I have ESXI 6.7 U2 on HP Blade Server.
When I scan my system for Vulnerabilities I get this
I google it but I can not find a solution to remove this Vulnerability.
Can Any one help Please ??
Hi,
are you using an HP customized ESXI 6.7U2 image or VMware original?
Alex_Romeo
Thanks for your response
I am using an HP customized ESXI 6.7U2 image
Is there any way to remove Missing `httpOnly` Cookie Attribute
Hello.
Here is a link that may be useful
https://github.com/opnsense/core/issues/4253
I check that link but it is not solving ant thing
Facing the same issue on ESXi host when running the vulnerability scan. Do we have any solution for this
Hello.
I suggest upgrading to 6.7 Update 3, in update 2 there were several serious problems.
If you can get the update 3 image from the manufacturer it would be good, otherwise you can also use the VMware standard.
https://my.vmware.com/group/vmware/patch#search
Our Infrastructure is running in ESXi 7.0 U1 and facing the same issue.
That is right
I setup a new machine with ESXI 7 U1 for testing and find the same issue.
Right @amsteen60 ...
Did you manage to figure out the solution for this ?
No I did not
Just received confirmation from VMware team,
The issue is expected to be solved in ESXi 6.7 P06, 7.0.U3
I just installed ESXi 6.7 P06 and still get the "Missing `httpOnly` Cookie Attribute" alert when I scan my system
Well sometimes the Vul Tools scan at Great Level, Gives you a Poor view of what to fix there is nothing that you could do. So Go Back to Vul scan vendor check for what exactly it's looking at and log support with VMware to see if they can help on it.
It would look at the area which is not necessary a Security Constraint, but still, it will flag .. Duhh there is no point. I believe the tool is scanning based on a standard template as Unix/Linux. Rather than a Considering ESXi a Unique Customozied OS
Has there ever been a solution to this or any indication of when it will be resolved? Running on a standard vSphere image (7 U2) and also receive this during a vulnerability scan for port 9080 (iofilter) on each ESXi host. I believe it has something to do with the gSOAP version running which needs to be addressed? The set cookie attributes can be seen in your browsers Dev Tools response headers when browsing to the following URL of the ESXi host:
For reference to anyone looking for the resolution for this issue:
This is indeed caused by the version of gSOAP running in older ESXi versions. The issue was officially resolved in gSOAP version 2.8.34. The issue is no longer experienced by upgrading to ESXi 7 U3.