Find Answers

Filter Search Results
All Operating Systems:
All Unix (2)
All Windows (3)
All Products:
Dimensions CM (1)
PVCS Version Manager (2)
SBM (5)
Service Manager (1)
Deployment Automation (2)
All Solution Types:
Documentation Update (5)
Installation & Customization (5)
Product Tips & Advice (6)
Source:
Defects (2)
Manuals (1)
Solutions (8)
 
Ask a Question
Example: "Database could not be verified"  
Tips | Start Over | Solutions | Alerts | Patches | Defects  
Pages [Next]
  Results
CMS-XML VM: how to implement a clickjacking mitigation response header
VM: how to implement a clickjacking mitigation response header
CMS-XML SDA 6.1.2 and prior versions have a medium risk of vulnerability to Clickjacking
SDA 6.1.2 and prior versions have a medium risk of vulnerability to Clickjacking
CMS-XML PVCS VM Tomcat web server should enable additional security features by default
This issue aims to increase security by changing the default behavior of the PVCS Version Manager Application Server as follows: Enable Anti- ClickJacking . Disable the Axis 2 administrative interface.
CMS-XML SBM: How to setup HTTP strict transport security (HSTS)
The following steps will enable HSTS as well as a few other settings related to XSS attacks, content sniffing, and clickjacking for SBM 10.x: Step 1: JBoss Configuration
CMS-XML Dim cm 14.3 / 14.4: how to change the pulse server configuration to activate “X-Frame-Options: ALLOWALL?
This is NOT a recommended configuration change because it makes a Pulse installation less secure (other pages will be able to frame Pulse which could lead to clickjacking attacks -- see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options ).
CMS-XML In 11.3 Configurator can now easily enable the following secure response HTTP header options for IIS and Tomcat
STRICT-TRANSPORT-SECURITY (HSTS) X-FRAME-OPTIONS (anti- clickjacking ) X-CONTENT-TYPE-OPTIONS (anti-sniffing)
CMS-XML SBM login form should cater for "framebusting" to avoid clearing cache on upgrades
For customers using Firefox, Chrome or Microsoft Edge browsers, a Content-Security-Policy response header can be used to protect the SBM site from being embedded in another Web site, while still allowing it to be embedded in specific Web sites. This essentially creates a white-list of allowed sites that customers can easily specify. Preventing SBM from being embedded in another Web site prevents ClickJack attacks from occurring (see https://www.owasp.org/index.php/ Clickjacking
HTML Solutions Business Manager 11.3 Security Bulletin
Summary STRICT-TRANSPORT-SECURITY (HSTS) X-FRAME-OPTIONS (anti- clickjacking ) X-CONTENT-TYPE-OPTIONS (anti-sniffing)
HTML Serena Business Manager 11.0 Security Bulletin
Summary (DEF276411 and DEF276415) In addition, rules that filter requests based on invalid shell parameters and XSS prevention for the name and description of Work Center feeds have been added to the default configuration. Prevent ClickJack attacks on the Login Page (DEF272156)
HTML Serena Deployment Automation 6.1.3 Security Bulletin
Clickjacking
Pages [Next]

Welcome kb sso

My Recent Searches

Search Feedback

Are we answering your questions?

Additional Assistance

  • Submit a Case Online
  • FAQs