Hi, we are running the Rasa Server and it is working fine. Customer did Nessus scan and it caught the below issue. Can please advise how to resolve or is there any justification where we can provide as exception? Below is the scan information. Thanks.
Plugin Output : The request string used to detect this flaw was : /<script>document.cookie=%22testqglm=3621;%22</script> The output was : HTTP/1.1 404 Not Found Connection: keep-alive Keep-Alive: 5 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Length: 81 Content-Type: text/plain; charset=utf-8 Error: Requested URL /<script>document.cookie=“testqglm=3621;”</script> not found
- Nessus did not check if the session fixation attack is feasible.
- This is not the only vector of session fixation.