Vulnerability Info:
The secure cookie flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text.
Solution:
The fix that i am proposing is Secure the Cookies Session adding the “Secure” attribute into the session-config section on: fess-14.6.1/app/WEB-INF/web.xml
Result:
the cookies are still not secured even i added below lines on web.xml
