cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Vulnerability issue for this CWE ID 614

sandip_kakade
Nimbostratus
Nimbostratus

Hi Friends ,

 

How we can resolve this vulnerability flaw on f5 :

 

CWE ID 614 -- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute -- PD-H-SESSION-ID

2 REPLIES 2

Hi  ,

 

you could use an iRule to add the Secure flag to the cookie.

when HTTP_RESPONSE { set ckname "mycookie" if { [HTTP::cookie exists $ckname] } { HTTP::cookie secure $ckname enable } }

Just replace mycookie with the name of your cookie.

 

KR

Daniel

sandip_kakade
Nimbostratus
Nimbostratus

Thanks