Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3720
Views
5
Helpful
5
Replies

Cisco ASA 5505 "HttpOnly" flag issue

KEN COUSINO JR.
Level 1
Level 1

‎12-06-2013 11:32 AM

We recently ran a Vulnerability scan for PCI compliance against our Cisco ASA 5505.  One of the issues was the HttpOnly flag.  I searched the Support Community and didn't find a solution.

Can someone please help me????

Thanks,

Ken

2 people had this problem
Labels:
0 Helpful
5 Replies 5

mvsheik123
Level 7
Level 7

‎12-06-2013 11:38 AM

Hi,

That scan done purely for ASA or the servers (and provided service) IPs behind ASA as well? Check if the below discussin helps..

http://stackoverflow.com/questions/13040309/cookie-without-secure-flag-and-httponly-flag-set

Thx

MS

0 Helpful

KEN COUSINO JR.
Level 1
Level 1
In response to mvsheik123

‎12-06-2013 01:40 PM

It was done against an ASA but it was a general vulnerability scan.

0 Helpful

mvsheik123
Level 7
Level 7
In response to KEN COUSINO JR.

‎12-06-2013 02:13 PM

I guess if there is a server in DMZ or inside with Static NAT translation and  provding web services etc, the scan might have picked it up.

Thx

MS

0 Helpful

KEN COUSINO JR.
Level 1
Level 1
In response to KEN COUSINO JR.

‎12-06-2013 02:27 PM

We have a port open for Anyconnect access.  That is where the scan is getting the HttpOnly flag.

KEN COUSINO JR.
Level 1
Level 1
In response to KEN COUSINO JR.

‎12-06-2013 03:20 PM

Is there a way to resolve this without closing our port for AnyConnect?  Normally AnyConnect uses port 443 but we needed it for webemail access.  So we had to use a different port and that is the one that is coming up in the scan.

0 Helpful
Customers Also Viewed These Support Documents