/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- There are cookies set by the Netweaver Application server that do not have 'Secure' and/or 'HttpOnly' attributes. This may have been highlighted during a vulnerability scan for example.
- Ensuring that these cookies are set with 'Secure' and 'HttpOnly' attributes is desirable.
Read more...
Environment
SAP Netweaver Application Server
Product
SAP NetWeaver 7.0 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0
Keywords
icf/set_HTTPonly_flag_on_cookies, SystemCookiesDataProtection, SystemCookiesHTTPSProtection, ume.logon.httponlycookie, ume.logon.security.enforce_secure_cookie, login/ticket_only_by_https, com.sap.engine.security.authentication.original, Missing Secure Attribute in Encrypted Session (SSL) Cookie , KBA , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , BC-MID-ICF , Internet Communication Framework , CA-FLP-ABA , SAP Fiori Launchpad ABAP Services , EP-PIN-AI , Application Integration , MOB-UIA-LIB-AUT , Authentication , BC-JAS-SEC-LGN , Logon, SSO , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)