ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

HTTP Security Header Not Detected in clarity ppm

book

Article ID: 213014

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Per a vulnerability detection software report, the following vulnerability appears

On ports 8009, 8090, 80, 8109, the use of secure HTTP headers on ports 80 is not detected.

The following header must be applied:
X-Content-Type-Options

Environment

Release : 15.9

Component : CA PPM APPLICATION

Resolution

 

1. Open Clarity in a browser and launch Developer Tools > Network
Review a page header and look for the X-Content-Type-Options field.


 

If it does not exist, proceed to check if it has been disabled by using the following queries:

select * from cmn_option_values where option_id=(select id from cmn_options where option_code='ENABLED_RESPONSE_HEADERS');

select id from cmn_options where option_code='ENABLED_RESPONSE_HEADERS'


 

Attachments