Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
Summary:
Check Apache httpd web server is vulnerable to Cookie Disclosure
Description:
Description:
Overview: This host is running Apache HTTP Server and is prone to cookie information disclosure vulnerability.
Vulnerability Insight: The flaw is due to an error within the default error response for status code 400 when no custom ErrorDocument is configured, which can be exploited to expose 'httpOnly' cookies.
Impact: Successful exploitation will allow attackers to obtain sensitive information that may aid in further attacks.
Impact Level: Application
Affected Software/OS: Apache HTTP Server versions 2.2.0 through 2.2.21
Fix: Upgrade to Apache HTTP Server version 2.2.22 or later, For updates refer to http://httpd.apache.org/