PT-2026-7048

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS HTTP Strict Transport Security configuration. When an attacker performs a Man in the middle MITM attack, communications with the web server could be sniffed. The affected products and...

SUSE CVE-2008-7297

Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security HSTS includeSubDomains featur...

HSTS Missing From HTTPS Server (RFC 6797) for DDC servers

Security team running Nessus scans are reporting they are being notified of a finding on their controllers - HSTS Missing From HTTPS Server - Nessus Plugin ID 84502 which is a medium finding...

CVE-2018-1546

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM...

CVE-2017-1229

IBM Tivoli Endpoint Manager IBM BigFix 9.2 and 9.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle technique...