AS Java Security Vulnerability The Server Is Not Configured

The document discusses a security vulnerability where a server is not configured to return an X-XSS-Protection header, making pages vulnerable to cross-site scripting attacks. The resolution is to adjust web container properties to include the X-XSS-Protection header with a value of 1; mode=block. The document provides details on the symptom, environment, cause, resolution, and references related products and notes.

Uploaded by

Eugene

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

114 views1 page

AS Java Security Vulnerability The Server Is Not Configured

Uploaded by

Eugene

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1

SAP Knowledge Base Article

3385187 - AS Java Security Vulnerability - The server is not configured to return a 'X-
XSS-Protection' header
Component: BC-JAS-WEB (Web Container, HTTP, JavaMail, Servlets), Version: 1, Released On: 04.10.2023

Symptom
Third party tool detects security vulnerability that the server is not configured to return a 'X-XSS-Protection' header which
means that any pages on this website could be at risk of a Cross-Site Scripting (XSS) attack.

Environment
SAP NetWeaver for Application Server Java - all versions

Cause
Web container does not include an 'X-XSS-Protection' header with a value of '1; mode=block' on all pages.

Resolution
Adjust this property on global Web Container level. Make sure that your system is on the version that allows this feature and
implement custom header. See more in SAP Note: 1831525 - Custom Headers Feature.
Name and value must be:
headername=X-XSS-Protection
headervalue=1; mode=block

Attributes
Key Value

Requires Action 0

Products
Products

SAP NetWeaver Application Server for Java all versions

This document is referenced by

SAP Note/KBA Title

SAP PP Configuration
100% (3)
SAP PP Configuration
49 pages
SAP Cybersecurity 2018
No ratings yet
SAP Cybersecurity 2018
78 pages
XPI Inspector: How-To Guide
No ratings yet
XPI Inspector: How-To Guide
17 pages
How To Troubleshoot Alerts in SAP Business One
No ratings yet
How To Troubleshoot Alerts in SAP Business One
8 pages
ADS Configuration Guide
50% (2)
ADS Configuration Guide
10 pages
Citrix ADC WAF Implementation Document - Karnataka Gramin Bank - Ver 7.0
No ratings yet
Citrix ADC WAF Implementation Document - Karnataka Gramin Bank - Ver 7.0
51 pages
Sender SOAP Adapter
No ratings yet
Sender SOAP Adapter
6 pages
Introduction To SAP UI5
No ratings yet
Introduction To SAP UI5
11 pages
DBA Cockpit - Oracle As A Remote Database
No ratings yet
DBA Cockpit - Oracle As A Remote Database
12 pages
Interview Questions and Answers With Their Explanation
No ratings yet
Interview Questions and Answers With Their Explanation
128 pages
Configuring The ABAP Back-End For ABAP Development Tools
No ratings yet
Configuring The ABAP Back-End For ABAP Development Tools
10 pages
Assertion Failed
No ratings yet
Assertion Failed
176 pages
SAP Common Table Expressions (CTE) in Open SQL
No ratings yet
SAP Common Table Expressions (CTE) in Open SQL
5 pages
SSL Port XXXXX Not Active - Message On NWA Even Though SSL Works
No ratings yet
SSL Port XXXXX Not Active - Message On NWA Even Though SSL Works
2 pages
Assgn2 AnsariSofiya
No ratings yet
Assgn2 AnsariSofiya
4 pages
SAP ABAP OData
No ratings yet
SAP ABAP OData
41 pages
Active Services in SICF
No ratings yet
Active Services in SICF
3 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
6 pages
Integrigy Oracle EBS Web Security Vulnerabilities Examined
No ratings yet
Integrigy Oracle EBS Web Security Vulnerabilities Examined
43 pages
Integrigy New Security Features in Oracle EBS 12.2
No ratings yet
Integrigy New Security Features in Oracle EBS 12.2
30 pages
SAP Cloud Platform ABAP Environment: SAPSA Impulse 2018
No ratings yet
SAP Cloud Platform ABAP Environment: SAPSA Impulse 2018
17 pages
Sap Portal Hacking and Forensics
No ratings yet
Sap Portal Hacking and Forensics
87 pages
BDC SheetalShama
No ratings yet
BDC SheetalShama
17 pages
Breaking SAP Portal HackerHalted 2012
No ratings yet
Breaking SAP Portal HackerHalted 2012
77 pages
Sap Bo
0% (1)
Sap Bo
12 pages
Protecting Sap Apps
No ratings yet
Protecting Sap Apps
24 pages
SEC261
No ratings yet
SEC261
76 pages
Attacks To SAP Web Applications: Your Crown Jewels Online
No ratings yet
Attacks To SAP Web Applications: Your Crown Jewels Online
63 pages
Third-Party Software Vulnerabilities (Cve) Not Impacting Sap Businessobjects 4.X
No ratings yet
Third-Party Software Vulnerabilities (Cve) Not Impacting Sap Businessobjects 4.X
5 pages
General Support Statement For Virtual Environments
No ratings yet
General Support Statement For Virtual Environments
9 pages
HTTP 500 Error Occurs When Calling SAPGUI Transactions - The Call Is Stuck in The /sap/public/myssocntl Service
No ratings yet
HTTP 500 Error Occurs When Calling SAPGUI Transactions - The Call Is Stuck in The /sap/public/myssocntl Service
6 pages
Breaking SAP Portal Dmitry Chastukhin
No ratings yet
Breaking SAP Portal Dmitry Chastukhin
68 pages
Alert Configuration - Step by Step Guide
No ratings yet
Alert Configuration - Step by Step Guide
16 pages
Tomcat Vulnerabilities (CVE - ) NOT Impacting SAP BI Platform 4.x / 3.x
No ratings yet
Tomcat Vulnerabilities (CVE - ) NOT Impacting SAP BI Platform 4.x / 3.x
4 pages
Security Settings in The Message Server
No ratings yet
Security Settings in The Message Server
6 pages
Configure Back End For ADT PDF
No ratings yet
Configure Back End For ADT PDF
10 pages
EBSR122 Security
No ratings yet
EBSR122 Security
34 pages
Cross-Site-Scripting: Attack and Protection Mechanisms
No ratings yet
Cross-Site-Scripting: Attack and Protection Mechanisms
27 pages
HTTP - SVC Dynamicpdfcontentpreview Deliverable Id 1
No ratings yet
HTTP - SVC Dynamicpdfcontentpreview Deliverable Id 1
6 pages
Value Table in SAP
No ratings yet
Value Table in SAP
9 pages
2025 02 16 ZAP Report Testphp
No ratings yet
2025 02 16 ZAP Report Testphp
4 pages
JimVandeHei 2021X
No ratings yet
JimVandeHei 2021X
9 pages
Port Used in SAP
No ratings yet
Port Used in SAP
29 pages
SAP Testing Phases
No ratings yet
SAP Testing Phases
6 pages
Storage Type of Database Tables in SAP HANA
No ratings yet
Storage Type of Database Tables in SAP HANA
6 pages
The Ultimate C - P - TSEC10 - 75 - SAP Certified Technology Professional - System Security Architect
No ratings yet
The Ultimate C - P - TSEC10 - 75 - SAP Certified Technology Professional - System Security Architect
3 pages
Security Guide For XML-Based Data Archiving
No ratings yet
Security Guide For XML-Based Data Archiving
5 pages
Dynamic Programming in ABAP - Part 2 - Introduction To Data Reference - SAP Blogs
No ratings yet
Dynamic Programming in ABAP - Part 2 - Introduction To Data Reference - SAP Blogs
12 pages
SKMBT C22022083009580
No ratings yet
SKMBT C22022083009580
7 pages
Alert Configuration-Step-By-Step Guide-SAP NetWeaver PI
No ratings yet
Alert Configuration-Step-By-Step Guide-SAP NetWeaver PI
16 pages
Xpi Inspector How To Inspect
No ratings yet
Xpi Inspector How To Inspect
17 pages
How To Inspect
No ratings yet
How To Inspect
17 pages
Creating A Fiori Overview Page (Ovp) With The Northwind Odata Service
No ratings yet
Creating A Fiori Overview Page (Ovp) With The Northwind Odata Service
5 pages
SAP Advance ABAP: Introduction To ERP
No ratings yet
SAP Advance ABAP: Introduction To ERP
5 pages
How To Configure The X-Frame-Options Header To Mitigate Clickjacking Attempts Using OHS and WLS Applications (Doc ID 2040420.1)
No ratings yet
How To Configure The X-Frame-Options Header To Mitigate Clickjacking Attempts Using OHS and WLS Applications (Doc ID 2040420.1)
4 pages
ESAPI Security Bulletin1
No ratings yet
ESAPI Security Bulletin1
4 pages
ONAPSIS SAP Security in Depth Vol 04
No ratings yet
ONAPSIS SAP Security in Depth Vol 04
16 pages
PI
No ratings yet
PI
10 pages
Sap Note 3283283
No ratings yet
Sap Note 3283283
4 pages
Header Data: Symptom
No ratings yet
Header Data: Symptom
2 pages
Website Vulnerability Scanner Report (Light)
No ratings yet
Website Vulnerability Scanner Report (Light)
4 pages
Custom Headers Feature
No ratings yet
Custom Headers Feature
2 pages
ABB SoftwareVulnerabilityHandlingAdvisory ABB VU PPMV 1MRS757865
No ratings yet
ABB SoftwareVulnerabilityHandlingAdvisory ABB VU PPMV 1MRS757865
4 pages
Enter Title Here: Do Not Exceed Space Provided - Title Automatically Appears in Page Header
No ratings yet
Enter Title Here: Do Not Exceed Space Provided - Title Automatically Appears in Page Header
5 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
6 pages
How To Connect From Sap Netweaver Developer Studio (NWDS) To Web Application Server (Was)
No ratings yet
How To Connect From Sap Netweaver Developer Studio (NWDS) To Web Application Server (Was)
6 pages
Security Issues in Web Dynpro For ABAP
No ratings yet
Security Issues in Web Dynpro For ABAP
4 pages
HTTP Errors in XI
100% (2)
HTTP Errors in XI
2 pages
Architecture and Functions of The SAP Web Dispatcher
No ratings yet
Architecture and Functions of The SAP Web Dispatcher
3 pages