Vulnerability issue for this CWE ID 614

Question

Hi Friends ,&nbsp;How we can resolve this vulnerability flaw on f5 :&nbsp;CWE ID 614 -- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute&nbsp;-- PD-H-SESSION-ID

daniel_wolf · Answer

Hi &nbsp;,you could use an iRule to add the Secure flag to the cookie.when HTTP_RESPONSE {
    set ckname "mycookie"
    if { [HTTP::cookie exists $ckname] } {
        HTTP::cookie secure $ckname enable
    }
}Just replace mycookie with the name of your cookie.KRDaniel

sandip_kakade · Answer

Thanks

Forum Discussion

Vulnerability issue for this CWE ID 614

2 Replies

Recent Discussions

About IPI check ip list

Cookie Violation - Expired TimeStamp.

About custome Response Blocking Page

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

CGNAT with DS-lite and LSN

Related Content

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Regex issue

Vulnerability CVE-2023-45648 in ApacheTomcat

Re: Mitigation of OWASP API6: 2019 Mass Assignment vulnerability using F5 Distributed Cloud Platform

Python script to test if a F5 BIG-IP is vulnerable to cve-2023-46747