Responses from ViewONE server-side components include a mime-type without a character set and no X-Content-Type-Options=nosniff header.
CVE(s): CVE-2017-1209
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zTVQRu
X-Force Database: http://ift.tt/2xu7ctI
The post IBM Security Bulletin: Daeja ViewONE Professional, Standard & Virtual components do not set a character set or nosniff headers appeared first on IBM PSIRT Blog.
Product Name | Affected Versions |
Daeja ViewONE Virtual | 5.0.0 |
Daeja ViewONE Professional, Standard & Virtual | 4.1.5 |
from IBM Product Security Incident Response Team http://ift.tt/2zTAq6Y
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.