CX HttpOnlyCookies_In_Config @ src/main/webapp/WEB-INF/web.xml [master]

satyamchaurasiapersistent / JavaVulnerableLab

lab

0 stars 0 forks source link

CX HttpOnlyCookies_In_Config @ src/main/webapp/WEB-INF/web.xml [master] #83

Closed satyamchaurasiapersistent closed 2 years ago

satyamchaurasiapersistent commented 2 years ago

HttpOnlyCookies_In_Config issue exists @ src/main/webapp/WEB-INF/web.xml in branch master

The src\main\webapp\WEB-INF\web.xml application configuration file, at line 1, does not define sensitive application cookies with the "httpOnly" flag, which could allow client-side scripts access to the session cookies.

Severity: Medium

CWE:1004

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 1

Code (Line #1):

<!DOCTYPE web-app PUBLIC

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.

satyamchaurasiapersistent commented 2 years ago

Issue still exists.