Looking for the vulnerability index of Invicti's legacy products?
Overly long session timeout in servlet configuration - Vulnerability Database

Overly long session timeout in servlet configuration

Description

The session-timeout configuration element from WEB-INF/web.xml defines the default session timeout interval for all sessions created in this web application.

The current configuration specified a session timeout value greater than 30 minutes.

Remediation

Decrease the value for <strong>session-timeout</strong> in WEB-INF/web.xml like in this example: <pre> &lt;session-config&gt; &lt;session-timeout&gt;30&lt;/session-timeout&gt; &lt;/session-config&gt; </pre>

Related Vulnerabilities