Scribd
Upload
75 views2 pages

Web Security Audit Insights

The summary identifies 4 medium to low severity issues found in an AEM application including: 1) Direct URL access allows downloading of user policy details, 2) Use of a vulnerable jQuery version, 3) Disclosure of server version information, and 4) Enabling of the HTTP OPTIONS method. Recommendations are provided to address each issue and their current status is marked as open.

Uploaded by

Seema Pal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
75 views2 pages

Web Security Audit Insights

The summary identifies 4 medium to low severity issues found in an AEM application including: 1) Direct URL access allows downloading of user policy details, 2) Use of a vulnerable jQuery version, 3) Disclosure of server version information, and 4) Enabling of the HTTP OPTIONS method. Recommendations are provided to address each issue and their current status is marked as open.

Uploaded by

Seema Pal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 2

AEM Application

Sr.no Findings Severity Observation

It is observer that appication plans pdf


download directly, In which the user
1 Direct URL Access Medium
policy details and plan money are also
detected.

It is observed that application is using


2 Using known vulnerability LOW
vulnerable jQuery version

This information might help an attacker


gain a greater understanding of the
3 Server version disclosed LOW systems in use and potentially develop
further attacks targeted at the specific
version of AkamaiGhost.

It is observed that application allowed


the options method.Which provides a list
4 HTTP method enabled LOW
of methods that are supported by web
server.
EM Application
Instance Recommendation Status

you can use appropriate


permissions or ACLs to
disallow anonymous reading.
PRODUCTION Also, do not allow OPEN
anonymous web visitors user
read permissions to any
sensitive data files.

PRODUCTION Update to latest version OPEN

Configure your web server to


prevent information leakage
PRODUCTION OPEN
from the server header of its
HTTP response.

https://hostadvice.com/how-
to/how-to-disable-the-
PRODUCTION OPEN
vulnerability-of-options-
method-in-iis-and-apache/

You might also like