This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote host is affected by an unspecified cross-site scripting
The remote Oracle Application server is affected by an unspecified
cross-site scripting vulnerability. Specifically, installs that do not
set the 'HttpOnly' flag in session cookies are vulnerable.
See also :
See Oracle's Doc ID 1586861.1 for configuration change instructions
that mitigate this vulnerability by setting the 'HttpOnly' flag in
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false