My Oracle Support Banner

Billing Care Issue - Session Cookie Missing Secure Flag (Doc ID 2579167.1)

Last updated on AUGUST 31, 2019

Applies to:

Oracle Communications Billing and Revenue Management - Version 7.5.0.20.0 and later
Information in this document applies to any platform.

Goal

The BC_JSESSIONID cookie is missing the secure flag, which can potentially
allow for man-in-the-middle attacks even if the rest of the application is
served over TLS.

See for reference:
https://www.pivotpointsecurity.com/blog/securing-web-cookies-secure-flag/

How to resolve this issue?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.