SOLVED CORS issue

[Ian Daniels]

Hi Can anybody help me with with the following problems that have been identified on a routine security scan

HTML5 Cross Origin Resource Sharing (CORS) policy permits any origin. Cookies Permitted

 

[cPanelMichael]

Hello,

Could you provide some more information about the specific security scan? Is it running against an individual website? Does it output any additional information?

Thank you.

 

[Ian Daniels]

This is a snip it of the report

It is from APPCHECK

[B]CVSS: 8.3
Impact/Prob: High[/B]/Medium

[B]HTML5 Cross Origin Resource Sharing (CORS) policy permits any origin. Cookies Permitted[/B]

The application implements an HTML5 cross-origin resource sharing (CORS) policy which allows access from any domain. Permitting access from any origin could present a security risk unless the affected application hosts only unprotected public content.


[B]CVSS Score: 8.3[/B]  [B]CVSS Vector: [/B]AV:N/AC:M/Au:N/C:C/I:P/A:P  [B]Impact/Probability: High[/B]/Medium

[B]Affected: [/B][URL]http://www.*********.com[/URL], [URL]https://www.**********.com[/URL]

The application implements an HTML5 cross-origin resource sharing (CORS) policy which allows access from any domain. Permitting access from any origin could present a security risk unless the affected application hosts only unprotected public content.

This vulnerability check works by submitting a custom [I]Origin[/I] header to the target server to determine if all requested origins are permitted. The submitted value is based on the current server domain with an appended parent domain.

[SIZE=4][B]1.1.1.  Remediation[/B][/SIZE]
Review the domains which are allowed by the CORS policy in relation to any sensitive content within the application.

[SIZE=4][B]1.1.2.  Technical Analysis[/B][/SIZE]
[B]Example: [URL]https://www.*********.com/wp-json/oembed/1.0[/URL]
Technical Details[/B]

The HTTP request was modified to include a CORS header specifying [URL]http://www.*******.com.appcheck-ng.com[/URL] as the origin domain:

Origin: [URL]http://www.********.com.appcheck-ng.com[/URL]

The response from the server included the following headers indicating that the target is vulnerable:

access-control-allow-origin: [URL]http://www.*********.com.appcheck-ng.com[/URL]

access-control-allow-credentials: true

The inclusion of the [I]access-control-allow-credentials[/I] header means that the site permits authenticated requests using cookies

Can this be fixed through CPanel?

 

[cPanelMichael]

Hello,

Review the .htaccess file within the account's home and public_html directories:

/home/$username/.htaccess
/home/$username/public_html/.htaccess

Do you see any entries starting with "Header set Access-Control-Allow-Origin"? If so, you'd need to remove those entries to pass that scan.

Thank you.

 

[Ian Daniels]

There is no entry like this in the .htaccess file on this account

 

[cPanelMichael]

Hello,

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[Ian Daniels]

Is the support tickets free? We have just recently purchased a license

 

[Ian Daniels]

ticket raised 8040503

 

[cPanelMichael]

To update, it looks like the headers were set as part of WordPress PHP files installed on an account.

Thank you.