on your environment, please open a support ticket and mention DE335189.
We will be happy to provide you the patch if it matches your issue.

This issue was fixed with DevTest on release 10.3.