Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information Vulnerability Note VU#804060 Original Release Date: 2015-09-24 | Last Revised: 2015-10-28 RFC 6265 (previously RFC 2965) established HTTP State Management, also known as "cookies". In most web browser implementations of RFC 6265, cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and rev