STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

Cookies exchanged between the web server and the client, such as session cookies, must have cookie properties set to prohibit client-side scripts from reading the cookie data.

DISA Rule

SV-70261r2_rule

Vulnerability Number

V-56007

Group Title

SRG-APP-000439-WSR-000154

Rule Version

SRG-APP-000439-WSR-000154

Severity

CAT II

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Configure the web server to disallow client-side scripts the capability of reading cookie information.

Check Contents

Review the web server documentation and deployed configuration to determine how to disable client-side scripts from reading cookies.

If the web server is not configured to disallow client-side scripts from reading cookies, this is a finding.

Vulnerability Number

V-56007

Documentable

False

Rule Version

SRG-APP-000439-WSR-000154

Severity Override Guidance

Review the web server documentation and deployed configuration to determine how to disable client-side scripts from reading cookies.

If the web server is not configured to disallow client-side scripts from reading cookies, this is a finding.

Check Content Reference

M

Target Key

2557

Comments