|
From: "Tom Hightower" <tomh@xxxxxxxxxxx>HTTP
To: "MIDRANGE-L (midrange-l@xxxxxxxxxxxxxxxxxx)" <midrange-
l@xxxxxxxxxxxxxxxxxx>
Date: 10/02/2021 09:45 AM
Subject: [EXTERNAL] How do I fix this: HTTPS request can be accessedover
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx>HTTP.
We host two of our servers on our i, with lots of NetData scripts,
calling CL and RPGLE programs. For nearly 20 years everything has
been fine (SSL and non-SSL). We have one server running non-SSL,
another running SSL (SERVERA, SERVERSSL).
Over the past few weeks when we do a scan via SecureTrust, we've
started getting this fail from them: HTTPS request can be accessed over
helps...
Any idea on where to start looking to resolve this?
Following is some text that they provide on the fail error, if it
Description The Application server does not distinguish betweenconfidentiality.
requests sent over insecure channel (http) and requests originally
sent over https and gives a similar response. This type of
vulnerability constitutes an access control weakness that can
compromise the confidentiality of your data. Also, the availability
of particular pages outside of a secured context can cause
legitimate users to believe that the session is secure, and
therefore submit private information in clear text. For example, if
credit card details are entered in a session which is accessed over
https and if this session is accessible through http, then these
details can be used by the attacker resulting in loss of
list
CVE: CVE-NO-MATCH
Solution Examine your Web Server's configuration to determine why
pages that should only be viewable via HTTPS are being served over
HTTP. Also, examine the configuration of any applications you have
installed to ensure that the proper permissions are in place to
prohibit forceful browsing of HTTPS resources over HTTP.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxu=https-3A__lists.midrange.com_mailman_listinfo_midrange-2Dl&d=DwICAg&c=jf_iaSHvJObTbx-
To subscribe, unsubscribe, or change list options,
visit: INVALID URI REMOVED
siA1ZOg&r=1i-jGlz0-JTK1aLHcsU-ew&m=ZbGm-ro6Vqy3V4XXc2SpbcFYcwaWOd-link:
TTHpc8eDDWdA&s=n-EuNyWTfQSHZU6068ppaUuTyKwfsmLknMdQ12dvBgc&e=
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at INVALID URI REMOVED
u=https-3A__archive.midrange.com_midrange-2Dl&d=DwICAg&c=jf_iaSHvJObTbx-
siA1ZOg&r=1i-jGlz0-JTK1aLHcsU-ew&m=ZbGm-ro6Vqy3V4XXc2SpbcFYcwaWOd-
TTHpc8eDDWdA&s=cmZJECWjCPLKsdWaI_G3aZlzu3gmTiaD8m4skmVtS2A&e= .
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.
Help support midrange.com by shopping at amazon.com with our affiliate
INVALID URI REMOVED
u=https-3A__amazon.midrange.com&d=DwICAg&c=jf_iaSHvJObTbx-
siA1ZOg&r=1i-jGlz0-JTK1aLHcsU-ew&m=ZbGm-ro6Vqy3V4XXc2SpbcFYcwaWOd-
TTHpc8eDDWdA&s=D-hzWbBOJZB6nGYNrm2xi5Lj0yUcVx9nfXTByF58d6I&e=
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
