Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Cookie Overly Broad Path Detected
#2
(06-23-2023, 04:32 AM)pgnair Wrote: Hi Team
A new vulnerability got in the VAPT. How can fix it please?
Thanks
Pramod



Cookie Overly Broad Path Detected

The cookie 'path' attribute signifies the URL or path for which the cookie is valid. If an overly broad path like root '/' is specified in the cookie then it is accessible through other applications on the same domain. Exposing the cookie to all web applications on the domain can lead to sensitive information disclosure like session identifier etc. and can cause one application to compromise another application.
Hi Alex

Kindly advise how to fix it?

Currently below attributes are True and 'Same Site' property is set as ssoLax

HTTPOnly
RunCookieCheck
Secure
SessionCookies
Use Cookies

Thanks
Pramod
Reply


Messages In This Thread
Cookie Overly Broad Path Detected - by pgnair - 06-23-2023, 04:32 AM
RE: Cookie Overly Broad Path Detected - by pgnair - 06-27-2023, 05:19 AM
RE: Cookie Overly Broad Path Detected - by pgnair - 06-30-2023, 09:41 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)