You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "abbas ali (Jira)" <ji...@apache.org> on 2020/10/21 01:40:00 UTC
[jira] [Created] (WICKET-6846) wicket-ajax-jquery.js ActiveX
control discovery - Unpatched Application
abbas ali created WICKET-6846:
---------------------------------
Summary: wicket-ajax-jquery.js ActiveX control discovery - Unpatched Application
Key: WICKET-6846
URL: https://issues.apache.org/jira/browse/WICKET-6846
Project: Wicket
Issue Type: Task
Components: wicket
Environment: Windows 2012
Reporter: abbas ali
In our environment, we use wicket-ajax-jquery.js library. Our WebInspect vulnerability scan reported the vulnerability "ActiveX control discovery - Unpatched Application". It says
"Any application compiled using the vulnerable active template could be subject to code execution and information disclosure vulnerabilities".
Recommendations include applying any relevant service
pack or patch as listed in the Fix section, then recompiling and redistrubiting any software created prior to the update. If you
have already applied the proper fix, then this vulnerability can safely be ignored.
May i check that ActiveXObject used in the below code (wicket-ajax-jquery.js ) is created with patched version of Visual studio and is it free from this vulnerability ?
------
(window.ActiveXObject){try{xmlDocument=new ActiveXObject
("Msxml2.DOMDocument.6.0")}catch(err6){try{xmlDocument=new ActiveXObject
("Msxml2.DOMDocument.5.0")}catch(err5){try{xmlDocument=new ActiveXObject
("Msxml2.DOMDocument.4.0")}catch(err4){try{xmlDocument=new ActiveXObject
("MSXML2.DOMDocument.3.0")}catch(err3){try{xmlDocument=new ActiveXObject
("Microsoft.XMLDOM")}catch(err2){Wicket.Log.error("Cannot create DOM
--
This message was sent by Atlassian Jira
(v8.3.4#803005)