Medium (CVSS: 5.0)
NVT: Missing httpOnly Cookie Attribute (OID: 184.108.40.206.4.1.256220.127.116.11925)
The cookies: Set-Cookie: JSESSIONID=6ib0auzolp564mh73rkjvxil;Path=/ are missing the httpOnly attribute.
Set the 'httpOnly' attribute for any session cookies.
Vulnerability Detection Method
Check all cookies sent by the application for a missing 'httpOnly' attribute
I think this is fixed since 3.10.3