McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
AV:N/AC:L/Au:N/C:P/I:N/A:N
29/10/2014
by Mcafee
6 years ago