Description

The session-timeout configuration element from WEB-INF/web.xml defines the default session timeout interval for all sessions created in this web application.

The current configuration specified a session timeout value greater than 30 minutes.

Remediation

Decrease the value for session-timeout in WEB-INF/web.xml like in this example: 


30

References

Session Timeout

Related Vulnerabilities

XML external entity injection and XML injection

Cookies with missing, inconsistent or contradictory properties

ASP.NET ValidateRequest globally disabled

RethinkDB administrative interface publicly exposed

The Heartbleed Bug

Severity

Medium

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Configuration