You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "abbas ali (Jira)" <ji...@apache.org> on 2020/10/21 01:40:00 UTC

[jira] [Created] (WICKET-6846) wicket-ajax-jquery.js ActiveX control discovery - Unpatched Application

abbas ali created WICKET-6846:
---------------------------------

             Summary: wicket-ajax-jquery.js   ActiveX control discovery - Unpatched Application
                 Key: WICKET-6846
                 URL: https://issues.apache.org/jira/browse/WICKET-6846
             Project: Wicket
          Issue Type: Task
          Components: wicket
         Environment: Windows 2012
            Reporter: abbas ali


In our environment, we use wicket-ajax-jquery.js library. Our WebInspect vulnerability scan reported the vulnerability "ActiveX control discovery - Unpatched Application". It says 
"Any application compiled using the vulnerable active template could be subject to code execution and information disclosure vulnerabilities".

 

Recommendations include applying any relevant service
pack or patch as listed in the Fix section, then recompiling and redistrubiting any software created prior to the update. If you
have already applied the proper fix, then this vulnerability can safely be ignored.

 

May i check that ActiveXObject used in the below code (wicket-ajax-jquery.js ) is created with patched version of Visual studio and is it free from this vulnerability ?

 

------

(window.ActiveXObject){try{xmlDocument=new ActiveXObject
("Msxml2.DOMDocument.6.0")}catch(err6){try{xmlDocument=new ActiveXObject
("Msxml2.DOMDocument.5.0")}catch(err5){try{xmlDocument=new ActiveXObject
("Msxml2.DOMDocument.4.0")}catch(err4){try{xmlDocument=new ActiveXObject
("MSXML2.DOMDocument.3.0")}catch(err3){try{xmlDocument=new ActiveXObject
("Microsoft.XMLDOM")}catch(err2){Wicket.Log.error("Cannot create DOM



--
This message was sent by Atlassian Jira
(v8.3.4#803005)