Insecure Content-Type Setting about websocket
We have a web app (GWT) and deploy in JBoss EAP 7.1, and user use WebInspect to scan this web app, then they found a issue as attached images with websocket URL
ws://10.4.202.26:8460/ealing/JBoss7WebsocketServlet
We just have WAR file, we don't have java source codes.
It seems like there's no "Content-Type" header.
Is there any jboss server config setting for fix that ?
Or should it be not a real vulnerability ?
Many thx.