vCenter Server vulnerability scan detecting HSTS Missing From HTTPS Server for port 9080
Article ID: 323223
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
Vulnerability scanners may detect the remote web server is not enforcing HSTS.
Vulnerability scanners may detect the remote web server is not enforcing HSTS.
Environment
VMware vCenter Server 7.0.x
VMware vCenter Server 8.0
VMware vCenter Server 8.0
Cause
Some security scanning tools incorrectly flag the absence of HSTS on port 9080/tcp as a vulnerability, assuming that all TLS ports should be browser-compatible.
For more information, please refer to https://core.vmware.com/vmware-vsphere-8-default-ssltls-cipher-suites#hsts
For more information, please refer to https://core.vmware.com/vmware-vsphere-8-default-ssltls-cipher-suites#hsts
Resolution
Fixed in a future release
Feedback
Yes
No
Powered by
