1 Reply Latest reply: Jan 16, 2018 4:01 PM by Ruel Ignacio RSS

    Application Security

    Ruel Ignacio

      Is it secure to expose the application to the web?

       

      Using QV Version: 12.0.203 with below javascripts:

       

       

      ITEM ONE:

       

       

      /qlikview/js/jquerymigrate.min.js Alert group Vulnerable Javascript library Severity Medium
      Description
      You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version. Alert variants
      Details
      Detected Javascript library jquery-migrate version 1.2.1. The version was detected from file content.
      References:
      http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/

      GET /qlikview/js/jquery-migrate.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*

      ITEM TWO:
      /qlikview/js/jquery.min.js Alert group Vulnerable Javascript library Severity Medium
      Description
      You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. Recommendations Upgrade to the latest version.
      Alert variants
      Details
      Detected Javascript library jquery version 1.11.3. The version was detected from file content.
      References:
      https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/

      GET /qlikview/js/jquery.min.js HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: https://ifms.vsecorp.com/qlikview/index.htm Host: ifms.vsecorp.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */*

       

      Any suggestions.

      Thanks