Description

One or more cookies does have the Secure flag set, but it was set over an insecure connection. Although the Secure flag is an important security protection for session cookies, setting it over an insecure connection will prevent clients from sending the cookie back to the server. This is not a vulnerability, but an inconsistent configuration. As such, it does not have a direct impact on the security of the application, but may well affect its functionality.

Remediation

Make the target accessible through a secure connection. If that is not possible, ensure that the application does not depend on the cookies with the Secure flag.

Related Vulnerabilities

Oracle E-Business Suite Information Disclosure

SAP Knowledge Management and Collaboration (KMC) incorrect permissions

WebDAV Enabled

Laravel LogViewer open

Nuxt.js Running in Development Mode

Severity

Info

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration