topic Re: HTTP Header vulnerabilities in the Mobile Access Portal in SASE and Remote Access

HTTP Header vulnerabilities in the Mobile Access Portal

Gaurav_Pandya — Mon, 12 Sep 2022 16:26:19 GMT

Hi,

Compliance scan report detected HTTP Header vulnerabilities in the Mobile Access Portal, mainly for X-XSS protection. I was checking sk138813 where we need to edit $CVPNDIR/conf/httpd.conf file.

We are running on R81.10 and in that sk138813, it is given till R80.40. So my question is, same procedure I need to apply for R81.10 as well?

Re: HTTP Header vulnerabilities in the Mobile Access Portal

PhoneBoy — Mon, 12 Sep 2022 17:39:32 GMT

Believe it would be the same procedure

Re: HTTP Header vulnerabilities in the Mobile Access Portal

Gaurav_Pandya — Wed, 14 Sep 2022 11:30:58 GMT

Thanks, will do

Re: HTTP Header vulnerabilities in the Mobile Access Portal

Pedro_Madeira — Mon, 01 Apr 2024 14:27:23 GMT

Hello @Gaurav_Pandya

Did you apply this SK on top of R81.20 already? I tried them back in R81.10 and it worked fine but now when I applied them in R81.20 I had SNX random disconnects from users.

Thanks,

Re: HTTP Header vulnerabilities in the Mobile Access Portal

Gaurav_Pandya — Wed, 03 Apr 2024 11:20:01 GMT

Hi Pedro,

Same here, we are facing SNX issue after upgrading to R81.20. We tried take 43 & 41 but no luck. TAC is opened for the same.

Re: HTTP Header vulnerabilities in the Mobile Access Portal

Pedro_Madeira — Wed, 03 Apr 2024 11:28:20 GMT

Hello @Gaurav_Pandya

Thanks for your reply.

In the service request we have opened with TAC, we pointed them to this threat to see if both service request assigned engineers could talk between them and exchange notes. Since you're experiencing the same problem, it's not something unique on our end.

so perhaps R&D needs to take a look at this.

If I have any news on my side, I will let you know.

Thank you,

Pedro Madeira