diff --git a/http/misconfiguration/cloudflare-rocketloader-htmli.yaml b/http/misconfiguration/cloudflare-rocketloader-htmli.yaml index 537db5402b..a7938a6177 100644 --- a/http/misconfiguration/cloudflare-rocketloader-htmli.yaml +++ b/http/misconfiguration/cloudflare-rocketloader-htmli.yaml @@ -6,8 +6,10 @@ info: severity: low description: | The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc. + remediation: Disable the rocket loader or Add a CSP header to fix this issue. reference: - https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/ + - https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements metadata: max-request: 1 verified: true @@ -37,4 +39,4 @@ http: - type: status status: - 200 -# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950 \ No newline at end of file +# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950