Goto ... RSA DEV Avenue Home Page

403 - SiteMinder - An application was blocked.


An illegal or dangerous character was used so the application was blocked.

Please notify your application development team or helpdesk


What Happened:A Bad CSS Character was encoutered
Action Taken:Cross Site Scripting possibility has been blocked.


Description:
A Cross Site Scripting (CSS) attack can occur when the input text from the browser (typically, data from a post or data from query parameters on a URL) is displayed by an application without being filtered for characters that may form a valid, executable script when displayed at the browser.

When this security feature is enabled, the Web Agent scans a full URL, including the query string, for escaped and unescaped versions of the restricted character set.

Technical Information:


SiteMinder Web Agent Details:
If the Web Agent detects a problem related to the character set, it returns an Access Denied message to the user(this message), and logs the following message in the Agent error log:

Caught Possible Cross Site Scripting Violation in URL. Exiting with HTTP 403 ACCESS FORBIDDEN.

Illegal character used is one of... < > "
BadCSSChars
CSSChecking

Resolution: The URL and query string being used cannot contain escaped or unescaped versions of characters in the restricted character set.

Additional Information: Allowing these characters in a URL or Query string poses a known security risk.

Notes from Computer Associates on the Security risk: Click here
Notes from Microsoft about Cross Site Scripting:Click here