Wildcard Origin

Description

During the scan, Cytrix managed to detect Wildcard Origin.
Cross-Origin Resource Sharing (CORS) is a mechanism that enables web browsers to perform cross-domain requests using the XMLHttpRequest API.
These cross-origin requests have an Origin header, that identifies the domain which sends the request.
It defines the protocol to use between a web browser and a server to determine whether a cross-origin request is allowed or not.

If a website’s CORS policy is misconfigured and implemented, it might lead to raising the potential of cross-domain attacks to occur.

Severity/Score

CVSS Version 3.x – 3.1 Low

Recommendation

To prevent this Wildcard Origin, make sure that the server uses “Whitelist”. That will assist in knowing which Origin has sent the request and whether to confirm it or not.

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
https://cwe.mitre.org/data/definitions/284.html
https://cwe.mitre.org/data/definitions/346.html

Wildcard Origin

Description

Severity/Score

Recommendation

References

Possible Credit Card Number Disclosure

Internal IP Disclosure

External IP Disclosure

Wildcard Origin

Description

Severity/Score

Recommendation

References

Possible Social Security Number Disclosure

Possible Credit Card Number Disclosure

Internal IP Disclosure

External IP Disclosure