A security scanner (such as Qualys) is flagging port 9201 on a MySQL node within our Tanzu Application Service (TAS/PCF) foundation as vulnerable due to missing HTTP response headers (e.g., Strict-Transport-Security, X-Content-Type-Options). The scan maps this to CWE-693: Protection Mechanism Failure.
The issue raised is concerning HTTP headers for the galera-agent service for MySQL. This internal service reports on the health of a running MySQL instance.
The flagged vulnerability relates to missing HTTP security headers, which are designed for browser-facing applications. Since this is a private, internal service not exposed to browsers, these headers are not relevant or expected. Thus this vulnerability can be treated as a false positive and safely disregarded.