Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
CPE | Name | Operator | Version |
---|---|---|---|
jboss_bpm_suite | eq | 6.3 |