OCI 7.3.14 vulnerability scan: Nessus Found: 'HSTS Missing From HTTPS Server (RFC 6797)(Plugin ID: 142960)
Applies to
- OnCommand Insight 7.3.14 (OCI)
Issue
- Nessus Vulnerability scanner finds the following:
Nessus Found: 'HSTS Missing From HTTPS Server (RFC 6797)' (Plugin ID: 142960)
NIST 800-53 Control(s): SI-2
Severity Override: MEDIUM to VERY HIGH by FSA mandate (HSTS)
CVSS Score: 6.5 (Medium)
Instance Detail:
The remote HTTPS server does not send the HTTP
""Strict-Transport-Security"" header.