AnsweredAssumed Answered

What triggered the vulnerability Apache HTTP Server HttpOnly Cookie Information Disclosure Vulnerability

Question asked by Choon Teck Ng on Aug 19, 2013
Latest reply on Aug 26, 2013 by Joe Gregory
I was using Qualys to scan on a site and was flagged for a vulnerability, "
Apache HTTP Server HttpOnly Cookie Information Disclosure Vulnerability". According to Qualys scan results,
Apache HTTP Server httpOnly Cookie Information Disclosure Vulnerability detected on port 443, however, the server has already mitigated by throwing an error 403 to prevent any unauthorised exploitation through the vulunerability mentioned. The solution provided was to was to upgrade to Apache version 2.2.22. Can i check what is the trigger for this issue that allow Qualys to flag it out? Is it due to the fact that the version has not been patched.
QID: 87120

Outcomes