Cookie path is set broadly. Broad path (for example, /) is insecure, because in this case the vulnerability in one application may endanger other applications in the same domain.

Sensitive Data Exposure vulnerabilities take the third place in the “OWASP Top 10 2017” web-application vulnerabilities ranking.

References

OWASP Top 10 2013-A5-Security Misconfiguration
OWASP Top 10 2017-A2-Broken Authentication
Origin Cookies: Session Integrity for Web Applications (pdf)
CWE CATEGORY: OWASP Top Ten 2017 Category A2 - Broken Authentication

MEDIUM

Java : Cookie: broad path

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Java : Cookie: broad path in your application?

See also

Java : Race condition

Java : Text4Shell Vulnerability

Java : JNI usage