戻る
-
タイトル
HTTP Strict Transport Security (HSTS) Vulnerability. -
説明
The application is not configured to support HTTP Strict Transport Security (HSTS). This means that the browser is not protected against degradation from HTTPS to HTTP by the application, which could lead to Man-in-the-Middle (MitM) type attacks. -
原因
Man-in-the-Middle (MitM) attacks occur when an attacker is able to intercept traffic between the user's browser and the server. Man-in-the-Middle (MitM) can be achieved by delivering a false TLS certificate controlled by the attacker or by degrading HTTPS to HTTP. HTTP Strict Transport Security (HSTS) prohibits both types of Man-in-the-Middle (MitM) attacks, once the header is received and a policy is stored within the browser. -
対策
A change request PAM-9758 has been submitted to the product team to investigate and remedy this vulnerability. -
変更要求
PAM-9758