HTTP Security Header Not Detected in clarity ppm
Article ID: 213014
Updated On:
Products
Clarity PPM On Premise
Issue/Introduction
Per a vulnerability detection software report, the following vulnerability appears
On ports 8009, 8090, 80, 8109, the use of secure HTTP headers on ports 80 is not detected.
The following header must be applied:
X-Content-Type-Options
Environment
Release : 15.9
Component : CA PPM APPLICATION
Resolution
1. Open Clarity in a browser and launch Developer Tools > Network
Review a page header and look for the X-Content-Type-Options field.
If it does not exist, proceed to check if it has been disabled by using the following queries:
select * from cmn_option_values where option_id=(select id from cmn_options where option_code='ENABLED_RESPONSE_HEADERS');
select id from cmn_options where option_code='ENABLED_RESPONSE_HEADERS'
Feedback
Yes
No
Powered by
