在 VA-PT 的 Ionic 应用程序中遇到此“常规服务器漏洞”和“HTTP TRACE 方法已启用”安全问题

Getting this 'General Server Vulnerabilities' and 'HTTP TRACE method is enabled' security concern in Ionic application in VA-PT

提问人:varun bhujbal 提问时间:10/30/2023 最后编辑:James Zvarun bhujbal 更新时间:10/31/2023 访问量:24

问:

我们的团队在 Ionic 应用程序中遇到了严重的安全问题。这些问题的根源在于我们的 Cordova 插件使用特定 API。

1. 一般服务器漏洞:

在我们的 Android 和 iOS 应用程序中,由于“一般服务器漏洞”,我们的 Cordova 插件调用的以下 API 引起了重大警报:

对于Android:

  • play.googleapis.com:443/c2dm/register3
  • https://play.googleapis.com:443/c2dm/register3

对于 iOS:

  • apple-finance.query.yahoo.com:443/v1/yql/applewf/multiquote
  • iid.googleapis.com:443/iid/register
  • https://iid.googleapis.com:443/iid/register

尽管我们付出了广泛的努力,但未能找到减轻这些担忧的可行解决方案。

2. HTTP TRACE 方法已启用:

此外,我们的 Cordova 插件利用了以下 API,导致发现启用了 HTTP TRACE 方法,从而带来了重大风险:

对于Android:

  • https://clientservices.googleapis.com:443/chrome-variations/se osname=android_webview&milestone=88

对于 iOS:

  • https://api-glb-aaps1b.smoot.apple.com:443/search
  • https://app-measurement.com:443
  • https://api.smoot.apple.com:443

我们不确定禁用 HTTP TRACE 方法并有效缓解此漏洞的适当步骤。

正在使用的插件:

我们的 Ionic 应用程序包含以下 Cordova 插件:

"@awesome-cordova-plugins/android-permissions": "^5.45.0",
"@awesome-cordova-plugins/app-version": "^5.45.0",
"@awesome-cordova-plugins/camera": "^5.45.0",
"@awesome-cordova-plugins/chooser": "^5.45.0",
"@awesome-cordova-plugins/clipboard": "^5.45.0",
"@awesome-cordova-plugins/core": "^5.45.0",
"@awesome-cordova-plugins/dialogs": "^5.45.0",
"@awesome-cordova-plugins/fcm": "^6.4.0",
"@awesome-cordova-plugins/file": "^5.45.0",
"@awesome-cordova-plugins/file-opener": "^5.45.0",
"@awesome-cordova-plugins/file-path": "^5.45.0",
"@awesome-cordova-plugins/file-transfer": "^5.45.0",
"@awesome-cordova-plugins/image-picker": "^6.4.0",
"@awesome-cordova-plugins/keyboard": "^5.45.0",
"@awesome-cordova-plugins/local-notifications": "^5.45.0",
"@awesome-cordova-plugins/network": "^5.44.0",
"@awesome-cordova-plugins/streaming-media": "^5.45.0",
"@awesome-cordova-plugins/toast": "^5.45.0",
"@ionic-native/browser-tab": "^5.36.0",
"@ionic-native/core": "^5.36.0",
"@ionic-native/crop": "^5.36.0",
"@ionic-native/file": "^5.36.0",
"@ionic-native/file-picker": "^5.36.0",
"@ionic-native/http": "^5.36.0",
"@ionic-native/image-picker": "^5.36.0",
"@ionic-native/in-app-browser": "^5.36.0",
"@ionic-native/keyboard": "^5.36.0",
"@ionic/angular": "^6.2.4",
"@ionic/angular-server": "^6.2.5",
"@ionic/cordova-builders": "^7.0.0",
"@ionic/storage": "^2.1.3",
"@ngrx/effects": "^14.3.0",
"@ngrx/store": "^14.3.0",
"ajv-keywords": "^5.1.0",
"autolinker": "^4.0.0",
"chart.js": "^4.3.0",
"cordova-browser": "6.0.0",
"cordova-plugin-androidx-adapter": "^1.1.3",
"cordova-plugin-iroot": "^3.1.0",
"cordova-plugin-telerik-imagepicker": "^2.3.2",
"crypto-js": "^4.1.1",
"dialog": "^0.3.1",
"domsanitizer": "^0.2.3",
"eslint-plugin-ngrx": "^2.1.4",
"ionic-5-gallery-modal": "^0.2.25",
"ionic-native": "^2.9.0",
"ionic-selectable": "^4.9.0",
"ionic4-star-rating": "^1.1.1",
"ios-sim": "^9.0.0",
"moment": "^2.29.4",
"ng-circle-progress": "^1.6.0",
"ng2-charts": "^4.1.1",
"ngx-linky": "^4.0.0",
"rxjs": "~6.6.0",

如何解决这些关键的安全漏洞?

Android iOS Angular 安全 离子框架

评论

0赞 Paulw11 10/31/2023
你的应用无法对启用的 TRACE 方法执行任何操作。它在服务器端启用,需要在那里禁用。您可以尝试与这些服务器的所有者一起记录安全漏洞事件,但 TRACE 方法甚至可能不会造成问题,“一般服务器漏洞”听起来也不受您的控制,但它也是对问题的相当无用的描述。

答: 暂无答案

上一个:Android Manifest 的 android:exported=“true” 来处理深层链接

下一个:如何检测应用程序中的机器人?