Description

One or more cookies does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL/TLS channels. This is an important security protection for session cookies.

Remediation

If possible, you should set the Secure flag for these cookies.

Related Vulnerabilities

ASP.NET ASPX debugging enabled

Jetty Information Disclosure (CVE-2021-34429)

ASP.NET WCF service include exception details

SAP NetWeaver server info information disclosure BCB

Content Security Policy Misconfiguration

Severity

Low

Classification

CWE-614 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration