1. Home
  2. Weaknesses
  3. CWE-614

CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

ID CWE-614
Abstraction Variant
Structure Simple
Status Draft
Number of CVEs 29
Detail CAPEC Dashboard Vulnerabilities Web & Social
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

Modes of Introduction

Phase Note
Implementation

Applicable Platforms

Type Class Name Prevalence
Technology Web Based

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-319 Cleartext Transmission of Sensitive Information Base Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-102 Session Sidejacking CWE-614

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date