CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
        • Android
        • Aws-lambda
        • Castor
        • Java-jwt
        • Jax-rs
        • Jboss
        • Jdo
        • Jedis
        • Jjwt
        • Jsch
        • Kryo
        • Lang
        • Micronaut
        • Mongo
        • Mongodb
        • Mysql
        • Okhttp
        • Rmi
        • Servlets
          • Security
          • Security
            • Audit
              • Cookie-httponly-false
              • Cookie-missing-httponly
              • Cookie-missing-samesite
              • Cookie-missing-secure-flag
              • Cookie-secure-flag-false
                • Cookie secure flag false
              • Formatted-sql-string
              • Http-response-splitting
              • Unvalidated-redirect
              • Url-rewriting
              • Xssrequestwrapper-is-insecure
            • Castor-deserialization-deepsemgrep
            • Crlf-injection-logs-deepsemgrep
            • Crlf-injection-logs
            • Httpservlet-path-traversal-deepsemgrep
            • Httpservlet-path-traversal
            • Kryo-deserialization-deepsemgrep
            • No-direct-response-writer-deepsemgrep
            • No-direct-response-writer
            • Nosql-injection-servlets
            • Objectinputstream-deserialization-servlets
            • Servletresponse-writer-xss-deepsemgrep
            • Servletresponse-writer-xss
            • Tainted-cmd-from-http-request-deepsemgrep
            • Tainted-cmd-from-http-request
            • Tainted-code-injection-from-http-request-deepsemgrep
            • Tainted-code-injection-from-http-request
            • Tainted-ldapi-from-http-request-deepsemgrep
            • Tainted-ldapi-from-http-request
            • Tainted-session-from-http-request-deepsemgrep
            • Tainted-session-from-http-request
            • Tainted-sql-from-http-request-deepsemgrep
            • Tainted-sql-from-http-request
            • Tainted-ssrf-deepsemgrep-add
            • Tainted-ssrf-deepsemgrep-format
            • Tainted-ssrf-deepsemgrep
            • Tainted-ssrf
            • Tainted-xml-decoder-deepsemgrep
            • Tainted-xml-decoder
            • Tainted-xpath-from-http-request-deepsemgrep
            • Tainted-xpath-from-http-request
            • Xstream-anytype-deserialization-deepsemgrep
            • Xxe
        • Spring
        • Thymeleaf
        • Xstream
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Cookie-secure-flag-false

    Cookie secure flag false

    A cookie was detected without setting the ‘secure’ flag. The ‘secure’ flag for cookies prevents the client from transmitting the cookie over insecure channels such as HTTP. Set the ‘secure’ flag by calling ‘$COOKIE.setSecure(true);‘
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
    OWASP:
    - A05:2021 - Security Misconfiguration

    Cookie missing secure flagFormatted sql string
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.