Details
Description
In our environment, we use wicket-ajax-jquery.js library. Our WebInspect vulnerability scan reported the vulnerability "ActiveX control discovery - Unpatched Application". It says
"Any application compiled using the vulnerable active template could be subject to code execution and information disclosure vulnerabilities".
Recommendations include applying any relevant service
pack or patch as listed in the Fix section, then recompiling and redistrubiting any software created prior to the update. If you
have already applied the proper fix, then this vulnerability can safely be ignored.
Ref:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
https://www.cvedetails.com/cve/CVE-2009-0901/
May i check that ActiveXObject used in the below code (wicket-ajax-jquery.js ) is created with patched version of Visual studio and is it free from this vulnerability ?
------
(window.ActiveXObject){try
{xmlDocument=new ActiveXObject ("Msxml2.DOMDocument.6.0")}catch(err6){try
{xmlDocument=new ActiveXObject ("Msxml2.DOMDocument.5.0")}catch(err5){try
{xmlDocument=new ActiveXObject ("Msxml2.DOMDocument.4.0")}catch(err4){try
{xmlDocument=new ActiveXObject ("MSXML2.DOMDocument.3.0")}catch(err3){try
{xmlDocument=new ActiveXObject ("Microsoft.XMLDOM")}catch(err2){Wicket.Log.error("Cannot create DOM
Attachments
Issue Links
- is part of
-
WICKET-6667 Ajax JavaScript clean-up
-
- Resolved
-
