This host is running Apache HTTP Server and is prone to cookie information disclosure vulnerability.
Successful exploitation will allow attackers to obtain sensitive information that may aid in further attacks. Impact Level: Application
Upgrade to Apache HTTP Server version 2.2.22 or later, For updates refer to http://httpd.apache.org/
The flaw is due to an error within the default error response for status code 400 when no custom ErrorDocument is configured, which can be exploited to expose 'httpOnly' cookies.
Apache HTTP Server versions 2.2.0 through 2.2.21
Updated on 2015-03-25
- GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
- IBM WebSphere Application Server Multiple CSRF Vulnerabilities
- Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)
- Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability
- lighttpd Slow Request Handling Remote Denial Of Service Vulnerability