[ST-128] CONTENT SNIFFING NOT DISABLED - Workterra Jira

XML

Word

Printable

Details

Type: Change Request
Status: Closed
Priority: Medium
Resolution: Done
Component/s: BenAdmin
Labels:
- Security

Module:
BenAdmin - Security
Reported by:
Support
Item State:
Production Complete - Closed
Issue Importance:
Must Have
Sprint:
ST Sprint 2

Description

Vulnerability Description
Sending the new 'X-Content-Type-Options' response header with the value 'nosniff' will prevent certain browsers from MIME-sniffing a response away from the declared content-type. The missing header causes these browsers to try to determine the content-type and encoding of the response, even when these properties are defined correctly.

Impact
This can make the web application vulnerable to Cross-Site Scripting (XSS) attacks. E.g. the Internet Explorer and Safari treat responses with the content-type 'text/plain' as HTML, if they contain HTML tags.

Verification and Attack Information
Praetorian discovered this vulnerability through manual testing. Specifically, Praetorian found the "X-Content-Type-Options" header was missing from server responses of the affected system.

Recommendation
Set the following HTTP header especially in all responses which contain user input:
X-Content-Type-Options: nosniff

References
https://www.owasp.org/index.php/List_of_useful_HTTP_headers
http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx

Attachments

Activity

People

Assignee:: Deepali Tidke (Inactive)

Reporter:: Vijayendra Shinde (Inactive)

Developer:: Niteen Surwase (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 15/Apr/16 08:42 AM

Updated:: 23/Jun/16 10:04 AM

Resolved:: 23/Jun/16 10:04 AM