OLVM: Vulnerability Scan Reports Remote Web Server Is Not Enforcing HSTS (Doc ID 3041497.1)

Last updated on AUGUST 14, 2024

Applies to:

Linux OS - Version Oracle Linux 8.10 with Unbreakable Enterprise Kernel [5.15.0] and later
Linux x86-64
Applies only to OLVM 4.5

Goal

The following vulnerability is reported by Tenable for a vulnerability scan on the oVirt Engine:

The remote web server is not enforcing HSTS, as defined by RFC 6797.
HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS.
The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

OLVM: Vulnerability Scan Reports Remote Web Server Is Not Enforcing HSTS (Doc ID 3041497.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!