HTTP Strict Transport Security Header
(Doc ID 2831049.1)
Last updated on JUNE 25, 2024
Applies to:
Oracle Financial Services Crime and Compliance Management Studio - Version 8.0.8 to 8.0.8 [Release 8]Information in this document applies to any platform.
Goal
HTTP Strict Transport Security Header to be enabled on Studio 80820 version as part of pen test vulnerability.
Steps to re-produce :
--> Access the Studio 8082 application URL and press F12 Key.
-->Select Network and click on any of Name column and check the Response Header for any of the response Headers - Strict Transport Security Header is missing
However the same is not an issue in higher versions from 8.1.x
--> In Studio 8.1.1. application URL and press F12 Key. Select Network and click on any of Name column and check the Response Header for any of the response Headers - Strict Transport Security Header is enabled and value is"Strict-Transport-Security: max-age=31536000; includeSubDomains"
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |