clear the vulnerability Flash cross-domain policy

Article Id: 33682
Status: Published
Updated On: 14-02-2018 08:20
Legacy Id: TEC1921301
Products:
APPLICATION DELIVERY ANALYSIS SUPERAGENT
Issue/Introduction:

Issue/Problem/Symptoms: 

Running a vulnerability scan on an ADA server results in a high alert on:

 Flash cross-domain policy

Environment:  

ADA 10.x on win2008R2

 

Cause: 

Vulnerability Scanner find all domains access as an intrusion risk

Resolution/Workaround:

To clear this vulnerability, you must specify your domain access performing the following on the ADA Console machine:

  • Update C:\CA\SuperAgent\Web\crossdomain.xml with the domain of the ADA server:

from:

  <allow-access-from domain="*" secure="false" />

  <allow-http-request-headers-from domain="*" headers="SOAPAction"/>

to:

  <allow-access-from domain="domain_name>" secure="false" />

  <allow-http-request-headers-from domain="<domain_name>" headers="SOAPAction"/>

  • Execute 'iisreset' from a command prompt.

Additional Information:

 

Domain matching examples:

Domain:

www.domain.com                

will match

http://www.domain.com

 

Domain:

*.domain.com

will match

http://domain.com

http://www.domain.com

http://subdomain.domain.com

 

Domain:

127.0.0.1

will match

http://127.0.0.1

 

Environment:

Release: SAMCNS99000-10.3-NetQoS-SuperAgent-Management Console
Component: