000017742 - Potential cross-site request forgery (CSRF) attack thwarted found in pi_webserver.log - RSA enVision

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017742
Applies ToRSA enVision 4.1
IssuePotential cross-site request forgery (CSRF) attack thwarted in pi_webserver.log - RSA enVision
Jan 13, 2014 2:28:47 PM com.opensystems.privatei.util.Logger:SEVERE: potential cross-site request forgery (CSRF) attack thwarted (user:soc1007, ip:10.122.4.24, uri:/isaw/applet/analysis.webserver.common.jar.pack.gz, error:required token is missing from the request.)
CauseThese url patterns are unprotected. For csrf, we append the token only to the protected resources and for the unprotected ones this is not required.
ResolutionThese logs are harmless, users can ignore these messages.
Legacy Article IDa65574

Attachments

    Outcomes