Highlighted

Webinspect vulnerability for Cross Site Request Forgery

Explorer ,
Aug 12, 2015

Copy link to clipboard

Copied

We regularly have to run webinspect scans on our CF servers.  Recently, we started getting CSRF findings on both our new CF11 servers as well as our one remaining CF9 server.  After doing research, it appears that with CF10 and later, there are tags to remediate this.  My questions are:

- is this the only method to remediate?  Are we really going to have to add this token logic to every form that the scan finds, which could be hundreds?

- is there not some administrator parameter that can remediate this across the server?

Thanks in advance for any assistance...


Views

204

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Webinspect vulnerability for Cross Site Request Forgery

Explorer ,
Aug 12, 2015

Copy link to clipboard

Copied

We regularly have to run webinspect scans on our CF servers.  Recently, we started getting CSRF findings on both our new CF11 servers as well as our one remaining CF9 server.  After doing research, it appears that with CF10 and later, there are tags to remediate this.  My questions are:

- is this the only method to remediate?  Are we really going to have to add this token logic to every form that the scan finds, which could be hundreds?

- is there not some administrator parameter that can remediate this across the server?

Thanks in advance for any assistance...


Views

205

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Aug 12, 2015 0

Have something to add?

Join the conversation