Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Missing HttpOnly Flag From Cookie Vulnerability Scan

Hello,

Our vulnerability scans detected this vulnerability Missing HttpOnly Flag From Cookie (http-cookie-http-only-flag) and the resolution provided was to update web.cfg as shown below. I did do that and received an error when launching the Orion Website. Anyone has faced this before and how this vulnerability has ben addressed>

Thanks

Find more posts tagged with

Accepted answers

All comments

sum_giais

After you made that change, did you restart IIS and/or perform an iisreset from command line? If that doesn’t work perhaps a server reboot... just guessing on that though, I’d start with an iisreset.

arnabmk

Hi,

It seems there was an issue with the double quotes which I was using. Also needs to be before the last /system.web tag.

<system.web>
<httpRuntime maxRequestLength="16096" executionTimeout="600" />
<httpCookies httpOnlyCookies="true" requireSSL="true" />
</system.web>

Did a IISReset. Waiting on security team to run scans again.

Thanks,

Arnab

sum_giais

Ah yes that can happen when you copy/paste from the web or other sources. Always something to be cautious of.

arnabmk

Unfortunately still shows up in the security scans. Not sure what else can be done?