Suspected vulnerabilities in Web E-mail Protection related to "X-Content-Type-Options: nosniff"
Last Updated January 05, 2018
A vulnerability scan indicates that the Symantec Encryption Management Platform (SEMS) Web E-mail Protection (WEP) product may be vulnerable to the "X-Content-Type-Options: nosniff" attack.
All SEMS versions.
The nosniff setting applies to browsers, not servers. This is not a server-side vulnerability because the server is not the target of attack. Content displayed by WEP is sanitized and filtered before being rendered on a page. The nosniff setting has no effect on WEP content delivered via PDF because the nosniff header only applies to web browsers.
No "fix" will be created as the SEMS server is not the target of this attack.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe