Question & Answer
Question
How can I configure IBM Rational ClearQuest Web server to set the SECURE and HTTPOnly attributes on its cookie?
Cause
A security scan of ClearQuest Web server might report that the SECURE and HTTPOnly attributes are not set.
Answer
You can configure WebSphere Application Server to better manage vulnerability issues associated with the HTTP session cookie.
- Set the SECURE attribute on the ClearQuest Web server cookie to restrict the exchange of cookies to HTTPS connections. For information about the SECURE attribute, see section 3 of Technote 1427901, WebSphere Application Server Configurables for Managing HTTP Session Cookie Vulnerability.
- Set the HTTPOnly attribute to prevent scripts from capturing or manipulating session-cookie information. For information about the HTTPOnly attribute, see the following resources:
[{"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.1.2;7.1.2.1;7.1.2.2;7.1.2.3;7.1.2.4;7.1.2.5;7.1.2.6;7.1.2.7;7.1.2.8;7.1.2.9;8.0;8.0.0.1;8.0.0.2;8.0.0.3;8.0.0.4;8.0.0.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21628378