Hi, Prasad Thanks for reporting this issue. Could you describe how I can reproduce these issues locally? What tooling I could use?
We need this to check that issues were fixed before next release. Thanks! On Tue, Dec 10, 2019 at 3:10 PM Prasad Bhalerao < [email protected]> wrote: > Hi, > > We found 3 vulnerabilities while scanning Grid Gain Web console > application. > > We are using HTTP and not HTTPS due to some issues on our side. Although > vulnerabilities are of lower severity, but thought of reporting it here. > > 1) HTTP TRACE / TRACK Methods Enabled. (CVE-2004-2320 > <https://nvd.nist.gov/vuln/detail/CVE-2004-2320>, CVE-2010-0386 > <https://nvd.nist.gov/vuln/detail/CVE-2010-0386>, CVE-2003-1567 > <https://nvd.nist.gov/vuln/detail/CVE-2003-1567>) > 2) Session Cookie Does Not Contain the "Secure" Attribute. > 3) Web Server HTTP Trace/Track Method Support Cross-Site Tracing > Vulnerability. (CVE-2004-2320 > <https://nvd.nist.gov/vuln/detail/CVE-2004-2320>, CVE-2007-3008 > <https://nvd.nist.gov/vuln/detail/CVE-2007-3008>) > > Can these be fixed? > > Thanks, > Prasad > > > On Tue, Dec 10, 2019 at 4:39 PM Denis Magda <[email protected]> wrote: > >> It's free software without limitations. Just download and use it. >> >> - >> Denis >> >> >> On Tue, Dec 10, 2019 at 1:21 PM Prasad Bhalerao < >> [email protected]> wrote: >> >>> Hi, >>> >>> Can apache ignite users use it for free in their production environments? >>> What license does it fall under? >>> >>> Thanks, >>> Prasad >>> >>> On Fri, Oct 4, 2019 at 5:33 AM Denis Magda <[email protected]> wrote: >>> >>>> Igniters, >>>> >>>> There is good news. GridGain made its distribution of Web Console >>>> completely free. It goes with advanced monitoring and management >>>> dashboard >>>> and other handy screens. More details are here: >>>> >>>> https://www.gridgain.com/resources/blog/gridgain-road-simplicity-new-docs-and-free-tools-apache-ignite >>>> >>>> - >>>> Denis >>>> >>> -- Alexey Kuznetsov
