Hi ,
We are unable to fix the vulnerability of " HSTS missing from HTTPS server" on apache tomcat 8.0.27 running on unix . We found the solution for the same by enabling httpHeaderSecurity filter in conf\web.xml file, <filter> tag and it works absolutely fine for tomcat 8.0.27 on windows, but the same change on Tomcat 8.0.27 on UNIX, doesn't fix the vulnerabiltiy. The only significant difference we found in tomcats running on unix and windows Tomcat running on windows has JDK 8 installed and tomcat running on unix has JDK 1.7.0.04. Is this reason hampering the fix to the vulnerability. If not what is the solution for this. Any help is greatly appreciated. Thanks & Regards Deepak Kumar "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
