CSAL#57
|
Security Notification # CSAL57 |
|
Advisory Title: Click jacking Due to Missing X-Frame-Options Header |
||||
|
Document ID: |
TAS/PRD/GEN/SN-CSAL#57 |
Document Name: |
Security Notification # CSAL57 |
Doc. Rev.: |
0 |
|
|
|
|
|
|
|
|
|
|
Publication Date |
15-Jan-24 |
Incident Source |
CSAL57 |
CVE / Vulnerability Reference |
OWASP(A7) CWE-693 |
|
|
Last Update |
06-Feb-24 |
Reported By |
Valency Networks Testing Agency |
Advisory ID# |
Posting Not Started Yet |
|
|
Current Version |
WP500 FW 0.6.6 |
CVSS Score |
6.5 |
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerability Description |
Found Click jacking: X-Frame-Options header missing. This can result in letting the browser allow to render a webpage in a <frame> or <script>, thus making it a spam-supporter for malicious websites. |
|||||
|
Impact |
The absence of the X-Frame-Options header makes a website vulnerable to clickjacking attacks, where an attacker can trick users into clicking on something different from what the user perceives, by embedding the site into a malicious webpage. To mitigate this risk, implement the X-Frame-Options header with values like 'DENY' or 'SAMEORIGIN' to prevent the site from being framed by unauthorized parties. |
|||||
|
Affected products |
WP500 Firmware 0.65 Version |
|
|
|
|
|
|
Temporary Fix / Mitigation |
Please update to firmware version 0.6.6. |
|
||||
|
Acknowledgment |
Valency Networks , Pune |
|
|
|
|
|
|
History |
NA |
|
|
|
|
|
|
Classification of Vulnerability |
|
|
|
|
||