CDR Tickets
| Issue Number | 4923 |
|---|---|
| Summary | Address "low" vulnerabilities |
| Created | 2020-12-23 12:40:30 |
| Issue Type | Improvement |
| Submitted By | Kline, Bob (NIH/NCI) [C] |
| Assigned To | Kline, Bob (NIH/NCI) [C] |
| Status | Closed |
| Resolved | 2021-01-20 09:51:54 |
| Resolution | Fixed |
| Path | /home/bkline/backups/jira/ocecdr/issue.281135 |
Description
We have been asked by CBIIT to harden our admin interface. Report from the app scan of Maxwell attached. We have one year to address these.
Comment entered 2021-01-20 09:51:54 by Kline, Bob (NIH/NCI) [C]
Fixed on DEV.
Comment entered 2021-01-20 09:56:15 by Kline, Bob (NIH/NCI) [C]
To test, bring up https://cdr-dev.cancer.gov/trace.axd in a browser (adjusting the URL when we get to the other CDR tiers). The response should not contain a stack trace, nor should it disclose the version of ASP.Net run by the server. Instead the response should look like this:
Attachments
| File Name | Posted | User |
|---|---|---|
| cdr-stage.cancer.gov_20201223_NS-NoVuln.pdf | 2020-12-23 12:39:49 | Kline, Bob (NIH/NCI) [C] |
| image-2021-01-20-09-56-01-799.png | 2021-01-20 09:56:02 | Kline, Bob (NIH/NCI) [C] |
Elapsed: 0:00:00.001340