Issues with security scan of nessus
I have tenable nesuss scan on infra and from xormon appliance I am getting info like
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Does anybody was able to fix this?
Comments
-
Are you referring to Xormon Original or Xormon NG?
-
is that about Xormon Original (lpar2rrd/stor2rrd app front-end) or Xormon Next Generation (NG)?
-
Its for the xormon original deployed as OVA Appliance.
-
What Xormon Original version do you run?
Do you know which request it is? I see strict-transport-security header on responses.
Howdy, Stranger!
Categories
- 1.6K All Categories
- 92 XORMON
- 26 XORMON Original
- 165 LPAR2RRD
- 14 VMware
- 19 IBM i
- 2 oVirt / RHV
- 4 MS Windows and Hyper-V
- Solaris / OracleVM
- XenServer / Citrix
- Nutanix
- 8 Database
- 2 Cloud
- 10 Kubernetes / OpenShift / Docker
- 136 STOR2RRD
- 20 SAN
- 7 LAN
- 19 IBM
- 5 EMC
- 12 Hitachi
- 5 NetApp
- 17 HPE
- Lenovo
- 1 Huawei
- 3 Dell
- Fujitsu
- 2 DataCore
- INFINIDAT
- 4 Pure Storage
- Oracle