AnsweredAssumed Answered

QID's 150123 & 150122 http only and secure cookie attributes

Question asked by Jdan S on Jun 9, 2015
Latest reply on Aug 23, 2017 by marcos.m


I'm scanning a staging web application (using WAS) and our developers are remediating the two vulnerabilites 150123 and 150122. The issue is that the scan is seeing this vulnerability from a google analytics javascript library. Are these considered false positive and or why is Qualys reporting on these?

 

ex: __utmd=1; expires=Tue Jun 9 10:16:02 2015; path=/; (domain left out)  -------------------------------__utmd is googles anonymous visitor tracking cookie.

Outcomes