AppSync:远程 HTTPS 服务器不发送 HTTP Strict-Transport-Security (HSTS) 标头。脆弱性
Summary: Tenable Nessus 报告 AppSync 服务器上端口 8444 的错误警报。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Tenable Nessus 错误地报告端口 8444 的以下消息,而该端口不存在 CVE:
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Cause
非戴尔软件报告错误的安全警报。
Resolution
AppSync 工程部门确认这是误报,并向客户保证,在启用 HSTS 的情况下,AppSync 在端口 8444 或 8445 上发布的 API 受到保护。
Additional Information
HTTP 严格传输安全 (HSTS) 是一种简单且得到广泛支持的标准,通过确保访问者的浏览器始终通过 HTTPS 连接到网站来保护访问者。
下面是 AppSync 重定向到的 URL,它自动使用 HTTPS。
下面是 AppSync 重定向到的 URL,它自动使用 HTTPS。
Copyof URL address https: //AppSync01:8444/auth/realms/appsync/protocol/openid-connect/auth?client_id=appsync_ ...
Affected Products
AppSyncArticle Properties
Article Number: 000217002
Article Type: Solution
Last Modified: 18 Sept 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.