Description

One ore more session cookies are scoped to the parent domain instead of a sub-domain. If a cookie is scoped to a parent domain, then this cookie will be accessible by the parent domain and also by any other sub-domains of the parent domain. This could lead to security problems.

Remediation

If possible, the session cookies should be scoped strictly to a sub-domain.

References

Related Vulnerabilities