Web27 sep. 2024 · 2024-10 Security Bulletin: CTPView: HSTS not being enforced on CTPView server. (CVE-2024-0296) Product Affected This issue affects CTPView 7.3, 9.1. The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the … Webhsts：这是一个响应头，用来强制启用https协议，解决301跳转的劫持的问题。 OCSP：Online Certificate Status Protocol 证书吊销状态在线检查协议。 OCSP Stapling：OCSP装订，通过TLS握手时传输吊销状态，加快SSL完成握手的速度。 ra1k/00031572/4

NVD - CVE-2024-7789 - NIST

WebKaspersky Lab has fixed vulnerabilities (CVE-2024-9810, CVE-2024-9811, CVE-2024-9812, CVE-2024-9813) found in the Web Console for Kaspersky Anti-Virus for Linux File Server 8, which allowed, under specific conditions, unauthorized access to some product functionality. Web24 mrt. 2024 · So it isn’t actually picking up the HSTS entry. The issue is that ZAP highlights the first occurrence of the value which in this case happens to be the HSTS header, though the value actually being caught by the scan rule is other headers Report-To and NEL. You are right @kingthorin. I hope the other headers I indicated help adding exclusions. Web##CVE-2024-27537: HSTS double-free libcurl supports sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this … ra1k1-6-10