Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Web Help Desk (WHD) > WHD - Knowledgebase Articles > Penetration and vulnerability tests flag a Clickjacking issue in Web Help Desk

Penetration and vulnerability tests flag a Clickjacking issue in Web Help Desk

Table of contents

Updated: October 23, 2017

Overview

After running a penetration and vulnerability scan on the Web Help Desk server, Web Help Desk is flagged as an application potentially vulnerable to clickjacking.

Environment

  • WHD all versions

Steps

Update the web.xml file in the <WebHelpDesk>\bin\tomcat\conf directory.

  1. Navigate to the <WebHelpDesk> directory.
    Apple® OS X: /Library/WebHelpDesk    
    Microsoft® Windows®: \Program Files\WebHelpDesk    
    Red Hat®/CentOS™/Fedora Linux: /usr/local/webhelpdesk
  2. Navigate to the \bin\tomcat\conf\ directory.
  3. Open the web.xml file in a text editor (such as Notepad). 
  4. Locate the following block of code:
    <!--
        <filter>
            <filter-name>httpHeaderSecurity</filter-name>
            <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
            <async-supported>true</async-supported>
        </filter>
    -->
  5. Change this block of code to the following:
    <filter>
            <filter-name>httpHeaderSecurity</filter-name>
            <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-
            class>
            <async-supported>true</async-supported>
            <init-param>
                <param-name>antiClickJackingEnabled</param-name>
                <param-value>true</param-value>
            </init-param>
            <init-param>
                <param-name>antiClickJackingOption</param-name>
                <param-value>SAMEORIGIN</param-value>
            </init-param>
    </filter>
  6. Remove the <!-- and --> comment indicators.
  7. Locate the following block of code:
    <!--
        <filter-mapping>
            <filter-name>httpHeaderSecurity</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>REQUEST</dispatcher>
        </filter-mapping>
    -->
  8. Remove the <!-- and --> comment indicators to enable the filter and apply it to the root path.
  9. Save and close the file.
  10. Restart Web Help Desk.

 

 

Last modified

Tags

Classifications

Public