Home Unlabelled IBM Security Bulletin: The BigFix Platform has a vulnerability involving missing the HTTP Strict-Transport-Security Header (CVE-2016-0297)

IBM Security Bulletin: The BigFix Platform has a vulnerability involving missing the HTTP Strict-Transport-Security Header (CVE-2016-0297)

By
Tuesday, November 08, 2016
Read
Add Comment

HTTP Strict Transport Security (HSTS) is a mechanism which protects secure (HTTPS) websites from being downgraded to non-secure HTTP. This mechanism enables web servers to instuct their clients (web browsers or other user agents) to use secure HTTPS connections when interacting with the server, and never use the insecure HTTP protocol.

CVE(s): CVE-2016-0297

Affected product(s) and affected version(s):

BigFix Platform version 9.0
BigFix Platform version 9.1
BigFix Platform version 9.2
BigFix Platform version 9.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21993214
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111370



from IBM Product Security Incident Response Team https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-bigfix-platform-has-a-vulnerability-involving-missing-the-http-strict-transport-security-header-cve-2016-0297/
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us