It's all about the answers!

Ask a question

RTC Vulnerability report - Content Type header is missing for specific URLs

Bharath Rao (6166) | asked Aug 19 '19, 3:11 a.m.


We ran a vulnerability test against /ccm and have a reported vulnerability against https://<host>/ccm/web/net.jazz.ajax/.
What is the reason ? How do we address this ?

One answer

permanent link
Bharath Rao (6166) | answered Aug 19 '19, 3:14 a.m.

When we access the URL from the browser, a file with .dms extension is downloaded which is of zero bytes size.

Since there is no content to be displayed, the content-type header is not included in the response. However, the 200 HTTP response only indicates that the request was completed.

Bharath Rao commented Aug 19 '19, 4:39 a.m.

 This vulnerability can be safely ignored.

Your answer

Register or to post your answer.