By exploiting other vulnerabilities in the server, the attacker-controlled cookie can be used to access private information.
According to the researchers , Google and Bank of America are affected by this vulnerability.
End-users should update their browsers to ensure that they have full HSTS support, CERT said.
Thus, one server can be used to leverage an attack against the other.
source: www.techworm.net
