This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The mantis Team reports :
When configuring a web application to use only ssl (e. g. by
forwarding all http-requests to https), a user would expect that
sniffing and hijacking the session is impossible. Though, for this to
be secure, one needs to set the session cookie to have the secure
flag. Else the cookie will be transferred through http if the victim's
browser does a single http-request on the same domain.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 5.0