Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Web Help Desk (WHD) > Penetration and vulnerability tests flag a Clickjacking issue in Web Help Desk

Penetration and vulnerability tests flag a Clickjacking issue in Web Help Desk

Table of contents

Updated: October 23, 2017

Overview

After running a penetration and vulnerability scan on the Web Help Desk server, Web Help Desk is flagged as an application potentially vulnerable to clickjacking.

Environment

  • WHD all versions

Steps

Update the web.xml file in the <WebHelpDesk>\bin\tomcat\conf directory.

  1. Navigate to the <WebHelpDesk> directory.
    Apple® OS X: /Library/WebHelpDesk    
    Microsoft® Windows®: \Program Files\WebHelpDesk    
    Red Hat®/CentOS™/Fedora Linux: /usr/local/webhelpdesk
  2. Navigate to the \bin\tomcat\conf\ directory.
  3. Open the web.xml file in a text editor (such as Notepad). 
  4. Locate the following block of code:
    <!--
        <filter>
            <filter-name>httpHeaderSecurity</filter-name>
            <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
            <async-supported>true</async-supported>
        </filter>
    -->
  5. Change this block of code to the following:
    <filter>
            <filter-name>httpHeaderSecurity</filter-name>
            <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-
            class>
            <async-supported>true</async-supported>
            <init-param>
                <param-name>antiClickJackingEnabled</param-name>
                <param-value>true</param-value>
            </init-param>
            <init-param>
                <param-name>antiClickJackingOption</param-name>
                <param-value>SAMEORIGIN</param-value>
            </init-param>
    </filter>
  6. Remove the <!-- and --> comment indicators.
  7. Locate the following block of code:
    <!--
        <filter-mapping>
            <filter-name>httpHeaderSecurity</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>REQUEST</dispatcher>
        </filter-mapping>
    -->
  8. Remove the <!-- and --> comment indicators to enable the filter and apply it to the root path.
  9. Save and close the file.
  10. Restart Web Help Desk.

 

 

Last modified

Tags

Classifications

Public