RTC Vulnerability report - Content Type header is missing for specific URLs
Hi,
We ran a vulnerability test against /ccm and have a reported vulnerability against https://<host>/ccm/web/net.jazz.ajax/.
What is the reason ? How do we address this ?
|
One answer
When we access the URL from the browser, a file with .dms extension is downloaded which is of zero bytes size.
Since there is no content to be displayed, the content-type header is not included in the response. However, the 200 HTTP response only indicates that the request was completed.
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.