Title Back Colour Keyoti Title Line Title Curve
Blue Box Top

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute - RapidSpell Web Java - Forum

Welcome Guest Search | Active Topics | Log In | Register

Options
senthil83
#1 Posted : Tuesday, October 22, 2019 7:43:48 PM
Rank: Newbie

Groups: Registered

Joined: 10/22/2019
Posts: 3

Hi Team,

We are using "RapidSpellWeb.jar" in our application and when we perform scan, we founded "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute" vulnerability.

Could you please let us know whether this vulnerability has been fixed in latest version?

Also, it would be helpful if you could share the link to download the latest JAR with above fix?

Thanks
Jim
#2 Posted : Wednesday, October 23, 2019 6:02:52 PM
Rank: Advanced Member

Groups: Administrators, Registered

Joined: 8/13/2004
Posts: 2,596
Location: Canada
Hi Senthil, here you are https://www.dropbox.com/.../RapidSpellWeb.jar?dl=0

As a note, the cookie didn't contain anything sensitive, just user options.

Thanks
-your feedback is helpful to other users, thank you!


senthil83
#3 Posted : Wednesday, October 23, 2019 6:34:38 PM
Rank: Newbie

Groups: Registered

Joined: 10/22/2019
Posts: 3
Thanks Jim!

If i use the latest JAR will that vulnerability will get solved?

Since, we need to rescan our application.
Jim
#4 Posted : Wednesday, October 23, 2019 8:07:52 PM
Rank: Advanced Member

Groups: Administrators, Registered

Joined: 8/13/2004
Posts: 2,596
Location: Canada
Yes, assuming the scanner works properly.
-your feedback is helpful to other users, thank you!


senthil83
#5 Posted : Wednesday, October 23, 2019 10:33:19 PM
Rank: Newbie

Groups: Registered

Joined: 10/22/2019
Posts: 3
Thanks Jim again!

One last clarification, does RapidSpellWeb.JAR uploaded in Maven Repository?

If so, could you please share the URL?

Thanks!
Jim
#6 Posted : Thursday, October 24, 2019 5:25:11 PM
Rank: Advanced Member

Groups: Administrators, Registered

Joined: 8/13/2004
Posts: 2,596
Location: Canada
No, it's not in the central repository.

Jim
-your feedback is helpful to other users, thank you!


Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.




About | Contact | Site Map | Privacy Policy

Copyright © 2002- Keyoti Inc.