Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled.
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Onetest_server | Hcltech | 10.1 | 10.1 |
Onetest_server | Hcltech | 10.2 | 10.2 |
Onetest_server | Hcltech | 10.0 | 10.0 |
This Pillar covers several possibilities: