"This server is vulnerable to a cross-domain attack. Ensure only trusted domains are added to the cross-domain policy file."
A cross-domain attack occurs when untrusted domains are configured in policy files giving access to the source domain content.
This allows attackers unrestricted access to sensitive information and services to which the authenticated user has access.
A cross-domain policy file (crossdomain.xml) defines a list of domains that specifies permissions for the application to communicate with servers other than the one on which it is hosted.
When making a cross-domain request, the application will first look for a policy file in the target domain to determine whether the cross-domain requests, including headers, and socket-based connections are allowed.
If a cross-domain policy file includes untrusted domains, then the application might be attacked by these untrusted domains.
Specify only trusted domains in the cross-domain policy file.
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.