"X-Content-Type-Options" is added to HTTP header of Portal. After a vulnerability test, it can be found that "X-Content-Type-Options" is not set to "nosniff". It can lead to MIME Sniffing Attacks.
Enterprise Portal running on SAP NetWeaver Application Server for Java
X-Content-Type-Options, HTTP header, vulnerability, nosniff, MIME Sniffing, MIME Sniffing Attacks, XSS attacks, Cross-Site Scripting, XSS , KBA , BC-JAS-ADM-MON , Monitoring , BC-JAS-SEC-WSS , Web Services Security , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , EPM-BFC-TCL-ADM , Administration , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.