Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Vulnerability scanner has reported the following:
1.Cookies with missing, inconsistent or contradictory properties i)cookie without SameSite attribute
- https://<rs-ip>:<rs-port>/region.jsp
Remediation: To ensure that the cookies configuration complies with the applicable standards, Setting Same-Site attribute to Set-Cookie HTTP response header
Plan: Make Same-Site Configurable
2.Insecure Referrer Policy
URLs where Referrer policy configuration is insecure:
- https://<rs-ip>:<rs-port>/rs-status
- https://<rs-ip>:<rs-port>/region.jsp
- https://<rs-ip>:<rs-port>/
- https://<rs-ip>:<rs-port>/conf
- https://<rs-ip>:<rs-port>/logLevel
- https://<rs-ip>:<rs-port>/logs/
Remediation: Consider setting Referrer-Policy header to 'strict-origin-when-cross-origin' or a stricter value
Plan: Make Referrer-Policy header Configurable.