Description

One ore more session cookies are scoped to the parent domain instead of a sub-domain. If a cookie is scoped to a parent domain, then this cookie will be accessible by the parent domain and also by any other sub-domains of the parent domain. This could lead to security problems.

Remediation

If possible, the session cookies should be scoped strictly to a sub-domain.

Related Vulnerabilities

Node.js Debugger Unauthorized Access Vulnerability

TLS/SSL certificate key size too small

ColdFusion RDS Service enabled

Apache Spark Master Unauthorized Access Vulnerability

Oracle applications logs publicy available

Severity

Low

Classification

CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration