Vulnerabilities

Cookie Poisoning

A cookie poisoning attack and becomes exploitable when an attacker can manipulate the cookie in various ways.

Summary

This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases, this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.

Solution

Do not allow user input to control cookie names and values. If some query string parameters must be set in cookie values, be sure to filter out semicolons that can serve as name/value pair delimiters.

References

Secure Your Startup. Today.

We make your startup secure and compliant by implementing and managing the security controls your customers require.

Get Started

Latest Articles

View All Articles

Vulnerable JS Library

The Vulnerable JS Library is a common security issue that occurs when a web application uses outdated or unpatched JavaScript libraries. Cybercriminals exploit these vulnerabilities to gain access to sensitive data or cause damage to the application.

Vulnerabilities
 min read

Referer Exposes Session ID

The 'Referer Exposes Session ID' vulnerability is a type of security flaw that can allow an attacker to hijack a user's session by exploiting the Referer header in HTTP requests.

Vulnerabilities
 min read

Navigating GDPR Compliance on AWS

How to secure your AWS environment in compliance with the GDPR?

Mitigations
5
 min read