On deploying our application to our pre-release environment we have found that our proxy is blocking a potential security vulnerability.
This is the vulnerability identified:
This is the vulnerability identified:
http://www.m86security.com/labs/vulnerability.asp?xmlid=500462
We are currently using 2010 Q2 components.
2 Answers, 1 is accepted
0
Hello Aaron,
Basically, Telerik.Web.UI.WebResource.axd is the HTTP web resource handler some of RadControls use to fetch scripts, styles and sprite images. Unfortunately, ASP.NET resource handlers are not very much venerated by web security products, as they are often treated as a web security vulnerability. Part of the suspicious behavior of the script resource handlers is that there is no physical file named WebResource.axd (or ScriptResource.axd for standard ASP.NET ScriptManager) present in the web site root.
Try creating an empty WebResource.axd file and see if you are getting the same warnings.
Regards,
Georgi Tunev
the Telerik team
Basically, Telerik.Web.UI.WebResource.axd is the HTTP web resource handler some of RadControls use to fetch scripts, styles and sprite images. Unfortunately, ASP.NET resource handlers are not very much venerated by web security products, as they are often treated as a web security vulnerability. Part of the suspicious behavior of the script resource handlers is that there is no physical file named WebResource.axd (or ScriptResource.axd for standard ASP.NET ScriptManager) present in the web site root.
Try creating an empty WebResource.axd file and see if you are getting the same warnings.
Regards,
Georgi Tunev
the Telerik team
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Public Issue Tracking
system and vote to affect the priority of the items
0
Aaron
Top achievements
Rank 1
Rank 1
answered on 15 Nov 2010, 10:27 PM
Update:
Basically the security firewall was identifying the Telerik WebResource as a potential threat.
Rather than changing our code we were able to get security to whitelist Telerik resources, as our department has already marked Telerik as approved software.
Cheers
Aaron
Basically the security firewall was identifying the Telerik WebResource as a potential threat.
Rather than changing our code we were able to get security to whitelist Telerik resources, as our department has already marked Telerik as approved software.
Cheers
Aaron