Vulnerability Description
Sending the new 'X-Content-Type-Options' response header with the value 'nosniff' will prevent certain browsers from MIME-sniffing a response away from the declared content-type. The missing header causes these browsers to try to determine the content-type and encoding of the response, even when these properties are defined correctly.
Impact
This can make the web application vulnerable to Cross-Site Scripting (XSS) attacks. E.g. the Internet Explorer and Safari treat responses with the content-type 'text/plain' as HTML, if they contain HTML tags.
Verification and Attack Information
Praetorian discovered this vulnerability through manual testing. Specifically, Praetorian found the "X-Content-Type-Options" header was missing from server responses of the affected system.
Recommendation
Set the following HTTP header especially in all responses which contain user input:
X-Content-Type-Options: nosniff
References
https://www.owasp.org/index.php/List_of_useful_HTTP_headers
http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
HTTP Response Header
Name : X-Content-Type-Options
Value : nosniff
For Testing :
1. Open Login Page --> Inspect Element --> Network Tab --> Reload Page (Ctrl + F5)
2. Check Response Headers of all files --> X-Content-Type-Options attribute is Added.
Help URL:
https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers
https://scotthelme.co.uk/hardening-your-http-response-headers/
http://webtonio.com/iis-image-not-loading/