CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag

AI Translation Available

The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.

Status

incomplete

Abstraction

variant

Likelihood

medium

Affected Platforms

Web Based Web Server

Technical Details

AI Translation

confidentiality integrity

read application data gain privileges or assume identity

automated static analysis

Phases:

implementation

Descriptions:

• Leverage the HttpOnly flag when setting a sensitive cookie in a response.

AI Generated Translation

riservatezza integrità

leggere dati applicazione ottenere privilegi o assumere identità

analisi statica automatizzata

Phases:

implementazione

Descriptions:

• Sfrutta il flag HttpOnly quando imposti un cookie sensibile in una risposta.