Follow below steps to address the vulnerability:
- Login to EasiShare Server (where WEB or CAWEB portals are hosted).
- Go to IIS > Expand Sites > Expand "Default Web Site" > Select CAWEB Portal.
- Right Panel > Double Click on " HTTP Response Headers ".
- Click "ADD" from the right panel.
Enter response header "Name" = X-Frame-Options
Enter "Value" = SAMEORIGIN - Click "OK".
- Select WEB Portal > Right Panel > Double Click on " HTTP Response Headers ".
- Repeat step 4 and 5 for WEB portal.
Steps to verify:
1. Launch Internet Explorer (IE) and go to WEB or CAWEB portal website
2. Press F12 (from Keyboard) and for Developer Tools
3. Go to Network tab -> Details
4. Click on Response Headers and search for X-Frame-Options
Comments