Missing HSTS Header Vulnerability in HPE Matrix Operating Environment
CVE-2017-5784

6.5MEDIUM

Key Information:

Vendor: HP
Status: Matrix Operating Environment
Vendor: CVE Published:; 15 February 2018

Summary

The vulnerability in HPE Matrix Operating Environment version v7.6 arises from a missing HTTP Strict Transport Security (HSTS) header. Without the HSTS header, the application may be susceptible to man-in-the-middle attacks, where attackers intercept and manipulate communication between the client and server. Ensuring the implementation of HSTS headers is crucial for protecting web applications from such vulnerabilities, effectively enforcing that browsers only interact with servers using secure HTTPS connections.

Affected Version(s)

Matrix Operating Environment v7.6

References

https://support.hpe.com/hpsc/doc/public/display?docId=emr...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2018
Vulnerability Reserved
Feb 1, 2017