Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Oct 06, 2021

Vulnerability issue for this CWE ID 614

Hi Friends ,

How we can resolve this vulnerability flaw on f5 :

CWE ID 614 -- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute -- PD-H-SESSION-ID

application delivery

Daniel_Wolf
MVP
Oct 07, 2021
Hi ,
you could use an iRule to add the Secure flag to the cookie.
when HTTP_RESPONSE { set ckname "mycookie" if { [HTTP::cookie exists $ckname] } { HTTP::cookie secure $ckname enable } }
Just replace mycookie with the name of your cookie.
KR
Daniel
sandip_kakade
Nimbostratus
Oct 26, 2021
Thanks

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming