Hello. Our team was also seeing a similar HSTS vuln detection from our Tenable scanning platform with Veeam, however on port 9419 (Veeam REST Api service). Can anyone please confirm if this is a valid vulnerability detection or instance of Tenable FP (like port 6172)?
Tenable Scan Outputs:
HSTS Missing From HTTPS Server (RFC 6797)
The remote web server is not enforcing HSTS, as defined by RFC 6797.
"
HTTP/1.1 404 Not Found
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 03 Oct 2024 00:46:22 GMT
Connection: close
The remote HTTPS server does not send the HTTP
""Strict-Transport-Security"" header.
"
Configure the remote web server to use HSTS.
Tenable Scan Outputs:
HSTS Missing From HTTPS Server (RFC 6797)
The remote web server is not enforcing HSTS, as defined by RFC 6797.
"
HTTP/1.1 404 Not Found
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 03 Oct 2024 00:46:22 GMT
Connection: close
The remote HTTPS server does not send the HTTP
""Strict-Transport-Security"" header.
"
Configure the remote web server to use HSTS.
Statistics: Posted by mriv21B — Oct 03, 2024 2:28 pm