0021711: HttpOnly flag needs to be set - ClearFoundation Tracker

ClearFoundation Tracker - ClearOS
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0021711	ClearOS	webconfig-httpd	public	2018-10-02 14:33	2021-11-09 07:47

Reporter	dloper
Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Platform		OS		OS Version
Product Version	7.5.0
Target Version	7.6.0	Fixed in Version	7.6.0

Summary	0021711: HttpOnly flag needs to be set
Description	HttpOnly is an additional flag included in a Set-Cookie HTTP response header. If supported by the browser, using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie. If a browser that supports HttpOnly detects a cookie containing the HttpOnly flag, and client side script code attempts to read the cookie, the browser returns an empty string as the result. This causes the attack to fail by preventing the malicious (usually XSS) code from sending the data to an attacker's website. Additional Information: n.n.n.n:81 Cookie is not marked as HttpOnly: 'ci_csrf_token=485aaabce93237fdd26c1dd474576811; path=/; domain=n.n.n.n' URL: https://n.n.n.n:81/app/base/ [^] n.n.n.n:81 Cookie is not marked as HttpOnly: 'clearos_lang=en_US; path=/; domain=n.n.n.n' URL: https://n.n.n.n:81/app/base/ [^]
Steps To Reproduce
Additional Information
Tags	No tags attached.
Relationships
Attached Files

Issue History
Date Modified	Username	Field	Change
2018-10-02 14:33	dloper	New Issue
2018-10-30 14:08	user2	Status	new => acknowledged
2018-10-30 14:27	user2	Target Version	7.5.0 Updates => 7.6.0
2018-11-07 19:50	user2	Note Added: 0008531
2018-11-07 19:50	user2	Status	acknowledged => resolved
2018-11-07 19:50	user2	Fixed in Version	=> 7.6.0
2018-11-07 19:50	user2	Resolution	open => fixed
2018-11-07 19:50	user2	Assigned To	=> user2
2021-11-09 07:47	NickH	Status	resolved => closed
2021-11-09 07:47	NickH	Assigned To	user2 =>

Notes