Hi
While checking for the application security, we have found that the POST Servlet is exposed, which allows to anonymous user to add jcr:node
POST /.json;%0AKPI.css HTTP/2
Host: <domain>
User-Agent: curl/7.30.0
Accept-Encoding: gzip, deflate
Accept: /
Content-Type: application/x-www-form-urlencoded
Referer: <doamin>
Content-Length: 14
:operation=nop
we have just use NOP operation to prove it’s exposed ,attacker can use any other operation here
What's the best possible way to restrict it without impact the running application?
Thanks,
Rajendra
Solved! Go to Solution.
Views
Replies
Total Likes
Add below to your dispatcher filter rules:
Add below to your dispatcher filter rules: