The bug track is:
https://tools.cisco.com/bugsearch/bug/CSCuc23836
To fix for this potential vulnerability Cisco will need to update their ASA VPN software to support the HTTP Only flag (when rendering html with cookie's) . so far Cisco has not put ...
It allows the cookies if successfully stolen via an XSS attack to be possibly viewed. Cisco should support the Http Only flag, but they have not put a fix in for this and don't appear to have any plans to do so.