Article - CS351185
CSRF alert reported about URL as "/Windchill/netmarkets/jsp/wip/checkout_and_download.jsp"
Modified: 23-Aug-2021
Applies To
- Windchill PDMLink 11.1
Description
Example for one alert :
Corresponding entry in access.log :
| Cross Site Request Forgery | */wt.audit.AuditServiceEvent/CSRF | 13/07/2021 08:01:23 BST | John Doe (jdoe : PROD) | XXXXXX | XX.XXX.XXX.XXX | PROD | User | XXXXXXX | 0 | XXXXX | 0 | 0 | 0 | Site, Organization - ORG /PROD | wt.audit.AuditRecord:139086326 | John Doe (jdoe : PROD | Request ID: 165memty;kr179pl9;5964;ku18kp;7570 Request URI: https://HOST/Windchill/netmarkets/jsp/wip/checkout_and_download.jsp Referrer: https://HOST/Windchill/app/ |
Corresponding entry in access.log :
XX.XX.XX.XX - jdoe [13/Jul/2021:08:01:23 +0100] "POST /Windchill/ptc1/wip/checkout_and_download?context=tcomp%24infoPage%24VR%3Awt.doc.WTDocument%3A138792112%24VR%3Awt.doc.WTDocument%3A138792112%21*&componentType=INFO&cacheBuster=1626159678890&ContainerOid=OR%3Awt.pdmlink.PDMLinkProduct%3A108081674&oid=VR%3Awt.doc.WTDocument%3A138792112&u8=1&unique_page_number=58333017517440_0&actionName=checkout_and_download&portlet=poppedup&context=tcomp%24infoPage%24VR%3Awt.doc.WTDocument%3A138792112%24VR%3Awt.doc.WTDocument%3A138792112!*&oid=VR%3Awt.doc.WTDocument%3A138792112 HTTP/1.1" 200 2347 468752
This is a printer-friendly version of Article 351185 and may be out of date. For the latest version click CS351185