Project

General

Profile

Actions

Bug #14648

closed

Nessus reports Clickjacking vulnerability

Added by Brian Shaw over 8 years ago. Updated about 6 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Difficulty:
medium
Triaged:
Fixed in Releases:
Found in Releases:

Description

When scanning our environment with Nessus, the report came back that our Katello servers are vulnerable to Clickjacking on the URLs listed below:

http://<capsule server>/pub/
https://<capsule server>/pub/
https://<capsule server>/
https://<capsule server>:8443/pub/

Is it possible to add a X-Frame-Options response header in all content responses? If so, where should this be done at?

Thanks for any help you can give with this.

Brian

Actions

Also available in: Atom PDF