Suspected vulnerabilities in Web E-mail Protection related to "X-Content-Type-Options: nosniff"


Article ID: 170740


Updated On:


Encryption Management Server


A vulnerability scan indicates that the Symantec Encryption Management Platform (SEMS) Web E-mail Protection (WEP) product may be vulnerable to the "X-Content-Type-Options: nosniff" attack.


All SEMS versions.


The nosniff setting applies to browsers, not servers.
This is not a server-side vulnerability because the server is not the target of attack.
Content displayed by WEP is sanitized and filtered before being rendered on a page.
The nosniff setting has no effect on WEP content delivered via PDF because the nosniff header only applies to web browsers.

No "fix" will be created as the SEMS server is not the target of this attack.