https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532899#M9549 <P>&nbsp;Are you running Splunk with SSL/HTTPS?</P> Sat, 12 Dec 2020 12:07:24 GMT nickhills 2020-12-12T12:07:24Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532881#M9548 <P>Hello,</P><P>So we have website hosted in Splunk. We are detecting these vulnerabilities&nbsp;Server header Detected,&nbsp;Incorrect X-Xss-Protection and&nbsp;Incorrect Set-Cookie which has issue category as&nbsp;Insecure HTTP Header. We would like to know on how to resolve this vulnerabilities? Thanks!</P><P>Regards,</P><P>Joshua</P> Fri, 11 Dec 2020 22:18:15 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532881#M9548 jmdelrosario26 2020-12-11T22:18:15Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532899#M9549 <P>&nbsp;Are you running Splunk with SSL/HTTPS?</P> Sat, 12 Dec 2020 12:07:24 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532899#M9549 nickhills 2020-12-12T12:07:24Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532900#M9550 <P>Hello,</P><P>Yes, we are already running Splunk with SSL/HTTPS. Do we need to perform further actions? We are still detecting vulnerabilities.</P><P>Regards,</P><P>Joshua</P> Sat, 12 Dec 2020 12:32:50 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532900#M9550 jmdelrosario26 2020-12-12T12:32:50Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532903#M9551 <P>What version of Splunk?</P><P>Also - are you serving Splunk directly, or is there a load balancer doing SSL offload perhaps?</P><P>The cookies should be set to secure if Splunk is running with native SSL,&nbsp; however you can control the response headers separately if you need to.</P><P>Take a look at&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/Webconf" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/Webconf</A></P><P>in web.conf you should be able to set:</P><LI-CODE lang="markup">[httpServer] replyHeader.X-XSS-Protection=1; mode=block</LI-CODE><P>&nbsp;</P> Sat, 12 Dec 2020 15:49:39 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532903#M9551 nickhills 2020-12-12T15:49:39Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532909#M9553 <P>Hi,</P><P>We are hosting the website in Splunk directly. We are not using load balancer. The SSL certificate we use is signed by Digital 3rd Party Certificate Authority. Our Splunk version is&nbsp;Splunk 7.2.1. So we can just add this config in the web.conf file to resolve the issue? Will editing the web.conf file cause issue to our production instance?&nbsp;</P><P>[httpServer]<BR />replyHeader.X-XSS-Protection=1; mode=block</P><P>Regards,</P><P>Joshua</P> Sat, 12 Dec 2020 18:38:31 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Receiving-vulnerabilities-from-our-Splunk-hosted-web-server/m-p/532909#M9553 jmdelrosario26 2020-12-12T18:38:31Z