Forum Discussion

Parveez_70209's avatar
Parveez_70209
Icon for Nimbostratus rankNimbostratus
Feb 25, 2014

CVE-2004-0462 - Vulnerability Issue by Alertlogic

Hi,

 

CVE-2004-0462 - Vulnerability Issue by Alertlogic . Can this be mitigated by setting a "Secure" flag on the cookie attribute with an iRule. Kindly guide into this.

 

Thanks and Regards Parveez

 

4 Replies

  • Hi, The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. To fix this:

    when HTTP_RESPONSE {
    set myValues [HTTP::cookie names]
    foreach mycookies $myValues {
       HTTP::cookie secure $mycookies enable
    }
    }
    
  • Hi,

     

    I just did it, thanks for letting me know about this.

     

    Will definitely do in future posts too.

     

    Thanks and Regards Parveez