Last Updated: 22 Jul 2016 10:30 by ADMIN
Created on: 03 Jan 2013 22:22
Category: UI for ASP.NET AJAX
Type: Bug Report
The production web-site must filter unlisted file extensions in URL requests. V-26046
Per DISA security hardening requirements, unlisted file extensions should be filtered in URL requests as seen in the following DISA STIG:

To do this, the Telerik UI for ASP.NET AJAX must publish extensions that are used in the libraries.  Without the extensions being published, it is not possible to implement this hardening requirement since the application will not function properly due to the unknown extensions being blocked.  Please publish the library extensions being used so that the hardening setting to filter unlisted file extensions can be turned on.  If this cannot be done, please identify the reasoning so that a deviation from the hardening requirement can be approved by the security team.
1 comment
Posted on: 22 Jul 2016 10:29
We do not have any extensions different from the ones of .NET and ASP.NET.  That's why we do not offer a list with the extensions since it is not needed. The most frequently used ones are *.axd, *.html, *.png, *.js, *.css.