Security Scans Show Issue With Agent Ports although the OMS is configured to use HTTP Strict Transport Security (HSTS) (Doc ID 2721749.1)

Last updated on NOVEMBER 11, 2022

Applies to:

Enterprise Manager Base Platform - Version 13.2.0.0.0 and later
Information in this document applies to any platform.
The EM Agent cannot be configured to enforce HTTP Strict Transport Security (HSTS)

Goal

Security scan show issue with OMS ports and Agent Ports.

HSTS Missing From HTTPS Server The remote HTTPS server does not send the HTTP ""Strict-Transport-Security"" header.

The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Security Scans Show Issue With Agent Ports although the OMS is configured to use HTTP Strict Transport Security (HSTS) (Doc ID 2721749.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!