E1: JAS: Insecure CONTENT-TYPE Setting in JDE
(Doc ID 3004291.1)
Last updated on FEBRUARY 19, 2024
Applies to:
JD Edwards EnterpriseOne Tools - Version 9.2 and laterInformation in this document applies to any platform.
Symptoms
Applies To:
JD Edwards EnterpriseOne Tools – 9.2.8.0
Information in this document applies to JD Edwards E1 Applications deployed on Weblogic Server, Websphere Application Server, IBM HTTP Server, Oracle HTTP Server, Oracle Traffic Director and OCI LBaaS.
Failure to dictate a suitable browser interpretation of a response content, application developers can expose their users to Cross-Site Scripting or information stealing attacks.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |