HSTS vulnerability for OCR server on port 8555

book

Article ID: 171301

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Penetration test shows that HSTS Missing From HTTPS Server (OCR Server )

Cause

OCR server use Tomcat  to handle the REST request sent by Detection server.

Resolution

This vulnerability does not affect the OCR server.

This is a false positive since this HSTS header is required for browser clients communication.  

In this communication OCR system is “Server” and DLP detection server is “Client”.

DLP detection server is not browser-based client. Hence above vulnerability does not affect OCR detection server.