HSTS Missing From HTTPS Server (RFC 6797) on pcsd port 2224

Solution Verified - Updated -

Issue

  • The vulnerability HSTS missing from HTTPS server (RFC 6797) is detected on pcsd port 2224:
Name: HSTS Missing From HTTPS Server (RFC 6797)
Summary: The remote web server is not enforcing HSTS, as defined by RFC 6797.
Port: 2224
...
Plugin Output:
  HTTP/1.1 404 Not Found
  Server: TornadoServer/6.1
  Content-Type: text/html;charset=UTF-8
  Date: *****
  Content-Length: 69
  Connection: close

  The remote HTTPS server does not send the HTTP
  "Strict-Transport-Security" header.
  • This vulnerability still exists even PCSD GUI is disabled.

Environment

  • Red Hat Enterprise Linux 8
  • pcs-0.10.15-4.el8_8.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content