AppSync: Fjern-HTTPS-serveren sender ikke HSTS-headeren (HTTP Strict-Transport-Security). Sikkerhedsrisiko
Summary: Falske advarsler rapporteret af Tenable Nessus for port 8444 på AppSync-serveren.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Tenable Nessus rapporterer fejlagtigt følgende meddelelse for port 8444, for hvilken der ikke findes nogen CVE:
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Cause
Software, der ikke er fra Dell, rapporterer en falsk sikkerhedsalarm.
Resolution
AppSync Engineering bekræftede, at dette er en falsk alarm, og forsikrer kunderne om, at AppSync-udgivne API'er på port 8444 eller 8445 er beskyttet med HSTS aktiveret.
Additional Information
HTTP Strict Transport Security (HSTS) er en enkel, bredt understøttet standard til at beskytte besøgende ved at sikre, at deres browsere altid opretter forbindelse til et websted via HTTPS.
Her er den URL-adresse, som AppSync omdirigerer til, og den bruger automatisk HTTPS.
Her er den URL-adresse, som AppSync omdirigerer til, og den bruger automatisk HTTPS.
Copyof URL address https: //AppSync01:8444/auth/realms/appsync/protocol/openid-connect/auth?client_id=appsync_ ...
Affected Products
AppSyncArticle Properties
Article Number: 000217002
Article Type: Solution
Last Modified: 18 Sep 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.