Skip to Content Skip to Menu

Security issue identified by Corporate Offices

8 years 7 months ago #278229 by larrykaiser
Security issue identified by Corporate Offices was created by larrykaiser
My corporate security team did a scan of my server that houses my Joomla website and Community builder came up as a possibly security issue.

Web Application Potentially Vulnerable to Clickjacking - does not set an X-Frame-Options response header in all content responses. This could potentially expose the site to a
clickjacking or UI Redress attack wherein an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent or malicious transactions.

Does any one have any suggestions for this?

Please Log in or Create an account to join the conversation.

  • beat
  • beat
  • OFFLINE
  • Posts: 2169
  • Thanks: 463
  • Karma: 352
8 years 7 months ago #278240 by beat
Replied by beat on topic Security issue identified by Corporate Offices
This is not an issue of CB, but of your web (Apache?) server settings. Joomla itself doesn't handle that header. Just google for that error text, and there are articles writing about that setting. Or better, ask your hoster to add that header to his apache configuration.
Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info

Please Log in or Create an account to join the conversation.

8 years 7 months ago #278241 by larrykaiser
Replied by larrykaiser on topic Security issue identified by Corporate Offices
OK, thanks. The server is hosted in our office and does not use apache

I will see if I can figure it out.

thanks

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum