Forum Discussion

Nimbostratus

Nov 29, 2017

cookie & requestVerificationToken is set without the HttpOnly Cookie parameter

Pen test finding below: How to set cookie & requestVerificationToken with the HttpOnly Cookie parameter on LTM running on 11.6 Risk : When a cross-site scripting vulnerability is present, an at...

application delivery

LTM

Chris_Grant

Employee

Nov 30, 2017

If you're not running ASM, you may need to look to your application, but if you're running ASM, we can help pretty easily: https://support.f5.com/csp/article/K11930

Forum Discussion

cookie & requestVerificationToken is set without the HttpOnly Cookie parameter

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

Brute Force protection for single parameter like OTP

Wildcard Parameter signature attack

HTTP auth - Calling external API with parameters

AWAF Path Parameters with OPENAPI json file

Parameter Value - Regular Expression