Article Content
Article Number | 000017742 |
Applies To | RSA enVision 4.1 |
Issue | Potential cross-site request forgery (CSRF) attack thwarted in pi_webserver.log - RSA enVision Jan 13, 2014 2:28:47 PM com.opensystems.privatei.util.Logger:SEVERE: potential cross-site request forgery (CSRF) attack thwarted (user:soc1007, ip:10.122.4.24, uri:/isaw/applet/analysis.webserver.common.jar.pack.gz, error:required token is missing from the request.) |
Cause | These url patterns are unprotected. For csrf, we append the token only to the protected resources and for the unprotected ones this is not required. |
Resolution | These logs are harmless, users can ignore these messages. |
Legacy Article ID | a65574 |