CCE-50165-0Platform: cpe:/o:apple:mac_os_13 | Date: (C)2024-04-17 (M)2024-04-17 |
For most users mission critical information on websites (Internal or External) are likely to require JavaScript and if the browser does not allow JavaScript the site will not work well, or at all and may lead to help desk calls.
Rationale:For normal user experience in web browsing JavaScript must be enabled. Specialized browsing for specific use cases, advanced users or explicit domains may be desirable but is cumbersome in the current environment.
Impact:Purposely malicious JavaScript on allowed pages is a security vulnerability and may not be acceptable in certain environments. User expectations must be managed if JavaScript use is considered as too risky.
Remediation:
Profile Method:
Create or edit a configuration profile with the following information:
1. The PayloadType string is com.apple.Safari
2. The key to include is WebKitPreferences.javaScriptEnabled
3. The key must be set to: <true/>
Parameter:
[Yes/No]
Technical Mechanism:
Remediation:
Profile Method:
Create or edit a configuration profile with the following information:
1. The PayloadType string is com.apple.Safari
2. The key to include is WebKitPreferences.javaScriptEnabled
3. The key must be set to: true/
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.6 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 3.4 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:99059 |