Vulnerability & Exploit Database

Back to search

Missing Secure Flag From SSL Cookie

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) May 30, 2011 August 16, 2011 June 19, 2013

Description

The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP and HTTPS, then there is the potential that the cookie can be sent in clear text.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

add-secure-to-ssl-cookie