Ian Daniels

Well-Known Member
Nov 3, 2016
69
1
8
Manchester
cPanel Access Level
Root Administrator
Hi Can anybody help me with with the following problems that have been identified on a routine security scan

HTML5 Cross Origin Resource Sharing (CORS) policy permits any origin. Cookies Permitted


 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello,

Could you provide some more information about the specific security scan? Is it running against an individual website? Does it output any additional information?

Thank you.
 

Ian Daniels

Well-Known Member
Nov 3, 2016
69
1
8
Manchester
cPanel Access Level
Root Administrator
This is a snip it of the report

It is from APPCHECK

Code:
[B]CVSS: 8.3
Impact/Prob: High[/B]/Medium

[B]HTML5 Cross Origin Resource Sharing (CORS) policy permits any origin. Cookies Permitted[/B]

The application implements an HTML5 cross-origin resource sharing (CORS) policy which allows access from any domain. Permitting access from any origin could present a security risk unless the affected application hosts only unprotected public content.


[B]CVSS Score: 8.3[/B]  [B]CVSS Vector: [/B]AV:N/AC:M/Au:N/C:C/I:P/A:P  [B]Impact/Probability: High[/B]/Medium

[B]Affected: [/B][URL]http://www.*********.com[/URL], [URL]https://www.**********.com[/URL]

The application implements an HTML5 cross-origin resource sharing (CORS) policy which allows access from any domain. Permitting access from any origin could present a security risk unless the affected application hosts only unprotected public content.

This vulnerability check works by submitting a custom [I]Origin[/I] header to the target server to determine if all requested origins are permitted. The submitted value is based on the current server domain with an appended parent domain.

[SIZE=4][B]1.1.1.  Remediation[/B][/SIZE]
Review the domains which are allowed by the CORS policy in relation to any sensitive content within the application.

[SIZE=4][B]1.1.2.  Technical Analysis[/B][/SIZE]
[B]Example: [URL]https://www.*********.com/wp-json/oembed/1.0[/URL]
Technical Details[/B]

The HTTP request was modified to include a CORS header specifying [URL]http://www.*******.com.appcheck-ng.com[/URL] as the origin domain:

Origin: [URL]http://www.********.com.appcheck-ng.com[/URL]

The response from the server included the following headers indicating that the target is vulnerable:

access-control-allow-origin: [URL]http://www.*********.com.appcheck-ng.com[/URL]

access-control-allow-credentials: true

The inclusion of the [I]access-control-allow-credentials[/I] header means that the site permits authenticated requests using cookies
Can this be fixed through CPanel?
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello,

Review the .htaccess file within the account's home and public_html directories:

/home/$username/.htaccess
/home/$username/public_html/.htaccess


Do you see any entries starting with "Header set Access-Control-Allow-Origin"? If so, you'd need to remove those entries to pass that scan.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello,

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
To update, it looks like the headers were set as part of WordPress PHP files installed on an account.

Thank you.