WhiteHat - Fixing the information leakage vulnerability

To fix the information leakage vulnerability:

  1. Add the below configuration in the Web.Config of the IIS website, on which the IRC and the CM application is hosted, located at install path of IIS website on which the IRC and the CM application is hosted\wwwroot - Register AntiHttpCrossSiteForgeryRequestModule managed module.

  2. Create the bin folder under install path of IIS website on which the IRC and the CM application is hosted\wwwroot.
  3. Copy the Approva.Presentation.Framework.HttpModule.dll from the [IRC Install Path]\BizRightsPresentation\bin to install path of IIS website on which the IRC and the CM application is hosted\wwwroot\bin.
  4. Remove or comment out the following node from these paths to unregister AntiHttpCrossSiteForgeryRequestModule managed HTTP module. (This module is already register in IRC and CM application as Inherited entry type from the IIS website, on which the IRC and the CM application is hosted.)
    • IRC: [Install path]\BizrightsPresentation\web.config
    • CM: [Install path]\presentation\web.config

  5. Copy the Approva.Presentation.Framework.HttpModule.dll from the [IRC Install Path]\BizRightsPresentation\bin to these locations:
    • IRC application
      • [IRC Install path]\Core\bin
      • [IRC Install path]\Adapters\TMonitor\bin
      • [IRC Install path]\BRPublisher\bin
      • [IRC Install path]\Settings\bin
        Note: Create a bin folder under the Settings folder, if not present already.

        [IRC Install drive]\Programs Files\Approva\PDSService\Bin

    • CM application
      • [CM Install Path]\CertificationManager\Presentation
      • [CM Install Path]\CertificationManager\Presentation\Dashboards
      • [CM Install Path]\CertificationManager\platform\pdsservice