cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2145
Views
5
Helpful
9
Replies

CSCvt31126 - ENH allow http-only-cookie for web connection

anybody else have this issue or know the patch from Cisco? i have not see anything from Cisco for this bug.

 

thanks

9 Replies 9

ttran32
Level 1
Level 1

Internal vulnerability scanner picked up this vulnerability and have been looking for a resolution as well. 

Aomar bahloul
Spotlight
Spotlight

This issue has been carried over from the ASAs, Cisco Bug: CSCvt31126 - ENH: allow http-only-cookie for web connection

On the ASA they had a fix for it but apparently no workaround for the FTDs. Also, the severity was lowered from 2 Severe to 6 Enhancement go figure! I opened a TAC case for it even thought I doubt they will have a fix. 

Hey Aomar, Did you receive any response from Cisco? I am having a similar problem like this case.

Yes, with the FTDs you need to use FlexConfig, first you need to create a Flex Object than attach it to the device FlexConfig Policy here is how the object looks like: 

FlexObjectJPG.JPG

 

Aomar, I tried with the flex config policy, one of the situations that occurred to me is that when applying it once we performed another deploy the policy disappeared, for this problem is that in the Deployment field we must add Everytime, but apart from this we realized that by enabling the policy we would lose the anyconnect download Portal over the internet, so we decided it was better not to apply it after all. But anyway, thank you very much Aomar.

cball111
Level 1
Level 1

I have tried creating this flexconfig item, but each time I deploy, I get the following error:

error :
@httpOnly
^
ERROR: % Invalid input detected at '^' marker.
Config Error -- @httpOnly

Any idea what I am doing wrong?

cball111_0-1717777386005.png

 



Hey @cball111 

I don´t know exactly the reason of the error, but try adding the "conf t" coommand at the beginning, example:

configure terminal

        webvpn

 

             httpOnly

 

Or instead try with this:

webvpn

    http-only-cookie

 

 

Configure Terminal also produced an error. However, the second option works!

Salman Mahajan
Cisco Employee
Cisco Employee

We will be providing a UI option to enable the 'HTTP Only Flag' in FMC 7.7, which is the targeted release for next year.