Vulnerability: Cookie Without Secure Flag Set

Vulnerability: Cookie Without Secure Flag Set

Description: Cookies are set by the application without the secure flag.  Setting the secure flag instructs the browser to only transmit cookies over HTTPS, further minimizing risk of interception.

Reference: <http://cwe.mitre.org/data/definitions/614.html> - CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Download and install the latest patch, which contains all fixes from previous patches. If you are running an older version, download and install the latest version and then the patch. 

Environment

 6.51.736.8
 6.51.736, patch 15

Was this article helpful?