You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Something is causing Vega not to run response processing modules on a very early GET request (the first?). Any cookies sent by the server are stored in the request engine. As a result of this, WackoPicko does not generate an alert for insecure (!HttpOnly) cookies when it should.
To reproduce:
Scan WackoPicko. Note that in the first GET sent by Vega for /, Vega sends a PHPSESSID cookie, which it somehow already has.
The text was updated successfully, but these errors were encountered:
dma
added a commit
to dma/Vega
that referenced
this issue
Aug 20, 2013
Fixed by e6514d9. We may want to have a policy where response processing modules run on every response Vega gets, I'm in favor of this, but we'll have to refactor, as the ContentAnalyzer instance is not created until after the probes run.
Something is causing Vega not to run response processing modules on a very early GET request (the first?). Any cookies sent by the server are stored in the request engine. As a result of this, WackoPicko does not generate an alert for insecure (!HttpOnly) cookies when it should.
To reproduce:
Scan WackoPicko. Note that in the first GET sent by Vega for /, Vega sends a PHPSESSID cookie, which it somehow already has.
The text was updated successfully, but these errors were encountered: