CWE-614

Overview

CWE ID
614

CWE Name
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE Abstraction
Variant

CWE structure
Simple

CWE Status
Draft

Description

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

Extended Description

Related CWEs

CWE ID	View ID	Nature	Ordinal
319	1000	ChildOf	Primary

Related CVEs

CVE
CVE-2018-25060
CVE-2023-0055
CVE-2022-24045
CVE-2022-4683
CVE-2022-25151
CVE-2022-4409
CVE-2022-21940
CVE-2021-27764
CVE-2020-27650
CVE-2023-4654
CVE-2023-3520
CVE-2023-46179
CVE-2023-5035
CVE-2023-5866
CVE-2023-42016
CVE-2024-2493
CVE-2024-0349
CVE-2024-35211
CVE-2023-42016
CVE-2024-2493
CVE-2024-0349
CVE-2024-35211
CVE-2024-35211
CVE-2023-33860
CVE-2024-41684
CVE-2024-43180