Agent-based backup of Windows, Linux, Max, AIX and Solaris machines.
Post Reply
failingUser
Lurker
Posts: 1
Liked: never
Joined: Apr 18, 2023 6:32 pm
Contact:

strict HTTPS

Post by failingUser »

Our Nessus vulnerability scanner is detecting the following error on our Veeam servers:
HSTS Missing From HTTPS Server (RFC 6797)
The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.


There is nothing else installed on the two Veeam servers (IIS is not even installed), so Veeam (or a Veeam plugin) must be the culprit.
Looks to be on ports 20443 and 33034.
Tech support (Case # 05945627) was unable to assist and advised I post here for a possible resolution.
Gostev
Chief Product Officer
Posts: 31779
Liked: 7279 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: strict HTTPS

Post by Gostev »

Apologies for invalid instructions from your support engineer. When unable to assist, support engineers are supposed to escalate to a higher support tier, instead of telling a customer to post about the issue on these forums (as these are NOT support forums). I've notified the support management of your support case.
Gostev
Chief Product Officer
Posts: 31779
Liked: 7279 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: strict HTTPS

Post by Gostev »

They reviewed the case and it appears your support engineer never suggested that you post the issue here. Please, follow his instructions carefully to have the issue reviewed by security analysts.
tomkoder
Lurker
Posts: 1
Liked: never
Joined: Jul 13, 2023 10:30 am
Contact:

Re: strict HTTPS

Post by tomkoder »

failingUser wrote: May 31, 2023 9:26 pm Our Nessus vulnerability scanner is detecting the following error on our Veeam servers:
HSTS Missing From HTTPS Server (RFC 6797)
The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.
Hi failingUser,
Did you manage to resolve the problem?
I have the same issue on port 33034
If you have it solved could you post the solution here or DM me? Thanks
carl.20150508
Influencer
Posts: 14
Liked: never
Joined: Jul 31, 2023 7:47 am
Full Name: Carl
Contact:

Re: strict HTTPS

Post by carl.20150508 »

failingUser wrote: May 31, 2023 9:26 pm Our Nessus vulnerability scanner is detecting the following error on our Veeam servers:
HSTS Missing From HTTPS Server (RFC 6797)
The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.


There is nothing else installed on the two Veeam servers (IIS is not even installed), so Veeam (or a Veeam plugin) must be the culprit.
Looks to be on ports 20443 and 33034.
Tech support (Case # 05945627) was unable to assist and advised I post here for a possible resolution.
I have same problem. Would you please let me know how to fix it?

Many thanks.
carl.20150508
Influencer
Posts: 14
Liked: never
Joined: Jul 31, 2023 7:47 am
Full Name: Carl
Contact:

Re: strict HTTPS

Post by carl.20150508 »

Gostev wrote: May 31, 2023 10:38 pm Apologies for invalid instructions from your support engineer. When unable to assist, support engineers are supposed to escalate to a higher support tier, instead of telling a customer to post about the issue on these forums (as these are NOT support forums). I've notified the support management of your support case.
Unfortunately, I have logged a call to support but the support replied the following. Anyway, I have submitted the report to https://www.veeam.com/vulnerability-disclosure.html

Unfortunately, APAC support team does not handle vulnerability issues and the issue regarding vulnerability is handled by dedicated team. In order to reach out to that team, Customers need to fill in the report below and the dedicated team will reply back via email.
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests