-1

recently my jackrabbit(2.8.0) has been scanned by nessue with 2 issue

one is some jsp page has clickjacking (please seejackrabbit webdav use HTTP)

and the other is use http instead of https (please see some jackrabbit's jsp page have cickjacking)

try to google but no luck ( or maybe I use wrong keyword), is these 2 issue can be mitigated or workaround ?

or , can webdav be simply disabled?

borgliu
  • 3
  • 1
  • Please don't post images of code or errors. Instead [edit] your question and provide a [mcve]. See [ask]. – Robert Nov 04 '21 at 03:09

1 Answers1

1
  1. The "HTTP" issue can easily be mitigated by turning off HTTP.
  2. The other issue is a non-issue.

General advice: install available updates; you are several years behind the current version.

Julian Reschke
  • 40,156
  • 8
  • 95
  • 98
  • I just take over this system no long, but I will try to convince develop team to use latest version – borgliu Nov 09 '21 at 13:08