IBM Security Bulletin: The BigFix Platform has a vulnerability involving missing the HTTP Strict-Transport-Security Header (CVE-2016-0297)

HTTP Strict Transport Security (HSTS) is a mechanism which protects secure (HTTPS) websites from being downgraded to non-secure HTTP. This mechanism enables web servers to instuct their clients (web browsers or other user agents) to use secure HTTPS connections when interacting with the server, and never use the insecure HTTP protocol.

CVE(s): CVE-2016-0297

Affected product(s) and affected version(s):

BigFix Platform version 9.0
BigFix Platform version 9.1
BigFix Platform version 9.2
BigFix Platform version 9.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21993214
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111370



from IBM Product Security Incident Response Team https://www.ibm.com/blogs/psirt/ibm-security-bulletin-the-bigfix-platform-has-a-vulnerability-involving-missing-the-http-strict-transport-security-header-cve-2016-0297/