-
Type:
Bug
-
Status: Rejected
-
Priority:
Medium
-
Resolution: Cannot Reproduce
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:Production
-
Bug Severity:Low
-
Level:Admin, Partner
-
Module:BenAdmin - Security
-
Reported by:Harbinger
-
Company:All Clients/Multiple Clients
Observation found in Search Employee flow
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
- relates to
-
NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.
-
- To Do
-
We have set <add name="X-Content-Type-Options" value="nosniff" /> in root level config file, so it will be applicable to all request by default. So browser Mime Type Sniffing feature could not cause vulnerabilities with file download.
Also We additionally check real mime type of file based on file signature, so in case if anyone tries to upload tampered files , those will not going to upload on server.
Could you please check at your end where you can upload tampered files on server. If you can do it with any of the file upload controls within application , please let us know.
Also let us know if you found any such malicious file which is already present on server, and you can download it and it can cause vulnerabilities.
Cc: Jaideep Vinchurkar