Insecure Content-Type Setting about websocket

Comments

We have a web app (GWT) and deploy in JBoss EAP 7.1, and user use WebInspect to scan this web app, then they found a issue as attached images with websocket URL
ws://10.4.202.26:8460/ealing/JBoss7WebsocketServlet
issue summary 1
issue summary 2

We just have WAR file, we don't have java source codes.

It seems like there's no "Content-Type" header.
Is there any jboss server config setting for fix that ?
Or should it be not a real vulnerability ?

Many thx.

Started 2023-04-12T02:59:46+00:00 by

Chih Chung Li

Newbie 5 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

Insecure Content-Type Setting about websocket

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links