Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3155
Views
6
Helpful
9
Replies

CSCvt31126 - ENH allow http-only-cookie for web connection

lnguyen@meriwest.com
Level 1
Level 1

‎11-19-2020 12:03 PM - edited ‎11-19-2020 12:03 PM

anybody else have this issue or know the patch from Cisco? i have not see anything from Cisco for this bug.

 

thanks

9 people had this problem
Labels:
0 Helpful
9 Replies 9

ttran32
Level 1
Level 1

‎12-12-2023 07:08 AM

Internal vulnerability scanner picked up this vulnerability and have been looking for a resolution as well. 

0 Helpful

Aomar bahloul
Spotlight
Spotlight

‎01-23-2024 10:20 AM

This issue has been carried over from the ASAs, Cisco Bug: CSCvt31126 - ENH: allow http-only-cookie for web connection

On the ASA they had a fix for it but apparently no workaround for the FTDs. Also, the severity was lowered from 2 Severe to 6 Enhancement go figure! I opened a TAC case for it even thought I doubt they will have a fix. 

Vix-O-Ren
Level 1
Level 1
In response to Aomar bahloul

‎02-19-2024 10:33 AM

Hey Aomar, Did you receive any response from Cisco? I am having a similar problem like this case.

0 Helpful

Aomar bahloul
Spotlight
Spotlight
In response to Vix-O-Ren

‎03-25-2024 12:43 PM

Yes, with the FTDs you need to use FlexConfig, first you need to create a Flex Object than attach it to the device FlexConfig Policy here is how the object looks like: 

FlexObjectJPG.JPG

 

Vix-O-Ren
Level 1
Level 1
In response to Aomar bahloul

‎05-29-2024 06:30 AM - edited ‎05-29-2024 06:31 AM

Aomar, I tried with the flex config policy, one of the situations that occurred to me is that when applying it once we performed another deploy the policy disappeared, for this problem is that in the Deployment field we must add Everytime, but apart from this we realized that by enabling the policy we would lose the anyconnect download Portal over the internet, so we decided it was better not to apply it after all. But anyway, thank you very much Aomar.

0 Helpful

cball111
Level 1
Level 1

‎06-07-2024 09:22 AM - edited ‎06-07-2024 09:23 AM

I have tried creating this flexconfig item, but each time I deploy, I get the following error:

error :
@httpOnly
^
ERROR: % Invalid input detected at '^' marker.
Config Error -- @httpOnly

Any idea what I am doing wrong?

cball111_0-1717777386005.png

 



0 Helpful

Vix-O-Ren
Level 1
Level 1
In response to cball111

‎06-07-2024 10:35 AM

Hey @cball111 

I don´t know exactly the reason of the error, but try adding the "conf t" coommand at the beginning, example:

configure terminal

        webvpn

 

             httpOnly

 

Or instead try with this:

webvpn

    http-only-cookie

 

 

Preview file
15 KB

cball111
Level 1
Level 1
In response to Vix-O-Ren

‎06-07-2024 10:59 AM

Configure Terminal also produced an error. However, the second option works!

Salman Mahajan
Cisco Employee
Cisco Employee

‎10-20-2024 05:54 AM

We will be providing a UI option to enable the 'HTTP Only Flag' in FMC 7.7, which is the targeted release for next year.

Customers Also Viewed These Support Documents