12-06-2013 11:32 AM
We recently ran a Vulnerability scan for PCI compliance against our Cisco ASA 5505. One of the issues was the HttpOnly flag. I searched the Support Community and didn't find a solution.
Can someone please help me????
Thanks,
Ken
12-06-2013 11:38 AM
Hi,
That scan done purely for ASA or the servers (and provided service) IPs behind ASA as well? Check if the below discussin helps..
http://stackoverflow.com/questions/13040309/cookie-without-secure-flag-and-httponly-flag-set
Thx
MS
12-06-2013 01:40 PM
It was done against an ASA but it was a general vulnerability scan.
12-06-2013 02:13 PM
I guess if there is a server in DMZ or inside with Static NAT translation and provding web services etc, the scan might have picked it up.
Thx
MS
12-06-2013 02:27 PM
We have a port open for Anyconnect access. That is where the scan is getting the HttpOnly flag.
12-06-2013 03:20 PM
Is there a way to resolve this without closing our port for AnyConnect? Normally AnyConnect uses port 443 but we needed it for webemail access. So we had to use a different port and that is the one that is coming up in the scan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide