The remote web server is prone to a cookie injection attack

Hi, we are running the Rasa Server and it is working fine. Customer did Nessus scan and it caught the below issue. Can please advise how to resolve or is there any justification where we can provide as exception? Below is the scan information. Thanks.

Plugin Output : The request string used to detect this flaw was : /<script>document.cookie=%22testqglm=3621;%22</script> The output was : HTTP/1.1 404 Not Found Connection: keep-alive Keep-Alive: 5 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Length: 81 Content-Type: text/plain; charset=utf-8 Error: Requested URL /<script>document.cookie=“testqglm=3621;”</script> not found

Description: The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to inject arbitrary cookies. Depending on the structure of the web application, it may be possible to launch a ‘session fixation’ attack using this mechanism. Please note that :

  • Nessus did not check if the session fixation attack is feasible.
  • This is not the only vector of session fixation.

Hi @thyravi! Thanks for bringing this up. Our server doesn’t process the query string. As you can see, a 404 is returned right away, and in any case the server does not return HTML, so it is not prone to cookie injections.