CVE-2010-4312: Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header
(updated )
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
References
Detect and mitigate CVE-2010-4312 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →