SGD5.60 - Tarantella Cookies Do Not Fully Conform to Security Vulnerabilities (Doc ID 2814204.1)

Last updated on MARCH 14, 2024

Applies to:

Oracle Secure Global Desktop - Version 5.6 and later
Information in this document applies to any platform.

Symptoms

Customer claims that the cookies from the "sgdadmin console" are NOT secure.

Vodaphone vulnerability scans found a SGD admin console 'cookie' that is not considered 'secure'.

Customer claims they able to modify tarantella cookies (balanceid, JSESSIONID, LOAD_BALANCER_COOKIE) and make them state-of-the art security: (HttpOnly:true, SameSite: “strict”, Secure:true). However, one cookie for the sgdadmin console cannot be made 'secure':

Changes

No changes.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

SGD5.60 - Tarantella Cookies Do Not Fully Conform to Security Vulnerabilities (Doc ID 2814204.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!