Description

At least one of the following cookies properties causes the cookie to be invalid or incompatible with either a different property of the same cookie, of with the environment the cookie is being used in. Although this is not a vulnerability in itself, it will likely lead to unexpected behavior by the application, which in turn may cause secondary security issues.

Remediation

Ensure that the cookies configuration complies with the applicable standards.

References

MDN | Set-Cookie

Securing cookies with cookie prefixes

Cookies: HTTP State Management Mechanism

SameSite Updates - The Chromium Projects

draft-west-first-party-cookies-07: Same-site Cookies

Related Vulnerabilities

HTTP header reflected in cached response

Apache Tomcat version older than 6.0.36

Symfony debug mode enabled (AcuSensor)

Insecure Transportation Security Protocol Supported (SSLv3)

TLS/SSL Weak Cipher Suites

Severity

Low

Classification

CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration