-
- Lurker
- Posts: 1
- Liked: never
- Joined: Apr 18, 2023 6:32 pm
- Contact:
strict HTTPS
Our Nessus vulnerability scanner is detecting the following error on our Veeam servers:
HSTS Missing From HTTPS Server (RFC 6797)
The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.
There is nothing else installed on the two Veeam servers (IIS is not even installed), so Veeam (or a Veeam plugin) must be the culprit.
Looks to be on ports 20443 and 33034.
Tech support (Case # 05945627) was unable to assist and advised I post here for a possible resolution.
HSTS Missing From HTTPS Server (RFC 6797)
The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.
There is nothing else installed on the two Veeam servers (IIS is not even installed), so Veeam (or a Veeam plugin) must be the culprit.
Looks to be on ports 20443 and 33034.
Tech support (Case # 05945627) was unable to assist and advised I post here for a possible resolution.
-
- Chief Product Officer
- Posts: 31779
- Liked: 7279 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: strict HTTPS
Apologies for invalid instructions from your support engineer. When unable to assist, support engineers are supposed to escalate to a higher support tier, instead of telling a customer to post about the issue on these forums (as these are NOT support forums). I've notified the support management of your support case.
-
- Chief Product Officer
- Posts: 31779
- Liked: 7279 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: strict HTTPS
They reviewed the case and it appears your support engineer never suggested that you post the issue here. Please, follow his instructions carefully to have the issue reviewed by security analysts.
-
- Lurker
- Posts: 1
- Liked: never
- Joined: Jul 13, 2023 10:30 am
- Contact:
Re: strict HTTPS
Hi failingUser,failingUser wrote: ↑May 31, 2023 9:26 pm Our Nessus vulnerability scanner is detecting the following error on our Veeam servers:
HSTS Missing From HTTPS Server (RFC 6797)
The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.
Did you manage to resolve the problem?
I have the same issue on port 33034
If you have it solved could you post the solution here or DM me? Thanks
-
- Influencer
- Posts: 14
- Liked: never
- Joined: Jul 31, 2023 7:47 am
- Full Name: Carl
- Contact:
Re: strict HTTPS
I have same problem. Would you please let me know how to fix it?failingUser wrote: ↑May 31, 2023 9:26 pm Our Nessus vulnerability scanner is detecting the following error on our Veeam servers:
HSTS Missing From HTTPS Server (RFC 6797)
The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.
There is nothing else installed on the two Veeam servers (IIS is not even installed), so Veeam (or a Veeam plugin) must be the culprit.
Looks to be on ports 20443 and 33034.
Tech support (Case # 05945627) was unable to assist and advised I post here for a possible resolution.
Many thanks.
-
- Influencer
- Posts: 14
- Liked: never
- Joined: Jul 31, 2023 7:47 am
- Full Name: Carl
- Contact:
Re: strict HTTPS
Unfortunately, I have logged a call to support but the support replied the following. Anyway, I have submitted the report to https://www.veeam.com/vulnerability-disclosure.htmlGostev wrote: ↑May 31, 2023 10:38 pm Apologies for invalid instructions from your support engineer. When unable to assist, support engineers are supposed to escalate to a higher support tier, instead of telling a customer to post about the issue on these forums (as these are NOT support forums). I've notified the support management of your support case.
Unfortunately, APAC support team does not handle vulnerability issues and the issue regarding vulnerability is handled by dedicated team. In order to reach out to that team, Customers need to fill in the report below and the dedicated team will reply back via email.
Who is online
Users browsing this forum: No registered users and 3 guests