Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anonymous
Not applicable
‎2018-01-16 04:01 PM

Application Security

Is it secure to expose the application to the web?

Using QV Version: 12.0.203 with below javascripts:

ITEM ONE:

/qlikview/js/jquerymigrate.min.js Alert group Vulnerable Javascript library Severity Medium
 Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version. Alert variants
Details
Detected Javascript library jquery-migrate version 1.2.1. The version was detected from file content.
References:
http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/
GET /qlikview/js/jquery-migrate.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*
ITEM TWO:
/qlikview/js/jquery.min.js Alert group Vulnerable Javascript library Severity Medium
Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version.
Alert variants
Details
Detected Javascript library jquery version 1.11.3. The version was detected from file content.
References:
https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
GET /qlikview/js/jquery.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*

 

Any suggestions.

Thanks

 

934 Views
0 Likes
1 Reply
petter
Partner - Champion III
Partner - Champion III
‎2018-01-19 02:46 AM

No

577 Views
0 Likes