It's all about the answers!

Ask a question

RTC Vulnerability report - Content Type header is missing for specific URLs


Bharath Rao (915241) | asked Aug 19 '19, 3:11 a.m.

 Hi,


We ran a vulnerability test against /ccm and have a reported vulnerability against https://<host>/ccm/web/net.jazz.ajax/.
What is the reason ? How do we address this ?

One answer



permanent link
Bharath Rao (915241) | answered Aug 19 '19, 3:14 a.m.

When we access the URL from the browser, a file with .dms extension is downloaded which is of zero bytes size.

Since there is no content to be displayed, the content-type header is not included in the response. However, the 200 HTTP response only indicates that the request was completed.


Comments
Bharath Rao commented Aug 19 '19, 4:39 a.m.

 This vulnerability can be safely ignored.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.