CVE-2017-7789

Summary

If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 55affected

Weaknesses

  • Failure to enable HSTS when two STS headers are sent for a connection

ADP Enrichment

CVE Program Container

Additional References

References