From VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide
Part of SRG-APP-000246-WSR-000149
Associated with: CCI-001094
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
At the command prompt, execute the following command: grep -B 2 -A 7 XssFilter /usr/lib/vmware-vcops/tomcat-enterprise/webapps/suite-api/WEB-INF/web.xml If the XSS filter is not present and there is no result returned, then this is a finding.
Navigate to and open /usr/lib/vmware-vcops/tomcat-enterprise/webapps/suite-api/WEB-INF/web.xml.
Configure a
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer