WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-12634

[Security] ZAP Scan reported Issue : X-Content-Type-Options Header Missing

    Details

    • Type: Bug
    • Status: Rejected
    • Priority: Medium
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Production
    • Bug Severity:
      Low
    • Level:
      Admin, Partner
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients

      Description

      Observation found in Search Employee flow

      The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

      CC SamirRakesh RoyJaideep Vinchurkar
      SearchEmp_Spider.html

        Attachments

        1. EnrollNowWithPartnerLogin.html
          48 kB
          Prasad Pise
        2. SearchEmp_Spider.html
          48 kB
          Prasad Pise
        3. StaticReport_Spider.html
          53 kB
          Prasad Pise

          Issue Links

          relates to

          Task - A task that needs to be done. NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

          • Medium - Has the potential to affect progress.
          • To Do

            Activity

            Ascending order - Click to sort in descending order
            prasadp Prasad Pise (Inactive) created issue -
            prasadp Prasad Pise (Inactive) made changes -
            Field Original Value New Value
            Link This issue relates to NF-2714 [ NF-2714 ]
            prasadp Prasad Pise (Inactive) made changes -
            Attachment StaticReport_Spider.html [ 69265 ]
            prasadp Prasad Pise (Inactive) made changes -
            Attachment EnrollNowWithPartnerLogin.html [ 69278 ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Status Open [ 1 ] In Development [ 10007 ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Assignee Santosh Balid [ santosh.balid ] Prasad Pise [ prasadp ]
            Resolution Cannot Reproduce [ 5 ]
            Status In Development [ 10007 ] Rejected [ 10004 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Link This issue relates to DEV-13718 [ DEV-13718 ]

              People

              Assignee:
              prasadp Prasad Pise (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: