-
Suggestion
-
Resolution: Timed out
-
None
-
None
-
1
-
2
-
Our security department has scanned our Jira (v7.4.2#74004-sha1:586975d) using an IBM tool called Appscan. It reported a possible vulnerability. I have to prepare a response to indicate if this is a known problem and when or if it will be fixed. I require your assistance please. Text from the report follows:
- Missing Secure Attribute in Encrypted Session (SSL) Cookie- It may be possible to steal user and session information (cookies) that was sent during an encrypted session.
Recommendation: Add the 'Secure' attribute to all sensitive cookies.
[JSWSERVER-16436] Missing Secure Attribute in Encrypted Session (SSL) Cookie
| Workflow | Original: JAC Suggestion Workflow [ 3065351 ] | New: JAC Suggestion Workflow 3 [ 3657270 ] |
| Status | Original: RESOLVED [ 5 ] | New: Closed [ 6 ] |
| Support reference count | Original: 1 | New: 2 |
| UIS | New: 1 |
| Resolution | New: Timed out [ 10 ] | |
| Status | Original: Gathering Interest [ 11772 ] | New: Resolved [ 5 ] |
| Workflow | Original: Confluence Workflow - Public Facing v4 [ 2631940 ] | New: JAC Suggestion Workflow [ 3065351 ] |
| Support reference count | New: 1 |
steve moffat
created issue -