1 detection to the target site exist javascript framework library holes 1 1
The affected site
Detailed JavaScript framework or library is a set of easily generate cross-browser compatible JavaScript code tools and functions, if the site USES the loophole of JavaScript framework or library, the attacker can use this vulnerability to hijack the user's browser, to hang a horse, XSS, Cookie hijack attacks, such as
Solution will be affected by the javascript framework library upgrade to the latest version,
Threat score 6
Dangerous plug-in no
Found that date 2001-01-01
CVSS scoring 6.1 (CVSS: 3.0/AV: N/AC: L/PR: N/UI: R/S: : C/C L/I: L/A: N)
Host 2 detected target URL is HTTP header vulnerability is 1 1
The affected site
To get detailed description in order to facilitate the website domain name, developers typically rely on HTTP Host header, for example, in the PHP $_SERVER [" HTTP_HOST "], but this header is unreliable, if the application is not on the Host header value, it may cause the introduction of malicious code,
Solution web application should use SERVER_NAME rather than the host header,
In Apache and Nginx can be set by a virtual machine to record all illegal host header, can also in Nginx by specifying a list of SERVER_NAME, Apache can also by specifying a SERVER_NAME list and open the UseCanonicalName options,
Threat score 5
Dangerous plug-in no
Found that date 2008-06-12
CVSS scoring 6.1 (CVSS: 3.0/AV: N/AC: L/PR: N/UI: R/S: : C/C L/I: L/A: N)
This is detected vulnerabilities, is the problem that the developers or system problem, urgent for the answer
CodePudding user response:
Thanks for your bosses to help solve itCodePudding user response:
1, javascript framework library holes, need to upgrade to higher version program the jquery library, such as 3.4.1 track and delete now.2, HTTP host vulnerability is configured in IIS install rewrite tools, in addition to the necessary site IP, other IP denial of service,