How to Disable Cross-Site Scripting Vulnerability on Dell Security Management Server
Summary: How to Disable Cross-site scripting (XSS) Vulnerability on Dell Security Management Server (formerly Dell Data Protection | Enterprise Edition).
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Affected Products:
- Dell Security Management Server
- Dell Data Protection | Enterprise Edition
Affected Versions:
- v9.6 and Earlier
Affected Operating Systems:
- Windows Server
Note: Cross-site scripting (XSS) is a type of computer security vulnerability that is typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. Attackers use cross-site scripting vulnerability to bypass access controls such as the same-origin policy.
This vulnerability has been resolved in Dell Security Management Server v9.6.
Versions v9.6 or earlier:
Go to \Program Files\Dell\Enterprise Edition\Security Server\webapps\root\WEB-INF\web.xml.
- The following servlets must be commented out:
<servlet-mapping> <servlet-name>spring-csrweb</servlet-name> <url-pattern>/csrweb/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>spring-cloudweb</servlet-name> <url-pattern>/cloudweb/*</url-pattern> </servlet-mapping>
- Change to:
<!-- <servlet-mapping> <servlet-name>spring-csrweb</servlet-name> <url-pattern>/csrweb/*</url-pattern> </servlet-mapping> --> <!-- <servlet-mapping> <servlet-name>spring-cloudweb</servlet-name> <url-pattern>/cloudweb/*</url-pattern> </servlet-mapping> -->
- Save the changes.
- Restart Security Server Service.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Affected Products
Dell EncryptionArticle Properties
Article Number: 000131014
Article Type: How To
Last Modified: 21 Aug 2024
Version: 11
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.