Description
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
Remediation
References
Related Vulnerabilities
WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)
OpenVPN AS Resource Management Errors Vulnerability (CVE-2014-8104)
e107 Other Vulnerability (CVE-2010-0996)
PostgreSQL Arbitrary Code Execution Vulnerbality (CVE-2020-25696)
WordPress Plugin Afterpay Gateway for WooCommerce Cross-Site Scripting (3.2.0)