Title Back Colour Keyoti Title Line Title Curve
Blue Box Top

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute - RapidSpell Web Java - Forum

Welcome Guest Search | Active Topics | Log In | Register

Options
senthil83
#1 Posted : Tuesday, October 22, 2019 7:43:48 PM
Rank: Newbie

Groups: Registered

Joined: 10/22/2019
Posts: 5

Hi Team,

We are using "RapidSpellWeb.jar" in our application and when we perform scan, we founded "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute" vulnerability.

Could you please let us know whether this vulnerability has been fixed in latest version?

Also, it would be helpful if you could share the link to download the latest JAR with above fix?

Thanks
Jim
#2 Posted : Wednesday, October 23, 2019 6:02:52 PM
Rank: Advanced Member

Groups: Administrators, Registered

Joined: 8/13/2004
Posts: 2,669
Location: Canada
Hi Senthil, here you are https://www.dropbox.com/.../RapidSpellWeb.jar?dl=0

As a note, the cookie didn't contain anything sensitive, just user options.

Thanks
-your feedback is helpful to other users, thank you!


senthil83
#3 Posted : Wednesday, October 23, 2019 6:34:38 PM
Rank: Newbie

Groups: Registered

Joined: 10/22/2019
Posts: 5
Thanks Jim!

If i use the latest JAR will that vulnerability will get solved?

Since, we need to rescan our application.
Jim
#4 Posted : Wednesday, October 23, 2019 8:07:52 PM
Rank: Advanced Member

Groups: Administrators, Registered

Joined: 8/13/2004
Posts: 2,669
Location: Canada
Yes, assuming the scanner works properly.
-your feedback is helpful to other users, thank you!


senthil83
#5 Posted : Wednesday, October 23, 2019 10:33:19 PM
Rank: Newbie

Groups: Registered

Joined: 10/22/2019
Posts: 5
Thanks Jim again!

One last clarification, does RapidSpellWeb.JAR uploaded in Maven Repository?

If so, could you please share the URL?

Thanks!
Jim
#6 Posted : Thursday, October 24, 2019 5:25:11 PM
Rank: Advanced Member

Groups: Administrators, Registered

Joined: 8/13/2004
Posts: 2,669
Location: Canada
No, it's not in the central repository.

Jim
-your feedback is helpful to other users, thank you!


senthil83
#7 Posted : Friday, November 29, 2019 6:59:42 PM
Rank: Newbie

Groups: Registered

Joined: 10/22/2019
Posts: 5
Thanks again!

Do i need to change the code as part of JAR upgrade?

Please let me know

Thanks!
senthil83
#8 Posted : Friday, November 29, 2019 7:09:08 PM
Rank: Newbie

Groups: Registered

Joined: 10/22/2019
Posts: 5
Hi Jim,

When i checked the latest release version v5.2 updates. I couldnt able to find on addressing "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute" vulnerability.

Could you please advise?

New in v5.2

1) Added ability to set field labels for the dialog checker with JS mode usage, see Dialog page in the help.
2) E7 Fix browser contextmenu being shown when right clicking on error word.
3) Chrome v57 introduced an issue with INPUT (single line) text boxes being wrongly sized in height, which has been fixed.
4) Fixed issue with cursor not being visible (when first clicked) in single line text boxes in Chrome.
5) Russian translation correction.

Thanks
Jim
#9 Posted : Friday, November 29, 2019 9:53:22 PM
Rank: Advanced Member

Groups: Administrators, Registered

Joined: 8/13/2004
Posts: 2,669
Location: Canada
No you shouldn't need to change your code if you are already on v5.

5.2 was released before you asked about the secure cookie issue. There is actually nothing that needs to be secure in that cookie, so it is not an urgent update. When we release 5.3 it will have the cookie fix, but like I say, it's not urgent, the patch was just to make your scanner happy.

Best
Jim
-your feedback is helpful to other users, thank you!


Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.




About | Contact | Site Map | Privacy Policy

Copyright © 2002- Keyoti Inc.