SYSTEM WARNING: 'file_get_contents(https://www.clearos.com/?rendertype=json&get=header): failed to open stream: Connection refused' in '/var/www/virtual/newwrapper/cf_topmenu.inc' line 5

ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0021711ClearOSwebconfig-httpdpublic2018-10-02 14:332021-11-09 07:47
Reporterdloper 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version7.5.0 
Target Version7.6.0Fixed in Version7.6.0 
Summary0021711: HttpOnly flag needs to be set
DescriptionHttpOnly is an additional flag included in a Set-Cookie HTTP response header. If supported by the browser, using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie. If a browser that supports HttpOnly detects a cookie containing the HttpOnly flag, and client side script code attempts to read the cookie, the browser returns an empty string as the result. This causes the attack to fail by preventing the malicious (usually XSS) code from sending the data to an attacker's website.

Additional Information:

n.n.n.n:81
Cookie is not marked as HttpOnly: 'ci_csrf_token=485aaabce93237fdd26c1dd474576811; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]

n.n.n.n:81
Cookie is not marked as HttpOnly: 'clearos_lang=en_US; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0008531)
user2
2018-11-07 19:50

The ci_csrf_token does not have HTTPOnly set (javascript needs this for submitting CSRF protected data). All other cookies have HTTPOnly enabled.

- Issue History
Date Modified Username Field Change
2018-10-02 14:33 dloper New Issue
2018-10-30 14:08 user2 Status new => acknowledged
2018-10-30 14:27 user2 Target Version 7.5.0 Updates => 7.6.0
2018-11-07 19:50 user2 Note Added: 0008531
2018-11-07 19:50 user2 Status acknowledged => resolved
2018-11-07 19:50 user2 Fixed in Version => 7.6.0
2018-11-07 19:50 user2 Resolution open => fixed
2018-11-07 19:50 user2 Assigned To => user2
2021-11-09 07:47 NickH Status resolved => closed
2021-11-09 07:47 NickH Assigned To user2 =>

SYSTEM WARNING: 'file_get_contents(https://www.clearos.com/?rendertype=json&get=footer): failed to open stream: Connection refused' in '/var/www/virtual/newwrapper/cf_footer.inc' line 7