Vulnerability Description
Sending the new 'X-Content-Type-Options' response header with the value 'nosniff' will prevent certain browsers from MIME-sniffing a response away from the declared content-type. The missing header causes these browsers to try to determine the content-type and encoding of the response, even when these properties are defined correctly.

Impact
This can make the web application vulnerable to Cross-Site Scripting (XSS) attacks. E.g. the Internet Explorer and Safari treat responses with the content-type 'text/plain' as HTML, if they contain HTML tags.

Verification and Attack Information
Praetorian discovered this vulnerability through manual testing. Specifically, Praetorian found the "X-Content-Type-Options" header was missing from server responses of the affected system.

Recommendation
Set the following HTTP header especially in all responses which contain user input:
X-Content-Type-Options: nosniff

References
https://www.owasp.org/index.php/List_of_useful_HTTP_headers
http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx