How to Buy
This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
HTTP session cookies may be transmitted in cleartext.
However, there are instances where the application is running over
unencrypted HTTP or the cookie(s) are not marked 'secure', meaning
the browser could send them back over an unencrypted link under
As a result, it may be possible for a remote attacker to intercept
See also :
- Host the web application on a server that only provides SSL (HTTPS).
- Mark all cookies as 'secure'.
Risk factor :
Medium / CVSS Base Score : 4.3
Family: Web Servers
Nessus Plugin ID: 49218 (http_insecure_session_cookie.nasl)
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.