IBM Security Guardium || Error Message: HTTP Security Header Not Detected port 8443/tcp QID: 11827

Education

Abstract

When a 10.5 version Guardium appliance is scanned for vulnerability, it is flagged as being vulnerable by the Vulnerability Assessment Scanner.

Content

Scanner can provide the message as

Snap Of the VA Result
Error Message: HTTP Security Header Not Detected port 8443/tcp QID: 11827 CVSS Base: 4.3 [1] Category: CGI CVSS Temporal: 3.5 CVE ID: - Vendor Reference: - Bugtraq ID: - Service Modified: 02/01/2018 CVSS3 Base: - User Modified: - CVSS3 Temporal: - Scan Results page 5 Edited: No PCI Vuln: Yes THREAT: This QID reports the absence of the following HTTP headers (https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers) according to CWE-693: Protection Mechanism Failure (https://cwe.mitre.org/data/definitions/693.html): X-Frame-Options: This HTTP response header improves the protection of web applications against clickjacking attacks.

To handle this and address the vulnerability flag, all you need to do is to run cli commands as :

show gui hsts_status
The output of this command would be Disabled OR Enabled.

If it is Enabled then the appliance won't be marked as vulnerable by any security scanner for the said vulnerability.

store gui hsts_status
This feature is recommended to be set to ON, but may cause connectivity issues if certificates haven't been installed.
Usage: store gui hsts_status [on | off]
ok

Sample Run :

store gui hsts_status on This feature is recommended to be set to ON, but may cause connectivity issues if certificates haven't been installed. HTTP Strict Transport Security Filter parameter changed. Restarting gui Changing to port 8443 From port 8443 Stopping....... ok

NOTE :

1- This command is only meant for a positive impact on GUI and will not hamper any other functionality

2- The warning in command run above "may cause connectivity issues if certificates haven't been installed." is basically for user information that - if the GUI certificate is not installed it could result in connectivity issues while accessing the GUI.

3- The HSTS requires a certificate in order to work

4- Guardium ships a self signed certificate though it is recommended for the entire user base to replace this certificate with one that is signed by a trusted authority.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"VA;Guardium VA;SCAN;","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

IBM Security Guardium Collector; Aggregator; Central Manager

Was this topic helpful?

Document Information

Modified date:
27 June 2018

UID

ibm10713671

Tips