CA Application TestService VirtualizationCA Continuous Application Insight (PathFinder)CA Service Virtualization (DevTest / LISA / VSE / Application Test)
Port 1505 Web Application Potentially Vulnerable to Clickjacking
The remote web server may fail to mitigate a class of web application The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions.
X-Frame-Options has been proposed by Microsoft as a way to mitigate clickjacking attacks and is currently supported by all major browser vendors.
Description. The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. References. Note: References are ... www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0734
DevTest 10.1.0, can also happen in other DevTest version.
Please open a new support case to get the fix for this vulnerability.