is it application related? server is hosting SAP EHP 6.0 application. please suggest by seeing below details:
"Plugin Output:
HTTP/1.1 404 Not found
Content-Type: text/html; charset=utf-8
Content-Length: 1819
sap-server: true
server: SAP NetWeaver Application Server / ABAP 731
date: Sat, 28 Dec 2024 06:10:27 GMT
connection: close
The remote HTTPS server does not send the HTTP
""""Strict-Transport-Security"""" header."
Description:
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Steps to Remediate : Configure the remote web server to use HSTS.
------------------------------
SIRISHA BEZAWADA
------------------------------
Original Message:
Sent: Tue January 14, 2025 05:04 AM
From: José Pina Coelho
Subject: HSTS Missing From HTTPS Server (RFC 6797)
This is not an AIX issue, that's an HTTP server issue.
------------------------------
José Pina Coelho
IT Specialist at Kyndryl
Original Message:
Sent: Mon January 13, 2025 05:25 AM
From: SIRISHA BEZAWADA
Subject: HSTS Missing From HTTPS Server (RFC 6797)
HSTS Missing From HTTPS Server (RFC 6797)
This vulnerability is reported on AIX servers, could you please check and share the solution for it
------------------------------
SIRISHA BEZAWADA
------------------------------