CVE-2025-49189 – Apache HTTP Server HTTPOnly Session Cookie Vulnerability

CVE ID : CVE-2025-49189

Published : June 12, 2025, 2:15 p.m. | 44 minutes ago

Description : The HttpOnlyflag of the session cookie “@@” is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…