Troubleshooting
Problem
Cause
https://www.ibm.com/support/pages/clickjacking-through-x-frame-option-header
If we do not have some of these values set, the scan will tell us there is a vulnerability.
There are three possible values for the X-Frame-Options header:
1. DENY, which prevents any domain from framing the content. The "DENY" setting is recommended unless a specific need has been identified for framing.
2. SAMEORIGIN, which only allows the current site to frame the content.
3. ALLOW-FROM uri, which permits the specified 'uri' to frame this page. (e.g., ALLOW-FROM http://www.example.com) Check Limitations Below this will fail open if the browser does not support it.
Diagnosing The Problem
Resolving The Problem
-
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages ...
Upgrade IBM Control Center to v6.1.2.0 base or higher.
Fix is not available prior to v6.1.2.0.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
17 January 2023
UID
ibm10959885