Security Bulletin:  IBM Security Guardium Database Activity Monitor is affected by Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2016-0240)

Summary IBM Security Guardium Database Activity Monitor does not force the HTTP Strict-Transport-Security Header. This could allow an attacker to obtain sensitive information using man in the middle techniques. Vulnerability Details CVEID: CVE-2016-0240 DESCRIPTION: IBM Security Guardium Database...

CVE-2016-9972

IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208...

ownCloud: owncloud.com: Content Sniffing not disabled

URL :- https://owncloud.com Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are define...

ReddAPI: Strict Transport Security Misconfiguration

URL :- https://www.reddapi.com/docs/ Description :- There was no "Strict-Transport-Security" header in the server response. Remediation detail :- A Strict-Transport-Security HTTP header should be sent with each HTTPS response. The syntax is as follows: Strict-Transport-Security: max-age=;...

Localize: X-Content-Type-Options header missing

URL : http://www.localize.io/ Description : The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff' Solution : This check is specific to Internet Explorer 8 and Google Chrome. Ensure each page sets a Content-Type header and the X-CONTENT-TYPE-OPTIONS if the Content-Type head...