The Cookie Sandwich Attack!

The "cookie sandwich" attack is a newly discovered technique that allows attackers to bypass the HttpOnly flag on certain servers, exposing sensitive cookies, including session identifiers, to client-side scripts. 

The attack exploits flaws in how web servers parse cookies when special characters, quotes, and legacy attributes are introduced. By strategically crafting cookie headers, attackers can manipulate the server's interpretation of cookie structures, effectively exposing HttpOnly cookies. 

The attack leverages legacy cookie parsing, quoted strings, and backslash unescaping to achieve this.

The vulnerability affects web applications relying on legacy parsing or frameworks that support quoted strings by default, such as Apache Tomcat versions 8.5.x, 9.0.x, and 10.0.x. 

Review your infrastructure and applications for this vulnerability!