Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Web Help Desk (WHD) > WHD - Knowledgebase Articles > Penetration and vulnerability tests flag a Clickjacking issue in Web Help Desk

Penetration and vulnerability tests flag a Clickjacking issue in Web Help Desk

Table of contents

Updated: October 23, 2017

Overview

After running a penetration and vulnerability scan on the Web Help Desk server, Web Help Desk is flagged as an application potentially vulnerable to clickjacking.

Environment

  • WHD all versions

Steps

Update the web.xml file in the <WebHelpDesk>\bin\tomcat\conf directory.

  1. Navigate to the <WebHelpDesk> directory.
    Apple® OS X: /Library/WebHelpDesk    
    Microsoft® Windows®: \Program Files\WebHelpDesk    
    Red Hat®/CentOS™/Fedora Linux: /usr/local/webhelpdesk
  2. Navigate to the \bin\tomcat\conf\ directory.
  3. Open the web.xml file in a text editor (such as Notepad). 
  4. Locate the following block of code:
    <!--
        <filter>
            <filter-name>httpHeaderSecurity</filter-name>
            <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
            <async-supported>true</async-supported>
        </filter>
    -->
  5. Change this block of code to the following:
    <filter>
            <filter-name>httpHeaderSecurity</filter-name>
            <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-
            class>
            <async-supported>true</async-supported>
            <init-param>
                <param-name>antiClickJackingEnabled</param-name>
                <param-value>true</param-value>
            </init-param>
            <init-param>
                <param-name>antiClickJackingOption</param-name>
                <param-value>SAMEORIGIN</param-value>
            </init-param>
    </filter>
  6. Remove the <!-- and --> comment indicators.
  7. Locate the following block of code:
    <!--
        <filter-mapping>
            <filter-name>httpHeaderSecurity</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>REQUEST</dispatcher>
        </filter-mapping>
    -->
  8. Remove the <!-- and --> comment indicators to enable the filter and apply it to the root path.
  9. Save and close the file.
  10. Restart Web Help Desk.

 

 

Last modified

Tags

Classifications

Public