<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: &amp;quot;HSTS Missing From HTTPS Server&amp;quot; TCP/IP issue in vCenter™ Server Discussions</title>
    <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2811372#M90978</link>
    <description>&lt;P&gt;Did you ever figure out how to resolve this? I am having the same issue with it showing up on my Nessus scans.&lt;/P&gt;</description>
    <pubDate>Fri, 20 Nov 2020 15:46:42 GMT</pubDate>
    <dc:creator>tglear</dc:creator>
    <dc:date>2020-11-20T15:46:42Z</dc:date>
    <item>
      <title>"HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2307937#M75787</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hello,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;My Nessus scanner returned me 3 new vulnerabilities for my vCenter 6.7 (Windows version) =&amp;gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P style="text-align: center;"&gt;&lt;STRONG&gt;9443/tcp&lt;/STRONG&gt; - &lt;STRONG&gt;HSTS Missing From HTTPS Server &lt;/STRONG&gt;&lt;/P&gt;&lt;P style="text-align: center;"&gt;Description&lt;STRONG&gt;: &lt;/STRONG&gt;The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.&lt;/P&gt;&lt;P style="text-align: center;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;STRONG&gt;7444/tcp&lt;/STRONG&gt; - &lt;STRONG style="-webkit-text-stroke-width: 0px; color: #3d3d3d; white-space: normal; letter-spacing: normal; text-decoration: none; display: inline !important; font-size: 14px; font-style: normal; float: none; background-color: #ffffff; text-transform: none; word-spacing: 0px; font-variant: normal; text-indent: 0px; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; orphans: 2; text-align: left;"&gt;HSTS Missing From HTTPS Server&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P style="text-align: center;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;Description&lt;/SPAN&gt;&lt;STRONG style="color: #3d3d3d; font-family: &amp;amp;font-size:14px; font-style: normal; font-weight: bold; text-align: left; text-indent: 0px;"&gt;: &lt;/STRONG&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.&lt;/SPAN&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P style="text-align: center;"&gt;&lt;STRONG&gt;5443/tcp&lt;/STRONG&gt; - &lt;STRONG style="-webkit-text-stroke-width: 0px; color: #3d3d3d; white-space: normal; letter-spacing: normal; text-decoration: none; display: inline !important; font-size: 14px; font-style: normal; float: none; background-color: #ffffff; text-transform: none; word-spacing: 0px; font-variant: normal; text-indent: 0px; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; orphans: 2; text-align: left;"&gt;&lt;SPAN style="text-align: left; color: #3d3d3d; text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; text-decoration: none; word-spacing: 0px; display: inline !important; white-space: normal; orphans: 2; float: none; -webkit-text-stroke-width: 0px; background-color: #ffffff;"&gt;HSTS Missing From HTTPS Server&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P style="text-align: center; color: #3d3d3d; text-indent: 0px; font-style: normal; font-weight: 400;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;Description&lt;/SPAN&gt;&lt;STRONG style="color: #3d3d3d; font-family: &amp;amp;font-size:14px; font-style: normal; font-weight: bold; text-align: left; text-indent: 0px;"&gt;: &lt;/STRONG&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I'm looking for a way to fix that.&lt;/P&gt;&lt;P&gt;i didn't find any information into the Vmware KB.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;Port 9443 =&amp;gt;&amp;nbsp; vSphere Web client HTTPS&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;Port 7444 &lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;=&amp;gt;&lt;/SPAN&gt; vCenter Single-Signe On&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;Port &lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;5443 &lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;=&amp;gt; &lt;SPAN&gt;vCenter Server graphical user interface internal&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN&gt;I already tried to modify the Web.xml (&lt;SPAN&gt;C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\server\configuration\conf) where i have found a section related to enable HSTS but after these changes my vCenter Web client (Flash) didn't start at all.&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN&gt;&lt;SPAN&gt;I have added in the "Filter definitions" section =&amp;gt; &lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;EM style="-webkit-text-stroke-width: 0px; color: #3d3d3d; white-space: normal; font-weight: 400; letter-spacing: normal; text-decoration: none; display: inline !important; font-size: 14px; float: none; background-color: #ffffff; text-transform: none; word-spacing: 0px; font-variant: normal; text-indent: 0px; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; orphans: 2; text-align: left;"&gt;&lt;SPAN style="text-align: left; color: #3d3d3d; text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-variant: normal; font-weight: 400; text-decoration: none; word-spacing: 0px; display: inline !important; white-space: normal; orphans: 2; float: none; -webkit-text-stroke-width: 0px; background-color: #ffffff;"&gt;&lt;SPAN style="text-align: left; color: #3d3d3d; text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-variant: normal; font-weight: 400; text-decoration: none; word-spacing: 0px; display: inline !important; white-space: normal; orphans: 2; float: none; -webkit-text-stroke-width: 0px; background-color: #ffffff;"&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;filter&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;filter-name&amp;gt;httpHeaderSecurity&amp;lt;/filter-name&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;filter-class&amp;gt;org.apache.catalina.filters.HttpHeaderSecurityFilter&amp;lt;/filter-class&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;async-supported&amp;gt;true&amp;lt;/async-supported&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-name&amp;gt;hstsEnabled&amp;lt;/param-name&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-value&amp;gt;true&amp;lt;/param-value&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;/init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-name&amp;gt;hstsMaxAgeSeconds&amp;lt;/param-name&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-value&amp;gt;30758400&amp;lt;/param-value&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;/init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-name&amp;gt;hstsIncludeSubDomains&amp;lt;/param-name&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-value&amp;gt;true&amp;lt;/param-value&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;/init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-name&amp;gt;antiClickJackingEnabled&amp;lt;/param-name&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-value&amp;gt;false&amp;lt;/param-value&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;/init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-name&amp;gt;blockContentTypeSniffingEnabled&amp;lt;/param-name&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;param-value&amp;gt;false&amp;lt;/param-value&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;/init-param&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;/filter&amp;gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN&gt;&lt;SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #3d3d3d; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"&gt;&lt;SPAN&gt;&lt;SPAN&gt;&lt;SPAN&gt;And in the "&lt;SPAN&gt;Filter Mappings" section =&amp;gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;EM style="-webkit-text-stroke-width: 0px; color: #3d3d3d; white-space: normal; font-weight: 400; letter-spacing: normal; text-decoration: none; display: inline !important; font-size: 14px; float: none; background-color: #ffffff; text-transform: none; word-spacing: 0px; font-variant: normal; text-indent: 0px; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; orphans: 2; text-align: left;"&gt;&lt;SPAN style="text-align: left; color: #3d3d3d; text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-variant: normal; font-weight: 400; text-decoration: none; word-spacing: 0px; display: inline !important; white-space: normal; orphans: 2; float: none; -webkit-text-stroke-width: 0px; background-color: #ffffff;"&gt;&lt;SPAN style="text-align: left; color: #3d3d3d; text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-variant: normal; font-weight: 400; text-decoration: none; word-spacing: 0px; display: inline !important; white-space: normal; orphans: 2; float: none; -webkit-text-stroke-width: 0px; background-color: #ffffff;"&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;filter-mapping&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;filter-name&amp;gt;httpHeaderSecurity&amp;lt;/filter-name&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;url-pattern&amp;gt;/*&amp;lt;/url-pattern&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;url-pattern&amp;gt;*&amp;lt;/url-pattern&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;dispatcher&amp;gt;REQUEST&amp;lt;/dispatcher&amp;gt;&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;/filter-mapping&amp;gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="text-align: left; color: #3d3d3d; text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-variant: normal; font-weight: 400; text-decoration: none; word-spacing: 0px; display: inline !important; white-space: normal; orphans: 2; float: none; -webkit-text-stroke-width: 0px; background-color: #ffffff;"&gt;&lt;SPAN style="text-align: left; color: #3d3d3d; text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-variant: normal; font-weight: 400; text-decoration: none; word-spacing: 0px; display: inline !important; white-space: normal; orphans: 2; float: none; -webkit-text-stroke-width: 0px; background-color: #ffffff;"&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;In my company, all TCP issues have to be fixed or justified if not possible ... not always easy.&lt;SPAN style="text-align: left; color: #3d3d3d; text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-variant: normal; font-weight: 400; text-decoration: none; word-spacing: 0px; display: inline !important; white-space: normal; orphans: 2; float: none; -webkit-text-stroke-width: 0px; background-color: #ffffff;"&gt;&lt;SPAN style="text-align: left; color: #3d3d3d; text-transform: none; text-indent: 0px; letter-spacing: normal; font-family: 'Helvetica Neue',Helvetica,Arial,'Lucida Grande',sans-serif; font-size: 14px; font-variant: normal; font-weight: 400; text-decoration: none; word-spacing: 0px; display: inline !important; white-space: normal; orphans: 2; float: none; -webkit-text-stroke-width: 0px; background-color: #ffffff;"&gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Do you have an idea ???&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 18 Sep 2020 13:27:33 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2307937#M75787</guid>
      <dc:creator>PGU94</dc:creator>
      <dc:date>2020-09-18T13:27:33Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2811372#M90978</link>
      <description>&lt;P&gt;Did you ever figure out how to resolve this? I am having the same issue with it showing up on my Nessus scans.&lt;/P&gt;</description>
      <pubDate>Fri, 20 Nov 2020 15:46:42 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2811372#M90978</guid>
      <dc:creator>tglear</dc:creator>
      <dc:date>2020-11-20T15:46:42Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2813809#M91062</link>
      <description>&lt;P&gt;also having this issue.&lt;/P&gt;</description>
      <pubDate>Tue, 01 Dec 2020 15:15:27 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2813809#M91062</guid>
      <dc:creator>jasondrake1978</dc:creator>
      <dc:date>2020-12-01T15:15:27Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2814584#M91093</link>
      <description>&lt;P&gt;I am also having this issue and unable to find any documentation or information.&lt;/P&gt;</description>
      <pubDate>Thu, 03 Dec 2020 17:48:55 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2814584#M91093</guid>
      <dc:creator>jpearson_ngds</dc:creator>
      <dc:date>2020-12-03T17:48:55Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2822249#M91441</link>
      <description>&lt;P&gt;same issue here&lt;/P&gt;</description>
      <pubDate>Tue, 12 Jan 2021 13:08:10 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2822249#M91441</guid>
      <dc:creator>divadiow</dc:creator>
      <dc:date>2021-01-12T13:08:10Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2822251#M91442</link>
      <description>&lt;P&gt;I opened a support case and here was the response I received.&lt;BR /&gt;&lt;SPAN&gt;Regarding the vCenter HSTS errors&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;For VAMI interface, currently we have workaround for this errors, see below our internal KB:&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;=================================================================================================&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;Adding Strict Transport Security (HSTS) Headers to the vCenter Server Appliance Management Interface (VAMI)&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;Symptoms&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;Customers may receive reports from a security scan that the vCenter Server Appliance Management Interface lacks the Strict Transport Security (HSTS) headers.&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;Cause&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;The lighttp daemon does not include these headers by default.&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;Resolution&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;You can modify the&amp;nbsp;/etc/applmgmt/appliance/lighttpd.conf&amp;nbsp;file to include this header.&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;Replace the lines:&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;setenv.add-response-header = ( "X-UA-Compatible" =&amp;gt; "IE=edge",&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;"X-Frame-Options" =&amp;gt; "Deny" )&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;With the following:&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;setenv.add-response-header = ( "X-UA-Compatible" =&amp;gt; "IE=edge",&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;"X-Frame-Options" =&amp;gt; "Deny",&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp;"Strict-Transport-Security" =&amp;gt; "max-age=31536000; includeSubdomains" )&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;Restart the lighttp daemon:&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;systemctl restart vami-lighttp&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;============================================================================&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;For the Web Client, HSTS added fix&amp;nbsp;is currently &amp;nbsp;available only for VCSA 7.0 and not for VCSA 6.7.&amp;nbsp;&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;We still have few bug reports open for VCSA 6.7 and currently we are still waiting on our engeenering&amp;nbsp;team to come back with patch.&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 12 Jan 2021 13:16:53 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2822251#M91442</guid>
      <dc:creator>jpearson_ngds</dc:creator>
      <dc:date>2021-01-12T13:16:53Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2822252#M91443</link>
      <description>&lt;P&gt;oh awesome, thanks&lt;/P&gt;</description>
      <pubDate>Tue, 12 Jan 2021 13:18:56 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2822252#M91443</guid>
      <dc:creator>divadiow</dc:creator>
      <dc:date>2021-01-12T13:18:56Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2823226#M91488</link>
      <description>&lt;P&gt;So far it looks like there's only a fix/workaround for VAMI/5080, but not 443 or 9443?&lt;/P&gt;</description>
      <pubDate>Fri, 15 Jan 2021 18:51:09 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2823226#M91488</guid>
      <dc:creator>dstlex</dc:creator>
      <dc:date>2021-01-15T18:51:09Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2824923#M91555</link>
      <description>&lt;P&gt;Port 9443 : Is redirected with the strict-transport-security header. Scanner should be adjusted accordingly. Proven by curl command: curl -L -kv https://$HOSTNAME:9443 | grep Strict-Transport-Security&lt;/P&gt;&lt;P&gt;Port 7444 : This port was originally used in vCenter 5.5 by the STS but it is not used in 6.5 onwards.&lt;BR /&gt;Customers running 6.5/6.7/7.0 appliances in their environment can disable this port to increase security.&lt;/P&gt;&lt;P&gt;Note:- Port 7444 will no longer be exposed in a future version of 7.x.&lt;BR /&gt;&lt;BR /&gt;Workaround: Disable the firewall configuration exposing port 7444.&lt;BR /&gt;1. Remove the firewall configuration file&lt;BR /&gt;rm -f /etc/vmware/appliance/firewall/vmware-sso&lt;BR /&gt;2. Reboot the system or reload the firewall rules&lt;BR /&gt;/usr/lib/applmgmt/networking/bin/firewall-reload&lt;/P&gt;&lt;P&gt;To restore the original configuration that exposes port 7444:&lt;BR /&gt;1. Restore the symbolic link to the configuration file&lt;BR /&gt;/bin/ln -s -f /usr/lib/vmware-sso/firewall/sso-firewall.json /etc/vmware/appliance/firewall/vmware-sso&lt;BR /&gt;2. Reboot the system or reload the firewall rules&lt;BR /&gt;/usr/lib/applmgmt/networking/bin/firewall-reload&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Port 5443 : This&amp;nbsp; has not been report to VMware security team. Please file a SR with VMware Support and provide the scanner report&lt;/P&gt;</description>
      <pubDate>Sat, 23 Jan 2021 08:07:11 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2824923#M91555</guid>
      <dc:creator>Ajay1988</dc:creator>
      <dc:date>2021-01-23T08:07:11Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2827630#M91662</link>
      <description>&lt;P&gt;I ran that curl command on 9443 and got the header&lt;BR /&gt;&amp;lt; HTTP/1.1 200&lt;BR /&gt;&amp;lt; Strict-Transport-Security: max-age=31536000 ; includeSubDomains&lt;/P&gt;&lt;P&gt;However the scanner still shows the vulnerability on 9443&lt;/P&gt;&lt;P&gt;Did you&amp;nbsp; mean that the scanner must be adjusted instead of adding this to /etc/httpd/httpd.conf ?&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&amp;lt;VirtualHost &lt;A href="https://communities.vmware.com/" target="_blank"&gt;www.example.com:80&amp;gt; &lt;/A&gt;&lt;/P&gt;&lt;P&gt;Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"&lt;/P&gt;&lt;P&gt;&amp;lt;/VirtualHost&amp;gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks in advance&lt;/P&gt;</description>
      <pubDate>Thu, 04 Feb 2021 15:30:01 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2827630#M91662</guid>
      <dc:creator>panizzag</dc:creator>
      <dc:date>2021-02-04T15:30:01Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2828010#M91671</link>
      <description>&lt;P&gt;Yes. 9443 is not vulnerable and should be&amp;nbsp; adjusted in scanner&lt;/P&gt;</description>
      <pubDate>Sat, 06 Feb 2021 01:06:50 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2828010#M91671</guid>
      <dc:creator>Ajay1988</dc:creator>
      <dc:date>2021-02-06T01:06:50Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2833667#M91805</link>
      <description>&lt;P&gt;Is there any update on the v6.7 remediation for the HSTS issue?&lt;/P&gt;</description>
      <pubDate>Wed, 03 Mar 2021 19:55:14 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2833667#M91805</guid>
      <dc:creator>fjluce2</dc:creator>
      <dc:date>2021-03-03T19:55:14Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837200#M91852</link>
      <description>&lt;P&gt;Please upgrade to 6.7 U3m -and run the scanner again .&lt;/P&gt;&lt;P&gt;&lt;A href="https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3m-release-notes.html" target="_blank"&gt;https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3m-release-notes.html&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Mon, 22 Mar 2021 07:54:01 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837200#M91852</guid>
      <dc:creator>Ajay1988</dc:creator>
      <dc:date>2021-03-22T07:54:01Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837858#M91862</link>
      <description>&lt;P&gt;We&amp;nbsp;&lt;SPAN&gt;upgraded to 6.7 U3m and re-ran the scanner but did not resolve this finding. Per the Release notes for U3m, looks like this hasn't been resolved yet and also mentions there is no work around.&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 24 Mar 2021 13:18:58 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837858#M91862</guid>
      <dc:creator>jriver07</dc:creator>
      <dc:date>2021-03-24T13:18:58Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837874#M91863</link>
      <description>&lt;P&gt;No fix will be out for port 5480&amp;nbsp; . Other ports reported here are fixed in 6.7 U3m.&amp;nbsp; &amp;nbsp;You need to upgrade to 7.0 U2.&lt;/P&gt;&lt;P&gt;Please specify what ports the scanner picks&lt;/P&gt;</description>
      <pubDate>Wed, 24 Mar 2021 13:45:15 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837874#M91863</guid>
      <dc:creator>Ajay1988</dc:creator>
      <dc:date>2021-03-24T13:45:15Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837897#M91865</link>
      <description>&lt;P&gt;Our scanner is picking this "HSTS Missing From HTTPS Server" on Port 9443 and 5580.&lt;/P&gt;</description>
      <pubDate>Wed, 24 Mar 2021 15:14:00 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837897#M91865</guid>
      <dc:creator>jriver07</dc:creator>
      <dc:date>2021-03-24T15:14:00Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837905#M91866</link>
      <description>&lt;P&gt;&lt;SPAN&gt;Port 9443 : Is redirected with the strict-transport-security header. &lt;STRONG&gt;Scanner should be adjusted accordingly.&lt;/STRONG&gt; Proven by curl command: curl -L -kv https://$HOSTNAME:9443 | grep Strict-Transport-Security&lt;BR /&gt;&lt;BR /&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;For 5580; no workaround as of now. Please wait.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 24 Mar 2021 15:28:02 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2837905#M91866</guid>
      <dc:creator>Ajay1988</dc:creator>
      <dc:date>2021-03-24T15:28:02Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2847229#M92024</link>
      <description>&lt;P&gt;Can you better explain this?&amp;nbsp; Our scanner is finding 9443 with this issue, our you saying we should modify the scanner to accept this because it is redirected?&amp;nbsp; Is there a link from VMWare we can provide our auditors to explain this?&lt;/P&gt;</description>
      <pubDate>Fri, 14 May 2021 15:51:53 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2847229#M92024</guid>
      <dc:creator>rmorrissey64</dc:creator>
      <dc:date>2021-05-14T15:51:53Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2847253#M92025</link>
      <description>&lt;P&gt;Never mind, I understand now.&lt;/P&gt;&lt;P&gt;On vCenter port 9443 was used by the now deprecated vCenter client.&lt;/P&gt;&lt;P&gt;Since the client is deprecated VMware is not fixing the issue, but upgrading to vCenter 7.0 resolves the issue since it does not support the old client and is not using port 9443.&lt;/P&gt;</description>
      <pubDate>Fri, 14 May 2021 17:52:13 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2847253#M92025</guid>
      <dc:creator>rmorrissey64</dc:creator>
      <dc:date>2021-05-14T17:52:13Z</dc:date>
    </item>
    <item>
      <title>Re: "HSTS Missing From HTTPS Server" TCP/IP issue</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2860976#M92253</link>
      <description>&lt;P&gt;Even though vcenter port 9443 is used by deprecated vCenter client, the vulnerability is still there and need to be fixed.&lt;/P&gt;&lt;P&gt;There must be somewhere to add the HSTS header for web page using port 9443 as well as port 5580, we don't know where is it though.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Not everyone is willing to upgrade to vCenter 7.0 just for this.&lt;/P&gt;</description>
      <pubDate>Fri, 06 Aug 2021 06:58:40 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/quot-HSTS-Missing-From-HTTPS-Server-quot-TCP-IP-issue/m-p/2860976#M92253</guid>
      <dc:creator>paul007_ts</dc:creator>
      <dc:date>2021-08-06T06:58:40Z</dc:date>
    </item>
  </channel>
</rss>

