Description

At least one of the following cookies properties causes the cookie to be invalid or incompatible with either a different property of the same cookie, of with the environment the cookie is being used in. Although this is not a vulnerability in itself, it will likely lead to unexpected behavior by the application, which in turn may cause secondary security issues.

Remediation

Ensure that the cookies configuration complies with the applicable standards.

References

MDN | Set-Cookie

Securing cookies with cookie prefixes

Cookies: HTTP State Management Mechanism

SameSite Updates - The Chromium Projects

draft-west-first-party-cookies-07: Same-site Cookies

Related Vulnerabilities

SharePoint user enumeration

XML External Entity Injection via external file

Web Cache Poisoning via JSONP and UTM_ parameter

Missing Content-Type Header

Laravel Horizon open

Severity

Low

Classification

CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration