Task #11722
closedTask #11711: Security Vulnerability Scan 2023-05-18
Fix security issues in bill.dse.in.tum.de
0%
Description
{code:java}
############################################################
host: bill.dse.in.tum.de, ip: 131.159.102.1, tcp port: 80¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T06:06:18Z - efd03a30-679f-419b-99ec-7c7ad6511171 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: TWISTED_SESSION=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2luZm8iOnsiYW5vbnltb3VzIjp0cnVlfSwiZXhwIjoxNjg0NzM1NTg2fQ.lVixv2QHy-iw2xU8OjEtk9FtOj5Q7gFcdoSaX5FQcKU; Path=/
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: bill.dse.in.tum.de, ip: 131.159.102.1, tcp port: 1810¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T06:06:18Z - 5e6a0a96-6bf1-4ec9-8d6a-13eb8ce0eb02 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: TWISTED_SESSION=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2luZm8iOnsiYW5vbnltb3VzIjp0cnVlfSwiZXhwIjoxNjg0NzM1ODMyfQ.UaaQwLjwgsUkAhDj2LpTIUnS049Vkkhj4-n05Gr3QMo; Path=/
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie. {code}
Updated by Anonymous