Vulnerability "HSTS Missing From HTTPS Server (RFC 6797)" reported on FrontEnd Server
search cancel

Vulnerability "HSTS Missing From HTTPS Server (RFC 6797)" reported on FrontEnd Server

book

Article ID: 426027

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Vulnerability "HSTS Missing From HTTPS Server (RFC 6797)" reported on MnR/Watch4Net FrontEnd Server 

Environment

MnR - 7.x 

Resolution

HSTS is enabled by default in MnR 7.7 version and above. Any earlier version where this vulnerability is found needs MnR upgrade. 

HSTS setting can be found in <APG_HOME>/Web-Servers/Tomcat/Default/webapps/APG/WEB-INF/web.xml file.

Snippet:

        <init-param>
            <param-name>hstsEnabled</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>hstsMaxAgeSeconds</param-name>
            <param-value>31536000</param-value>
        </init-param>
        <init-param>
            <param-name>hstsIncludeSubDomains</param-name>
            <param-value>true</param-value>
        </init-param>
Powered by Wolken Software