Hi, We found 3 vulnerabilities while scanning Grid Gain Web console application.
We are using HTTP and not HTTPS due to some issues on our side. Although vulnerabilities are of lower severity, but thought of reporting it here. 1) HTTP TRACE / TRACK Methods Enabled. (CVE-2004-2320 <https://nvd.nist.gov/vuln/detail/CVE-2004-2320>, CVE-2010-0386 <https://nvd.nist.gov/vuln/detail/CVE-2010-0386>, CVE-2003-1567 <https://nvd.nist.gov/vuln/detail/CVE-2003-1567>) 2) Session Cookie Does Not Contain the "Secure" Attribute. 3) Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability. (CVE-2004-2320 <https://nvd.nist.gov/vuln/detail/CVE-2004-2320>, CVE-2007-3008 <https://nvd.nist.gov/vuln/detail/CVE-2007-3008>) Can these be fixed? Thanks, Prasad On Tue, Dec 10, 2019 at 4:39 PM Denis Magda <dma...@apache.org> wrote: > It's free software without limitations. Just download and use it. > > - > Denis > > > On Tue, Dec 10, 2019 at 1:21 PM Prasad Bhalerao < > prasadbhalerao1...@gmail.com> wrote: > >> Hi, >> >> Can apache ignite users use it for free in their production environments? >> What license does it fall under? >> >> Thanks, >> Prasad >> >> On Fri, Oct 4, 2019 at 5:33 AM Denis Magda <dma...@apache.org> wrote: >> >>> Igniters, >>> >>> There is good news. GridGain made its distribution of Web Console >>> completely free. It goes with advanced monitoring and management >>> dashboard >>> and other handy screens. More details are here: >>> >>> https://www.gridgain.com/resources/blog/gridgain-road-simplicity-new-docs-and-free-tools-apache-ignite >>> >>> - >>> Denis >>> >>
