漏洞
The HTTP Strict Transport Security (HSTS) header is not present on 302 (redirect) responses for Portal for ArcGIS.
| 漏洞 ID 编号 | BUG-000158917 |
|---|---|
| 已提交 | June 7, 2023 |
| 上次修改时间 | December 11, 2024 |
| 适用范围 | Portal for ArcGIS |
| 找到的版本 | 10.9.1 |
| 操作系统 | Windows Server |
| 操作系统版本 | 2016 64 Bit |
| 修正版本 | 11.2 |
| 状态 | Fixed |
解决办法
There is not currently a workaround to fix this. However, the HSTS header is present on the internal Portal for ArcGIS site if HSTS is configured in the settings. There is only an issue when security scanners run the scan on https://fqdn:7443, and it presumes HSTS is not enabled. This is because the URL redirects to Portal for ArcGIS Home, and the redirect itself does not have the HSTS header present.
重现步骤
漏洞 ID: BUG-000158917
软件:
- Portal for ArcGIS
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序