Missing HSTS Protection in IBM Sterling Secure Proxy (SSP) Allows for Information Disclosure and Data Modification

Missing HSTS Protection in IBM Sterling Secure Proxy (SSP) Allows for Information Disclosure and Data Modification

CVE-2016-6027 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.

Learn more about our Cis Benchmark Audit For Ibm I.