Skip to Main Content

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Please ask technical questions in the appropriate category. Thank you!

Absence of Anti-CSRF Tokens

Mic BrownApr 17 2024

Hi, a vulnerability scan was done using OWASP ZAP on my oracle apex application and it shows the following medium alert.
No Anti-CSRF Tokens: No Anti-CSRF tokens were found in an HTML submission form. No Anti-CSRF token.
GET method
Evidence: <form role="none" action="wwv_flow.accept p_context=100:9999:8791051967498" method="post" name="wwv_flow" id="wwvFlowForm" data-oj-binding-provider="none" novalidate autocomplete="off">
Other Info: No Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken,
csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token,
_csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the
following HTML forms: [Form 1: "P9999_PASS" "P9999_USER"
"pContext" "pFlowId" "pFlowStepId" "pInstance" "pPageFormRegionChecksums"
"pPageItemsProtected" "pPageItemsRowVersion" "pPageSubmissionId"
"pReloadOnSubmit" "pRequest" "pSalt" ].

Any recommendations to make to solve this?

Comments
Post Details
Added on Apr 17 2024
0 comments
107 views