My Oracle Support Banner

Security Scans Show Issue With Agent Ports although the OMS is configured to use HTTP Strict Transport Security (HSTS) (Doc ID 2721749.1)

Last updated on MAY 03, 2021

Applies to:

Enterprise Manager Base Platform - Version 13.2.0.0.0 and later
Information in this document applies to any platform.
The EM Agent cannot be configured to enforce HTTP Strict Transport Security (HSTS)

Goal

Security scan show issue with OMS ports and Agent Ports.


 HSTS Missing From HTTPS Server    The remote HTTPS server does not send the HTTP     ""Strict-Transport-Security"" header.


The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.