Friday, October 27, 2017

IBM Security Bulletin: Daeja ViewONE Professional, Standard & Virtual components do not set a character set or nosniff headers

Responses from ViewONE server-side components include a mime-type without a character set and no X-Content-Type-Options=nosniff header.

CVE(s): CVE-2017-1209

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zTVQRu
X-Force Database: http://ift.tt/2xu7ctI

The post IBM Security Bulletin: Daeja ViewONE Professional, Standard & Virtual components do not set a character set or nosniff headers appeared first on IBM PSIRT Blog.

Product Name Affected Versions
Daeja ViewONE Virtual 5.0.0
Daeja ViewONE Professional, Standard & Virtual 4.1.5


from IBM Product Security Incident Response Team http://ift.tt/2zTAq6Y

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.