Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive

Severity: Information
Summary#

Invicti detected that wildcard was used in port portion of a CSP directive.

Impact#

There is no direct impact, however in conjunction with some other issues this can be abused by an attacker. Wildcard means you trust all the applications hosted in all of the ports of the target domain. For example another port on the same IP address might be a vulnerable hosting panel control application.

Remediation#

If this is not really necessary use a static port. If you need the use the wildcard then ensure that you trust the all ports of the target URI.

Classifications#
OR

Search Vulnerability

Tags

CSP

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works