Documentation - V-206436

V-206436

Web Server Security Requirements Guide

CAT II

Title

Web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.

Description

<VulnDiscussion>A cookie is used when a web server needs to share data with the client's browser. The data is often used to remember the client when the client returns to the hosted application at a later date. A session cookie is a special type of cookie used to remember the client during the session. The cookie will contain the session identifier (ID) and may contain authentication data to the hosted application. To protect this data from easily being compromised, the cookie can be encrypted. ...

Fix Text (Documentation Requirement)

Configure the web server to send the cookie to the client via SSL/TLS without using cookie compression.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel