Forum Discussion

Nimbostratus

Feb 25, 2014

CVE-2004-0462 - Vulnerability Issue by Alertlogic

Hi, CVE-2004-0462 - Vulnerability Issue by Alertlogic . Can this be mitigated by setting a "Secure" flag on the cookie attribute with an iRule. Kindly guide into this. Thanks and Regards Pa...

Nacreous

Feb 25, 2014

Hi, The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. To fix this:

when HTTP_RESPONSE {
set myValues [HTTP::cookie names]
foreach mycookies $myValues {
   HTTP::cookie secure $mycookies enable
}
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

CVE-2004-0462 - Vulnerability Issue by Alertlogic

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Any way to cache HEAD request

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

Related Content

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

BYOEDR, Undetectable backdoor, WhoFi, Cyberattack to airline, and Clickjacking vulnerability

Coordinated Vulnerability Disclosure: A Balanced Approach

Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS Post-Quantum Standards Explained

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS