Forum Discussion

sandip_kakade's avatar
Icon for Nimbostratus rankNimbostratus
Oct 06, 2021

Vulnerability issue for this CWE ID 614

Hi Friends ,


How we can resolve this vulnerability flaw on f5 :


CWE ID 614 -- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute -- PD-H-SESSION-ID

2 Replies

  • Hi  ,

    you could use an iRule to add the Secure flag to the cookie.

    when HTTP_RESPONSE {
        set ckname "mycookie"
        if { [HTTP::cookie exists $ckname] } {
            HTTP::cookie secure $ckname enable

    Just replace mycookie with the name of your cookie.