NASA PDS Tool Vulnerability: SSL Failure in URLUtils Exposes Cookie Data

A security vulnerability has been identified in NASA's Planetary Data System (PDS) software. The issue resides in the `URLUtils.java` file within the `pds4-jparser` tool. Multiple instances of CWE-311 (Failure to use SSL) were flagged, specifically concerning the handling of SSO cookies. The warnings indicate that the `ssoCookie.setSecure(true)` method is not being called before `addCookie`, which could allow cookies to be transmitted over unencrypted HTTP connections instead of HTTPS. This failure to enforce secure flags on authentication cookies creates a risk of session hijacking or credential theft via man-in-the-middle attacks, as sensitive cookie data could be viewed in plain text if intercepted. The vulnerability is present on lines 195, 228, and 286 of the file. The report calls for an update to ensure a secure connection is enforced for all cookie transactions to prevent potential data exposure.