This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PAM Application - HSTS Vulnerability from Nessus/Tenable Scanner

We have deployed PAM 4.2.0-1 and are scanning the system for vulnerabilities with the Tenable Nessus system. It is detecting the vulnerability with plugin #142960 (called HSTS Missing From HTTPS Server (RFC 6797)). 

Normally, this is an easy fix for Apache, Tomcat, or IIS implementations. However, PAM appears to use some sort of custom HTTP/HTTPS server, and we're unable to locate a configuration file to enforce the Secure Transport Settings that are reflected in HTTP headers and allow the system to scan clean of vulnerabilities. Have any other users found any solution? We have opened a case with support. Thus far, they've been unable to help and are in contact with the PAM development team.