[WT-12634] [Security] ZAP Scan reported Issue : X-Content-Type-Options Header Missing - Workterra Jira

XML

Word

Printable

Details

Type: Bug
Status: Rejected
Priority: Medium
Resolution: Cannot Reproduce
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Environment:

Production
Bug Severity:
Low
Level:

Admin, Partner
Module:
BenAdmin - Security
Reported by:
Harbinger
Company:
All Clients/Multiple Clients

Description

Observation found in Search Employee flow

The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

CC Samir Rakesh Roy Jaideep Vinchurkar
SearchEmp_Spider.html

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

EnrollNowWithPartnerLogin.html
48 kB
05/Dec/17 06:37 AM
SearchEmp_Spider.html
48 kB
05/Dec/17 05:34 AM
StaticReport_Spider.html
53 kB
05/Dec/17 06:29 AM

Issue Links

relates to

NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

To Do

Activity

People

Assignee:: Prasad Pise (Inactive)

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Dec/17 05:34 AM

Updated:: 15/Dec/20 02:53 AM

Resolved:: 11/Dec/17 11:40 AM