Detections
Analytics
Web Server HttpOnly Cookies Not In Use
medium Nessus Network Monitor Plugin ID 5799
Synopsis
The remote server does not adequately protect data stored with cookiesDescription
Based on the HTTP 'Cookie' header, NNM has determined that the remote server is not using the 'HttpOnly' cookie setting. By not using this setting, client side script can access the cookie. This can allow attackers to access cookies with potentially confidential data.Solution
Configure your web server or application to use the 'HttpOnly' tag.See Also
http://www.owasp.org/index.php/HttpOnly
http://msdn.microsoft.com/en-us/library/ms533046(v=vs.85).aspx