My Oracle Support Banner

Oracle VM: HSTS Vulnerability On OVM Manager (Doc ID 2758597.1)

Last updated on SEPTEMBER 04, 2023

Applies to:

Oracle VM - Version 3.4.6 and later
Information in this document applies to any platform.


The Oracle VM Manager running the latest version of Oracle VM Manager and the latest kernel shows HSTS Vulnerability.

Vulnerability shown:

Plugin ID142960
DescriptionThe remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
SolutionConfigure the remote web server to use HSTS.
Plugin Output
  The remote HTTPS server does not send the HTTP
  "Strict-Transport-Security" header.
Plugin Published Date2020-11-17


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.