Completed
Last Updated: 22 Jul 2016 10:30 by ADMIN
John
Created on: 03 Jan 2013 22:22
Category: UI for ASP.NET AJAX
Type: Bug Report
0
The production web-site must filter unlisted file extensions in URL requests. V-26046
Per DISA security hardening requirements, unlisted file extensions should be filtered in URL requests as seen in the following DISA STIG: http://www.stigviewer.com/check/V-26046

To do this, the Telerik UI for ASP.NET AJAX must publish extensions that are used in the libraries.  Without the extensions being published, it is not possible to implement this hardening requirement since the application will not function properly due to the unknown extensions being blocked.  Please publish the library extensions being used so that the hardening setting to filter unlisted file extensions can be turned on.  If this cannot be done, please identify the reasoning so that a deviation from the hardening requirement can be approved by the security team.
(Total attached files size should be smaller than 20mb. Allowed extensions: .zip, .rar, .jpg, .png, .gif)
1 comment
ADMIN
Rumen
Posted on: 22 Jul 2016 10:29
We do not have any extensions different from the ones of .NET and ASP.NET.  That's why we do not offer a list with the extensions since it is not needed. The most frequently used ones are *.axd, *.html, *.png, *.js, *.css.