Hi,
We have a geonetwork 2.10.3 running on apache tomcat 9. When it was
scanned using Accunetix for vulnerabilities, it gave the following
vulnerablities
*Application error message vulnerability*
location Numbers
/geonetwork/j_spring_security_check 1
/geonetwork/srv/eng/main.home 21
/geonetwork/srv/eng/xml.region.get 1
*HTML form without CSRF protection*
location Numbers
/geonetwork/srv/eng/main.home 1
Kindly provide a solution to remove the vulnerabilities.
(Is there any settings to be modified in tomcat or in geonetwork
configuration?)
Thank You
Girish
Hi Girish
Since GeoNetwork 3.4.x, it's supported CSRF protection. There are no plans
to backport that work to earlier versions of GeoNetwork, please check if
upgrading it's an option.
Regards,
Jose García
On Mon, Dec 30, 2019 at 6:43 AM Girish Kumar <girish.isro@anonymised.com> wrote:
Hi,
We have a geonetwork 2.10.3 running on apache tomcat 9. When it was
scanned using Accunetix for vulnerabilities, it gave the following
vulnerablities
*Application error message vulnerability*
location Numbers
/geonetwork/j_spring_security_check 1
/geonetwork/srv/eng/main.home 21
/geonetwork/srv/eng/xml.region.get 1
*HTML form without CSRF protection*
location Numbers
/geonetwork/srv/eng/main.home 1
Kindly provide a solution to remove the vulnerabilities.
(Is there any settings to be modified in tomcat or in geonetwork
configuration?)
Thank You
Girish
_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork
--
*Vriendelijke groeten / Kind regards,Jose García
<http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
(0)318 416664 <+31318416664>Please consider the environment before printing
this email.*