Property
Language
Severity
CWE	CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP	A05:2021 - Security Misconfiguration
Confidence Level	Medium
Impact Level	Low
Likelihood Level	Low

Description

A response in your Pyramid application is setting a cookie without enabling the ‘httponly’ flag. This means client-side scripts can access the cookie, leaving it exposed to potential theft via cross-site scripting (XSS) attacks.

Impact

If exploited, an attacker could steal sensitive cookies such as session tokens from a user’s browser, potentially hijacking user accounts or gaining unauthorized access to protected areas of your application. This puts user data and application security at risk.

Property
Language
Severity
CWE	CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP	A05:2021 - Security Misconfiguration
Confidence Level	Medium
Impact Level	Low
Likelihood Level	Low

Description

Authentication cookies in your Pyramid application are being set without the ‘httponly=True’ flag. This means client-side scripts can access these sensitive cookies, increasing the risk of them being stolen.

Impact

If exploited, attackers could use malicious scripts (like XSS) to steal authentication cookies, potentially allowing unauthorized access to user accounts and compromising sensitive data. This can lead to account takeover and broader security breaches within your application.

Property
Language
Severity
CWE	CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP	A05:2021 - Security Misconfiguration
Confidence Level	Medium
Impact Level	Low
Likelihood Level	Low

Description

The Pyramid AuthTkt cookie is being set without the ‘httponly’ flag enabled. This makes the authentication cookie accessible to client-side scripts, increasing the risk of it being stolen through cross-site scripting (XSS) attacks.

Impact

If exploited, an attacker could steal a user’s authentication cookie via malicious scripts, potentially allowing them to hijack user sessions and gain unauthorized access to sensitive parts of your application. This compromises user data and could lead to further attacks within your system.

Property
Language
Severity
CWE	CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP	A05:2021 - Security Misconfiguration
Confidence Level	Medium
Impact Level	Low
Likelihood Level	Low

Description

A response in your Pyramid application sets a cookie without explicitly setting the ‘httponly’ flag to True. This means the cookie can be accessed by client-side scripts in the browser.

Impact

If exploited, attackers could steal sensitive cookies through cross-site scripting (XSS), potentially gaining unauthorized access to user accounts or sensitive data. This weakens session security and increases the risk of account compromise.

Property
Language
Severity
CWE	CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP	A05:2021 - Security Misconfiguration
Confidence Level	Low
Impact Level	Low
Likelihood Level	Low

Description

The application configures Rails’ cookie-based session store with the ‘HttpOnly’ or ‘Secure’ flags set to false. This means session cookies may be accessible to client-side scripts or transmitted over insecure connections.

Impact

Without these flags, attackers could steal session cookies through cross-site scripting (XSS) or network interception, potentially hijacking user sessions and gaining unauthorized access to sensitive user data or actions.

Property
Language
Severity
CWE	CWE-918: Server-Side Request Forgery (SSRF)
OWASP	A10:2021 - Server-Side Request Forgery (SSRF)
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Low

Description

The EC2 instance is configured to allow the older Instance Metadata Service v1 (IMDSv1) by not requiring IMDSv2 tokens. This weakens security by making the metadata service more accessible to potential attackers.

Impact

If exploited, attackers could use Server-Side Request Forgery (SSRF) or other methods to access sensitive instance metadata, such as credentials or configuration details, potentially leading to unauthorized AWS access or privilege escalation.

Property
Language	csharp
Severity
CWE	CWE-918: Server-Side Request Forgery (SSRF)
OWASP	A10:2021 - Server-Side Request Forgery (SSRF)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

SSRF is an attack vector that abuses an application to interact with the internal/external network or the machine itself.

Property
Language	csharp
Severity
CWE	CWE-918: Server-Side Request Forgery (SSRF)
OWASP	A10:2021 - Server-Side Request Forgery (SSRF)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

SSRF is an attack vector that abuses an application to interact with the internal/external network or the machine itself.

Property
Language	csharp
Severity
CWE	CWE-918: Server-Side Request Forgery (SSRF)
OWASP	A10:2021 - Server-Side Request Forgery (SSRF)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

The application accepts a URL or similar input and uses it to make server-side HTTP requests without properly validating or restricting the destination. This can let attackers supply malicious URLs that the server will fetch on their behalf.

Impact

If exploited, attackers could access internal systems, sensitive data, or cloud metadata that should not be exposed outside the network. This can result in data leaks, unauthorized network access, or even allow attackers to pivot deeper into your infrastructure.

Property
Language	csharp
Severity
CWE	CWE-918: Server-Side Request Forgery (SSRF)
OWASP	A10:2021 - Server-Side Request Forgery (SSRF)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

The application makes HTTP requests using user-supplied input without validating or restricting the URLs. This allows attackers to trick the server into sending requests to unintended or sensitive locations.

Impact

If exploited, attackers could access internal services, sensitive files, or cloud metadata endpoints from within your network. This could lead to data exposure, bypass of security controls, or leveraging your server for further attacks.