Java: More missing metadata.

Author: aschackmull

java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql

@@ -3,6 +3,8 @@
  * @description Sensitive cookies without the 'HttpOnly' flag set leaves session cookies vulnerable to
  *              an XSS attack.
  * @kind path-problem
+ * @problem.severity warning
+ * @precision medium
  * @id java/sensitive-cookie-not-httponly
  * @tags security
  *       external/cwe/cwe-1004