Looking for the vulnerability index of Invicti's legacy products?
Spring Boot Misconfiguration: Overly long session timeout - Vulnerability Database

Spring Boot Misconfiguration: Overly long session timeout

Description

The server.servlet.session.timeout configuration item from the Spring properties file defines the default session timeout interval for all sessions created in this web application.

The current configuration specified a session timeout value greater than 30 minutes.

Remediation

Decrease the value for <strong>server.servlet.session.timeout</strong> in the Spring properties file like in this example: <pre> server.servlet.session.timeout=30 </pre>

Related Vulnerabilities