VariantDraft
CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Category: auth
Description
The Secure attribute for sensitive cookies in HTTPS sessions is not set.
Common consequences· 1
- Confidentiality — Read Application DataOmitting the secure flag makes it possible for the user agent to send the cookies in plaintext over an HTTP session.
Potential mitigations· 1
- [Implementation]Always set the secure attribute when the cookie should be sent via HTTPS only.
Related CAPEC attack patterns· 1
References
Exploits (incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Session Sidejackingcapec-102 | 100% | live |
(incoming)2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-24897cve-2025-24897 | 0% | live |
| Vulnerability | CVE-2025-8037cve-2025-8037 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.