Forum Discussion

Nimbostratus

Oct 06, 2021

Vulnerability issue for this CWE ID 614

Hi Friends , How we can resolve this vulnerability flaw on f5 : CWE ID 614 -- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute -- PD-H-SESSION-ID

application delivery

BIG-IP

Daniel_Wolf

MVP

Oct 07, 2021

Hi ,

you could use an iRule to add the Secure flag to the cookie.

when HTTP_RESPONSE {
    set ckname "mycookie"
    if { [HTTP::cookie exists $ckname] } {
        HTTP::cookie secure $ckname enable
    }
}

Just replace mycookie with the name of your cookie.

Daniel

Forum Discussion

Vulnerability issue for this CWE ID 614

Recent Discussions

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

BWC iRule

Can iRule be used to perform exception of IPI category based on Geolocation

help irules for compatibilty

Wildcard SSL Certificate Deployment on F5 LTM

Related Content

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Regex issue

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Vulnerability CVE-2023-45648 in ApacheTomcat

Re: Mitigation of OWASP API6: 2019 Mass Assignment vulnerability using F5 Distributed Cloud Platform