Apache Httpd < 2.0.65: error responses can expose cookies

2012-01-15T00:00:00
ID HTTPD:782328B5028000D5C4FA4C94A1FAAE41
Type httpd
Reporter Norman Hippert
Modified 2013-07-22T00:00:00

Description

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified.