CAPEC Related Weakness
Accessing/Intercepting/Modifying HTTP Cookies
CWE-20 Improper Input Validation
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-311 Missing Encryption of Sensitive Data
CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-384 Session Fixation
CWE-472 External Control of Assumed-Immutable Web Parameter
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-565 Reliance on Cookies without Validation and Integrity Checking
CWE-602 Client-Side Enforcement of Server-Side Security
CWE-642 External Control of Critical State Data
CWE-724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Exploitation of Trusted Identifiers
CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length
CWE-290 Authentication Bypass by Spoofing
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-346 Origin Validation Error
CWE-384 Session Fixation
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-602 Client-Side Enforcement of Server-Side Security
CWE-642 External Control of Critical State Data
CWE-664 Improper Control of a Resource Through its Lifetime