Submit a ticketCall us

AnnouncementsWeb Help Desk Integrations eCourse

Looking to reduce response times? Sign up for our eCourse to learn how integrating Web Help Desk with Dameware Remote Support, Network Configuration Manager, Network Performance Monitor, and Server & Application Monitor can improve communication efficiencies.

Register here.

Home > Success Center > Web Help Desk (WHD) > Penetration and vulnerability tests flag a Clickjacking issue in Web Help Desk

Penetration and vulnerability tests flag a Clickjacking issue in Web Help Desk

Table of contents

Updated: October 23, 2017

Overview

After running a penetration and vulnerability scan on the Web Help Desk server, Web Help Desk is flagged as an application potentially vulnerable to clickjacking.

Environment

  • WHD all versions

Steps

Update the web.xml file in the <WebHelpDesk>\bin\tomcat\conf directory.

  1. Navigate to the <WebHelpDesk> directory.
    Apple® OS X: /Library/WebHelpDesk    
    Microsoft® Windows®: \Program Files\WebHelpDesk    
    Red Hat®/CentOS™/Fedora Linux: /usr/local/webhelpdesk
  2. Navigate to the \bin\tomcat\conf\ directory.
  3. Open the web.xml file in a text editor (such as Notepad). 
  4. Locate the following block of code:
    <!--
        <filter>
            <filter-name>httpHeaderSecurity</filter-name>
            <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
            <async-supported>true</async-supported>
        </filter>
    -->
  5. Change this block of code to the following:
    <filter>
            <filter-name>httpHeaderSecurity</filter-name>
            <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-
            class>
            <async-supported>true</async-supported>
            <init-param>
                <param-name>antiClickJackingEnabled</param-name>
                <param-value>true</param-value>
            </init-param>
            <init-param>
                <param-name>antiClickJackingOption</param-name>
                <param-value>SAMEORIGIN</param-value>
            </init-param>
    </filter>
  6. Remove the <!-- and --> comment indicators.
  7. Locate the following block of code:
    <!--
        <filter-mapping>
            <filter-name>httpHeaderSecurity</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>REQUEST</dispatcher>
        </filter-mapping>
    -->
  8. Remove the <!-- and --> comment indicators to enable the filter and apply it to the root path.
  9. Save and close the file.
  10. Restart Web Help Desk.

 

 

Last modified

Tags

Classifications

Public