Hello everyone,
How to overcome VMware ESXi 5.5 update 2 Server "Web Application Potentially Vulnerable to Clickjacking"? Is there any new patch or any KB from vmware? We are using VUM.
Please help.
Can you please point us to an official public source where this vulnerability is described?
I cannot find anything about it?!
Sorry for delay response. The warning is reported by Nessus Report. Update: Same Warning also reported on ESXi 5.5U3.
Hello,
Just running Nessus and demanding a fix doesn't make much sense.
Nessus runs a number of tests and the results need to be interpreted and verified by a security researcher to see if it actually is a problem or if something is wrong with the test.
There's usually a lot of false positives.
So yes Nessus is a useful tool, but no it isn't giving you a conclusive report.
Note that it says "potentially" in the title, in other words, the report has a "we're not sure, but it might be vulnerable to" .. line.
Click jacking normally is also a bigger problem on websites accessible to the internet as it is on a local network.
I'm just assuming that your http interface of your ESXi server isn't accessible to the internet and if it is.. I think you have bigger problems already.
--
Wil
That Nessus plugin (85582) is rather new so it will probably be quite a while before vendors fix their applications.
For reference: https://discussions.tenable.com/thread/9429
Thank you for the info.