Description
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-3809 Vulnerability (CVE-2013-3809)
WordPress Plugin Adsense Extreme 'adsensextreme[lang]' Parameter Remote File Include (1.0.3)
MySQL CVE-2018-2782 Vulnerability (CVE-2018-2782)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.30)
WordPress Plugin Contact Form by Supsystic Cross-Site Scripting (1.7.19)