Cookie Accessible for Subdomains
Impact: Informational
Description
If the Set-Cookie
header contains the Domain
attribute, browsers automatically send the cookie to any subdomains of the specified domain. This allows subdomains to access data in cookies.
Recommendation
Remove the Domain
attribute from Set-Cookie
attribute.
References
👉 You might also like:
Session Cookie Accessible for Subdomains - Vulnerability
PHP Version Disclosure - Vulnerability
X-Powered-By Header Found - Vulnerability
ASP.NET Version Disclosure - Vulnerability
Last updated on October 10, 2021