Missing Secure Attribute In Encrypted Session (SSL) Cookie // Disable WebDav
(Doc ID 2027178.1)
Last updated on SEPTEMBER 08, 2016
Applies to:Oracle Demantra Demand Management - Version 7.3.1 and later
Information in this document applies to any platform.
we are running Demantra application (18.104.22.168) on tomcat 6.0.44 , a security scan has reported that the application is sending non secure cookies over SSL (we can see the username/password) in clear text.
1- please advise how can we add the 'Secure' attribute to all sensitive cookies.
2- please advise how can we disable the WebDAV in the application.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document