I was using Qualys to scan on a site and was flagged for a vulnerability, "
Apache HTTP Server HttpOnly Cookie Information Disclosure Vulnerability". According to Qualys scan results,
Apache HTTP Server httpOnly Cookie Information Disclosure Vulnerability detected on port 443, however, the server has already mitigated by throwing an error 403 to prevent any unauthorised exploitation through the vulunerability mentioned. The solution provided was to was to upgrade to Apache version 2.2.22. Can i check what is the trigger for this issue that allow Qualys to flag it out? Is it due to the fact that the version has not been patched.