Description

One or more cookies does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL/TLS channels. This is an important security protection for session cookies.

Remediation

If possible, you should set the Secure flag for these cookies.

References

SameSite None Cookie Not Marked as Secure - Invicti

Related Vulnerabilities

Apache Tomcat examples directory vulnerabilities

qdPM Information Disclosure

ASP.NET ViewStateUserKey Is Not Set

Httpoxy vulnerability

Apache Kafka Unauthorized Access Vulnerability

Severity

Low

Classification

CWE-614 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration