SAP Knowledge Base Article - Preview

2589477 - MIME Sniffing Vulnerability issue - "X-Content-Type-Options" is not set to "nosniff"


"X-Content-Type-Options" is added to HTTP header of Portal. After a vulnerability test, it can be found that "X-Content-Type-Options" is not set to "nosniff". It can lead to MIME Sniffing Attacks.



Enterprise Portal running on SAP NetWeaver Application Server for Java


SAP Enterprise Portal all versions ; SAP NetWeaver Application Server for Java all versions ; SAP NetWeaver all versions


X-Content-Type-Options, HTTP header, vulnerability, nosniff, MIME Sniffing, MIME Sniffing Attacks, XSS attacks, Cross-Site Scripting, XSS , KBA , BC-JAS-ADM-MON , Monitoring , BC-JAS-SEC-WSS , Web Services Security , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , EPM-BFC-TCL-ADM , Administration , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.