No cookie in the response triggers a "HttpOnly cookie in Cookie"

Created by: nrathaus

A request sent to the server, with a Cookie which is responded without a Cookie in the response is triggering this vulnerability

Request:

POST /G-P/ HTTP/1.1
Host: X.X.X.X
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: ASP.NET_SessionId=t;_culture=en-US;__RequestVerificationToken_L=M;_gat=1;_ga=G
Content-Length: 274
Content-Type: application/x-www-form-urlencoded

__RequestVerificationToken=A&TrackingMessage=&IsGoogleCaptchaEnabled=False&RefNo=&Dob=&CaptchaDeText=7&CaptchaInputText=&testReset=Reset

Response (trimmed)

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
X-UA-Compatible: IE=edge
x-content-type-options: no sniff
X-Frame-Options: DENY
X-XSS-Protection: 0
Date: Thu, 26 Nov 2015 13:40:47 GMT
Content-Length: 4849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
        <link rel="shortcut icon" type="image/x-icon" href="../C/s/images/B.png">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />