Apache HTTP Server httpOnly Cookie Information Disclosure
Medium Nessus Plugin ID 57792
The web server running on the remote host is affected by an information disclosure vulnerability.
The version of Apache HTTP Server running on the remote host is affected by an information disclosure vulnerability. Sending a request with HTTP headers long enough to exceed the server limit causes the web server to respond with an HTTP 400. By default, the offending HTTP header and value are displayed on the 400 error page. When used in conjunction with other attacks (e.g., cross-site scripting), this could result in the compromise of httpOnly cookies.
Upgrade to Apache version 2.0.65 / 2.2.22 or later.