SAP Knowledge Base Article - Preview

2589477 - MIME Sniffing Vulnerability issue - "X-Content-Type-Options" is not set to "nosniff"


"X-Content-Type-Options" is added to HTTP header of Portal. After a vulnerability test, it can be found that "X-Content-Type-Options" is not set to "nosniff". It can lead to MIME Sniffing Attacks.



Enterprise Portal running on SAP NetWeaver Application Server for Java


SAP Enterprise Portal all versions ; SAP NetWeaver Application Server for Java all versions ; SAP NetWeaver all versions


X-Content-Type-Options, HTTP header, vulnerability, nosniff, MIME Sniffing, MIME Sniffing Attacks, XSS attacks, Cross-Site Scripting, XSS , KBA , BC-JAS-ADM-MON , Monitoring , BC-JAS-SEC-WSS , Web Services Security , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , EPM-BFC-TCL-ADM , Administration , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.