Application Security Terminology

Glossary

Insufficient Cross-Domain Configuration

Insufficient Cross-Domain Configuration refers to the cross-domain policy file (crossdomain.xml) that grants a web client – such as Adobe Flash Player, Adobe Reader, etc. – permission to handle data across multiple domains. 

When a client hosts content from a particular source domain and that content makes requests directed towards a domain other than its own, the remote domain will need to host a cross-domain policy file that grants access to the source domain, allowing the client to continue with the transaction. Policy files grant read access to data, permit a client to include custom headers in cross-domain requests, and are also used with sockets to grant permissions for socket-based connections. 

Insufficient Cross-Domain Configuration reflects a poorly configured Flash or Adobe application that can be compromised to allow an attacker inappropriate access to all of the resources allowed in the Cross-Domain Configuration file.