hi all,
I may be misreading my scan output results, but I get the following and
when I check all of these specific IDs they are for redirects like 302 or a
404. Should this even be reported for HTTP responses that are not really
content for the user (like a normal 200 with HTML content)
Is this something that can be filtered out? asking because I need to report
these in our monthly deployments to production to our security team and I
don't want to raise any unnecessary flags. I'm using the latest build in
git as of today.
However if these are truly issues I should fix I'm open to that.
thanks for any discussion on this.
[Mon Jul 7 22:06:42 2014 - vulnerability] The whole target web application
has no protection (Pragma and Cache-Control headers) against sensitive
content caching. This vulnerability was found in the requests with ids 16,
36, 42 to 43 and 50.
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
