Issue/Problem/Symptoms:
Running a vulnerability scan on an ADA server results in a high alert on:
Flash cross-domain policy
Environment:
ADA 10.x on win2008R2
Cause:
Vulnerability Scanner find all domains access as an intrusion risk
Resolution/Workaround:
To clear this vulnerability, you must specify your domain access performing the following on the ADA Console machine:
from:
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
to:
<allow-access-from domain="domain_name>" secure="false" />
<allow-http-request-headers-from domain="<domain_name>" headers="SOAPAction"/>
Additional Information:
Domain matching examples:
Domain:
www.domain.com
will match
http://www.domain.com
Domain:
*.domain.com
will match
http://domain.com
http://www.domain.com
http://subdomain.domain.com
Domain:
127.0.0.1
will match
http://127.0.0.1