SAP Knowledge Base Article - Preview

2589477 - MIME Sniffing Vulnerability issue - "X-Content-Type-Options" is not set to "nosniff"

Symptom

"X-Content-Type-Options" is added to HTTP header of Portal. After a vulnerability test, it can be found that "X-Content-Type-Options" is not set to "nosniff". It can lead to MIME Sniffing Attacks.


Read more...

Environment

Enterprise Portal running on SAP NetWeaver Application Server for Java

Product

SAP Enterprise Portal all versions ; SAP NetWeaver Application Server for Java all versions ; SAP NetWeaver all versions

Keywords

X-Content-Type-Options, HTTP header, vulnerability, nosniff, MIME Sniffing, MIME Sniffing Attacks, XSS attacks, Cross-Site Scripting, XSS , KBA , BC-JAS-ADM-MON , Monitoring , BC-JAS-SEC-WSS , Web Services Security , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , EPM-BFC-TCL-ADM , Administration , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.