Hi Sumit
Please see my response below your question.
-Original Message-
From: Sumit Bhardwaj
Sent: Saturday, July 20, 2019 8:48 AM
To: Tomcat Users List
Subject: Security vulnerabilities with tomcat 9
> Hi,
>
> We are using tomcat 9 and getting following two vulner
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sumit,
On 7/20/19 08:47, Sumit Bhardwaj wrote:
> Hi,
>
> We are using tomcat 9 and getting following two vulnerabilities in
> security scans.
>
> Cookie Does Not Contain The "secure" Attribute (1) Cookie Does Not
> Contain The "HTTPOnly"
If you have a load balancer you will need to add these attributes there as
well...
Sent from my T-Mobile 4G LTE Device
Original message
From: Sumit Bhardwaj
Date: 7/20/19 8:52 AM (GMT-05:00)
To: Tomcat Users List
Subject: Security vulnerabilities with tomcat 9
Hi,
We
Hi,
We are using tomcat 9 and getting following two vulnerabilities in security
scans.
Cookie Does Not Contain The "secure" Attribute (1)
Cookie Does Not Contain The "HTTPOnly" Attribute (1)
We have done things mentioned in
https://geekflare.com/secure-cookie-flag-in-tomcat/
true
true
and