
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Application Security
Is it secure to expose the application to the web?
Using QV Version: 12.0.203 with below javascripts:
ITEM ONE:
/qlikview/js/jquerymigrate.min.js Alert group Vulnerable Javascript library Severity Medium
Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version. Alert variants
Details
Detected Javascript library jquery-migrate version 1.2.1. The version was detected from file content.
References:
http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/
GET /qlikview/js/jquery-migrate.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*
ITEM TWO:
/qlikview/js/jquery.min.js Alert group Vulnerable Javascript library Severity Medium
Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version.
Alert variants
Details
Detected Javascript library jquery version 1.11.3. The version was detected from file content.
References:
https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
GET /qlikview/js/jquery.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*
Any suggestions.
Thanks
- Tags:
- qlikview_deployment

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No
