Missing Secure Attribute SSL Cookie Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running a server with SSL and is prone to information disclosure vulnerability.

Insight

The flaw is due to SSL cookie is not using 'secure' attribute, which allows cookie to be passed to the server by the client over non-secure channels (http) and allows attacker to conduct session hijacking attacks. remote systems. Impact Level: Application

Affected

Server with SSL. Workaround: Set the 'secure' attribute for any cookies that are sent over an SSL connection.

References

http://www.ietf.org/rfc/rfc2965.txt
https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)
Apache /server-status accessible

Take action and discover your vulnerabilities