vCenter Server vulnerability scan detecting HSTS Missing From HTTPS Server for port 9080
book
Article ID: 323223
calendar_today
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms: Vulnerability scanners may detect the remote web server is not enforcing HSTS.
Environment
VMware vCenter Server 7.0.x VMware vCenter Server 8.0
Cause
Some security scanning tools incorrectly flag the absence of HSTS on port 9080/tcp as a vulnerability, assuming that all TLS ports should be browser-compatible.