Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 5505 "HttpOnly" flag issue

We recently ran a Vulnerability scan for PCI compliance against our Cisco ASA 5505.  One of the issues was the HttpOnly flag.  I searched the Support Community and didn't find a solution.

Can someone please help me????

Thanks,

Ken

5 REPLIES

Cisco ASA 5505 "HttpOnly" flag issue

Hi,

That scan done purely for ASA or the servers (and provided service) IPs behind ASA as well? Check if the below discussin helps..

http://stackoverflow.com/questions/13040309/cookie-without-secure-flag-and-httponly-flag-set

Thx

MS

New Member

Cisco ASA 5505 "HttpOnly" flag issue

It was done against an ASA but it was a general vulnerability scan.

Cisco ASA 5505 "HttpOnly" flag issue

I guess if there is a server in DMZ or inside with Static NAT translation and  provding web services etc, the scan might have picked it up.

Thx

MS

New Member

Cisco ASA 5505 "HttpOnly" flag issue

We have a port open for Anyconnect access.  That is where the scan is getting the HttpOnly flag.

New Member

Cisco ASA 5505 "HttpOnly" flag issue

Is there a way to resolve this without closing our port for AnyConnect?  Normally AnyConnect uses port 443 but we needed it for webemail access.  So we had to use a different port and that is the one that is coming up in the scan.

377
Views
0
Helpful
5
Replies
CreatePlease login to create content